Support Client and RoleMapping in custom Realms#50534
Merged
tvernum merged 9 commits intoelastic:masterfrom Jan 14, 2020
Merged
Support Client and RoleMapping in custom Realms#50534tvernum merged 9 commits intoelastic:masterfrom
tvernum merged 9 commits intoelastic:masterfrom
Conversation
Previously custom realms were limited in what services and components they had easy access to. It was possible to work around this because a security extension is packaged within a Plugin, so there were ways to store this components in static/SetOnce variables and access them from the realm, but those techniques were fragile, undocumented and difficult to discover. This change includes key services as an argument to most of the methods on SecurityExtension so that custom realm / role provider authors can have easy access to them. Resolves: elastic#48369
Contributor
Author
|
This required the |
Contributor
albertzaharovits
left a comment
There was a problem hiding this comment.
I've raised a few questions, but I don't feel strongly about any of them.
| * @param components Access to components that may be used to build realms | ||
| */ | ||
| default Map<String, Realm.Factory> getRealms(ResourceWatcherService resourceWatcherService) { | ||
| default Map<String, Realm.Factory> getRealms(SecurityComponents components) { |
Contributor
There was a problem hiding this comment.
Do you think a Settings object might be useful as well? (same for other methods)
Contributor
Author
There was a problem hiding this comment.
Settings is on RealmConfig, so I didn't add it here, but I think that was a mistake.
It makes sense to have everything available in 1 place. I'll add environment and settings to the components interface.
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityExtension.java
Show resolved
Hide resolved
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityExtension.java
Show resolved
Hide resolved
albertzaharovits
approved these changes
Jan 12, 2020
Contributor
albertzaharovits
left a comment
There was a problem hiding this comment.
The SecurityExtension#SecurityComponents interface LGTM. I trust that the other methods will use a single components parameter.
tvernum
added a commit
to tvernum/elasticsearch
that referenced
this pull request
Jan 14, 2020
Previously custom realms were limited in what services and components they had easy access to. It was possible to work around this because a security extension is packaged within a Plugin, so there were ways to store this components in static/SetOnce variables and access them from the realm, but those techniques were fragile, undocumented and difficult to discover. This change includes key services as an argument to most of the methods on SecurityExtension so that custom realm / role provider authors can have easy access to them. Backport of: elastic#50534
tvernum
added a commit
that referenced
this pull request
Jan 14, 2020
Previously custom realms were limited in what services and components they had easy access to. It was possible to work around this because a security extension is packaged within a Plugin, so there were ways to store this components in static/SetOnce variables and access them from the realm, but those techniques were fragile, undocumented and difficult to discover. This change includes key services as an argument to most of the methods on SecurityExtension so that custom realm / role provider authors can have easy access to them. Backport of: #50534
SivagurunathanV
pushed a commit
to SivagurunathanV/elasticsearch
that referenced
this pull request
Jan 23, 2020
Previously custom realms were limited in what services and components they had easy access to. It was possible to work around this because a security extension is packaged within a Plugin, so there were ways to store this components in static/SetOnce variables and access them from the realm, but those techniques were fragile, undocumented and difficult to discover. This change includes key services as an argument to most of the methods on SecurityExtension so that custom realm / role provider authors can have easy access to them. Resolves: elastic#48369
This was referenced Feb 3, 2020
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously custom realms were limited in what services and components
they had easy access to. It was possible to work around this because a
security extension is packaged within a Plugin, so there were ways to
store this components in static/SetOnce variables and access them from
the realm, but those techniques were fragile, undocumented and
difficult to discover.
This change includes key services as an argument to most of the methods
on SecurityExtension so that custom realm / role provider authors can
have easy access to them.
Resolves: #48369