WARNING: Deprecated in 7.15.0.

The Java REST Client is deprecated in favor of the Java API Client.

« Change Password API Get Roles API »
Elastic Docs Java REST Client [7.17] Java High Level REST Client Security APIs

Create or update role API

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Create or update role API

edit

Request

edit

The PutRoleRequest class is used to create or update a role in the Native Roles Store. The request contains a single role, which encapsulates privileges over resources. A role can be assigned to an user using the Create or update role mapping API.

final Role role = Role.builder()
    .name("testPutRole")
    .clusterPrivileges(randomSubsetOf(1, Role.ClusterPrivilegeName.ALL_ARRAY))
    .indicesPrivileges(IndicesPrivileges.builder()
        .indices("my-index-*")
        .allowRestrictedIndices(false)
        .privileges(Role.IndexPrivilegeName.READ)
        .grantedFields("*")
        .deniedFields("secret_field")
        .query("{ \"term\": { \"public\": true } }")
        .build())
    .build();
final PutRoleRequest request = new PutRoleRequest(role, RefreshPolicy.NONE);

Synchronous execution

edit

When executing a PutRoleRequest in the following manner, the client waits for the PutRoleResponse to be returned before continuing with code execution:

final PutRoleResponse response = client.security().putRole(request, RequestOptions.DEFAULT);

Synchronous calls may throw an IOException in case of either failing to parse the REST response in the high-level REST client, the request times out or similar cases where there is no response coming back from the server.

In cases where the server returns a 4xx or 5xx error code, the high-level client tries to parse the response body error details instead and then throws a generic ElasticsearchException and adds the original ResponseException as a suppressed exception to it.

Asynchronous execution

edit

Executing a PutRoleRequest can also be done in an asynchronous fashion so that the client can return directly. Users need to specify how the response or potential failures will be handled by passing the request and a listener to the asynchronous put-role method:

client.security().putRoleAsync(request, RequestOptions.DEFAULT, listener);

The PutRoleRequest to execute and the ActionListener to use when the execution completes

The asynchronous method does not block and returns immediately. Once it is completed the ActionListener is called back using the onResponse method if the execution successfully completed or using the onFailure method if it failed. Failure scenarios and expected exceptions are the same as in the synchronous execution case.

A typical listener for put-role looks like:

ActionListener<PutRoleResponse> listener = new ActionListener<PutRoleResponse>() {
    @Override
    public void onResponse(PutRoleResponse response) {
        
    }

    @Override
    public void onFailure(Exception e) {
        
    }
};

Called when the execution is successfully completed.

Called when the whole PutRoleRequest fails.

Response

edit

The returned PutRoleResponse contains a single field, created. This field serves as an indication if the role was created or if an existing entry was updated.

boolean isCreated = response.isCreated();

created is a boolean indicating whether the role was created or updated
« Change Password API Get Roles API »