Module org.elasticsearch.security
Class CrossClusterAccessTransportInterceptor
java.lang.Object
org.elasticsearch.xpack.security.transport.CrossClusterAccessTransportInterceptor
- All Implemented Interfaces:
RemoteClusterTransportInterceptor
public class CrossClusterAccessTransportInterceptor
extends Object
implements RemoteClusterTransportInterceptor
-
Constructor Summary
ConstructorsConstructorDescriptionCrossClusterAccessTransportInterceptor(Settings settings, ThreadPool threadPool, AuthenticationService authcService, AuthorizationService authzService, SecurityContext securityContext, CrossClusterAccessAuthenticationService crossClusterAccessAuthcService, CrossClusterApiKeySignatureManager crossClusterApiKeySignatureManager, XPackLicenseState licenseState) -
Method Summary
Modifier and TypeMethodDescriptiongetRemoteProfileTransportFilter(SslProfile sslProfile, DestructiveOperations destructiveOperations) Allows interceptors to provide a customServerTransportFilterimplementation for intercepting requests forRemoteClusterPortSettings.REMOTE_CLUSTER_PROFILEtransport profile.booleanhasRemoteClusterAccessHeadersInContext(SecurityContext securityContext) Returnstrueif any of the remote cluster access headers are in the security context.Allows to intercept all transport requests on the sender side.booleanisRemoteClusterConnection(Transport.Connection connection) This method returnstrueif the outboundconnectionis targeting a remote cluster.
-
Constructor Details
-
CrossClusterAccessTransportInterceptor
public CrossClusterAccessTransportInterceptor(Settings settings, ThreadPool threadPool, AuthenticationService authcService, AuthorizationService authzService, SecurityContext securityContext, CrossClusterAccessAuthenticationService crossClusterAccessAuthcService, CrossClusterApiKeySignatureManager crossClusterApiKeySignatureManager, XPackLicenseState licenseState)
-
-
Method Details
-
interceptSender
Description copied from interface:RemoteClusterTransportInterceptorAllows to intercept all transport requests on the sender side.- Specified by:
interceptSenderin interfaceRemoteClusterTransportInterceptor
-
isRemoteClusterConnection
Description copied from interface:RemoteClusterTransportInterceptorThis method returnstrueif the outboundconnectionis targeting a remote cluster.- Specified by:
isRemoteClusterConnectionin interfaceRemoteClusterTransportInterceptor
-
getRemoteProfileTransportFilter
public Optional<ServerTransportFilter> getRemoteProfileTransportFilter(SslProfile sslProfile, DestructiveOperations destructiveOperations) Description copied from interface:RemoteClusterTransportInterceptorAllows interceptors to provide a customServerTransportFilterimplementation for intercepting requests forRemoteClusterPortSettings.REMOTE_CLUSTER_PROFILEtransport profile.The transport filter is called on the receiver side to filter incoming remote cluster requests and to execute authentication and authorization for all incoming requests.
This method is only called when setting
RemoteClusterPortSettings.REMOTE_CLUSTER_SERVER_ENABLEDis set totrue.- Specified by:
getRemoteProfileTransportFilterin interfaceRemoteClusterTransportInterceptor- Returns:
- a custom
ServerTransportFilters for the given transport profile, or an empty optional to fall back to the default transport filter
-
hasRemoteClusterAccessHeadersInContext
Description copied from interface:RemoteClusterTransportInterceptorReturnstrueif any of the remote cluster access headers are in the security context. This method is used to assert we don't have access headers already in the security context, before we even run remote cluster intercepts. Serves as an integrity check that we properly clear the security context between requests.- Specified by:
hasRemoteClusterAccessHeadersInContextin interfaceRemoteClusterTransportInterceptor
-