Module org.elasticsearch.security
Class Authenticator.Context
java.lang.Object
org.elasticsearch.xpack.security.authc.Authenticator.Context
- All Implemented Interfaces:
Closeable,AutoCloseable
- Enclosing interface:
Authenticator
This class is a container to encapsulate the current request and other necessary information (mostly configuration related)
required for authentication.
It is instantiated for every incoming request and passed around to
AuthenticatorChain and subsequently all
Authenticator.
Authenticators are consulted in order (see AuthenticatorChain),
where each is given the chance to first extract some token, and then to verify it.
If token verification fails in some particular way (i.e. AuthenticationResult.Status.CONTINUE),
the next Authenticator is tried.
The extracted tokens are all appended with addAuthenticationToken(AuthenticationToken).-
Constructor Summary
ConstructorsConstructorDescriptionContext(ThreadContext threadContext, AuthenticationService.AuditableRequest request, User fallbackUser, boolean allowAnonymous, Realms realms) Context constructor where authentication looks for credentials in the thread context. -
Method Summary
Modifier and TypeMethodDescriptionvoidaddAuthenticationToken(AuthenticationToken authenticationToken) voidaddUnsuccessfulMessage(String message) voidvoidclose()booleanvoidsetHandleNullToken(boolean value) booleanReturnstrue, ifAuthenticators should first be tried in order to extract the credentials token from the thread context.boolean
-
Constructor Details
-
Context
public Context(ThreadContext threadContext, AuthenticationService.AuditableRequest request, User fallbackUser, boolean allowAnonymous, Realms realms) Context constructor where authentication looks for credentials in the thread context.
-
-
Method Details
-
getThreadContext
-
getRequest
-
getFallbackUser
-
isAllowAnonymous
public boolean isAllowAnonymous() -
setHandleNullToken
public void setHandleNullToken(boolean value) -
shouldHandleNullToken
public boolean shouldHandleNullToken() -
shouldExtractCredentials
public boolean shouldExtractCredentials()Returnstrue, ifAuthenticators should first be tried in order to extract the credentials token from the thread context. The extracted tokens are appended to this authenticator context withaddAuthenticationToken(AuthenticationToken). Iffalse, the credentials token is directly passed in to this authenticator context, and the authenticators themselves are only consulted to authenticate the token, and never to extract any tokens from the thread context. -
getUnsuccessfulMessages
-
addAuthenticationToken
-
getMostRecentAuthenticationToken
-
getBearerString
-
getApiKeyString
-
getDefaultOrderedRealmList
-
getUnlicensedRealms
-
addUnsuccessfulMessage
-
close
- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Throws:
IOException
-
addUnsuccessfulMessageToMetadata
-