Module org.elasticsearch.security
Class AuthorizationService
java.lang.Object
org.elasticsearch.xpack.security.authz.AuthorizationService
-
Field Summary
FieldsModifier and TypeFieldDescription -
Constructor Summary
ConstructorsConstructorDescriptionAuthorizationService(Settings settings, CompositeRolesStore rolesStore, FieldPermissionsCache fieldPermissionsCache, ClusterService clusterService, AuditTrailService auditTrailService, AuthenticationFailureHandler authcFailureHandler, ThreadPool threadPool, AnonymousUser anonymousUser, AuthorizationEngine authorizationEngine, Set<RequestInterceptor> requestInterceptors, XPackLicenseState licenseState, IndexNameExpressionResolver resolver, OperatorPrivileges.OperatorPrivilegesService operatorPrivilegesService, RestrictedIndices restrictedIndices, AuthorizationDenialMessages authorizationDenialMessages) -
Method Summary
Modifier and TypeMethodDescriptionstatic voidaddSettings(List<Setting<?>> settings) voidauthorize(Authentication authentication, String action, TransportRequest originalRequest, ActionListener<Void> listener) Verifies that the given user can execute the given request (and action).voidcheckPrivileges(Subject subject, AuthorizationEngine.PrivilegesToCheck privilegesToCheck, Collection<ApplicationPrivilegeDescriptor> applicationPrivilegeDescriptors, ActionListener<AuthorizationEngine.PrivilegesCheckResult> listener) voidgetRoleDescriptorsIntersectionForRemoteCluster(String remoteClusterAlias, TransportVersion remoteClusterVersion, Subject subject, ActionListener<RoleDescriptorsIntersection> listener) remoteActionDenied(Authentication authentication, String action, String clusterAlias) voidretrieveUserPrivileges(Subject subject, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<GetUserPrivilegesResponse> listener)
-
Field Details
-
ANONYMOUS_AUTHORIZATION_EXCEPTION_SETTING
-
-
Constructor Details
-
AuthorizationService
public AuthorizationService(Settings settings, CompositeRolesStore rolesStore, FieldPermissionsCache fieldPermissionsCache, ClusterService clusterService, AuditTrailService auditTrailService, AuthenticationFailureHandler authcFailureHandler, ThreadPool threadPool, AnonymousUser anonymousUser, @Nullable AuthorizationEngine authorizationEngine, Set<RequestInterceptor> requestInterceptors, XPackLicenseState licenseState, IndexNameExpressionResolver resolver, OperatorPrivileges.OperatorPrivilegesService operatorPrivilegesService, RestrictedIndices restrictedIndices, AuthorizationDenialMessages authorizationDenialMessages)
-
-
Method Details
-
checkPrivileges
public void checkPrivileges(Subject subject, AuthorizationEngine.PrivilegesToCheck privilegesToCheck, Collection<ApplicationPrivilegeDescriptor> applicationPrivilegeDescriptors, ActionListener<AuthorizationEngine.PrivilegesCheckResult> listener) -
retrieveUserPrivileges
public void retrieveUserPrivileges(Subject subject, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<GetUserPrivilegesResponse> listener) -
getRoleDescriptorsIntersectionForRemoteCluster
public void getRoleDescriptorsIntersectionForRemoteCluster(String remoteClusterAlias, TransportVersion remoteClusterVersion, Subject subject, ActionListener<RoleDescriptorsIntersection> listener) -
authorize
public void authorize(Authentication authentication, String action, TransportRequest originalRequest, ActionListener<Void> listener) Verifies that the given user can execute the given request (and action). If the user doesn't have the appropriate privileges for this action/request, anElasticsearchSecurityExceptionwill be thrown.- Parameters:
authentication- The authentication informationaction- The actionoriginalRequest- The requestlistener- The listener that gets called. A call toActionListener.onResponse(Object)indicates success
-
remoteActionDenied
public ElasticsearchSecurityException remoteActionDenied(Authentication authentication, String action, String clusterAlias) -
addSettings
-