Module org.elasticsearch.security
Class AuthenticationService
java.lang.Object
org.elasticsearch.xpack.security.authc.AuthenticationService
An authentication service that delegates the authentication process to its configured
realms.
This service also supports request level caching of authenticated users (i.e. once a user authenticated
successfully, it is set on the request context to avoid subsequent redundant authentication process)-
Nested Class Summary
Nested Classes -
Constructor Summary
ConstructorsConstructorDescriptionAuthenticationService(Settings settings, Realms realms, AuditTrailService auditTrailService, AuthenticationFailureHandler failureHandler, ThreadPool threadPool, AnonymousUser anonymousUser, TokenService tokenService, ApiKeyService apiKeyService, ServiceAccountService serviceAccountService, OperatorPrivileges.OperatorPrivilegesService operatorPrivilegesService, CustomApiKeyAuthenticator customApiKeyAuthenticator, MeterRegistry meterRegistry) -
Method Summary
Modifier and TypeMethodDescriptionstatic voidaddSettings(List<Setting<?>> settings) voidauthenticate(String action, TransportRequest transportRequest, boolean allowAnonymous, ActionListener<Authentication> listener) Authenticates the user that is associated with the given message.voidauthenticate(String action, TransportRequest transportRequest, AuthenticationToken token, ActionListener<Authentication> listener) Authenticates the user based on the contents of the token that is provided as parameter.voidauthenticate(String action, TransportRequest transportRequest, User fallbackUser, ActionListener<Authentication> listener) Authenticates the user that is associated with the given message.voidauthenticate(HttpPreRequest request, boolean allowAnonymous, ActionListener<Authentication> authenticationListener) Authenticates the user that is associated with the given request.voidauthenticate(HttpPreRequest request, ActionListener<Authentication> authenticationListener) Authenticates the user that is associated with the given request.voidvoidvoidonSecurityIndexStateChange(ProjectId projectId, SecurityIndexManager.IndexState previousState, SecurityIndexManager.IndexState currentState)
-
Constructor Details
-
AuthenticationService
public AuthenticationService(Settings settings, Realms realms, AuditTrailService auditTrailService, AuthenticationFailureHandler failureHandler, ThreadPool threadPool, AnonymousUser anonymousUser, TokenService tokenService, ApiKeyService apiKeyService, ServiceAccountService serviceAccountService, OperatorPrivileges.OperatorPrivilegesService operatorPrivilegesService, CustomApiKeyAuthenticator customApiKeyAuthenticator, MeterRegistry meterRegistry)
-
-
Method Details
-
authenticate
public void authenticate(HttpPreRequest request, ActionListener<Authentication> authenticationListener) Authenticates the user that is associated with the given request. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the request's context. This method will authenticate as the anonymous user if the service is configured to allow anonymous access.- Parameters:
request- The request to be authenticated
-
authenticate
public void authenticate(HttpPreRequest request, boolean allowAnonymous, ActionListener<Authentication> authenticationListener) Authenticates the user that is associated with the given request. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the request's context. This method will optionally, authenticate as the anonymous user if the service is configured to allow anonymous access.- Parameters:
request- The request to be authenticatedallowAnonymous- Iffalse, then authentication will not fallback to anonymous. Iftrue, then authentication will fallback to anonymous, if this service is configured to allow anonymous access.
-
authenticate
public void authenticate(String action, TransportRequest transportRequest, User fallbackUser, ActionListener<Authentication> listener) Authenticates the user that is associated with the given message. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the message's context. If no user was found to be attached to the given message, then the given fallback user will be returned instead.- Parameters:
action- The action of the messagetransportRequest- The request to be authenticatedfallbackUser- The default user that will be assumed if no other user is attached to the message. May not benull.
-
authenticate
public void authenticate(String action, TransportRequest transportRequest, boolean allowAnonymous, ActionListener<Authentication> listener) Authenticates the user that is associated with the given message. If the user was authenticated successfully (i.e. a user was indeed associated with the request and the credentials were verified to be valid), the method returns the user and that user is then "attached" to the message's context. If no user or credentials are found to be attached to the given message, and the caller allows anonymous access (allowAnonymousparameter), and this service is configured for anonymous access, then the anonymous user will be returned instead.- Parameters:
action- The action of the messagetransportRequest- The request to be authenticatedallowAnonymous- Whether to permit anonymous access for this request (this only relevant if the service is configured for anonymous access).
-
authenticate
public void authenticate(String action, TransportRequest transportRequest, AuthenticationToken token, ActionListener<Authentication> listener) Authenticates the user based on the contents of the token that is provided as parameter. This will not look at the values in the ThreadContext for Authentication.- Parameters:
action- The action of the messagetransportRequest- The message that resulted in this authenticate calltoken- The token (credentials) to be authenticated
-
expire
-
expireAll
public void expireAll() -
onSecurityIndexStateChange
public void onSecurityIndexStateChange(ProjectId projectId, SecurityIndexManager.IndexState previousState, SecurityIndexManager.IndexState currentState) -
addSettings
-