Module org.elasticsearch.security
Class CrossClusterAccessTransportInterceptor
java.lang.Object
org.elasticsearch.xpack.security.transport.CrossClusterAccessTransportInterceptor
- All Implemented Interfaces:
RemoteClusterTransportInterceptor
public class CrossClusterAccessTransportInterceptor
extends Object
implements RemoteClusterTransportInterceptor
-
Constructor Summary
ConstructorsConstructorDescriptionCrossClusterAccessTransportInterceptor(Settings settings, ThreadPool threadPool, AuthenticationService authcService, AuthorizationService authzService, SecurityContext securityContext, CrossClusterAccessAuthenticationService crossClusterAccessAuthcService, CrossClusterApiKeySignatureManager crossClusterApiKeySignatureManager, XPackLicenseState licenseState) -
Method Summary
Modifier and TypeMethodDescriptiongetProfileTransportFilters(Map<String, SslProfile> profileConfigurations, DestructiveOperations destructiveOperations) Allows interceptors to provide a customServerTransportFilterimplementations per transport profile.booleanhasRemoteClusterAccessHeadersInContext(SecurityContext securityContext) Returnstrueif any of the remote cluster access headers are in the security context.Allows to intercept all transport requests on the sender side.booleanisRemoteClusterConnection(Transport.Connection connection) This method returnstrueif the outboundconnectionis targeting a remote cluster.
-
Constructor Details
-
CrossClusterAccessTransportInterceptor
public CrossClusterAccessTransportInterceptor(Settings settings, ThreadPool threadPool, AuthenticationService authcService, AuthorizationService authzService, SecurityContext securityContext, CrossClusterAccessAuthenticationService crossClusterAccessAuthcService, CrossClusterApiKeySignatureManager crossClusterApiKeySignatureManager, XPackLicenseState licenseState)
-
-
Method Details
-
interceptSender
Description copied from interface:RemoteClusterTransportInterceptorAllows to intercept all transport requests on the sender side.- Specified by:
interceptSenderin interfaceRemoteClusterTransportInterceptor
-
isRemoteClusterConnection
Description copied from interface:RemoteClusterTransportInterceptorThis method returnstrueif the outboundconnectionis targeting a remote cluster.- Specified by:
isRemoteClusterConnectionin interfaceRemoteClusterTransportInterceptor
-
getProfileTransportFilters
public Map<String,ServerTransportFilter> getProfileTransportFilters(Map<String, SslProfile> profileConfigurations, DestructiveOperations destructiveOperations) Description copied from interface:RemoteClusterTransportInterceptorAllows interceptors to provide a customServerTransportFilterimplementations per transport profile. The transport filter is called on the receiver side to filter incoming requests and execute authentication and authorization for all requests.- Specified by:
getProfileTransportFiltersin interfaceRemoteClusterTransportInterceptor- Returns:
- map of
ServerTransportFilters per transport profile name
-
hasRemoteClusterAccessHeadersInContext
Description copied from interface:RemoteClusterTransportInterceptorReturnstrueif any of the remote cluster access headers are in the security context. This method is used to assert we don't have access headers already in the security context, before we even run remote cluster intercepts. Serves as an integrity check that we properly clear the security context between requests.- Specified by:
hasRemoteClusterAccessHeadersInContextin interfaceRemoteClusterTransportInterceptor
-