Java源码示例:org.elasticsearch.rest.RestRequest.Method
示例1
@Inject
public InternalUsersApiAction(final Settings settings, final Path configPath, final RestController controller,
final Client client, final AdminDNs adminDNs, final ConfigurationRepository cl,
final ClusterService cs, final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator,
ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool,
auditLog);
// legacy mapping for backwards compatibility
// TODO: remove in next version
controller.registerHandler(Method.GET, "/_opendistro/_security/api/user/{name}", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/user/", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/user/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/user/{name}", this);
// corrected mapping, introduced in Open Distro Security
controller.registerHandler(Method.GET, "/_opendistro/_security/api/internalusers/{name}", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/internalusers/", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/internalusers/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/internalusers/{name}", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/internalusers/", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/internalusers/{name}", this);
}
示例2
@Inject
public ActionGroupsApiAction(final Settings settings, final Path configPath, final RestController controller, final Client client,
final AdminDNs adminDNs, final ConfigurationRepository cl, final ClusterService cs,
final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool, auditLog);
// legacy mapping for backwards compatibility
// TODO: remove in next version
controller.registerHandler(Method.GET, "/_opendistro/_security/api/actiongroup/{name}", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/actiongroup/", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/actiongroup/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/actiongroup/{name}", this);
// corrected mapping, introduced in Open Distro Security
controller.registerHandler(Method.GET, "/_opendistro/_security/api/actiongroups/{name}", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/actiongroups/", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/actiongroups/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/actiongroups/{name}", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/actiongroups/", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/actiongroups/{name}", this);
}
示例3
private RestRequest buildTokenExchangeRestRequest(String encodedSamlResponse,
AuthenticateHeaders authenticateHeaders, String acsEndpoint) {
String authtokenPostJson;
if (authenticateHeaders != null) {
authtokenPostJson = "{\"SAMLResponse\": \"" + encodedSamlResponse + "\", \"RequestId\": \""
+ authenticateHeaders.requestId + "\"}";
} else {
authtokenPostJson = "{\"SAMLResponse\": \"" + encodedSamlResponse
+ "\", \"RequestId\": null, \"acsEndpoint\": \"" + acsEndpoint + "\" }";
}
return new FakeRestRequest.Builder().withPath("/_opendistro/_security/api/authtoken").withMethod(Method.POST)
.withContent(new BytesArray(authtokenPostJson))
.withHeaders(ImmutableMap.of("Content-Type", "application/json")).build();
}
示例4
private Method getEsMethod(final String method) {
if ("get".equalsIgnoreCase(method)) {
return Method.GET;
} else if ("post".equalsIgnoreCase(method)) {
return Method.POST;
} else if ("put".equalsIgnoreCase(method)) {
return Method.PUT;
} else if ("delete".equalsIgnoreCase(method)) {
return Method.DELETE;
} else if ("options".equalsIgnoreCase(method)) {
return Method.OPTIONS;
} else if ("head".equalsIgnoreCase(method)) {
return Method.HEAD;
}
return null;
}
示例5
private Method[] createMethods(final String[] methodValues) {
final List<Method> methodList = new ArrayList<Method>();
for (final String method : methodValues) {
if ("get".equalsIgnoreCase(method)) {
methodList.add(Method.GET);
} else if ("post".equalsIgnoreCase(method)) {
methodList.add(Method.POST);
} else if ("head".equalsIgnoreCase(method)) {
methodList.add(Method.HEAD);
} else if ("options".equalsIgnoreCase(method)) {
methodList.add(Method.OPTIONS);
} else if ("put".equalsIgnoreCase(method)) {
methodList.add(Method.PUT);
} else if ("delete".equalsIgnoreCase(method)) {
methodList.add(Method.DELETE);
}
}
return methodList.toArray(new Method[methodList.size()]);
}
示例6
protected PermissionsInfoAction(final Settings settings, final Path configPath, final RestController controller, final Client client,
final AdminDNs adminDNs, final ConfigurationRepository cl, final ClusterService cs,
final PrincipalExtractor principalExtractor, final PrivilegesEvaluator privilegesEvaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/permissionsinfo", this);
this.threadPool = threadPool;
this.privilegesEvaluator = privilegesEvaluator;
this.restApiPrivilegesEvaluator = new RestApiPrivilegesEvaluator(settings, adminDNs, privilegesEvaluator, principalExtractor, configPath, threadPool);
}
示例7
@Inject
public TenantsApiAction(final Settings settings, final Path configPath, final RestController controller, final Client client,
final AdminDNs adminDNs, final ConfigurationRepository cl, final ClusterService cs,
final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool, auditLog);
// corrected mapping, introduced in SG6
controller.registerHandler(Method.GET, "/_opendistro/_security/api/tenants/{name}", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/tenants/", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/tenants/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/tenants/{name}", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/tenants/", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/tenants/{name}", this);
}
示例8
@Override
protected void handleApiRequest(RestChannel channel, final RestRequest request, final Client client)
throws IOException {
if (request.method() == Method.PATCH) {
handlePatch(channel, request, client);
} else {
super.handleApiRequest(channel, request, client);
}
}
示例9
private Map<Endpoint, List<Method>> addGloballyDisabledEndpoints(Map<Endpoint, List<Method>> endpoints) {
if(globallyDisabledEndpoints != null && !globallyDisabledEndpoints.isEmpty()) {
Set<Endpoint> globalEndoints = globallyDisabledEndpoints.keySet();
for(Endpoint endpoint : globalEndoints) {
endpoints.putIfAbsent(endpoint, new LinkedList<>());
endpoints.get(endpoint).addAll(globallyDisabledEndpoints.get(endpoint));
}
}
return endpoints;
}
示例10
@Override
protected void handleApiRequest(RestChannel channel, RestRequest request, Client client) throws IOException {
if (request.method() == Method.PATCH && !allowPutOrPatch) {
notImplemented(channel, Method.PATCH);
} else {
super.handleApiRequest(channel, request, client);
}
}
示例11
@Override
protected void handlePut(RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException{
if (allowPutOrPatch) {
if(!"config".equals(request.param("name"))) {
badRequestResponse(channel, "name must be config");
return;
}
super.handlePut(channel, request, client, content);
} else {
notImplemented(channel, Method.PUT);
}
}
示例12
@Inject
public RolesApiAction(Settings settings, final Path configPath, RestController controller, Client client, AdminDNs adminDNs, ConfigurationRepository cl,
ClusterService cs, final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool, auditLog);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/roles/", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/roles/{name}", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/roles/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/roles/{name}", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/roles/", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/roles/{name}", this);
}
示例13
@Inject
public AuthTokenProcessorAction(final Settings settings, final Path configPath, final RestController controller,
final Client client, final AdminDNs adminDNs, final ConfigurationRepository cl,
final ClusterService cs, final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator,
ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool,
auditLog);
controller.registerHandler(Method.POST, "/_opendistro/_security/api/authtoken", this);
}
示例14
@Inject
public RolesMappingApiAction(final Settings settings, final Path configPath, final RestController controller, final Client client,
final AdminDNs adminDNs, final ConfigurationRepository cl, final ClusterService cs,
final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool, auditLog);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/rolesmapping/", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/rolesmapping/{name}", this);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/rolesmapping/{name}", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/rolesmapping/{name}", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/rolesmapping/", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/rolesmapping/{name}", this);
}
示例15
@Inject
public FlushCacheApiAction(final Settings settings, final Path configPath, final RestController controller, final Client client,
final AdminDNs adminDNs, final ConfigurationRepository cl, final ClusterService cs,
final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool, auditLog);
controller.registerHandler(Method.DELETE, "/_opendistro/_security/api/cache", this);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/cache", this);
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/cache", this);
controller.registerHandler(Method.POST, "/_opendistro/_security/api/cache", this);
}
示例16
private static SearchRequest generateLocalSearchRequest(String source, String indexName, String type) {
LocalRestRequest localRestRequest = new LocalRestRequest("/_search", Method.POST);
localRestRequest.setContent(source, null);
SearchRequest searchRequest = new SearchRequest();
searchRequest.indices(Strings.splitStringByCommaToArray(indexName));
// get the content, and put it in the body
// add content/source as template if template flag is set
searchRequest.source(localRestRequest.content());
searchRequest.searchType(SearchType.QUERY_AND_FETCH);
searchRequest.extraSource(RestSearchAction.parseSearchSource(localRestRequest));
searchRequest.types(Strings.splitStringByCommaToArray(type));
searchRequest.putHeader("search_source", "reindex");
return searchRequest;
}
示例17
@Inject
public S3ManageAction(Settings settings, Client client, RestController controller){
super(settings, controller, client);
// Define S3 REST endpoints.
controller.registerHandler(Method.GET, "/_s3/{rivername}/{command}", this);
}
示例18
public String[] getRoles(final Method method) {
final Set<String> roleSet = methodMap.get(method);
if (roleSet != null) {
return roleSet.toArray(new String[roleSet.size()]);
}
return new String[0];
}
示例19
private void addRoles(final Method method, final String[] roles) {
synchronized (methodMap) {
Set<String> roleSet = methodMap.get(method);
if (roleSet == null) {
roleSet = new HashSet<String>();
methodMap.put(method, roleSet);
}
for (final String role : roles) {
roleSet.add(role);
}
}
}
示例20
@Override
public boolean validate() {
if(!super.validate()) {
return false;
}
final String regex = this.esSettings.get(ConfigConstants.OPENDISTRO_SECURITY_RESTAPI_PASSWORD_VALIDATION_REGEX, null);
if((request.method() == Method.PUT || request.method() == Method.PATCH )
&& regex != null
&& !regex.isEmpty()
&& this.content != null
&& this.content.length() > 1) {
try {
final Map<String, Object> contentAsMap = XContentHelper.convertToMap(this.content, false, XContentType.JSON).v2();
if(contentAsMap != null && contentAsMap.containsKey("password")) {
final String password = (String) contentAsMap.get("password");
// Password can be null/empty for an existing user. Regex will validate password if present
if (password != null && !password.isEmpty() && !regex.isEmpty() && !Pattern.compile("^"+regex+"$").matcher(password).matches()) {
if(log.isDebugEnabled()) {
log.debug("Regex does not match password");
}
this.errorType = ErrorType.INVALID_PASSWORD;
return false;
}
final String username = Utils.coalesce(request.param("name"), hasParams()?(String)param[0]:null);
if(username == null || username.isEmpty()) {
if(log.isDebugEnabled()) {
log.debug("Unable to validate username because no user is given");
}
return false;
}
if(username.toLowerCase().equals(password.toLowerCase())) {
if(log.isDebugEnabled()) {
log.debug("Username must not match password");
}
this.errorType = ErrorType.INVALID_PASSWORD;
return false;
}
}
} catch (NotXContentException e) {
//this.content is not valid json/yaml
log.error("Invalid xContent: "+e,e);
return false;
}
}
return true;
}
示例21
public RestApiPrivilegesEvaluator(Settings settings, AdminDNs adminDNs, PrivilegesEvaluator privilegesEvaluator, PrincipalExtractor principalExtractor, Path configPath,
ThreadPool threadPool) {
this.adminDNs = adminDNs;
this.privilegesEvaluator = privilegesEvaluator;
this.principalExtractor = principalExtractor;
this.configPath = configPath;
this.threadPool = threadPool;
this.settings = settings;
// set up
// all endpoints and methods
Map<Endpoint, List<Method>> allEndpoints = new HashMap<>();
for(Endpoint endpoint : Endpoint.values()) {
List<Method> allMethods = new LinkedList<>();
allMethods.addAll(Arrays.asList(Method.values()));
allEndpoints.put(endpoint, allMethods);
}
this.allEndpoints = Collections.unmodifiableMap(allEndpoints);
// setup role based permissions
allowedRoles.addAll(settings.getAsList(ConfigConstants.OPENDISTRO_SECURITY_RESTAPI_ROLES_ENABLED));
this.roleBasedAccessEnabled = !allowedRoles.isEmpty();
// globally disabled endpoints, disables access to Endpoint/Method combination for all roles
Settings globalSettings = settings.getAsSettings(ConfigConstants.OPENDISTRO_SECURITY_RESTAPI_ENDPOINTS_DISABLED + ".global");
if (!globalSettings.isEmpty()) {
globallyDisabledEndpoints = parseDisabledEndpoints(globalSettings);
}
if (logger.isDebugEnabled()) {
logger.debug("Globally disabled endpoints: {}", globallyDisabledEndpoints);
}
for (String role : allowedRoles) {
Settings settingsForRole = settings.getAsSettings(ConfigConstants.OPENDISTRO_SECURITY_RESTAPI_ENDPOINTS_DISABLED + "." + role);
if (settingsForRole.isEmpty()) {
if (logger.isDebugEnabled()) {
logger.debug("No disabled endpoints/methods for permitted role {} found, allowing all", role);
}
continue;
}
Map<Endpoint, List<Method>> disabledEndpointsForRole = parseDisabledEndpoints(settingsForRole);
if (!disabledEndpointsForRole.isEmpty()) {
disabledEndpointsForRoles.put(role, disabledEndpointsForRole);
} else {
logger.warn("Disabled endpoints/methods empty for role {}, please check configuration", role);
}
}
if (logger.isTraceEnabled()) {
logger.trace("Parsed permission set for endpoints: {}", disabledEndpointsForRoles);
}
}
示例22
private String checkRoleBasedAccessPermissions(RestRequest request, Endpoint endpoint) {
if (logger.isTraceEnabled()) {
logger.trace("Checking role based admin access for endpoint {} and method {}", endpoint.name(), request.method().name());
}
// Role based access. Check that user has role suitable for admin access
// and that the role has also access to this endpoint.
if (this.roleBasedAccessEnabled) {
// get current user and roles
final User user = (User) threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_USER);
final TransportAddress remoteAddress = (TransportAddress) threadPool.getThreadContext().getTransient(ConfigConstants.OPENDISTRO_SECURITY_REMOTE_ADDRESS);
// map the users Security roles
Set<String> userRoles = privilegesEvaluator.mapRoles(user, remoteAddress);
// check if user has any role that grants access
if (currentUserHasRestApiAccess(userRoles)) {
// yes, calculate disabled end points. Since a user can have
// multiple roles, the endpoint
// needs to be disabled in all roles.
Map<Endpoint, List<Method>> disabledEndpointsForUser = getDisabledEndpointsForCurrentUser(user.getName(), userRoles);
if (logger.isDebugEnabled()) {
logger.debug("Disabled endpoints for user {} : {} ", user, disabledEndpointsForUser);
}
// check if we have any disabled methods for this endpoint
List<Method> disabledMethodsForEndpoint = disabledEndpointsForUser.get(endpoint);
// no settings, all methods for this endpoint allowed
if (disabledMethodsForEndpoint == null || disabledMethodsForEndpoint.isEmpty()) {
if (logger.isDebugEnabled()) {
logger.debug("No disabled methods for user {} and endpoint {}, access allowed ", user, endpoint);
}
return null;
}
// some methods disabled, check requested method
if (!disabledMethodsForEndpoint.contains(request.method())) {
if (logger.isDebugEnabled()) {
logger.debug("Request method {} for user {} and endpoint {} not restricted, access allowed ", request.method(), user, endpoint);
}
return null;
}
logger.info("User {} with Open Distro Security Roles {} does not have access to endpoint {} and method {}, checking admin TLS certificate now.", user, userRoles,
endpoint.name(), request.method());
return "User " + user.getName() + " with Open Distro Security Roles " + userRoles + " does not have any access to endpoint " + endpoint.name() + " and method "
+ request.method().name();
} else {
// no, but maybe the request contains a client certificate.
// Remember error reason for better response message later on.
logger.info("User {} with Open Distro Security roles {} does not have any role privileged for admin access.", user, userRoles);
return "User " + user.getName() + " with Open Distro Security Roles " + userRoles + " does not have any role privileged for admin access";
}
}
return "Role based access not enabled.";
}
示例23
protected void handlePost(final RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException {
notImplemented(channel, Method.POST);
}
示例24
protected void notImplemented(RestChannel channel, Method method) {
response(channel, RestStatus.NOT_IMPLEMENTED,
"Method " + method.name() + " not supported for this action.");
}
示例25
@Inject
public OpenDistroSecurityConfigAction(final Settings settings, final Path configPath, final RestController controller, final Client client,
final AdminDNs adminDNs, final ConfigurationRepository cl, final ClusterService cs,
final PrincipalExtractor principalExtractor, final PrivilegesEvaluator evaluator, ThreadPool threadPool, AuditLog auditLog) {
super(settings, configPath, controller, client, adminDNs, cl, cs, principalExtractor, evaluator, threadPool, auditLog);
allowPutOrPatch = settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_UNSUPPORTED_RESTAPI_ALLOW_SECURITYCONFIG_MODIFICATION, false);
controller.registerHandler(Method.GET, "/_opendistro/_security/api/securityconfig/", this);
//controller.registerHandler(Method.GET, "/_opendistro/_security/api/config/", this);
if(allowPutOrPatch) {
//deprecated, will be removed with ODFE 8, use opendistro_security_config instead of config
controller.registerHandler(Method.PUT, "/_opendistro/_security/api/securityconfig/{name}", this);
controller.registerHandler(Method.PATCH, "/_opendistro/_security/api/securityconfig/", this);
}
}
示例26
@Override
protected void handlePost(RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException{
notImplemented(channel, Method.POST);
}
示例27
@Override
protected void handleDelete(RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException{
notImplemented(channel, Method.DELETE);
}
示例28
@Override
protected void handlePost(RestChannel channel, final RestRequest request, final Client client, final JsonNode content)throws IOException {
notImplemented(channel, Method.POST);
}
示例29
@Override
protected void handleGet(RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException{
notImplemented(channel, Method.GET);
}
示例30
@Override
protected void handlePut(RestChannel channel, final RestRequest request, final Client client, final JsonNode content) throws IOException{
notImplemented(channel, Method.PUT);
}
