[Ann] elasticsearch-security-plugin: Updated for ES 1.x.x and latest EA 0.90.x releases

(Hendrik) #1


i'd like to announce a update of the Elasticsearch Security Plugin which
now also works for ES 1.x.x and latest EA 0.90.x releases

It can be found here:
https://github.com/salyh/elasticsearch-security-plugin (early development
stage, not for production yet)

This plugin adds http/rest security functionality to Elasticsearch in kind
of separate modules. Instead of Netty a embedded Tomcat 7 is used to
process http/rest requests.

Currently for user based authentication and authorization Kerberos/SPNEGO
and NTLM are supported through 3rd party library waffle (only on windows
servers). For UNIX servers Kerberos/SPNEGO is supported through tomcat
build in SPNEGO Valve (Works with any Kerberos implementation. For
authorization either Active Directory and generic LDAP is supported).
PKI/SSL client certificate authentication is also supported (CLIENT-CERT
method). SSL/TLS is also supported without client authentication.

You can use this plugin also without Kerberos/NTLM/PKI but then only host
based authentication is available.

As of now two security modules are implemented:
Actionpathfilter: Restrict actions against Elasticsearch on a
coarse-grained level like who is allowed to to READ, WRITE or even ADMIN
rest api calls
Document level security (dls): Restrict actions on document level like who
is allowed to query for which fields within a document

Suggestions, corrections, improvements are very welcome!
Thanks and best regards

You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/85b4d3f9-dda4-4cdd-8b0d-552416b41d7d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

(system) #2