Module org.elasticsearch.security
Class SecuritySearchOperationListener
java.lang.Object
org.elasticsearch.xpack.security.authz.SecuritySearchOperationListener
- All Implemented Interfaces:
SearchOperationListener
public final class SecuritySearchOperationListener
extends Object
implements SearchOperationListener
A
SearchOperationListener that is used to provide authorization for scroll requests.
In order to identify the user associated with a scroll request, we replace the ReaderContext
on creation with a custom implementation that holds the Authentication object. When
this context is accessed again in SearchOperationListener.onPreQueryPhase(SearchContext)
the ScrollContext is inspected for the authentication, which is compared to the currently
authentication.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.index.shard.SearchOperationListener
SearchOperationListener.CompositeListener -
Constructor Summary
ConstructorsConstructorDescriptionSecuritySearchOperationListener(SecurityContext securityContext, AuditTrailService auditTrail) -
Method Summary
Modifier and TypeMethodDescriptionvoidonNewScrollContext(ReaderContext readerContext) Adds theAuthenticationto theScrollContextvoidonPreFetchPhase(SearchContext searchContext) voidonPreQueryPhase(SearchContext searchContext) voidvalidateReaderContext(ReaderContext readerContext, TransportRequest request) Checks for theReaderContextif it exists and compares theAuthenticationobject from the scroll context with the current authentication contextMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.elasticsearch.index.shard.SearchOperationListener
onFailedFetchPhase, onFailedQueryPhase, onFetchPhase, onFreeReaderContext, onFreeScrollContext, onNewReaderContext, onQueryPhase
-
Constructor Details
-
SecuritySearchOperationListener
public SecuritySearchOperationListener(SecurityContext securityContext, AuditTrailService auditTrail)
-
-
Method Details
-
onNewScrollContext
Adds theAuthenticationto theScrollContext- Specified by:
onNewScrollContextin interfaceSearchOperationListener
-
validateReaderContext
Checks for theReaderContextif it exists and compares theAuthenticationobject from the scroll context with the current authentication context- Specified by:
validateReaderContextin interfaceSearchOperationListener
-
onPreFetchPhase
- Specified by:
onPreFetchPhasein interfaceSearchOperationListener
-
onPreQueryPhase
- Specified by:
onPreQueryPhasein interfaceSearchOperationListener
-