Module org.elasticsearch.xcore
Class UserRoleMapper.DistinguishedNamePredicate
java.lang.Object
org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper.DistinguishedNamePredicate
- All Implemented Interfaces:
Predicate<FieldExpression.FieldValue>
- Enclosing interface:
UserRoleMapper
public static class UserRoleMapper.DistinguishedNamePredicate
extends Object
implements Predicate<FieldExpression.FieldValue>
A specialised predicate for fields that might be a DistinguishedName (e.g "dn" or "groups").
The X500 specs define how to compare DistinguishedNames (but we mostly rely on
DN.equals(Object)),
which means "CN=me,DC=example,DC=com" should be equal to "cn=me, dc=Example, dc=COM" (and other variations).
The FieldExpression class doesn't know about special rules for special data types, but the
ExpressionModel class can take a custom Predicate that tests whether the data in the model
matches the value in the expression.
The string constructor parameter may or may not actually parse as a DN - the "dn" field should
always be a DN, however groups will be a DN if they're from an LDAP/AD realm, but often won't be for a SAML realm.
Because the FieldExpression.FieldValue might be a pattern (automaton),
we sometimes need to do more complex matching than just comparing a DN for equality.-
Constructor Summary
ConstructorsConstructorDescriptionDistinguishedNamePredicate(String string, UserRoleMapper.DistinguishedNameNormalizer dnNormalizer) -
Method Summary
-
Constructor Details
-
DistinguishedNamePredicate
public DistinguishedNamePredicate(String string, UserRoleMapper.DistinguishedNameNormalizer dnNormalizer)
-
-
Method Details
-
toString
-
test
- Specified by:
testin interfacePredicate<FieldExpression.FieldValue>
-