Package org.elasticsearch.xpack.security.authc.kerberos

Class KerberosRealm

java.lang.Object

org.elasticsearch.xpack.core.security.authc.Realm

org.elasticsearch.xpack.security.authc.kerberos.KerberosRealm

All Implemented Interfaces:

java.lang.Comparable<Realm>, CachingRealm

public final class KerberosRealm
extends Realm
implements CachingRealm

This class provides support for Kerberos authentication using spnego mechanism.

It provides support to extract kerberos ticket using KerberosAuthenticationToken.extractToken(String) to build KerberosAuthenticationToken and then authenticating user when KerberosTicketValidator validates the ticket.

On successful authentication, it will build User object populated with roles and will return AuthenticationResult with user object. On authentication failure, it will return AuthenticationResult with status to terminate authentication process.

Nested Class Summary

Nested classes/interfaces inherited from class org.elasticsearch.xpack.core.security.authc.Realm

Realm.Factory

Field Summary

Fields

Modifier and Type	Field	Description
static java.lang.String	KRB_METADATA_REALM_NAME_KEY
static java.lang.String	KRB_METADATA_UPN_KEY

Fields inherited from class org.elasticsearch.xpack.core.security.authc.Realm

config, logger, type

Constructor Summary

Constructors

Constructor	Description
KerberosRealm(RealmConfig config, NativeRoleMappingStore nativeRoleMappingStore, ThreadPool threadPool)

Method Summary

Modifier and Type	Method	Description
void	authenticate(AuthenticationToken token, ActionListener<AuthenticationResult> listener)
void	expire(java.lang.String username)
void	expireAll()
java.util.Map<java.lang.String,java.util.List<java.lang.String>>	getAuthenticationFailureHeaders()
void	initialize(java.lang.Iterable<Realm> realms, XPackLicenseState licenseState)
void	lookupUser(java.lang.String username, ActionListener<User> listener)
boolean	supports(AuthenticationToken token)
AuthenticationToken	token(ThreadContext context)

Methods inherited from class org.elasticsearch.xpack.core.security.authc.Realm

compareTo, getType, name, order, toString, type, usageStats

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.elasticsearch.xpack.core.security.authc.support.CachingRealm

name

Field Detail

KRB_METADATA_REALM_NAME_KEY

public static final java.lang.String KRB_METADATA_REALM_NAME_KEY

See Also:

Constant Field Values

KRB_METADATA_UPN_KEY

public static final java.lang.String KRB_METADATA_UPN_KEY

See Also:

Constant Field Values

Constructor Detail

KerberosRealm

public KerberosRealm(RealmConfig config,
                     NativeRoleMappingStore nativeRoleMappingStore,
                     ThreadPool threadPool)

Method Detail

initialize

public void initialize(java.lang.Iterable<Realm> realms,
                       XPackLicenseState licenseState)

Overrides:

initialize in class Realm

getAuthenticationFailureHeaders

public java.util.Map<java.lang.String,java.util.List<java.lang.String>> getAuthenticationFailureHeaders()

Overrides:

getAuthenticationFailureHeaders in class Realm

expire

public void expire(java.lang.String username)

Specified by:

expire in interface CachingRealm

expireAll

public void expireAll()

Specified by:

expireAll in interface CachingRealm

supports

public boolean supports(AuthenticationToken token)

Specified by:

supports in class Realm

token

public AuthenticationToken token(ThreadContext context)

Specified by:

token in class Realm

authenticate

public void authenticate(AuthenticationToken token,
                         ActionListener<AuthenticationResult> listener)

Specified by:

authenticate in class Realm

lookupUser

public void lookupUser(java.lang.String username,
                       ActionListener<User> listener)

Specified by:

lookupUser in class Realm