Class AuditTrailService
- java.lang.Object
-
- org.elasticsearch.common.component.AbstractComponent
-
- org.elasticsearch.xpack.security.audit.AuditTrailService
-
- All Implemented Interfaces:
AuditTrail
public class AuditTrailService extends AbstractComponent implements AuditTrail
-
-
Field Summary
-
Fields inherited from class org.elasticsearch.common.component.AbstractComponent
logger
-
Fields inherited from interface org.elasticsearch.xpack.security.audit.AuditTrail
X_FORWARDED_FOR_HEADER
-
-
Constructor Summary
Constructors Constructor Description AuditTrailService(java.util.List<AuditTrail> auditTrails, XPackLicenseState licenseState)
-
Method Summary
Modifier and Type Method Description voidaccessDenied(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage message, AuthorizationEngine.AuthorizationInfo authorizationInfo)voidaccessGranted(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage msg, AuthorizationEngine.AuthorizationInfo authorizationInfo)voidanonymousAccessDenied(java.lang.String requestId, java.lang.String action, TransportMessage message)voidanonymousAccessDenied(java.lang.String requestId, RestRequest request)voidauthenticationFailed(java.lang.String requestId, java.lang.String action, TransportMessage message)voidauthenticationFailed(java.lang.String requestId, java.lang.String realm, AuthenticationToken token, java.lang.String action, TransportMessage message)voidauthenticationFailed(java.lang.String requestId, java.lang.String realm, AuthenticationToken token, RestRequest request)voidauthenticationFailed(java.lang.String requestId, RestRequest request)voidauthenticationFailed(java.lang.String requestId, AuthenticationToken token, java.lang.String action, TransportMessage message)voidauthenticationFailed(java.lang.String requestId, AuthenticationToken token, RestRequest request)voidauthenticationSuccess(java.lang.String requestId, java.lang.String realm, User user, java.lang.String action, TransportMessage message)voidauthenticationSuccess(java.lang.String requestId, java.lang.String realm, User user, RestRequest request)voidconnectionDenied(java.net.InetAddress inetAddress, java.lang.String profile, SecurityIpFilterRule rule)voidconnectionGranted(java.net.InetAddress inetAddress, java.lang.String profile, SecurityIpFilterRule rule)TheAuditTrail.connectionGranted(InetAddress, String, SecurityIpFilterRule)andAuditTrail.connectionDenied(InetAddress, String, SecurityIpFilterRule)methods do not have a requestId because they related to a potentially long-lived TCP connection, not a single request.voidexplicitIndexAccessEvent(java.lang.String requestId, AuditLevel eventType, Authentication authentication, java.lang.String action, java.lang.String indices, java.lang.String requestName, TransportAddress remoteAddress, AuthorizationEngine.AuthorizationInfo authorizationInfo)This is a "workaround" method to log index "access_granted" and "access_denied" events for actions not tied to aTransportMessage, or when the connection is not 1:1, i.e.java.util.List<AuditTrail>getAuditTrails()Returns the audit trail implementations that this service delegates to.java.lang.Stringname()voidrunAsDenied(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage message, AuthorizationEngine.AuthorizationInfo authorizationInfo)voidrunAsDenied(java.lang.String requestId, Authentication authentication, RestRequest request, AuthorizationEngine.AuthorizationInfo authorizationInfo)voidrunAsGranted(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage message, AuthorizationEngine.AuthorizationInfo authorizationInfo)voidtamperedRequest(java.lang.String requestId, java.lang.String action, TransportMessage message)voidtamperedRequest(java.lang.String requestId, RestRequest request)voidtamperedRequest(java.lang.String requestId, User user, java.lang.String action, TransportMessage request)
-
-
-
Constructor Detail
-
AuditTrailService
public AuditTrailService(java.util.List<AuditTrail> auditTrails, XPackLicenseState licenseState)
-
-
Method Detail
-
name
public java.lang.String name()
- Specified by:
namein interfaceAuditTrail
-
getAuditTrails
public java.util.List<AuditTrail> getAuditTrails()
Returns the audit trail implementations that this service delegates to.
-
authenticationSuccess
public void authenticationSuccess(java.lang.String requestId, java.lang.String realm, User user, RestRequest request)- Specified by:
authenticationSuccessin interfaceAuditTrail
-
authenticationSuccess
public void authenticationSuccess(java.lang.String requestId, java.lang.String realm, User user, java.lang.String action, TransportMessage message)- Specified by:
authenticationSuccessin interfaceAuditTrail
-
anonymousAccessDenied
public void anonymousAccessDenied(java.lang.String requestId, java.lang.String action, TransportMessage message)- Specified by:
anonymousAccessDeniedin interfaceAuditTrail
-
anonymousAccessDenied
public void anonymousAccessDenied(java.lang.String requestId, RestRequest request)- Specified by:
anonymousAccessDeniedin interfaceAuditTrail
-
authenticationFailed
public void authenticationFailed(java.lang.String requestId, RestRequest request)- Specified by:
authenticationFailedin interfaceAuditTrail
-
authenticationFailed
public void authenticationFailed(java.lang.String requestId, java.lang.String action, TransportMessage message)- Specified by:
authenticationFailedin interfaceAuditTrail
-
authenticationFailed
public void authenticationFailed(java.lang.String requestId, AuthenticationToken token, java.lang.String action, TransportMessage message)- Specified by:
authenticationFailedin interfaceAuditTrail
-
authenticationFailed
public void authenticationFailed(java.lang.String requestId, java.lang.String realm, AuthenticationToken token, java.lang.String action, TransportMessage message)- Specified by:
authenticationFailedin interfaceAuditTrail
-
authenticationFailed
public void authenticationFailed(java.lang.String requestId, AuthenticationToken token, RestRequest request)- Specified by:
authenticationFailedin interfaceAuditTrail
-
authenticationFailed
public void authenticationFailed(java.lang.String requestId, java.lang.String realm, AuthenticationToken token, RestRequest request)- Specified by:
authenticationFailedin interfaceAuditTrail
-
accessGranted
public void accessGranted(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage msg, AuthorizationEngine.AuthorizationInfo authorizationInfo)- Specified by:
accessGrantedin interfaceAuditTrail
-
accessDenied
public void accessDenied(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage message, AuthorizationEngine.AuthorizationInfo authorizationInfo)- Specified by:
accessDeniedin interfaceAuditTrail
-
tamperedRequest
public void tamperedRequest(java.lang.String requestId, RestRequest request)- Specified by:
tamperedRequestin interfaceAuditTrail
-
tamperedRequest
public void tamperedRequest(java.lang.String requestId, java.lang.String action, TransportMessage message)- Specified by:
tamperedRequestin interfaceAuditTrail
-
tamperedRequest
public void tamperedRequest(java.lang.String requestId, User user, java.lang.String action, TransportMessage request)- Specified by:
tamperedRequestin interfaceAuditTrail
-
connectionGranted
public void connectionGranted(java.net.InetAddress inetAddress, java.lang.String profile, SecurityIpFilterRule rule)Description copied from interface:AuditTrailTheAuditTrail.connectionGranted(InetAddress, String, SecurityIpFilterRule)andAuditTrail.connectionDenied(InetAddress, String, SecurityIpFilterRule)methods do not have a requestId because they related to a potentially long-lived TCP connection, not a single request. For both Transport and Rest connections, a single connection granted/denied event is generated even if that connection is used for multiple Elasticsearch actions (potentially as different users)- Specified by:
connectionGrantedin interfaceAuditTrail
-
connectionDenied
public void connectionDenied(java.net.InetAddress inetAddress, java.lang.String profile, SecurityIpFilterRule rule)- Specified by:
connectionDeniedin interfaceAuditTrail
-
runAsGranted
public void runAsGranted(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage message, AuthorizationEngine.AuthorizationInfo authorizationInfo)- Specified by:
runAsGrantedin interfaceAuditTrail
-
runAsDenied
public void runAsDenied(java.lang.String requestId, Authentication authentication, java.lang.String action, TransportMessage message, AuthorizationEngine.AuthorizationInfo authorizationInfo)- Specified by:
runAsDeniedin interfaceAuditTrail
-
runAsDenied
public void runAsDenied(java.lang.String requestId, Authentication authentication, RestRequest request, AuthorizationEngine.AuthorizationInfo authorizationInfo)- Specified by:
runAsDeniedin interfaceAuditTrail
-
explicitIndexAccessEvent
public void explicitIndexAccessEvent(java.lang.String requestId, AuditLevel eventType, Authentication authentication, java.lang.String action, java.lang.String indices, java.lang.String requestName, TransportAddress remoteAddress, AuthorizationEngine.AuthorizationInfo authorizationInfo)Description copied from interface:AuditTrailThis is a "workaround" method to log index "access_granted" and "access_denied" events for actions not tied to aTransportMessage, or when the connection is not 1:1, i.e. several audit events for an action associated with the same message. It is currently only used to audit the resolved index (alias) name for eachBulkItemRequestcomprised by aBulkShardRequest. We should strive to not use this and TODO refactor it out!- Specified by:
explicitIndexAccessEventin interfaceAuditTrail
-
-