[Ann] elasticsearch-security-plugin: Updated for ES 1.x.x and latest EA 0.90.x releases


(Hendrik) #1

Hi,

i'd like to announce a update of the Elasticsearch Security Plugin which
now also works for ES 1.x.x and latest EA 0.90.x releases

It can be found here:
https://github.com/salyh/elasticsearch-security-plugin (early development
stage, not for production yet)

This plugin adds http/rest security functionality to Elasticsearch in kind
of separate modules. Instead of Netty a embedded Tomcat 7 is used to
process http/rest requests.

Currently for user based authentication and authorization Kerberos/SPNEGO
and NTLM are supported through 3rd party library waffle (only on windows
servers). For UNIX servers Kerberos/SPNEGO is supported through tomcat
build in SPNEGO Valve (Works with any Kerberos implementation. For
authorization either Active Directory and generic LDAP is supported).
PKI/SSL client certificate authentication is also supported (CLIENT-CERT
method). SSL/TLS is also supported without client authentication.

You can use this plugin also without Kerberos/NTLM/PKI but then only host
based authentication is available.

As of now two security modules are implemented:
Actionpathfilter: Restrict actions against Elasticsearch on a
coarse-grained level like who is allowed to to READ, WRITE or even ADMIN
rest api calls
Document level security (dls): Restrict actions on document level like who
is allowed to query for which fields within a document

Suggestions, corrections, improvements are very welcome!
Thanks and best regards
Hendrik

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/85b4d3f9-dda4-4cdd-8b0d-552416b41d7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


(system) #2