Module org.elasticsearch.security
Interface RemoteClusterTransportInterceptor
- All Known Implementing Classes:
CrossClusterAccessTransportInterceptor
public interface RemoteClusterTransportInterceptor
Allows to provide remote cluster interception that's capable of intercepting remote connections
both on the receiver and the sender side.
-
Method Summary
Modifier and TypeMethodDescriptiongetProfileTransportFilters(Map<String, SslProfile> profileConfigurations, DestructiveOperations destructiveOperations) Allows interceptors to provide a customServerTransportFilterimplementations per transport profile.booleanhasRemoteClusterAccessHeadersInContext(SecurityContext securityContext) Returnstrueif any of the remote cluster access headers are in the security context.Allows to intercept all transport requests on the sender side.booleanisRemoteClusterConnection(Transport.Connection connection) This method returnstrueif the outboundconnectionis targeting a remote cluster.
-
Method Details
-
interceptSender
Allows to intercept all transport requests on the sender side. -
isRemoteClusterConnection
This method returnstrueif the outboundconnectionis targeting a remote cluster. -
getProfileTransportFilters
Map<String,ServerTransportFilter> getProfileTransportFilters(Map<String, SslProfile> profileConfigurations, DestructiveOperations destructiveOperations) Allows interceptors to provide a customServerTransportFilterimplementations per transport profile. The transport filter is called on the receiver side to filter incoming requests and execute authentication and authorization for all requests.- Returns:
- map of
ServerTransportFilters per transport profile name
-
hasRemoteClusterAccessHeadersInContext
Returnstrueif any of the remote cluster access headers are in the security context. This method is used to assert we don't have access headers already in the security context, before we even run remote cluster intercepts. Serves as an integrity check that we properly clear the security context between requests.
-