Module org.elasticsearch.xcore
Interface SecurityExtension
public interface SecurityExtension
An SPI extension point allowing to plug in custom functionality in x-pack authentication module.
-
Nested Class Summary
Nested ClassesModifier and TypeInterfaceDescriptionstatic interfaceThis interface provides access to components (clients and services) that may be used within custom realms and role providers. -
Method Summary
Modifier and TypeMethodDescriptiondefault Stringdefault AuthenticationFailureHandlerReturns a handler for authentication failures, or null to use the default handler.default AuthorizationEnginegetAuthorizationEngine(Settings settings) Returns a authorization engine for authorizing requests, or null to use the default authorization mechanism.default Map<String, Realm.Factory> getRealms(SecurityExtension.SecurityComponents components) Returns authentication realm implementations added by this extension.default List<BiConsumer<Set<String>, ActionListener<RoleRetrievalResult>>> Returns an ordered list of role providers that are used to resolve role names toRoleDescriptorobjects.
-
Method Details
-
getRealms
Returns authentication realm implementations added by this extension. The key of the returnedMapis the type name of the realm, and the value is aRealm.Factorywhich will construct that realm for use in authentication when that realm type is configured.- Parameters:
components- Access to components that may be used to build realms
-
getAuthenticationFailureHandler
default AuthenticationFailureHandler getAuthenticationFailureHandler(SecurityExtension.SecurityComponents components) Returns a handler for authentication failures, or null to use the default handler. Only one installed extension may have an authentication failure handler. If more than one extension returns a non-null handler, an error is raised.- Parameters:
components- Access to components that may be used to build the handler
-
getRolesProviders
default List<BiConsumer<Set<String>,ActionListener<RoleRetrievalResult>>> getRolesProviders(SecurityExtension.SecurityComponents components) Returns an ordered list of role providers that are used to resolve role names toRoleDescriptorobjects. Each provider is invoked in order to resolve any role names not resolved by the reserved or native roles stores. Each role provider is represented as aBiConsumerwhich takes a set of roles to resolve as the first parameter to consume and anActionListeneras the second parameter to consume. The implementation of the role provider should be asynchronous if the computation is lengthy or any disk and/or network I/O is involved. The implementation is responsible for resolving whatever roles it can into a set ofRoleDescriptorinstances. If successful, the implementation must wrap the set ofRoleDescriptorinstances in aRoleRetrievalResultusingRoleRetrievalResult.success(Set)and then invokeActionListener.onResponse(Object). If a failure was encountered, the implementation should wrap the failure in aRoleRetrievalResultusingRoleRetrievalResult.failure(Exception)and then invokeActionListener.onResponse(Object)unless the failure needs to terminate the request, in which case the implementation should invokeActionListener.onFailure(Exception). By default, an empty list is returned.- Parameters:
components- Access to components that may be used to build roles
-
getAuthorizationEngine
Returns a authorization engine for authorizing requests, or null to use the default authorization mechanism. Only one installed extension may have an authorization engine. If more than one extension returns a non-null authorization engine, an error is raised.- Parameters:
settings- The configured settings for the node
-
extensionName
-