java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.jwt.JwtRealm
- All Implemented Interfaces:
Closeable,AutoCloseable,Comparable<Realm>,org.elasticsearch.core.Releasable,CachingRealm,ReloadableSecurityComponent
public class JwtRealm
extends Realm
implements CachingRealm, ReloadableSecurityComponent, org.elasticsearch.core.Releasable
JWT realms supports JWTs as bearer tokens for authenticating to Elasticsearch.
For security, it is recommended to authenticate the client too.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.elasticsearch.xpack.core.security.authc.Realm
Realm.Factory -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionJwtRealm(RealmConfig realmConfig, SSLService sslService, UserRoleMapper userRoleMapper) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener) voidclose()Clean up JWT cache (if enabled).voidvoidvoidinitialize(Iterable<Realm> allRealms, XPackLicenseState xpackLicenseState) If X-pack licensing allows it, initialize delegated authorization support.voidlookupUser(String username, ActionListener<User> listener) voidCalled when a reload security settings action is executed.booleansupports(AuthenticationToken jwtAuthenticationToken) token(ThreadContext threadContext) voidusageStats(ActionListener<Map<String, Object>> listener) Methods inherited from class org.elasticsearch.xpack.core.security.authc.Realm
compareTo, getAuthenticationFailureHeaders, name, order, realmRef, setRealmRef, toString, typeMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.elasticsearch.xpack.core.security.authc.support.CachingRealm
name
-
Field Details
-
HEADER_END_USER_AUTHENTICATION
- See Also:
-
HEADER_CLIENT_AUTHENTICATION
- See Also:
-
HEADER_END_USER_AUTHENTICATION_SCHEME
- See Also:
-
-
Constructor Details
-
JwtRealm
public JwtRealm(RealmConfig realmConfig, SSLService sslService, UserRoleMapper userRoleMapper) throws SettingsException - Throws:
SettingsException
-
-
Method Details
-
initialize
If X-pack licensing allows it, initialize delegated authorization support.- Overrides:
initializein classRealm- Parameters:
allRealms- List of all realms containing authorization realms for this JWT realm.xpackLicenseState- X-pack license state.
-
close
public void close()Clean up JWT cache (if enabled). Clean up HTTPS client cache (if enabled).- Specified by:
closein interfaceAutoCloseable- Specified by:
closein interfaceCloseable- Specified by:
closein interfaceorg.elasticsearch.core.Releasable
-
lookupUser
- Specified by:
lookupUserin classRealm
-
expire
- Specified by:
expirein interfaceCachingRealm
-
expireAll
public void expireAll()- Specified by:
expireAllin interfaceCachingRealm
-
token
-
supports
-
authenticate
public void authenticate(AuthenticationToken authenticationToken, ActionListener<AuthenticationResult<User>> listener) - Specified by:
authenticatein classRealm
-
usageStats
- Overrides:
usageStatsin classRealm
-
reload
Description copied from interface:ReloadableSecurityComponentCalled when a reload security settings action is executed. The reload operation must be completed when this method returns. Strictly speaking, thesettingsargument should not be accessed outside of this method's call stack, as any values stored in the node's keystore (seeSecureSetting) will not otherwise be retrievable.There is no guarantee that the secure setting's values have actually changed. Hence, it's up to implementor to detect if the actual internal reloading is necessary.
Any failure during the reloading should be signaled by raising an exception.
For additional info, see also:
ReloadablePlugin.reload(Settings).- Specified by:
reloadin interfaceReloadableSecurityComponent- Parameters:
settings- Settings include the initial node's settings and all decrypted secure settings from the keystore. Absence of a particular secure setting may mean that the setting was either never configured or that it was simply removed.
-