Interface AuthenticationFailureHandler
- All Known Implementing Classes:
DefaultAuthenticationFailureHandler
For example, when using Basic authentication, most clients wait to send credentials until they have been challenged
for them. In this workflow a client makes a request, the server responds with a 401 status with the header
WWW-Authenticate: Basic realm=auth-realm, and then the client will send credentials. The same scheme also
applies for other methods of authentication, with changes to the value provided in the WWW-Authenticate header.
Additionally, some methods of authentication may require a different status code. When using an single sign on system,
clients will often retrieve a token from a single sign on system that is presented to the server and verified. When a
client does not provide such a token, then the server can choose to redirect the client to the single sign on system to
retrieve a token. This can be accomplished in the AuthenticationFailureHandler by setting the
RestStatus.FOUND
with a Location header that contains the location to redirect the user to.
-
Method Summary
Modifier and TypeMethodDescriptionauthenticationRequired(String action, ThreadContext context) This method is called when anonymous access is enabled, a request does not pass authorization with the anonymous user, AND the anonymous service is configured to throw an authentication exception instead of an authorization exceptionexceptionProcessingRequest(HttpPreRequest request, Exception e, ThreadContext context) The method is called when an exception has occurred while processing the REST request.exceptionProcessingRequest(TransportMessage message, String action, Exception e, ThreadContext context) The method is called when an exception has occurred while processing the transport message.failedAuthentication(HttpPreRequest request, AuthenticationToken token, ThreadContext context) This method is called when there has been an authentication failure for the given REST request and authentication token.failedAuthentication(TransportMessage message, AuthenticationToken token, String action, ThreadContext context) This method is called when there has been an authentication failure for the given message and tokenmissingToken(HttpPreRequest request, ThreadContext context) This method is called when a REST request is received and no authentication token could be extracted AND anonymous access is disabled.missingToken(TransportMessage message, String action, ThreadContext context) This method is called when a transport message is received and no authentication token could be extracted AND anonymous access is disabled.
-
Method Details
-
failedAuthentication
ElasticsearchSecurityException failedAuthentication(HttpPreRequest request, AuthenticationToken token, ThreadContext context) This method is called when there has been an authentication failure for the given REST request and authentication token.- Parameters:
request- The request that was being authenticated when the exception occurredtoken- The token that was extracted from the requestcontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
failedAuthentication
ElasticsearchSecurityException failedAuthentication(TransportMessage message, AuthenticationToken token, String action, ThreadContext context) This method is called when there has been an authentication failure for the given message and token- Parameters:
message- The transport message that could not be authenticatedtoken- The token that was extracted from the messageaction- The name of the action that the message is trying to performcontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
exceptionProcessingRequest
ElasticsearchSecurityException exceptionProcessingRequest(HttpPreRequest request, Exception e, ThreadContext context) The method is called when an exception has occurred while processing the REST request. This could be an error that occurred while attempting to extract a token or while attempting to authenticate the request- Parameters:
request- The request that was being authenticated when the exception occurrede- The exception that was throwncontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
exceptionProcessingRequest
ElasticsearchSecurityException exceptionProcessingRequest(TransportMessage message, String action, Exception e, ThreadContext context) The method is called when an exception has occurred while processing the transport message. This could be an error that occurred while attempting to extract a token or while attempting to authenticate the request- Parameters:
message- The message that was being authenticated when the exception occurredaction- The name of the action that the message is trying to performe- The exception that was throwncontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
missingToken
This method is called when a REST request is received and no authentication token could be extracted AND anonymous access is disabled. If anonymous access is enabled, this method will not be called- Parameters:
request- The request that did not have a tokencontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
missingToken
ElasticsearchSecurityException missingToken(TransportMessage message, String action, ThreadContext context) This method is called when a transport message is received and no authentication token could be extracted AND anonymous access is disabled. If anonymous access is enabled this method will not be called- Parameters:
message- The message that did not have a tokenaction- The name of the action that the message is trying to performcontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-
authenticationRequired
This method is called when anonymous access is enabled, a request does not pass authorization with the anonymous user, AND the anonymous service is configured to throw an authentication exception instead of an authorization exception- Parameters:
action- the action that failed authorization for anonymous accesscontext- The context of the request that failed authentication that could not be authenticated- Returns:
- ElasticsearchSecurityException with the appropriate headers and message
-