Module org.elasticsearch.security
Class RealmsAuthenticator
java.lang.Object
org.elasticsearch.xpack.security.authc.RealmsAuthenticator
- All Implemented Interfaces:
Authenticator
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xpack.security.authc.Authenticator
Authenticator.Context -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionRealmsAuthenticator(AtomicLong numInvalidation, Cache<String, Realm> lastSuccessfulAuthCache, MeterRegistry meterRegistry) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthenticate(Authenticator.Context context, ActionListener<AuthenticationResult<Authentication>> listener) Attempt to authenticate current request encapsulated by theAuthenticator.Contextobject.extractCredentials(Authenticator.Context context) Attempt to Extract anAuthenticationTokenfrom the givenAuthenticator.Context.voidlookupRunAsUser(Authenticator.Context context, Authentication authentication, ActionListener<org.elasticsearch.core.Tuple<User, Realm>> listener) Iterates over the realms and attempts to lookup the run as user by the given username.name()A descriptive name of the authenticator.
-
Field Details
-
ATTRIBUTE_REALM_NAME
- See Also:
-
ATTRIBUTE_REALM_TYPE
- See Also:
-
ATTRIBUTE_REALM_AUTHC_FAILURE_REASON
- See Also:
-
-
Constructor Details
-
RealmsAuthenticator
public RealmsAuthenticator(AtomicLong numInvalidation, Cache<String, Realm> lastSuccessfulAuthCache, MeterRegistry meterRegistry)
-
-
Method Details
-
name
Description copied from interface:AuthenticatorA descriptive name of the authenticator.- Specified by:
namein interfaceAuthenticator
-
extractCredentials
Description copied from interface:AuthenticatorAttempt to Extract anAuthenticationTokenfrom the givenAuthenticator.Context.- Specified by:
extractCredentialsin interfaceAuthenticator- Parameters:
context- The context object encapsulating current request and other information relevant for authentication.- Returns:
- An
AuthenticationTokenif one can be extracted or null if this Authenticator cannot extract one.
-
authenticate
public void authenticate(Authenticator.Context context, ActionListener<AuthenticationResult<Authentication>> listener) Description copied from interface:AuthenticatorAttempt to authenticate current request encapsulated by theAuthenticator.Contextobject.- Specified by:
authenticatein interfaceAuthenticator- Parameters:
context- The context object encapsulating current request and other information relevant for authentication.listener- The listener accepts aAuthenticationResultobject indicating the outcome of authentication.
-
lookupRunAsUser
public void lookupRunAsUser(Authenticator.Context context, Authentication authentication, ActionListener<org.elasticsearch.core.Tuple<User, Realm>> listener) Iterates over the realms and attempts to lookup the run as user by the given username. The consumer will be called regardless of if the user is found or not, with a non-null user. We do not fail requests if the run as user is not found as that can leak the names of users that exist using a timing attack
-