Module org.elasticsearch.security
Class UpdateRequestInterceptor
java.lang.Object
org.elasticsearch.xpack.security.authz.interceptor.UpdateRequestInterceptor
- All Implemented Interfaces:
RequestInterceptor
A request interceptor that fails update request if field or document level security is enabled.
It can be dangerous for users if document where to be update via a role that has fls or dls enabled, because only the fields that a role can see would be used to perform the update and without knowing the user may remove the other fields, not visible for him, from the document being updated.
-
Constructor Summary
ConstructorsConstructorDescriptionUpdateRequestInterceptor(ThreadPool threadPool, XPackLicenseState licenseState) -
Method Summary
Modifier and TypeMethodDescriptionintercept(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine authorizationEngine, AuthorizationEngine.AuthorizationInfo authorizationInfo) This interceptor will introspect the request and potentially modify it.booleansupports(IndicesRequest request)
-
Constructor Details
-
UpdateRequestInterceptor
-
-
Method Details
-
supports
-
intercept
public SubscribableListener<Void> intercept(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine authorizationEngine, AuthorizationEngine.AuthorizationInfo authorizationInfo) Description copied from interface:RequestInterceptorThis interceptor will introspect the request and potentially modify it. If the interceptor does not apply to the request then the request will not be modified.- Specified by:
interceptin interfaceRequestInterceptor
-