Class UserRoleMapper.DistinguishedNamePredicate

java.lang.Object
org.elasticsearch.xpack.core.security.authc.support.UserRoleMapper.DistinguishedNamePredicate
All Implemented Interfaces:
Predicate<FieldExpression.FieldValue>
Enclosing interface:
UserRoleMapper

public static class UserRoleMapper.DistinguishedNamePredicate extends Object implements Predicate<FieldExpression.FieldValue>
A specialised predicate for fields that might be a DistinguishedName (e.g "dn" or "groups"). The X500 specs define how to compare DistinguishedNames (but we mostly rely on DN.equals(Object)), which means "CN=me,DC=example,DC=com" should be equal to "cn=me, dc=Example, dc=COM" (and other variations). The FieldExpression class doesn't know about special rules for special data types, but the ExpressionModel class can take a custom Predicate that tests whether the data in the model matches the value in the expression. The string constructor parameter may or may not actually parse as a DN - the "dn" field should always be a DN, however groups will be a DN if they're from an LDAP/AD realm, but often won't be for a SAML realm. Because the FieldExpression.FieldValue might be a pattern (automaton), we sometimes need to do more complex matching than just comparing a DN for equality.