Security on Java API

diegoagriel · October 11, 2017, 2:20pm

First of all, thank you for creating such a great plugin.

I’m integrating the plugin to our cluster, already configured the plugin in this way:

readonlyrest:
    access_control_rules:

    - name: Accept requests from users in group team1 on all indices
      groups: ["team1"]
      indices: ["index*"]
    
    users:
    
    - username: alice
      auth_key: alice:p455phrase
      groups: ["team1"]

The autentication is working great if I try to query the Elastic using it’s REST API, but we have an application that uses the Elastic Search Java API and the autentication isn’t working in this scenario.

Is something missing in the configuration?

Thank you,
Diego

ld57 · October 11, 2017, 2:53pm

Hi,

Do you use the Java API as client node (or transport node)?

if so ( as client node - transport), RoR authentication works only on REST .

KR

Fred

diegoagriel · October 11, 2017, 2:59pm

We are using it as transport node, this means that the authentication won’t work?

ld57 · October 11, 2017, 4:02pm

Yep.

This is the same point than this discussion about securing TCP 9300
https://forum.readonlyrest.com/t/managing-security-for-tcp-port-elasticsearch-9300/83/11

this is in pipe, but would not start before stabilization of RoR and kibana plugin.

are you able to use REST instead ?

more detail about api over http vs node-to-node here

diegoagriel · October 11, 2017, 4:33pm

Unfortunately we can’t use REST from Java because we’re using ES 2.4.1.

Even if we updated the ES version to a newer one, the communication in the port of the elastic transport protocol will be insecure. Will we looking forward for this feature.

Thank you!