Authenticate API

edit

Execution

edit

Authenticating and retrieving information about a user can be performed using the security().authenticate() method:

AuthenticateResponse response = client.security().authenticate(RequestOptions.DEFAULT);

This method does not require a request object. The client waits for the AuthenticateResponse to be returned before continuing with code execution.

Response

edit

The returned AuthenticateResponse contains four fields. The user field , accessed with getUser, contains all the information about this authenticated user. The field enabled, tells if this user is actually usable or has been temporarily deactivated. The field authentication_realm, accessed with getAuthenticationRealm contains the name and type of the Realm that has authenticated the user and the field lookup_realm, accessed with getLookupRealm contains the name and type of the Realm where the user information were retrieved from.

User user = response.getUser(); 
boolean enabled = response.enabled(); 
final String authenticationRealmName = response.getAuthenticationRealm().getName(); 
final String authenticationRealmType = response.getAuthenticationRealm().getType(); 
final String lookupRealmName = response.getLookupRealm().getName(); 
final String lookupRealmType = response.getLookupRealm().getType(); 
final String authenticationType = response.getAuthenticationType(); 
final Map<String, Object> tokenInfo = response.getToken(); 

getUser retrieves the User instance containing the information, see https://artifacts.elastic.co/javadoc/org/elasticsearch/client/elasticsearch-rest-high-level-client/7.16.3/org/elasticsearch/client/security/user/User.html.

enabled tells if this user is usable or is deactivated.

getAuthenticationRealm().getName() retrieves the name of the realm that authenticated the user.

getAuthenticationRealm().getType() retrieves the type of the realm that authenticated the user.

getLookupRealm().getName() retrieves the name of the realm from where the user information is looked up.

getLookupRealm().getType() retrieves the type of the realm from where the user information is looked up.

getAuthenticationType() retrieves the authentication type of the authenticated user.

getMetadata() retrieves metadata relevant to this authentication. Note this is different from user.getMetadata(). For service account token authentication, it contains a key of _token_name with the value being the token name.

Asynchronous Execution

edit

This request can also be executed asynchronously:

client.security().authenticateAsync(RequestOptions.DEFAULT, listener); 

The ActionListener to use when the execution completes. This method does not require a request object.

The asynchronous method does not block and returns immediately. Once the request has completed the ActionListener is called back using the onResponse method if the execution completed successfully or using the onFailure method if it failed.

A typical listener for a AuthenticateResponse looks like:

ActionListener<AuthenticateResponse> listener = new ActionListener<AuthenticateResponse>() {
    @Override
    public void onResponse(AuthenticateResponse response) {
        
    }

    @Override
    public void onFailure(Exception e) {
        
    }
};

Called when the execution completed successfully. The response is provided as an argument.

Called in case of a failure. The exception is provided as an argument.