- All Implemented Interfaces:
Comparable<Realm>
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic interfaceA factory interface to construct a security realm. -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final RealmConfigprotected final org.apache.logging.log4j.Logger -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionabstract voidauthenticate(AuthenticationToken token, ActionListener<AuthenticationResult<User>> listener) Authenticates the given token in an asynchronous fashion.final intEach realm can define response headers to be sent on failure.voidinitialize(Iterable<Realm> realms, XPackLicenseState licenseState) This allows realms to be aware of what other realms are configured.abstract voidlookupUser(String username, ActionListener<User> listener) Looks up the user identified the String identifier.name()intorder()realmRef()voidsetRealmRef(Authentication.RealmRef realmRef) Must be called only once by the realms initialization logic, soon after thisRealmis constructed, in order to link in the realm domain details, which may refer to any of the other realms.abstract booleansupports(AuthenticationToken token) abstract AuthenticationTokentoken(ThreadContext context) Attempts to extract an authentication token from the given context.toString()type()voidusageStats(ActionListener<Map<String, Object>> listener)
-
Field Details
-
logger
protected final org.apache.logging.log4j.Logger logger -
config
-
-
Constructor Details
-
Realm
-
-
Method Details
-
type
- Returns:
- The type of this realm
-
name
- Returns:
- The name of this realm.
-
order
public int order()- Returns:
- The order of this realm within the executing realm chain.
-
getAuthenticationFailureHeaders
Each realm can define response headers to be sent on failure.By default it adds 'WWW-Authenticate' header with auth scheme 'Basic'.
- Returns:
- Map of authentication failure response headers.
-
compareTo
- Specified by:
compareToin interfaceComparable<Realm>
-
supports
- Returns:
trueif this realm supports the given authentication token,falseotherwise.
-
token
Attempts to extract an authentication token from the given context. If an appropriate token is found it's returned, otherwisenullis returned.- Parameters:
context- The context that will provide information about the incoming request- Returns:
- The authentication token or
nullif not found
-
authenticate
public abstract void authenticate(AuthenticationToken token, ActionListener<AuthenticationResult<User>> listener) Authenticates the given token in an asynchronous fashion.A successful authentication will call
ActionListener.onResponse(Response)with asuccessfulresult, which includes the user associated with the given token.
If the realm does not support, or cannot handle the token, it will callActionListener.onResponse(Response)with anot-handledresult. This can include cases where the token identifies as user that is not known by this realm.
If the realm can handle the token, but authentication failed it will typically callActionListener.onResponse(Response)with afailureresult, which includes a diagnostic message regarding the failure. This can include cases where the token identifies a valid user, but has an invalid password.
If the realm wishes to assert that it has the exclusive right to handle the provided token, but authentication was not successful it typically callActionListener.onResponse(Response)with aterminationresult, which includes a diagnostic message regarding the failure. This can include cases where the token identifies a valid user, but has an invalid password and no other realm is allowed to authenticate that user.The remote address should be
nullif the request initiated from the local node.- Parameters:
token- The authentication tokenlistener- The listener to pass the authentication result to
-
lookupUser
Looks up the user identified the String identifier. A successful lookup will call theActionListener.onResponse(Response)with theUseridentified by the username. An unsuccessful lookup call withnullas the argument. If lookup is not supported, simply returnnullwhen called.- Parameters:
username- the String identifier for the userlistener- The listener to pass the lookup result to
-
usageStats
-
setRealmRef
Must be called only once by the realms initialization logic, soon after thisRealmis constructed, in order to link in the realm domain details, which may refer to any of the other realms. -
realmRef
-
toString
-
initialize
This allows realms to be aware of what other realms are configured.- See Also:
-