Class SecuritySearchOperationListener

java.lang.Object
org.elasticsearch.xpack.security.authz.SecuritySearchOperationListener
All Implemented Interfaces:
SearchOperationListener

public final class SecuritySearchOperationListener extends Object implements SearchOperationListener
A SearchOperationListener that is used to provide authorization for scroll requests.

In order to identify the user associated with a scroll request, we replace the ReaderContext on creation with a custom implementation that holds the Authentication object. When this context is accessed again in SearchOperationListener.onPreQueryPhase(SearchContext) the ScrollContext is inspected for the authentication, which is compared to the currently authentication.