java.lang.Object
org.elasticsearch.xpack.security.authz.RBACEngine
- All Implemented Interfaces:
AuthorizationEngine
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.elasticsearch.xpack.core.security.authz.AuthorizationEngine
AuthorizationEngine.AsyncSupplier<V>, AuthorizationEngine.AuthorizationContext, AuthorizationEngine.AuthorizationInfo, AuthorizationEngine.AuthorizationResult, AuthorizationEngine.EmptyAuthorizationInfo, AuthorizationEngine.IndexAuthorizationResult, AuthorizationEngine.ParentActionAuthorization, AuthorizationEngine.PrivilegesCheckResult, AuthorizationEngine.PrivilegesToCheck, AuthorizationEngine.RequestInfo -
Constructor Summary
ConstructorsConstructorDescriptionRBACEngine(Settings settings, CompositeRolesStore rolesStore, FieldPermissionsCache fieldPermissionsCache, org.elasticsearch.xpack.security.authz.LoadAuthorizedIndicesTimeChecker.Factory authzIndicesTimerFactory) -
Method Summary
Modifier and TypeMethodDescriptionvoidauthorizeClusterAction(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<AuthorizationEngine.AuthorizationResult> listener) authorizeIndexAction(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, AuthorizationEngine.AsyncSupplier<ResolvedIndices> indicesAsyncSupplier, ProjectMetadata metadata) voidauthorizeRunAs(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<AuthorizationEngine.AuthorizationResult> listener) voidcheckPrivileges(AuthorizationEngine.AuthorizationInfo authorizationInfo, AuthorizationEngine.PrivilegesToCheck privilegesToCheck, Collection<ApplicationPrivilegeDescriptor> applicationPrivileges, ActionListener<AuthorizationEngine.PrivilegesCheckResult> originalListener) voidgetRoleDescriptorsIntersectionForRemoteCluster(String remoteClusterAlias, TransportVersion remoteClusterVersion, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<RoleDescriptorsIntersection> listener) voidgetUserPrivileges(AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<GetUserPrivilegesResponse> listener) voidloadAuthorizedIndices(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, Map<String, IndexAbstraction> indicesLookup, ActionListener<AuthorizationEngine.AuthorizedIndices> listener) static RolemaybeGetRBACEngineRole(AuthorizationEngine.AuthorizationInfo authorizationInfo) voidresolveAuthorizationInfo(Subject subject, ActionListener<AuthorizationEngine.AuthorizationInfo> listener) voidresolveAuthorizationInfo(AuthorizationEngine.RequestInfo requestInfo, ActionListener<AuthorizationEngine.AuthorizationInfo> listener) voidvalidateIndexPermissionsAreSubset(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, Map<String, List<String>> indexNameToNewNames, ActionListener<AuthorizationEngine.AuthorizationResult> listener)
-
Constructor Details
-
RBACEngine
public RBACEngine(Settings settings, CompositeRolesStore rolesStore, FieldPermissionsCache fieldPermissionsCache, org.elasticsearch.xpack.security.authz.LoadAuthorizedIndicesTimeChecker.Factory authzIndicesTimerFactory)
-
-
Method Details
-
resolveAuthorizationInfo
public void resolveAuthorizationInfo(AuthorizationEngine.RequestInfo requestInfo, ActionListener<AuthorizationEngine.AuthorizationInfo> listener) - Specified by:
resolveAuthorizationInfoin interfaceAuthorizationEngine
-
resolveAuthorizationInfo
public void resolveAuthorizationInfo(Subject subject, ActionListener<AuthorizationEngine.AuthorizationInfo> listener) - Specified by:
resolveAuthorizationInfoin interfaceAuthorizationEngine
-
authorizeRunAs
public void authorizeRunAs(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<AuthorizationEngine.AuthorizationResult> listener) - Specified by:
authorizeRunAsin interfaceAuthorizationEngine
-
authorizeClusterAction
public void authorizeClusterAction(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<AuthorizationEngine.AuthorizationResult> listener) - Specified by:
authorizeClusterActionin interfaceAuthorizationEngine
-
authorizeIndexAction
public SubscribableListener<AuthorizationEngine.IndexAuthorizationResult> authorizeIndexAction(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, AuthorizationEngine.AsyncSupplier<ResolvedIndices> indicesAsyncSupplier, ProjectMetadata metadata) - Specified by:
authorizeIndexActionin interfaceAuthorizationEngine
-
loadAuthorizedIndices
public void loadAuthorizedIndices(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, Map<String, IndexAbstraction> indicesLookup, ActionListener<AuthorizationEngine.AuthorizedIndices> listener) - Specified by:
loadAuthorizedIndicesin interfaceAuthorizationEngine
-
validateIndexPermissionsAreSubset
public void validateIndexPermissionsAreSubset(AuthorizationEngine.RequestInfo requestInfo, AuthorizationEngine.AuthorizationInfo authorizationInfo, Map<String, List<String>> indexNameToNewNames, ActionListener<AuthorizationEngine.AuthorizationResult> listener) - Specified by:
validateIndexPermissionsAreSubsetin interfaceAuthorizationEngine
-
checkPrivileges
public void checkPrivileges(AuthorizationEngine.AuthorizationInfo authorizationInfo, AuthorizationEngine.PrivilegesToCheck privilegesToCheck, Collection<ApplicationPrivilegeDescriptor> applicationPrivileges, ActionListener<AuthorizationEngine.PrivilegesCheckResult> originalListener) - Specified by:
checkPrivilegesin interfaceAuthorizationEngine
-
getUserPrivileges
public void getUserPrivileges(AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<GetUserPrivilegesResponse> listener) - Specified by:
getUserPrivilegesin interfaceAuthorizationEngine
-
getRoleDescriptorsIntersectionForRemoteCluster
public void getRoleDescriptorsIntersectionForRemoteCluster(String remoteClusterAlias, TransportVersion remoteClusterVersion, AuthorizationEngine.AuthorizationInfo authorizationInfo, ActionListener<RoleDescriptorsIntersection> listener) - Specified by:
getRoleDescriptorsIntersectionForRemoteClusterin interfaceAuthorizationEngine
-
maybeGetRBACEngineRole
-