How to access http headers and/or parameters from AbstractSearchScript implementation

Volodymyr_Krupach · March 31, 2016, 2:41pm

Hi experts,

I need to write custom plugin to perform custom security filtering. My plan is to have custom AbstractSearchScript implementation and there do filtering inside of the run method (my idea is based on Lookup Script from this wonderful sample: https://github.com/imotov/elasticsearch-native-script-example/tree/2.x). Then I want to: 1) create alias with filter by the script to the index with secured content, 2) restrict access to the index and enable read access to the alias.

So my questions:

Am I on the correct path?
How to access http headers and/or parameters from AbstractSearchScript implementation

Will be grateful for your help!

javanna · April 1, 2016, 11:29am

Sorry to bring you bad news, but I do not think it's a good idea to handle security from a script. It would never be a "secure" solution, plus you won't have access to all the information you need (e.g. headers). The right way to address this is writing a plugin and use the many extensions points that elasticsearch has, or use our commercial security product (https://www.elastic.co/products/shield) which is built just using those extension points.

Cheers
Luca

Volodymyr_Krupach · April 1, 2016, 1:40pm

Hi Luca,
Thank you for the answer! The problem with shield is that it does not suite our security model :(.