honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
🔎 Open source distributed and RESTful search engine.
212 Commits 7 Branches 6 Tags 546 MiB
Java 99.5%
Groovy 0.4%
Go to file
uboness af74f43aea Introduced realms factories 
Today it is possible to configure 3 realms in shield - `esusers`, `ldap` and `active_directory`. These realms are created once based on the configuration. There are several problems with this approach:

- Taking `ldap` as an example, it is currently not possible to have multiple `ldap` realms configured (where one serving as a fallback for the other). While the `ldap` realm itself enables defining multiple ldap URLs, it has the limitation that the fallback LDAP must have the exact same configuration as the primary LDAP (+ there's the limitation that all URLs must either us SSL or not... there cannot be a mix of SSL URL and a normal URL)

- The realms are created and bound internally by guice. This will limit the configurability at runtime of the realms which we might want to introduce in shield 2.0.

This commit changes the way realms are managed & configured. Instead of having guice bind the realms themselves. A new realm factory construct will be introduced. The realm factory will represent a realm type and guice will bind these factories. At load time, we'll read the configuration and based on the types of the configured realms, the relevant factories will create the realms based on the settings. This means that potentially we can expose the realms as a dynamic configuration and rebuild the realm chain at runtime.

A nice side effect of this approach is that the multiple URLs feature that is currently supported by both `ldap` and `active_directory` can be dropped. Instead, the users will just need to configure multiple `ldap`/`active_directory` realms.

Closes: elastic/elasticsearch#370

Original commit: elastic/x-pack-elasticsearch@3232f153bb
 		2014-11-25 14:31:51 -08:00
.esvm-shield-config ldap: Adds debugging statements and documentation 2014-11-06 11:13:50 -07:00
dev-tools [CI] Added custom pmd xml file 2014-10-07 11:06:35 -06:00
src Introduced realms factories 2014-11-25 14:31:51 -08:00
.esvmrc Simplied SSL keystores and truststores 2014-11-18 08:07:27 -07:00
.esvmrc_active_dir LDAP: splitting AD and LDAP realm 2014-11-20 16:26:57 -07:00
.esvmrc_open_ldap LDAP: splitting AD and LDAP realm 2014-11-20 16:26:57 -07:00
LICENSE.txt Initial X-Pack commit 2018-04-20 14:16:58 -07:00
README.asciidoc Docs: Added SSL certification/CA creation docs 2014-07-23 15:42:10 +02:00
TESTING.asciidoc [DOCS] hopefully fixed formatting of TESTING.asciidoc 2014-11-24 11:55:25 +01:00
all-signatures.txt Initial import 2014-07-07 11:30:28 +02:00
core-signatures.txt Introduced realms factories 2014-11-25 14:31:51 -08:00
pom.xml Dependencies: Upgrade to Elasticsearch 1.4.0 2014-11-06 12:03:49 +01:00
test-signatures.txt Initial import 2014-07-07 11:30:28 +02:00
tests.policy ldap: Changed LdapSslSocketFactory method of setting the static factory, plus miscellaneous cleanup 2014-10-01 15:11:26 -06:00

README.asciidoc 

= Elasticsearch Security Plugin

This plugins adds security features to elasticsearch

You can build the plugin with `mvn package`.

The documentation is put in the `docs/` directory.