Module org.elasticsearch.security
Interface AuditTrail
- All Known Implementing Classes:
LoggingAuditTrail
public interface AuditTrail
-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionvoidaccessDenied(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) voidaccessGranted(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) voidanonymousAccessDenied(String requestId, String action, TransportRequest transportRequest) voidanonymousAccessDenied(String requestId, HttpPreRequest request) voidauthenticationFailed(String requestId, String action, TransportRequest transportRequest) voidauthenticationFailed(String requestId, String realm, AuthenticationToken token, String action, TransportRequest transportRequest) voidauthenticationFailed(String requestId, String realm, AuthenticationToken token, HttpPreRequest request) voidauthenticationFailed(String requestId, HttpPreRequest request) voidauthenticationFailed(String requestId, AuthenticationToken token, String action, TransportRequest transportRequest) voidauthenticationFailed(String requestId, AuthenticationToken token, HttpPreRequest request) voidauthenticationSuccess(String requestId, Authentication authentication, String action, TransportRequest transportRequest) voidauthenticationSuccess(RestRequest request) voidconnectionDenied(InetSocketAddress inetAddress, String profile, SecurityIpFilterRule rule) voidconnectionGranted(InetSocketAddress inetAddress, String profile, SecurityIpFilterRule rule) TheconnectionGranted(InetSocketAddress, String, SecurityIpFilterRule)andconnectionDenied(InetSocketAddress, String, SecurityIpFilterRule)methods do not have a requestId because they related to a potentially long-lived TCP connection, not a single request.voidcoordinatingActionResponse(String requestId, Authentication authentication, String action, TransportRequest transportRequest, TransportResponse transportResponse) voidexplicitIndexAccessEvent(String requestId, AuditLevel eventType, Authentication authentication, String action, String[] indices, String requestName, InetSocketAddress remoteAddress, AuthorizationEngine.AuthorizationInfo authorizationInfo) This is a "workaround" method to log index "access_granted" and "access_denied" events for actions not tied to aTransportMessage, or when the connection is not 1:1, i.e.name()voidrunAsDenied(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) voidrunAsDenied(String requestId, Authentication authentication, HttpPreRequest request, AuthorizationEngine.AuthorizationInfo authorizationInfo) voidrunAsGranted(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) voidtamperedRequest(String requestId, String action, TransportRequest transportRequest) voidtamperedRequest(String requestId, HttpPreRequest request) voidtamperedRequest(String requestId, Authentication authentication, String action, TransportRequest transportRequest)
-
Field Details
-
X_FORWARDED_FOR_HEADER
- See Also:
-
-
Method Details
-
name
String name() -
authenticationSuccess
-
authenticationSuccess
void authenticationSuccess(String requestId, Authentication authentication, String action, TransportRequest transportRequest) -
anonymousAccessDenied
-
anonymousAccessDenied
-
authenticationFailed
-
authenticationFailed
-
authenticationFailed
void authenticationFailed(String requestId, AuthenticationToken token, String action, TransportRequest transportRequest) -
authenticationFailed
-
authenticationFailed
void authenticationFailed(String requestId, String realm, AuthenticationToken token, String action, TransportRequest transportRequest) -
authenticationFailed
void authenticationFailed(String requestId, String realm, AuthenticationToken token, HttpPreRequest request) -
accessGranted
void accessGranted(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) -
accessDenied
void accessDenied(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) -
tamperedRequest
-
tamperedRequest
-
tamperedRequest
void tamperedRequest(String requestId, Authentication authentication, String action, TransportRequest transportRequest) -
connectionGranted
TheconnectionGranted(InetSocketAddress, String, SecurityIpFilterRule)andconnectionDenied(InetSocketAddress, String, SecurityIpFilterRule)methods do not have a requestId because they related to a potentially long-lived TCP connection, not a single request. For both Transport and Rest connections, a single connection granted/denied event is generated even if that connection is used for multiple Elasticsearch actions (potentially as different users) -
connectionDenied
-
runAsGranted
void runAsGranted(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) -
runAsDenied
void runAsDenied(String requestId, Authentication authentication, String action, TransportRequest transportRequest, AuthorizationEngine.AuthorizationInfo authorizationInfo) -
runAsDenied
void runAsDenied(String requestId, Authentication authentication, HttpPreRequest request, AuthorizationEngine.AuthorizationInfo authorizationInfo) -
explicitIndexAccessEvent
void explicitIndexAccessEvent(String requestId, AuditLevel eventType, Authentication authentication, String action, String[] indices, String requestName, InetSocketAddress remoteAddress, AuthorizationEngine.AuthorizationInfo authorizationInfo) This is a "workaround" method to log index "access_granted" and "access_denied" events for actions not tied to aTransportMessage, or when the connection is not 1:1, i.e. several audit events for an action associated with the same message. It is currently only used to audit the resolved index (alias) name for eachBulkItemRequestcomprised by aBulkShardRequest. We should strive to not use this and TODO refactor it out! -
coordinatingActionResponse
void coordinatingActionResponse(String requestId, Authentication authentication, String action, TransportRequest transportRequest, TransportResponse transportResponse)
-