Module org.elasticsearch.security
Class SessionFactory
java.lang.Object
org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory
- All Implemented Interfaces:
Closeable,AutoCloseable,ReloadableSecurityComponent
- Direct Known Subclasses:
LdapSessionFactory
public abstract class SessionFactory
extends Object
implements Closeable, ReloadableSecurityComponent
This factory holds settings needed for authenticating to LDAP and creating LdapConnections.
Each created LdapConnection needs to be closed or else connections will pill up consuming
resources.
A standard looking usage pattern could look like this:
ConnectionFactory factory = ...
try (LdapConnection session = factory.session(...)) {
...do stuff with the session
}
-
Nested Class Summary
Nested Classes -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected final RealmConfigprotected final booleanprotected final org.apache.logging.log4j.Loggerprotected final LdapMetadataResolverprotected final com.unboundid.ldap.sdk.ServerSetprotected final SSLServiceprotected final booleanprotected final ThreadPoolprotected final org.elasticsearch.core.TimeValue -
Constructor Summary
ConstructorsModifierConstructorDescriptionprotectedSessionFactory(RealmConfig config, SSLService sslService, ThreadPool threadPool) -
Method Summary
Modifier and TypeMethodDescriptionvoidclose()protected static com.unboundid.ldap.sdk.LDAPConnectionOptionsconnectionOptions(RealmConfig config, SSLService sslService, org.apache.logging.log4j.Logger logger) getDefaultLdapUrls(RealmConfig config) booleanabstract voidsession(String user, SecureString password, ActionListener<LdapSession> listener) Authenticates the given user and opens a new connection that bound to it (meaning, all operations under the returned connection will be executed on behalf of the authenticated user.booleanReturns a flag to indicate if this session factory supports unauthenticated sessions.voidunauthenticatedSession(String username, ActionListener<LdapSession> listener) Returns anLdapSessionfor the user identified by the String parameterMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.elasticsearch.xpack.security.support.ReloadableSecurityComponent
reload
-
Field Details
-
logger
protected final org.apache.logging.log4j.Logger logger -
config
-
timeout
protected final org.elasticsearch.core.TimeValue timeout -
sslService
-
threadPool
-
serverSet
protected final com.unboundid.ldap.sdk.ServerSet serverSet -
sslUsed
protected final boolean sslUsed -
ignoreReferralErrors
protected final boolean ignoreReferralErrors -
metadataResolver
-
-
Constructor Details
-
SessionFactory
-
-
Method Details
-
close
- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Throws:
IOException
-
session
public abstract void session(String user, SecureString password, ActionListener<LdapSession> listener) Authenticates the given user and opens a new connection that bound to it (meaning, all operations under the returned connection will be executed on behalf of the authenticated user.- Parameters:
user- The name of the user to authenticate the connection with.password- The password of the userlistener- the listener to call on a failure or result
-
supportsUnauthenticatedSession
public boolean supportsUnauthenticatedSession()Returns a flag to indicate if this session factory supports unauthenticated sessions. This means that a session can be established without providing any credentials in a call tounauthenticatedSession(String, ActionListener)- Returns:
- true if the factory supports unauthenticated sessions
-
unauthenticatedSession
Returns anLdapSessionfor the user identified by the String parameter- Parameters:
username- the identifier for the userlistener- the listener to call on a failure or result
-
connectionOptions
protected static com.unboundid.ldap.sdk.LDAPConnectionOptions connectionOptions(RealmConfig config, SSLService sslService, org.apache.logging.log4j.Logger logger) -
getDefaultLdapUrls
-
isSslUsed
public boolean isSslUsed()
-