Module org.elasticsearch.security
Class DnRoleMapper
java.lang.Object
org.elasticsearch.xpack.security.authc.support.mapper.AbstractRoleMapperClearRealmCache
org.elasticsearch.xpack.security.authc.support.DnRoleMapper
- All Implemented Interfaces:
UserRoleMapper
This class loads and monitors the file defining the mappings of DNs to internal ES Roles.
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper
UserRoleMapper.DistinguishedNameNormalizer, UserRoleMapper.DistinguishedNamePredicate, UserRoleMapper.UserData -
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionparseFile(Path path, org.apache.logging.log4j.Logger logger, String realmType, String realmName, boolean strict) parseFileLenient(Path path, org.apache.logging.log4j.Logger logger, String realmType, String realmName) Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by logging the error and skipping/removing all mappings.static PathresolveFile(RealmConfig realmConfig) resolveRoles(String userDnString, Collection<String> groupDns) This will map the groupDN's to ES RolesvoidresolveRoles(UserRoleMapper.UserData user, ActionListener<Set<String>> listener) Methods inherited from class org.elasticsearch.xpack.security.authc.support.mapper.AbstractRoleMapperClearRealmCache
clearRealmCacheOnChange, clearRealmCachesOnAllNodes, clearRealmCachesOnLocalNode
-
Field Details
-
config
-
-
Constructor Details
-
DnRoleMapper
-
-
Method Details
-
resolveFile
-
parseFileLenient
public static Map<String,List<String>> parseFileLenient(Path path, org.apache.logging.log4j.Logger logger, String realmType, String realmName) Internally in this class, we try to load the file, but if for some reason we can't, we're being more lenient by logging the error and skipping/removing all mappings. This is aligned with how we handle other auto-loaded files in security. -
parseFile
-
resolveRoles
-
resolveRoles
This will map the groupDN's to ES Roles
-