I have a situation where there are existing Elasticsearch instances that uses X-Pack security and need to extend Authorization mechanism in order to change the default behaviour and contact an external service to obtain a list of authorizations (I still need to decide what kind of data to return) so that I will use those authorizations to allow or deny user requests or retrieve only a specific set of data according to a specific filter coming from the authorizations list.
What do you think are my options for something like that?
Do I need to do creating a security extension like it was done in this official blog post?
Any other idea or advice?
Thanks a lot!