Class DefaultAuthenticationFailureHandler

java.lang.Object
org.elasticsearch.xpack.core.security.authc.DefaultAuthenticationFailureHandler
All Implemented Interfaces:
AuthenticationFailureHandler

public class DefaultAuthenticationFailureHandler extends Object implements AuthenticationFailureHandler
The default implementation of a AuthenticationFailureHandler. This handler will return an exception with a RestStatus of 401 and default failure response headers like 'WWW-Authenticate'
  • Constructor Details

    • DefaultAuthenticationFailureHandler

      public DefaultAuthenticationFailureHandler(Map<String,List<String>> failureResponseHeaders)
      Constructs default authentication failure handler with provided default response headers.
      Parameters:
      failureResponseHeaders - Map of header key and list of header values to be sent as failure response.
      See Also:
  • Method Details

    • setHeaders

      public void setHeaders(Map<String,List<String>> failureResponseHeaders)
      This method is called when failureResponseHeaders need to be set (at startup) or updated (if license state changes)
      Parameters:
      failureResponseHeaders - the Map of failure response headers to be set
    • failedAuthentication

      public ElasticsearchSecurityException failedAuthentication(HttpPreRequest request, AuthenticationToken token, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      This method is called when there has been an authentication failure for the given REST request and authentication token.
      Specified by:
      failedAuthentication in interface AuthenticationFailureHandler
      Parameters:
      request - The request that was being authenticated when the exception occurred
      token - The token that was extracted from the request
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message
    • failedAuthentication

      public ElasticsearchSecurityException failedAuthentication(TransportMessage message, AuthenticationToken token, String action, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      This method is called when there has been an authentication failure for the given message and token
      Specified by:
      failedAuthentication in interface AuthenticationFailureHandler
      Parameters:
      message - The transport message that could not be authenticated
      token - The token that was extracted from the message
      action - The name of the action that the message is trying to perform
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message
    • exceptionProcessingRequest

      public ElasticsearchSecurityException exceptionProcessingRequest(HttpPreRequest request, Exception e, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      The method is called when an exception has occurred while processing the REST request. This could be an error that occurred while attempting to extract a token or while attempting to authenticate the request
      Specified by:
      exceptionProcessingRequest in interface AuthenticationFailureHandler
      Parameters:
      request - The request that was being authenticated when the exception occurred
      e - The exception that was thrown
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message
    • exceptionProcessingRequest

      public ElasticsearchSecurityException exceptionProcessingRequest(TransportMessage message, String action, Exception e, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      The method is called when an exception has occurred while processing the transport message. This could be an error that occurred while attempting to extract a token or while attempting to authenticate the request
      Specified by:
      exceptionProcessingRequest in interface AuthenticationFailureHandler
      Parameters:
      message - The message that was being authenticated when the exception occurred
      action - The name of the action that the message is trying to perform
      e - The exception that was thrown
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message
    • missingToken

      public ElasticsearchSecurityException missingToken(HttpPreRequest request, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      This method is called when a REST request is received and no authentication token could be extracted AND anonymous access is disabled. If anonymous access is enabled, this method will not be called
      Specified by:
      missingToken in interface AuthenticationFailureHandler
      Parameters:
      request - The request that did not have a token
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message
    • missingToken

      public ElasticsearchSecurityException missingToken(TransportMessage message, String action, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      This method is called when a transport message is received and no authentication token could be extracted AND anonymous access is disabled. If anonymous access is enabled this method will not be called
      Specified by:
      missingToken in interface AuthenticationFailureHandler
      Parameters:
      message - The message that did not have a token
      action - The name of the action that the message is trying to perform
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message
    • authenticationRequired

      public ElasticsearchSecurityException authenticationRequired(String action, ThreadContext context)
      Description copied from interface: AuthenticationFailureHandler
      This method is called when anonymous access is enabled, a request does not pass authorization with the anonymous user, AND the anonymous service is configured to throw an authentication exception instead of an authorization exception
      Specified by:
      authenticationRequired in interface AuthenticationFailureHandler
      Parameters:
      action - the action that failed authorization for anonymous access
      context - The context of the request that failed authentication that could not be authenticated
      Returns:
      ElasticsearchSecurityException with the appropriate headers and message