Module org.elasticsearch.security

Package org.elasticsearch.xpack.security.transport

Interface RemoteClusterTransportInterceptor

All Known Implementing Classes:

CrossClusterAccessTransportInterceptor

public interface RemoteClusterTransportInterceptor

Allows to provide remote cluster interception that's capable of intercepting remote connections both on the receiver and the sender side.

Method Summary

Modifier and Type	Method	Description
Optional<ServerTransportFilter>	getRemoteProfileTransportFilter(SslProfile sslProfile, DestructiveOperations destructiveOperations)	Allows interceptors to provide a custom ServerTransportFilter implementation for intercepting requests for RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE transport profile.
boolean	hasRemoteClusterAccessHeadersInContext(SecurityContext securityContext)	Returns true if any of the remote cluster access headers are in the security context.
TransportInterceptor.AsyncSender	interceptSender(TransportInterceptor.AsyncSender sender)	Allows to intercept all transport requests on the sender side.
boolean	isRemoteClusterConnection(Transport.Connection connection)	This method returns true if the outbound connection is targeting a remote cluster.

Method Details

interceptSender

TransportInterceptor.AsyncSender interceptSender(TransportInterceptor.AsyncSender sender)

Allows to intercept all transport requests on the sender side.

isRemoteClusterConnection

boolean isRemoteClusterConnection(Transport.Connection connection)

This method returns true if the outbound connection is targeting a remote cluster.

getRemoteProfileTransportFilter

Optional<ServerTransportFilter> getRemoteProfileTransportFilter(SslProfile sslProfile,
 DestructiveOperations destructiveOperations)

Allows interceptors to provide a custom ServerTransportFilter implementation for intercepting requests for RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE transport profile.

The transport filter is called on the receiver side to filter incoming remote cluster requests and to execute authentication and authorization for all incoming requests.

This method is only called when setting RemoteClusterPortSettings.REMOTE_CLUSTER_SERVER_ENABLED is set to true.

Returns:

a custom ServerTransportFilters for the given transport profile, or an empty optional to fall back to the default transport filter

hasRemoteClusterAccessHeadersInContext

boolean hasRemoteClusterAccessHeadersInContext(SecurityContext securityContext)

Returns true if any of the remote cluster access headers are in the security context. This method is used to assert we don't have access headers already in the security context, before we even run remote cluster intercepts. Serves as an integrity check that we properly clear the security context between requests.