Module org.elasticsearch.security
Class KerberosRealm
java.lang.Object
org.elasticsearch.xpack.core.security.authc.Realm
org.elasticsearch.xpack.security.authc.kerberos.KerberosRealm
- All Implemented Interfaces:
Comparable<Realm>,CachingRealm
This class provides support for Kerberos authentication using spnego
mechanism.
It provides support to extract kerberos ticket using
KerberosAuthenticationToken.extractToken(String) to build
KerberosAuthenticationToken and then authenticating user when
KerberosTicketValidator validates the ticket.
On successful authentication, it will build User object populated
with roles and will return AuthenticationResult with user object. On
authentication failure, it will return AuthenticationResult with
status to terminate authentication process.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.elasticsearch.xpack.core.security.authc.Realm
Realm.Factory -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionKerberosRealm(RealmConfig config, UserRoleMapper userRoleMapper, ThreadPool threadPool) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(AuthenticationToken token, ActionListener<AuthenticationResult<User>> listener) voidvoidvoidinitialize(Iterable<Realm> realms, XPackLicenseState licenseState) voidlookupUser(String username, ActionListener<User> listener) booleansupports(AuthenticationToken token) token(ThreadContext context) Methods inherited from class org.elasticsearch.xpack.core.security.authc.Realm
compareTo, name, order, realmRef, setRealmRef, toString, type, usageStatsMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, waitMethods inherited from interface org.elasticsearch.xpack.core.security.authc.support.CachingRealm
name
-
Field Details
-
KRB_METADATA_REALM_NAME_KEY
- See Also:
-
KRB_METADATA_UPN_KEY
- See Also:
-
-
Constructor Details
-
KerberosRealm
-
-
Method Details
-
initialize
- Overrides:
initializein classRealm
-
getAuthenticationFailureHeaders
- Overrides:
getAuthenticationFailureHeadersin classRealm
-
expire
- Specified by:
expirein interfaceCachingRealm
-
expireAll
public void expireAll()- Specified by:
expireAllin interfaceCachingRealm
-
supports
-
token
-
authenticate
public void authenticate(AuthenticationToken token, ActionListener<AuthenticationResult<User>> listener) - Specified by:
authenticatein classRealm
-
lookupUser
- Specified by:
lookupUserin classRealm
-