11ff005dc3
Two reasons for this: 1) automatically convert the _all to its matching indices, in the context of the current user is authorized for, instead of resolving wildcards and then throwing authorization exception because the wildcard exp matches indices that the user is not authorized for 2) this makes the wildcards resolution secure, meaning that there is a single place that resolve wildcards. If it happened in shield while authorizing and in core while actually executing the operation, there would be mismatches which would allow to execute operation on indices that the user is not authorized for, if they get created with the "right" timing. Closes elastic/elasticsearch#54 Closes elastic/elasticsearch#105 Original commit: elastic/x-pack-elasticsearch@a02c6fbccf |
||
|---|---|---|
| dev-tools | ||
| src | ||
| .esvmrc | ||
| LICENSE.txt | ||
| README.asciidoc | ||
| all-signatures.txt | ||
| core-signatures.txt | ||
| pom.xml | ||
| test-signatures.txt | ||
| tests.policy | ||
README.asciidoc
= Elasticsearch Security Plugin This plugins adds security features to elasticsearch You can build the plugin with `mvn package`. The documentation is put in the `docs/` directory.