- Java REST Client (deprecated): other versions:
- Overview
- Java Low Level REST Client
- Java High Level REST Client
- Getting started
- Document APIs
- Search APIs
- Miscellaneous APIs
- Indices APIs
- Analyze API
- Create Index API
- Delete Index API
- Indices Exists API
- Open Index API
- Close Index API
- Shrink Index API
- Split Index API
- Refresh API
- Flush API
- Flush Synced API
- Clear Cache API
- Force Merge API
- Rollover Index API
- Put Mapping API
- Get Mappings API
- Get Field Mappings API
- Index Aliases API
- Exists Alias API
- Get Alias API
- Update Indices Settings API
- Get Settings API
- Put Template API
- Validate Query API
- Get Templates API
- Templates Exist API
- Get Index API
- Freeze Index API
- Unfreeze Index API
- Delete Template API
- Cluster APIs
- Ingest APIs
- Snapshot APIs
- Tasks APIs
- Script APIs
- Licensing APIs
- Machine Learning APIs
- Put Job API
- Get Job API
- Delete Job API
- Open Job API
- Close Job API
- Update Job API
- Flush Job API
- Put Datafeed API
- Update Datafeed API
- Get Datafeed API
- Delete Datafeed API
- Preview Datafeed API
- Start Datafeed API
- Stop Datafeed API
- Get Datafeed Stats API
- Get Job Stats API
- Forecast Job API
- Delete Forecast API
- Get Buckets API
- Get Overall Buckets API
- Get Records API
- Post Data API
- Get Influencers API
- Get Categories API
- Get Calendars API
- Put Calendar API
- Get Calendar Events API
- Post Calendar Event API
- Delete Calendar Event API
- Put Calendar Job API
- Delete Calendar Job API
- Delete Calendar API
- Put Filter API
- Get Filters API
- Update Filter API
- Delete Filter API
- Get Model Snapshots API
- Delete Model Snapshot API
- Revert Model Snapshot API
- Update Model Snapshot API
- ML Get Info API
- Delete Expired Data API
- Set Upgrade Mode API
- Migration APIs
- Rollup APIs
- Security APIs
- Put User API
- Get Users API
- Delete User API
- Enable User API
- Disable User API
- Change Password API
- Put Role API
- Get Roles API
- Delete Role API
- Delete Privileges API
- Get Privileges API
- Clear Roles Cache API
- Clear Realm Cache API
- Authenticate API
- Has Privileges API
- Get User Privileges API
- SSL Certificate API
- Put Role Mapping API
- Get Role Mappings API
- Delete Role Mapping API
- Create Token API
- Invalidate Token API
- Put Privileges API
- Create API Key API
- Get API Key information API
- Invalidate API Key API
- Watcher APIs
- Graph APIs
- CCR APIs
- Index Lifecycle Management APIs
- Using Java Builders
- Migration Guide
- License
Has Privileges API
editHas Privileges API
editHas Privileges Request
editThe HasPrivilegesRequest
supports checking for any or all of the following privilege types:
- Cluster Privileges
- Index Privileges
- Application Privileges
Privileges types that you do not wish to check my be passed in as null
, but as least
one privilege must be specified.
HasPrivilegesRequest request = new HasPrivilegesRequest( Sets.newHashSet("monitor", "manage"), Sets.newHashSet( IndicesPrivileges.builder().indices("logstash-2018-10-05").privileges("read", "write") .allowRestrictedIndices(false).build(), IndicesPrivileges.builder().indices("logstash-2018-*").privileges("read") .allowRestrictedIndices(true).build() ), null );
Synchronous Execution
editWhen executing a HasPrivilegesRequest
in the following manner, the client waits
for the HasPrivilegesResponse
to be returned before continuing with code execution:
HasPrivilegesResponse response = client.security().hasPrivileges(request, RequestOptions.DEFAULT);
Synchronous calls may throw an IOException
in case of either failing to
parse the REST response in the high-level REST client, the request times out
or similar cases where there is no response coming back from the server.
In cases where the server returns a 4xx
or 5xx
error code, the high-level
client tries to parse the response body error details instead and then throws
a generic ElasticsearchException
and adds the original ResponseException
as a
suppressed exception to it.
Asynchronous Execution
editExecuting a HasPrivilegesRequest
can also be done in an asynchronous fashion so that
the client can return directly. Users need to specify how the response or
potential failures will be handled by passing the request and a listener to the
asynchronous has-privileges method:
The asynchronous method does not block and returns immediately. Once it is
completed the ActionListener
is called back using the onResponse
method
if the execution successfully completed or using the onFailure
method if
it failed. Failure scenarios and expected exceptions are the same as in the
synchronous execution case.
A typical listener for has-privileges
looks like:
Has Privileges Response
editThe returned HasPrivilegesResponse
contains the following properties
-
username
- The username (userid) of the current user (for whom the "has privileges" check was executed)
-
hasAllRequested
-
true
if the user has all of the privileges that were specified in theHasPrivilegesRequest
. Otherwisefalse
. -
clusterPrivileges
-
A
Map<String,Boolean>
where each key is the name of one of the cluster privileges specified in the request, and the value istrue
if the user has that privilege, andfalse
otherwise.The method
hasClusterPrivilege
can be used to retrieve this information in a more fluent manner. This method throws anIllegalArgumentException
if the privilege was not included in the response (which will be the case if the privilege was not part of the request). -
indexPrivileges
-
A
Map<String, Map<String, Boolean>>
where each key is the name of an index (as specified in theHasPrivilegesRequest
) and the value is aMap
from privilege name to aBoolean
. TheBoolean
value istrue
if the user has that privilege on that index, andfalse
otherwise.The method
hasIndexPrivilege
can be used to retrieve this information in a more fluent manner. This method throws anIllegalArgumentException
if the privilege was not included in the response (which will be the case if the privilege was not part of the request). -
applicationPrivileges
-
A
Map<String, Map<String, Map<String, Boolean>>>>
where each key is the name of an application (as specified in theHasPrivilegesRequest
). For each application, the value is aMap
keyed by resource name, with each value being anotherMap
from privilege name to aBoolean
. TheBoolean
value istrue
if the user has that privilege on that resource for that application, andfalse
otherwise.The method
hasApplicationPrivilege
can be used to retrieve this information in a more fluent manner. This method throws anIllegalArgumentException
if the privilege was not included in the response (which will be the case if the privilege was not part of the request).
On this page