Module org.elasticsearch.xcore
Class ApplicationPrivilege
java.lang.Object
org.elasticsearch.xpack.core.security.authz.privilege.Privilege
org.elasticsearch.xpack.core.security.authz.privilege.ApplicationPrivilege
An application privilege has an application name (e.g.
"my-app") that identifies an application (that exists
outside of elasticsearch), a privilege name (e.g. "admin) that is meaningful to that application, and one or
more "action patterns" (e.g "admin/user/*", "admin/team/*").
ActionType patterns must contain at least one special character from (/, :, *) to distinguish them
from privilege names.
The action patterns are entirely optional - many application will find that simple "privilege names" are sufficient, but
they allow applications to define high level abstract privileges that map to multiple low level capabilities.-
Field Summary
Fields -
Method Summary
Modifier and TypeMethodDescriptionbooleanstatic Set<ApplicationPrivilege> get(String application, Set<String> name, Collection<ApplicationPrivilegeDescriptor> stored) Finds or creates a collection of application privileges with the provided names.inthashCode()static booleanisValidPrivilegeName(String name) toString()static voidvalidateActionName(String action) static voidvalidateApplicationName(String application) Validate that the provided application name is valid, and throws an exception otherwisestatic voidvalidateApplicationNameOrWildcard(String application) Validate that the provided name is a valid application, or a wildcard pattern for an application and throws an exception otherwisestatic voidvalidatePrivilegeName(String name) Validate that the provided privilege name is valid, and throws an exception otherwisestatic voidValidate that the provided name is a valid privilege name or action name, and throws an exception otherwiseMethods inherited from class org.elasticsearch.xpack.core.security.authz.privilege.Privilege
getAutomaton, name, predicate, sortByAccessLevel
-
Field Details
-
NONE
-
-
Method Details
-
getApplication
-
validateApplicationName
Validate that the provided application name is valid, and throws an exception otherwise- Throws:
IllegalArgumentException- if the name is not valid
-
validateApplicationNameOrWildcard
Validate that the provided name is a valid application, or a wildcard pattern for an application and throws an exception otherwise- Throws:
IllegalArgumentException- if the name is not valid
-
validatePrivilegeName
Validate that the provided privilege name is valid, and throws an exception otherwise- Throws:
IllegalArgumentException- if the name is not valid
-
isValidPrivilegeName
-
validateActionName
-
validatePrivilegeOrActionName
Validate that the provided name is a valid privilege name or action name, and throws an exception otherwise- Throws:
IllegalArgumentException- if the name is not valid
-
get
public static Set<ApplicationPrivilege> get(String application, Set<String> name, Collection<ApplicationPrivilegeDescriptor> stored) Finds or creates a collection of application privileges with the provided names. If application is a wildcard, it will be expanded to all matching application names instoredEach element innamemay be the name of a stored privilege (to be resolved fromstored, or a bespoke action pattern. -
toString
-
hashCode
public int hashCode() -
equals
-