How can a search request be intercepted/modified?


(Hendrik) #1

Hi,

i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with a
plugin) and modifiy the request and add some "fields" : ["allowedfield1",
"allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction

Another interesting option is the SearchServiceListener, but here i ca only
modify the result which is harder and maybe has a performance drawback.

Any clues?

Thanks
Hendrik

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Lukáš Vlček) #2

You can do it on proxy. Ie. after you get the final response from ES and
before you hand it to the client. That is very clean solution IMO.

Regards,
Lukáš
Dne 17.10.2013 23:39 "Hendrik" h.j.saly@googlemail.com napsal(a):

Hi,

i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with a
plugin) and modifiy the request and add some "fields" : ["allowedfield1",
"allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction

Another interesting option is the SearchServiceListener, but here i ca
only modify the result which is harder and maybe has a performance drawback.

Any clues?

Thanks
Hendrik

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Alexander Reelsen) #3

Hey,

are source includes and excludes not sufficient in your case? See
http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-source-field.html#include-exclude

If not, I'd be interested what kind of functionality you are missing.

--Alex

On Fri, Oct 18, 2013 at 8:19 AM, Lukáš Vlček lukas.vlcek@gmail.com wrote:

You can do it on proxy. Ie. after you get the final response from ES and
before you hand it to the client. That is very clean solution IMO.

Regards,
Lukáš
Dne 17.10.2013 23:39 "Hendrik" h.j.saly@googlemail.com napsal(a):

Hi,

i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with a
plugin) and modifiy the request and add some "fields" : ["allowedfield1",
"allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction

Another interesting option is the SearchServiceListener, but here i ca
only modify the result which is harder and maybe has a performance drawback.

Any clues?

Thanks
Hendrik

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(Hendrik) #4

i need different rules for different clients, see my solution here:
https://github.com/salyh/elasticsearch-security-plugin/blob/master/src/main/java/org/elasticsearch/plugins/security/filter/FieldResponseFilter.java

Am Sonntag, 20. Oktober 2013 17:39:23 UTC+2 schrieb Alexander Reelsen:

Hey,

are source includes and excludes not sufficient in your case? See

http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-source-field.html#include-exclude

If not, I'd be interested what kind of functionality you are missing.

--Alex

On Fri, Oct 18, 2013 at 8:19 AM, Lukáš Vlček <lukas...@gmail.com<javascript:>

wrote:

You can do it on proxy. Ie. after you get the final response from ES and
before you hand it to the client. That is very clean solution IMO.

Regards,
Lukáš
Dne 17.10.2013 23:39 "Hendrik" <h.j....@googlemail.com <javascript:>>
napsal(a):

Hi,

i want (at the end) limit the fields which are returned in a search
response for security purposes (so this should be enforced on the server
side).
My first idea to archieve this is to hook into the search request (with
a plugin) and modifiy the request and add some "fields" : [
"allowedfield1", "allowedfield2"]
But i have problems to find the right point to "hook in". Maybe this
approach is not really possible? Maybe then an alternative is to implement
my own endpoint ("_limitedsearch" for example) and borrow some code
from org.elasticsearch.rest.action.search.RestSearchAction

Another interesting option is the SearchServiceListener, but here i ca
only modify the result which is harder and maybe has a performance drawback.

Any clues?

Thanks
Hendrik

--
You received this message because you are subscribed to the Google
Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearc...@googlegroups.com <javascript:>.
For more options, visit https://groups.google.com/groups/opt_out.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


(system) #5