mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-28 17:34:17 -04:00
67e32e5c82
* Initial hello-world entitlements agent
* Respond to Ryan's comments
* License header
* Fix forbidden APIs setup
* Rename EntitlementAgent
* Automated refactor missed one
* Automated rename really let me down here
* Very serious test name
* README files for the new modules
* Use "tasks.named('jar')"
Co-authored-by: Rene Groeschke <rene@breskeby.com>
* Use 'tasks.named('test')'
Co-authored-by: Rene Groeschke <rene@breskeby.com>
* More deferral of gradle tasks
Co-authored-by: Rene Groeschke <rene@breskeby.com>
* Even more deferral
Co-authored-by: Rene Groeschke <rene@breskeby.com>
* FIx gradle syntax for javaagent arg
---------
Co-authored-by: Rene Groeschke <rene@breskeby.com>
|
||
|---|---|---|
| .. | ||
| src/main/java | ||
| build.gradle | ||
| README.md | ||
Entitlement runtime
This module implements mechanisms to grant and check permissions under the entitlements system.
The entitlements system provides an alternative to the legacy SecurityManager system, which is deprecated for removal.
The entitlement-agent tool instruments sensitive class library methods with calls to this module, in order to enforce the controls.
This module is responsible for:
- Defining which class library methods are sensitive
- Defining what permissions should be checked for each sensitive method
- Implementing the permission checks
- Offering a "grant" API to grant permissions
It is not responsible for anything to do with bytecode instrumentation; that responsibility lies with entitlement-agent.