Security on Java API


#1

First of all, thank you for creating such a great plugin.

I’m integrating the plugin to our cluster, already configured the plugin in this way:

readonlyrest:
    access_control_rules:

    - name: Accept requests from users in group team1 on all indices
      groups: ["team1"]
      indices: ["index*"]
    
    users:
    
    - username: alice
      auth_key: alice:p455phrase
      groups: ["team1"] 

The autentication is working great if I try to query the Elastic using it’s REST API, but we have an application that uses the Elastic Search Java API and the autentication isn’t working in this scenario.

Is something missing in the configuration?

Thank you,
Diego


(Ld57) #2

Hi,

Do you use the Java API as client node (or transport node)?

if so ( as client node - transport), RoR authentication works only on REST .

KR

Fred


#3

We are using it as transport node, this means that the authentication won’t work?


(Ld57) #4

Yep.

This is the same point than this discussion about securing TCP 9300

this is in pipe, but would not start before stabilization of RoR and kibana plugin.

are you able to use REST instead ?
https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/index.html

more detail about api over http vs node-to-node here


#5

Unfortunately we can’t use REST from Java because we’re using ES 2.4.1.

Even if we updated the ES version to a newer one, the communication in the port of the elastic transport protocol will be insecure. Will we looking forward for this feature.

Thank you!