Connection refused when calling CXF Webclient in custom Realm plugin


I'm building an Elasticsearch plugin and, while it's running, I need to reach an external service in order to retrieve some data to use in the plugin code and my the proper queries.

I use org.apache.cxf.jaxrs.client.WebClient like this:

String response = AccessController.doPrivileged((PrivilegedAction<String>) ()
        -> {
    return WebClient.create(baseUrl).
            post(requestString, String.class);

that is called inside the authenticate() overridden method of my custom realm class:

public class MyRealm extends Realm

When that code is called I get:

[WARN ][o.a.c.p.PhaseInterceptorChain] Interceptor for {...} WebClient has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage( ~[cxf-core-3.2.7.jar:3.2.7]
        at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept( [cxf-core-3.2.7.jar:3.2.7]
        at org.apache.cxf.jaxrs.client.AbstractClient.doRunInterceptorChain( [cxf-rt-rs-client-3.2.7.jar:3.2.7]
        at org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation( [cxf-rt-rs-client-3.2.7.jar:3.2.7]
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke( [cxf-rt-rs-client-3.2.7.jar:3.2.7]
        at org.apache.cxf.jaxrs.client.WebClient.doInvoke( [cxf-rt-rs-client-3.2.7.jar:3.2.7]
        at org.apache.cxf.jaxrs.client.WebClient.invoke( [cxf-rt-rs-client-3.2.7.jar:3.2.7]
        at [cxf-rt-rs-client-3.2.7.jar:3.2.7]
Caused by: ConnectException invoking ... Connection refused (Connection refused)
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance( ~[?:?]
        at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance( ~[?:?]
        at java.lang.reflect.Constructor.newInstance( ~[?:?]
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.mapException( ~[?:?]
        at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close( ~[?:?]
        at ~[?:?]
        at org.apache.cxf.transport.AbstractConduit.close( ~[?:?]
        at org.apache.cxf.transport.http.HTTPConduit.close( ~[?:?]
        at org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage( ~[?:?]
Caused by: Connection refused (Connection refused)
        at Method) ~[?:?]
        at ~[?:?]
        at ~[?:?]
        at ~[?:?]
        at ~[?:?]
        at ~[?:?]

At first there were some troubles with permissions for but I solved them by adding:

permission "*";

in the plugin-security.policy file.

The plugin is built for Elasticsearch v6.3.0 .

Any idea on how to fix it or what else to use to make external requests instead of org.apache.cxf.jaxrs.client.WebClient inside the plugin?

I don't know if it's related but I also have the following WARNING:

WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.apache.cxf.common.util.ReflectionUtil$11 (file:/usr/share/elasticsearch/plugins/myplugin/cxf-core-3.2.7.jar) to field
WARNING: Please consider reporting this to the maintainers of org.apache.cxf.common.util.ReflectionUtil$11
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release

Any help will be appreciate!

Just to add an expectable notice: the service on baseUrl is working and I tested it!
It's a http link not https (don't know if it matters) for the issue.

Also, I'm using X-Pack too and here is my elasticsearch.yml configuration: "docker-cluster" "docker-single-node"

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: "Authorization"
bootstrap.memory_lock: true "elasticsearch" true
xpack.monitoring.enabled: true
xpack.watcher.enabled: false false
        type:                       file
        order:                      0

        type:                       native
        order:                      1

    # custom realm
        type:                       test
        order:                      2 true

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.