Class PolicyManager
java.lang.Object
org.elasticsearch.entitlement.runtime.policy.PolicyManager
Determines, from the specified policy information, which entitlements are granted to a given caller class,
as well as whether certain caller classes (like those built into the JDK) should be trivially allowed,
meaning they are always entitled regardless of policy.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumprotected static final recordThis class contains all the entitlements by type, plus theFileAccessTreefor the special case of filesystem entitlements.static final record -
Field Summary
Fields -
Constructor Summary
ConstructorsConstructorDescriptionPolicyManager(Policy serverPolicy, List<Entitlement> apmAgentEntitlements, Map<String, Policy> pluginPolicies, Function<Class<?>, PolicyManager.PolicyScope> scopeResolver, Function<String, Collection<Path>> pluginSourcePathsResolver, PathLookup pathLookup) -
Method Summary
Modifier and TypeMethodDescriptionprotected final PolicyManager.ModuleEntitlementscomputeEntitlements(Class<?> requestingClass) protected Collection<Path> getComponentPathsFromClass(Class<?> requestingClass) protected PolicyManager.ModuleEntitlementsgetEntitlements(Class<?> requestingClass) protected booleanisTrustedSystemClass(Class<?> requestingClass) The main decision point for what counts as a trusted built-in JDK class.toString()
-
Field Details
-
ALL_UNNAMED
- See Also:
-
SERVER_LAYER_MODULES
-
-
Constructor Details
-
PolicyManager
public PolicyManager(Policy serverPolicy, List<Entitlement> apmAgentEntitlements, Map<String, Policy> pluginPolicies, Function<Class<?>, PolicyManager.PolicyScope> scopeResolver, Function<String, Collection<Path>> pluginSourcePathsResolver, PathLookup pathLookup)
-
-
Method Details