Interface SecurityExtension


public interface SecurityExtension
An SPI extension point allowing to plug in custom functionality in x-pack authentication module.
  • Method Details

    • getRealms

      Returns authentication realm implementations added by this extension. The key of the returned Map is the type name of the realm, and the value is a Realm.Factory which will construct that realm for use in authentication when that realm type is configured.
      Parameters:
      components - Access to components that may be used to build realms
    • getAuthenticationFailureHandler

      default AuthenticationFailureHandler getAuthenticationFailureHandler(SecurityExtension.SecurityComponents components)
      Returns a handler for authentication failures, or null to use the default handler. Only one installed extension may have an authentication failure handler. If more than one extension returns a non-null handler, an error is raised.
      Parameters:
      components - Access to components that may be used to build the handler
    • getRolesProviders

      Returns an ordered list of role providers that are used to resolve role names to RoleDescriptor objects. Each provider is invoked in order to resolve any role names not resolved by the reserved or native roles stores. Each role provider is represented as a BiConsumer which takes a set of roles to resolve as the first parameter to consume and an ActionListener as the second parameter to consume. The implementation of the role provider should be asynchronous if the computation is lengthy or any disk and/or network I/O is involved. The implementation is responsible for resolving whatever roles it can into a set of RoleDescriptor instances. If successful, the implementation must wrap the set of RoleDescriptor instances in a RoleRetrievalResult using RoleRetrievalResult.success(Set) and then invoke ActionListener.onResponse(Object). If a failure was encountered, the implementation should wrap the failure in a RoleRetrievalResult using RoleRetrievalResult.failure(Exception) and then invoke ActionListener.onResponse(Object) unless the failure needs to terminate the request, in which case the implementation should invoke ActionListener.onFailure(Exception). By default, an empty list is returned.
      Parameters:
      components - Access to components that may be used to build roles
    • getAuthorizationEngine

      default AuthorizationEngine getAuthorizationEngine(Settings settings)
      Returns a authorization engine for authorizing requests, or null to use the default authorization mechanism. Only one installed extension may have an authorization engine. If more than one extension returns a non-null authorization engine, an error is raised.
      Parameters:
      settings - The configured settings for the node
    • extensionName

      default String extensionName()