权限管理 API #
通过 easysearch-client 可以方便的对访问控制进行管理。
使用示例 #
创建或修改角色 #
RestHighLevelClient client = initEasysearchClient();
Index index = new Index();
index.names("movies*", "test*").field_security("title", "body")
.field_mask("f1", "f2")
.privileges("indices:admin/plugins/replication/index/setup/validate", "indices:data/read/plugins/replication/changes");
index.query("{\"match\": {\"title\": \"foo\"}}");
Role role2 = new Role("role1", Arrays.asList("cluster_composite_ops", "indices_monitor"), Arrays.asList(index), null);
PutRoleRequest putRoleRequest = new PutRoleRequest(role2);
PutRoleResponse putUserResponse = client.security().putRole(putRoleRequest, RequestOptions.DEFAULT);
assertTrue(putUserResponse.isCreated());
获取角色 #
final GetRolesRequest getRoleRequest = new GetRolesRequest();
final GetRolesResponse getRoleResponse = client.security().getRoles(getRoleRequest, RequestOptions.DEFAULT);
System.out.println(getRoleResponse.toJson());
删除角色 #
DeleteRoleRequest deleteRoleRequest = new DeleteRoleRequest("role1");
DeleteRoleResponse deleteRoleResponse = client.security().deleteRole(deleteRoleRequest, RequestOptions.DEFAULT);
System.out.println("deleteRoleResponse " + deleteRoleResponse.toJson());
assertTrue(deleteRoleResponse.isDelete());
创建或修改用户 #
Map<String, Object> attributes = new HashMap<>();
attributes.put("attribute1", "val1");
attributes.put("attribute2", "val2");
User user = new User("test_user", Collections.singletonList("role1"), Collections.EMPTY_LIST, attributes);
PutUserRequest request = PutUserRequest.withPassword(user, "test_user".toCharArray());
PutUserResponse createResponse = client.security().putUser(request, RequestOptions.DEFAULT);
System.out.println("createResponse " + createResponse.toJson());
assertTrue(createResponse.isCreated());
获取用户 #
GetUsersRequest request = new GetUsersRequest("aaa");
GetUsersResponse response = client.security().getUsers(request, RequestOptions.DEFAULT);
System.out.println(response.toJson());
删除用户 #
DeleteUserRequest deleteUserRequest = new DeleteUserRequest("test_user");
DeleteUserResponse deleteUserResponse = client.security().deleteUser(deleteUserRequest, RequestOptions.DEFAULT);
assertTrue(deleteUserResponse.isDelete());
获取当前账户信息 #
RestHighLevelClient client = initEasysearchClient("test_user", "test_user");
GetAccountResponse response = client.security().getAccount();
修改当前账户密码 #
RestHighLevelClient client = initEasysearchClient("test_user", "test_user");
ChangePasswordRequest request = new ChangePasswordRequest("test_user123".toCharArray(), "test_user".toCharArray());
boolean b = client.security().changePassword(request, RequestOptions.DEFAULT);
获取指定权限 #
GetPrivilegesRequest request = new GetPrivilegesRequest("read", "delete");
GetPrivilegesResponse response = client.security().getPrivileges(request, RequestOptions.DEFAULT);
创建或修改权限 #
Privilege privilege = new Privilege("test_privilege", Arrays.asList("indices:data/write/index*",
"indices:data/write/update*",
"indices:admin/mapping/put",
"indices:data/write/bulk*",
"read", "write"), null);
PutPrivilegeRequest request = new PutPrivilegeRequest(privilege);
PutPrivilegeResponse response = client.security().putPrivileges(request, RequestOptions.DEFAULT);
删除权限 #
DeletePrivilegesRequest request = new DeletePrivilegesRequest("test_privilege");
DeletePrivilegeResponse response = client.security().deletePrivilege(request, RequestOptions.DEFAULT);
获取角色映射 #
GetRoleMappingsRequest request = new GetRoleMappingsRequest();
GetRoleMappingsResponse response = client.security().getRoleMappings(request, RequestOptions.DEFAULT);
创建或修改角色映射 #
RoleMapping roleMapping = new RoleMapping("role1", Collections.emptyList(), Collections.emptyList(), Collections.singletonList("test_user"), "");
PutRoleMappingRequest request = new PutRoleMappingRequest(roleMapping);
PutRoleMappingResponse response = client.security().putRoleMapping(request, RequestOptions.DEFAULT);
删除角色映射 #
DeleteRoleMappingRequest request = new DeleteRoleMappingRequest("role1");
DeleteRoleMappingResponse response = client.security().deleteRoleMapping(request, RequestOptions.DEFAULT);