Module org.elasticsearch.xcore
Class ClusterPermission.ActionBasedPermissionCheck
java.lang.Object
org.elasticsearch.xpack.core.security.authz.permission.ClusterPermission.ActionBasedPermissionCheck
- All Implemented Interfaces:
ClusterPermission.PermissionCheck
- Enclosing class:
ClusterPermission
public abstract static class ClusterPermission.ActionBasedPermissionCheck
extends Object
implements ClusterPermission.PermissionCheck
Base for implementing cluster action based
ClusterPermission.PermissionCheck.
It enforces the checks at cluster action level and then hands it off to the implementations
to enforce checks based on TransportRequest and/or Authentication.-
Constructor Summary
ConstructorsConstructorDescriptionActionBasedPermissionCheck(org.apache.lucene.util.automaton.Automaton automaton) -
Method Summary
Modifier and TypeMethodDescriptionfinal booleancheck(String action, TransportRequest request, Authentication authentication) Checks permission to a cluster action for a given request in the context of given authentication.protected abstract booleandoImplies(ClusterPermission.ActionBasedPermissionCheck permissionCheck) protected abstract booleanextendedCheck(String action, TransportRequest request, Authentication authentication) final booleanimplies(ClusterPermission.PermissionCheck permissionCheck) Checks whether specifiedClusterPermission.PermissionCheckis implied by thisClusterPermission.PermissionCheck.
This is important method to be considered during implementation as it comparesClusterPermission.PermissionChecks.
-
Constructor Details
-
ActionBasedPermissionCheck
public ActionBasedPermissionCheck(org.apache.lucene.util.automaton.Automaton automaton)
-
-
Method Details
-
check
Description copied from interface:ClusterPermission.PermissionCheckChecks permission to a cluster action for a given request in the context of given authentication.- Specified by:
checkin interfaceClusterPermission.PermissionCheck- Parameters:
action- action namerequest-TransportRequestauthentication-Authentication- Returns:
trueif the specified action for given request is allowed else returnsfalse
-
extendedCheck
protected abstract boolean extendedCheck(String action, TransportRequest request, Authentication authentication) -
implies
Description copied from interface:ClusterPermission.PermissionCheckChecks whether specifiedClusterPermission.PermissionCheckis implied by thisClusterPermission.PermissionCheck.
This is important method to be considered during implementation as it comparesClusterPermission.PermissionChecks. IfpermissionCheck.implies(otherPermissionCheck), that means all the actions allowed byotherPermissionCheckare also allowed bypermissionCheck, irrespective of the request structure.- Specified by:
impliesin interfaceClusterPermission.PermissionCheck- Parameters:
permissionCheck-ClusterPermission.PermissionCheck- Returns:
trueif the specified permission is implied by thisClusterPermission.PermissionCheckelse returnsfalse
-
doImplies
-