Allow custom realms to use additional supporting objects

Currently a `SecurityExtension` that provides a custom realm must fit into the following limitations:
- Have a [no-args constructor](https://github.com/elastic/elasticsearch/blob/7.5/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityExtension.java#L104)
- Provide one or more `Realm.Factory` instances, [using only a ResourceWatcherService](https://github.com/elastic/elasticsearch/blob/7.5/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityExtension.java#L40)
- In that factory, [construct a realm](https://github.com/elastic/elasticsearch/blob/7.5/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Realm.java#L164) from a `RealmConfig` object only

That means that the only supporting objects that a realm can easily depend on are:
- ResourceWatcherService
- RealmConfig

If it wants anything else, it needs to get acces via the `Plugin` API.
Things that custom-realm-authors have said that they would like to have access to include:
- An Elasticsearch `Client` (which they can get from `Plugin.createComponents`, but then need to save somewhere so the realm can access it)
- The `NativeRoleMappingStore` (as a `UserRoleMapper`, which can be retrieved from Guice, but that's something we're actively working to remove).





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Allow custom realms to use additional supporting objects #48369

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Allow custom realms to use additional supporting objects #48369

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions