How to access http headers and/or parameters from AbstractSearchScript implementation

Volodymyr_Krupach · March 31, 2016, 2:41pm

Hi experts,

I need to write custom plugin to perform custom security filtering. My plan is to have custom AbstractSearchScript implementation and there do filtering inside of the run method (my idea is based on Lookup Script from this wonderful sample: https://github.com/imotov/elasticsearch-native-script-example/tree/2.x). Then I want to: 1) create alias with filter by the script to the index with secured content, 2) restrict access to the index and enable read access to the alias.

So my questions:

Am I on the correct path?
How to access http headers and/or parameters from AbstractSearchScript implementation

Will be grateful for your help!

javanna · April 1, 2016, 11:29am

Sorry to bring you bad news, but I do not think it's a good idea to handle security from a script. It would never be a "secure" solution, plus you won't have access to all the information you need (e.g. headers). The right way to address this is writing a plugin and use the many extensions points that elasticsearch has, or use our commercial security product (https://www.elastic.co/products/shield) which is built just using those extension points.

Cheers
Luca

Volodymyr_Krupach · April 1, 2016, 1:40pm

Hi Luca,
Thank you for the answer! The problem with shield is that it does not suite our security model :(.

Topic		Replies	Views
Inherit from AbstractSearchScript in ScriptEngine Elasticsearch	2	580	November 6, 2017
Providing parameters to AbstractSearchScript? Elasticsearch	2	470	July 6, 2017
Questions about caching and AbstractSearchScript - elasticsearch 2.4.6 Elasticsearch	2	340	August 9, 2018
Filters Bucket Aggregation using script fields and custom params Elasticsearch	1	640	December 29, 2017
Native script in ES Elasticsearch	6	600	July 6, 2017

How to access http headers and/or parameters from AbstractSearchScript implementation

Related topics