Class AuthenticationService

java.lang.Object
org.elasticsearch.xpack.security.authc.AuthenticationService

public class AuthenticationService extends Object
An authentication service that delegates the authentication process to its configured realms. This service also supports request level caching of authenticated users (i.e. once a user authenticated successfully, it is set on the request context to avoid subsequent redundant authentication process)
  • Constructor Details

  • Method Details

    • authenticate

      public void authenticate(HttpPreRequest request, ActionListener<Authentication> authenticationListener)
      Authenticates the user that is associated with the given request. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the request's context. This method will authenticate as the anonymous user if the service is configured to allow anonymous access.
      Parameters:
      request - The request to be authenticated
    • authenticate

      public void authenticate(HttpPreRequest request, boolean allowAnonymous, ActionListener<Authentication> authenticationListener)
      Authenticates the user that is associated with the given request. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the request's context. This method will optionally, authenticate as the anonymous user if the service is configured to allow anonymous access.
      Parameters:
      request - The request to be authenticated
      allowAnonymous - If false, then authentication will not fallback to anonymous. If true, then authentication will fallback to anonymous, if this service is configured to allow anonymous access.
    • authenticate

      public void authenticate(String action, TransportRequest transportRequest, User fallbackUser, ActionListener<Authentication> listener)
      Authenticates the user that is associated with the given message. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the message's context. If no user was found to be attached to the given message, then the given fallback user will be returned instead.
      Parameters:
      action - The action of the message
      transportRequest - The request to be authenticated
      fallbackUser - The default user that will be assumed if no other user is attached to the message. May not be null.
    • authenticate

      public void authenticate(String action, TransportRequest transportRequest, boolean allowAnonymous, ActionListener<Authentication> listener)
      Authenticates the user that is associated with the given message. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the message's context. If no user or credentials are found to be attached to the given message, and the caller allows anonymous access (allowAnonymous parameter), and this service is configured for anonymous access, then the anonymous user will be returned instead.
      Parameters:
      action - The action of the message
      transportRequest - The request to be authenticated
      allowAnonymous - Whether to permit anonymous access for this request (this only relevant if the service is configured for anonymous access).
    • authenticate

      public void authenticate(String action, TransportRequest transportRequest, AuthenticationToken token, ActionListener<Authentication> listener)
      Authenticates the user based on the contents of the token that is provided as parameter. This will not look at the values in the ThreadContext for Authentication.
      Parameters:
      action - The action of the message
      transportRequest - The message that resulted in this authenticate call
      token - The token (credentials) to be authenticated
    • expire

      public void expire(String principal)
    • expireAll

      public void expireAll()
    • onSecurityIndexStateChange

      public void onSecurityIndexStateChange(SecurityIndexManager.State previousState, SecurityIndexManager.State currentState)
    • addSettings

      public static void addSettings(List<Setting<?>> settings)