java.lang.Object
org.elasticsearch.xpack.core.security.authz.privilege.Privilege
org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilege

public final class ApplicationPrivilege extends Privilege
An application privilege has an application name (e.g. "my-app") that identifies an application (that exists outside of elasticsearch), a privilege name (e.g. "admin) that is meaningful to that application, and one or more "action patterns" (e.g "admin/user/*", "admin/team/*"). ActionType patterns must contain at least one special character from (/, :, *) to distinguish them from privilege names. The action patterns are entirely optional - many application will find that simple "privilege names" are sufficient, but they allow applications to define high level abstract privileges that map to multiple low level capabilities.
  • Field Details

  • Method Details

    • getApplication

      public String getApplication()
    • validateApplicationName

      public static void validateApplicationName(String application)
      Validate that the provided application name is valid, and throws an exception otherwise
      Throws:
      IllegalArgumentException - if the name is not valid
    • validateApplicationNameOrWildcard

      public static void validateApplicationNameOrWildcard(String application)
      Validate that the provided name is a valid application, or a wildcard pattern for an application and throws an exception otherwise
      Throws:
      IllegalArgumentException - if the name is not valid
    • validatePrivilegeName

      public static void validatePrivilegeName(String name)
      Validate that the provided privilege name is valid, and throws an exception otherwise
      Throws:
      IllegalArgumentException - if the name is not valid
    • isValidPrivilegeName

      public static boolean isValidPrivilegeName(String name)
    • validateActionName

      public static void validateActionName(String action)
    • validatePrivilegeOrActionName

      public static void validatePrivilegeOrActionName(String name)
      Validate that the provided name is a valid privilege name or action name, and throws an exception otherwise
      Throws:
      IllegalArgumentException - if the name is not valid
    • get

      public static Set<ApplicationPrivilege> get(String application, Set<String> name, Collection<ApplicationPrivilegeDescriptor> stored)
      Finds or creates a collection of application privileges with the provided names. If application is a wildcard, it will be expanded to all matching application names in stored Each element in name may be the name of a stored privilege (to be resolved from stored, or a bespoke action pattern.
    • toString

      public String toString()
      Overrides:
      toString in class Privilege
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Privilege
    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Privilege