forked from elastic/elasticsearch
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
HLRC: Add ability to put user with a password hash
Update PutUserRequest to support password_hash (see: elastic#35242) This also updates the documentation to bring it in line with our more recent approach to HLRC docs.
- Loading branch information
Showing
3 changed files
with
149 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,52 +1,58 @@ | ||
[[java-rest-high-security-put-user]] | ||
-- | ||
:api: put-user | ||
:request: PutUserRequest | ||
:response: PutUserResponse | ||
-- | ||
|
||
[id="{upid}-{api}"] | ||
=== Put User API | ||
|
||
[[java-rest-high-security-put-user-execution]] | ||
==== Execution | ||
[id="{upid}-{api}-request"] | ||
==== Put User Request Request | ||
|
||
The +{request}+ class is used to create or update a user in the Native Realm. | ||
There are 3 different factory methods for creating a request. | ||
|
||
Creating and updating a user can be performed using the `security().putUser()` | ||
method: | ||
===== Create or Update User with a Password | ||
|
||
If you wish to create a new user (or update an existing user) and directly specifying the user's new password, use the | ||
`withPassword` method as shown below: | ||
|
||
["source","java",subs="attributes,callouts,macros"] | ||
-------------------------------------------------- | ||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[put-user-execute] | ||
include-tagged::{doc-tests-file}[{api}-password-request] | ||
-------------------------------------------------- | ||
|
||
[[java-rest-high-security-put-user-response]] | ||
==== Response | ||
===== Create or Update User with a Hashed Password | ||
|
||
The returned `PutUserResponse` contains a single field, `created`. This field | ||
serves as an indication if a user was created or if an existing entry was updated. | ||
If you wish to create a new user (or update an existing user) and perform password hashing on the client, | ||
then use the `withPasswordHash` method: | ||
|
||
["source","java",subs="attributes,callouts,macros"] | ||
-------------------------------------------------- | ||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[put-user-response] | ||
-------------------------------------------------- | ||
<1> `created` is a boolean indicating whether the user was created or updated | ||
include-tagged::{doc-tests-file}[{api}-hash-request] | ||
[[java-rest-high-security-put-user-async]] | ||
==== Asynchronous Execution | ||
-------------------------------------------------- | ||
===== Update a User without changing their password | ||
|
||
This request can be executed asynchronously: | ||
If you wish to update an existing user, and do not wish to change the user's password, | ||
then use the `updateUserProperties` method: | ||
|
||
["source","java",subs="attributes,callouts,macros"] | ||
-------------------------------------------------- | ||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[put-user-execute-async] | ||
include-tagged::{doc-tests-file}[{api}-update-request] | ||
-------------------------------------------------- | ||
<1> The `PutUserRequest` to execute and the `ActionListener` to use when | ||
the execution completes. | ||
|
||
The asynchronous method does not block and returns immediately. Once the request | ||
has completed the `ActionListener` is called back using the `onResponse` method | ||
if the execution successfully completed or using the `onFailure` method if | ||
it failed. | ||
include::../execution.asciidoc[] | ||
|
||
A typical listener for a `PutUserResponse` looks like: | ||
[id="{upid}-{api}-response"] | ||
==== Put User Response | ||
|
||
The returned `PutUserResponse` contains a single field, `created`. This field | ||
serves as an indication if a user was created or if an existing entry was updated. | ||
|
||
["source","java",subs="attributes,callouts,macros"] | ||
-------------------------------------------------- | ||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[put-user-execute-listener] | ||
include-tagged::{doc-tests}/SecurityDocumentationIT.java[put-user-response] | ||
-------------------------------------------------- | ||
<1> Called when the execution is successfully completed. The response is | ||
provided as an argument. | ||
<2> Called in case of failure. The raised exception is provided as an argument. | ||
<1> `created` is a boolean indicating whether the user was created or updated |