Class AuthorizationUtils

java.lang.Object
org.elasticsearch.xpack.security.authz.AuthorizationUtils

public final class AuthorizationUtils extends Object
  • Method Details

    • shouldReplaceUserWithSystem

      public static boolean shouldReplaceUserWithSystem(ThreadContext threadContext, String action)
      This method is used to determine if a request should be executed as the system user, even if the request already has a user associated with it. In order for the user to be replaced by the system user one of the following conditions must be true:
      • the action is an internal action and no user is associated with the request
      • the action is an internal action and the thread context contains a non-internal action as the originating action
      Parameters:
      threadContext - the ThreadContext that contains the headers and context associated with the request
      action - the action name that is being executed
      Returns:
      true if the system user should be used to execute a request
    • shouldSetUserBasedOnActionOrigin

      public static boolean shouldSetUserBasedOnActionOrigin(ThreadContext context)
      Returns true if the thread context contains the origin of the action and does not have any authentication
    • switchUserBasedOnActionOriginAndExecute

      public static void switchUserBasedOnActionOriginAndExecute(ThreadContext threadContext, SecurityContext securityContext, TransportVersion version, Consumer<ThreadContext.StoredContext> consumer)
      Stashes the current context and executes the consumer as the proper user based on the origin of the action. This method knows nothing about listeners so it is important that callers ensure their listeners preserve their context and restore it appropriately.