Add Microsoft Graph Delegated Authorization Realm Plugin

jfreden · jfreden · commit 46bc3d33fa04 · 2025-05-08T13:08:20.000+02:00
diff --git a/plugins/microsoft-graph-authz/build.gradle b/plugins/microsoft-graph-authz/build.gradle
@@ -0,0 +1,21 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+apply plugin: 'elasticsearch.internal-java-rest-test'
+
+esplugin {
+    name = "microsoft-graph-authz"
+    description = "Microsoft Graph Delegated Authorization Realm Plugin"
+    classname = "org.elasticsearch.plugin.security.authz.MicrosoftGraphAuthzPlugin"
+    extendedPlugins = ["x-pack-security"]
+}
+
+dependencies {
+    compileOnly project(':x-pack:plugin:core')
+}
diff --git a/plugins/microsoft-graph-authz/src/main/java/module-info.java b/plugins/microsoft-graph-authz/src/main/java/module-info.java
@@ -0,0 +1,15 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+module org.elasticsearch.plugin.security.authz {
+    requires org.elasticsearch.base;
+    requires org.elasticsearch.server;
+    requires org.elasticsearch.xcore;
+    requires org.elasticsearch.logging;
+}
diff --git a/plugins/microsoft-graph-authz/src/main/java/org/elasticsearch/plugin/security/authz/MicrosoftGraphAuthzPlugin.java b/plugins/microsoft-graph-authz/src/main/java/org/elasticsearch/plugin/security/authz/MicrosoftGraphAuthzPlugin.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.plugin.security.authz;
+
+import org.elasticsearch.common.settings.Setting;
+import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.xpack.core.security.SecurityExtension;
+import org.elasticsearch.xpack.core.security.authc.Realm;
+
+import java.util.List;
+import java.util.Map;
+
+public class MicrosoftGraphAuthzPlugin extends Plugin implements SecurityExtension {
+    @Override
+    public Map<String, Realm.Factory> getRealms(SecurityComponents components) {
+        return Map.of(MicrosoftGraphAuthzRealmSettings.REALM_TYPE, MicrosoftGraphAuthzRealm::new);
+    }
+
+    @Override
+    public List<Setting<?>> getSettings() {
+        return MicrosoftGraphAuthzRealmSettings.getSettings();
+    }
+}
diff --git a/plugins/microsoft-graph-authz/src/main/java/org/elasticsearch/plugin/security/authz/MicrosoftGraphAuthzRealm.java b/plugins/microsoft-graph-authz/src/main/java/org/elasticsearch/plugin/security/authz/MicrosoftGraphAuthzRealm.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.plugin.security.authz;
+
+import org.elasticsearch.action.ActionListener;
+import org.elasticsearch.common.util.concurrent.ThreadContext;
+import org.elasticsearch.logging.LogManager;
+import org.elasticsearch.logging.Logger;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationResult;
+import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.core.security.authc.Realm;
+import org.elasticsearch.xpack.core.security.authc.RealmConfig;
+import org.elasticsearch.xpack.core.security.user.User;
+
+public class MicrosoftGraphAuthzRealm extends Realm {
+
+    private static final Logger logger = LogManager.getLogger(MicrosoftGraphAuthzRealm.class);
+
+    public MicrosoftGraphAuthzRealm(RealmConfig config) {
+        super(config);
+    }
+
+    @Override
+    public boolean supports(AuthenticationToken token) {
+        return false;
+    }
+
+    @Override
+    public AuthenticationToken token(ThreadContext context) {
+        return null;
+    }
+
+    @Override
+    public void authenticate(AuthenticationToken token, ActionListener<AuthenticationResult<User>> listener) {
+        listener.onResponse(AuthenticationResult.notHandled());
+    }
+
+    @Override
+    public void lookupUser(String username, ActionListener<User> listener) {
+        logger.info("Looking up user... Not yet implemented so no roles resolved");
+        listener.onResponse(new User(username));
+    }
+}
diff --git a/plugins/microsoft-graph-authz/src/main/java/org/elasticsearch/plugin/security/authz/MicrosoftGraphAuthzRealmSettings.java b/plugins/microsoft-graph-authz/src/main/java/org/elasticsearch/plugin/security/authz/MicrosoftGraphAuthzRealmSettings.java
@@ -0,0 +1,24 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.plugin.security.authz;
+
+import org.elasticsearch.common.settings.Setting;
+import org.elasticsearch.xpack.core.security.authc.RealmSettings;
+
+import java.util.ArrayList;
+import java.util.List;
+
+public class MicrosoftGraphAuthzRealmSettings {
+    public static final String REALM_TYPE = "microsoft_graph";
+
+    public static List<Setting<?>> getSettings() {
+        return new ArrayList<>(RealmSettings.getStandardSettings(REALM_TYPE));
+    }
+}
diff --git a/plugins/microsoft-graph-authz/src/main/resources/META-INF/services/org.elasticsearch.xpack.core.security.SecurityExtension b/plugins/microsoft-graph-authz/src/main/resources/META-INF/services/org.elasticsearch.xpack.core.security.SecurityExtension
@@ -0,0 +1 @@
+org.elasticsearch.plugin.security.authz.MicrosoftGraphAuthzPlugin

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+org.elasticsearch.plugin.security.authz.MicrosoftGraphAuthzPlugin`