Module org.elasticsearch.security
Class SecurityBaseRestHandler
java.lang.Object
org.elasticsearch.rest.BaseRestHandler
org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler
- All Implemented Interfaces:
RestHandler
- Direct Known Subclasses:
EnrollmentBaseRestHandler,OpenIdConnectBaseRestHandler,RestActivateProfileAction,RestAuthenticateAction,RestBulkDeleteRolesAction,RestBulkPutRolesAction,RestBulkUpdateApiKeyAction,RestChangePasswordAction,RestClearApiKeyCacheAction,RestClearPrivilegesCacheAction,RestClearRealmCacheAction,RestClearRolesCacheAction,RestClearServiceAccountTokenStoreCacheAction,RestCreateApiKeyAction,RestCreateCrossClusterApiKeyAction,RestCreateServiceAccountTokenAction,RestDelegatePkiAuthenticationAction,RestDeletePrivilegesAction,RestDeleteRoleAction,RestDeleteRoleMappingAction,RestDeleteServiceAccountTokenAction,RestDeleteUserAction,RestDisableProfileAction,RestEnableProfileAction,RestGetApiKeyAction,RestGetBuiltinPrivilegesAction,RestGetPrivilegesAction,RestGetProfilesAction,RestGetRoleMappingsAction,RestGetRolesAction,RestGetSecuritySettingsAction,RestGetServiceAccountAction,RestGetServiceAccountCredentialsAction,RestGetTokenAction,RestGetUserPrivilegesAction,RestGetUsersAction,RestGrantApiKeyAction,RestHasPrivilegesAction,RestInvalidateApiKeyAction,RestInvalidateTokenAction,RestProfileHasPrivilegesAction,RestPutPrivilegesAction,RestPutRoleAction,RestPutRoleMappingAction,RestPutUserAction,RestQueryApiKeyAction,RestQueryRoleAction,RestQueryUserAction,RestSetEnabledAction,RestSuggestProfilesAction,RestUpdateApiKeyAction,RestUpdateCrossClusterApiKeyAction,RestUpdateProfileDataAction,RestUpdateSecuritySettingsAction,SamlBaseRestHandler
Base class for security rest handlers. This handler takes care of ensuring that the license
level is valid so that security can be used!
-
Nested Class Summary
Nested classes/interfaces inherited from class org.elasticsearch.rest.BaseRestHandler
BaseRestHandler.RequestBodyChunkConsumer, BaseRestHandler.RestChannelConsumerNested classes/interfaces inherited from interface org.elasticsearch.rest.RestHandler
RestHandler.Route -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected static final org.elasticsearch.xcontent.ConstructingObjectParser<Grant.ClientAuthentication, Void> protected final XPackLicenseStateprotected final SettingsFields inherited from class org.elasticsearch.rest.BaseRestHandler
MULTI_ALLOW_EXPLICIT_INDEX -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedSecurityBaseRestHandler(Settings settings, XPackLicenseState licenseState) -
Method Summary
Modifier and TypeMethodDescriptionfinal ExceptioncheckFeatureAvailable(RestRequest request) Check whether the given request is allowed within the current license state and setup, and return the name of any unlicensed feature.protected static SecureStringgetSecureString(org.elasticsearch.xcontent.XContentParser parser) protected ExceptioninnerCheckFeatureAvailable(RestRequest request) Implementers should implement this method when sub-classes have additional license requirements.protected abstract BaseRestHandler.RestChannelConsumerinnerPrepareRequest(RestRequest request, NodeClient client) Implementers should implement this method as they normally would forBaseRestHandler.prepareRequest(RestRequest, NodeClient)and ensure that all request parameters are consumed prior to returning a value.protected final BaseRestHandler.RestChannelConsumerprepareRequest(RestRequest request, NodeClient client) Calls thecheckFeatureAvailable(RestRequest)method to check whether the feature is available based on settings and license state.Methods inherited from class org.elasticsearch.rest.BaseRestHandler
getName, getUsageCount, handleRequest, responseParams, responseParams, routes, unrecognizedMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.elasticsearch.rest.RestHandler
allowSystemIndexAccessByDefault, allSupportedParameters, canTripCircuitBreaker, getConcreteRestHandler, getServerlessScope, mediaTypesValid, supportedCapabilities, supportedQueryParameters, supportsBulkContent
-
Field Details
-
CLIENT_AUTHENTICATION_PARSER
protected static final org.elasticsearch.xcontent.ConstructingObjectParser<Grant.ClientAuthentication,Void> CLIENT_AUTHENTICATION_PARSER -
settings
-
licenseState
-
-
Constructor Details
-
SecurityBaseRestHandler
- Parameters:
settings- the node's settingslicenseState- the license state that will be used to determine if security is licensed
-
-
Method Details
-
getSecureString
protected static SecureString getSecureString(org.elasticsearch.xcontent.XContentParser parser) throws IOException - Throws:
IOException
-
prepareRequest
protected final BaseRestHandler.RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException Calls thecheckFeatureAvailable(RestRequest)method to check whether the feature is available based on settings and license state. If allowed, the result frominnerPrepareRequest(RestRequest, NodeClient)is returned, otherwise a default error response will be returned indicating that security is not licensed. Note: If the license check fails we consume the request content and parameters so that we do not trip the unused parameters check- Specified by:
prepareRequestin classBaseRestHandler- Throws:
IOException
-
checkFeatureAvailable
Check whether the given request is allowed within the current license state and setup, and return the name of any unlicensed feature. By default this returns an exception if security is not enabled. Sub-classes can overrideinnerCheckFeatureAvailable(RestRequest)if they have additional requirements.- Returns:
nullif all required features are available, otherwise an exception to be sent to the requester
-
innerCheckFeatureAvailable
Implementers should implement this method when sub-classes have additional license requirements. -
innerPrepareRequest
protected abstract BaseRestHandler.RestChannelConsumer innerPrepareRequest(RestRequest request, NodeClient client) throws IOException Implementers should implement this method as they normally would forBaseRestHandler.prepareRequest(RestRequest, NodeClient)and ensure that all request parameters are consumed prior to returning a value. This method is executed only if the check fromcheckFeatureAvailable(RestRequest)passes.- Throws:
IOException
-