Java API for Shield is not Working

(Anusha) #1

Hi Team,

I installed shield 1.3 as am using elasticsearch 1.5.2,
created **user : es_admin **
role : admin
password : anusha

Tested the response in Sense plugin, working fine with user and password able to get the response.

But when
Am using Java API for to add user credentials as shown..

Settings settings = ImmutableSettings.settingsBuilder().put("", "elasticsearch").put("shield.user", "admin:anusha").build();
String token = basicAuthHeaderValue("es_admin", new SecuredString("anusha".toCharArray()));

Client client = new TransportClient(settings).addTransportAddress(new InetSocketTransportAddress("localhost", 9300))

// Code for Search Response using client

SearchResponse response = client.prepareSearch("ast").setTypes("ast_type").putHeader("Authorization", token).setSize(410000).execute() .actionGet();

When am executing above code getting exception as:

Exception in thread "main" org.elasticsearch.client.transport.NoNodeAvailableException: None of the configured nodes are available: []
at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(
at org.elasticsearch.client.transport.TransportClientNodesService.execute(

Can anyone plz help me to solve this...

(Jimferenczi) #2

Maybe not related but why are you setting the size to 410,000?, seems like a very big number of hits to retrieve in one request. Check the logs of your es instance to see if your node did not ran out of memory (which could explain the exception you're getting).

(Anusha) #3

Hi Jim,

Thanks for your response,

If I disable the shield plugin (like I have added shield.enabled: false in elasticsearch.yml file), then the query working fine and able to get the response,

May I know the why it is behaving differently when I use shield plugin,
But am able to get the response in sense plugin..

The dependency that I have added for shield and license is :

    <!-- add the Shield jar as a dependency -->
    <!-- add the License jar as a dependency -->

(David Pilato) #4

Why not using shield 1.3?

(Anusha) #5

Hello David,

Yes I changed to 1.3.3 (shield version), even though it is behaving in the same way


Don't know, is there any thing wrong in the query??? If so, then why the query is working when I disabled the shield plugin..

(David Pilato) #6

I'd check all the steps there:

I don't see BTW why you are adding the license plugin.

(Anusha) #7

I just commented out the license plugin dependency, my application is showing lot of errors.

Is there any problem on adding license plugin in dependencies??????

(Anusha) #8

And I even verified the versions of the shield and license plugin those are installed in ES using ,

GET /_nodes?plugin=true

in sense plugin, seen that shield : 1.3.3 and license :1.0.0 versions, so I have used those versions in my dependencies.

(David Pilato) #9

If I read the doc correctly you don't need the license plugin when you use Java transport client.

(Anusha) #10

Yes David, I just removed the license plugin dependency(no errors I have seen in my code) , but even though am unable to get the response......

(Anusha) #11

Hi David,

This time am getting a different error, where I just changed here

ImmutableSettings.settingsBuilder().put("", "elasticsearch").put("shield.user", "es_admin:anusha").build();

shield.user I have changed as es_admin:anusha

And for this am getting Exception as,

Exception in thread "main" org.elasticsearch.shield.authc.AuthenticationException: missing authentication token for action [indices:data/read/search] at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticateWithRealms( at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(

(David Pilato) #12

You really added that?

String token = basicAuthHeaderValue("es_admin", new SecuredString("anusha".toCharArray()));
client.prepareSearch().putHeader("Authorization", token).get();

(David Pilato) #13

May be you could share:

  • your config/shield/* files
  • your config/elasticsearch.yml file
  • your elasticsearch logs
  • your java client code

(Anusha) #14

Hi David,

Here is my files:

elasticsearch.yml: elasticsearch "Franz Kafka1"

node.master: true true false ["localhost"]

http.jsonp.enable: true
script.disable_dynamic: false
script.inline: on
script.indexed: on
http.cors.enabled: true
http.cors.allow-origin: http://localhost:5601

In shield folder:


shield.audit.logfile: INFO, access_log

shield.audit.logfile: false


type: dailyRollingFile
file: ${path.logs}/${}-access.log
datePattern: "'.'yyyy-MM-dd"
type: pattern
conversionPattern: "[%d{ISO8601}] %m%n"



# All cluster rights
# All operations on all indices

cluster: all
'*': all

# monitoring cluster privileges
# All operations on all indices

cluster: monitor
'*': all

# Read-only operations on indices

'*': read

# Defines the required permissions for transport clients

- cluster:monitor/nodes/info
#uncomment the following for sniffing
#- cluster:monitor/state

# The required role for kibana 3 users

cluster: cluster:monitor/nodes/info
'*': indices:data/read/search, indices:data/read/get, indices:admin/get
'kibana-int': indices:data/read/search, indices:data/read/get, indices:data/write/delete, indices:data/write/index, create_index

# The required permissions for kibana 4 users.

- cluster:monitor/nodes/info
- cluster:monitor/health
- indices:admin/mappings/fields/get
- indices:admin/validate/query
- indices:data/read/search
- indices:data/read/msearch
- indices:admin/get
- indices:admin/exists
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/delete
- indices:data/write/index
- indices:data/write/update
- indices:admin/create

# The required permissions for the kibana 4 server

- cluster:monitor/nodes/info
- cluster:monitor/health
- indices:admin/exists
- indices:admin/mapping/put
- indices:admin/mappings/fields/get
- indices:admin/refresh
- indices:admin/validate/query
- indices:data/read/get
- indices:data/read/mget
- indices:data/read/search
- indices:data/write/delete
- indices:data/write/index
- indices:data/write/update

# The required role for logstash users

cluster: indices:admin/template/get, indices:admin/template/put
'logstash-*': indices:data/write/bulk, indices:data/write/delete, indices:data/write/update, indices:data/read/search, indices:data/read/scroll, create_index

# Marvel role, allowing all operations
# on the marvel indices

cluster: cluster:monitor/nodes/info, cluster:admin/plugin/license/get
'.marvel-*': all

# Marvel Agent users

cluster: indices:admin/template/get, indices:admin/template/put
'.marvel-*': indices:data/write/bulk, create_index





Here is my Java Client Code:

public class Test{

public static final Client client = getTransportClient("localhost", 9300);
public static String token = null;

public static Client getTransportClient(String host, int port) {

    Settings settings = ImmutableSettings.settingsBuilder().put("", "elasticsearch").put("shield.user", "es_admin:anusha").build();
    token = basicAuthHeaderValue("es_admin", new SecuredString("anusha".toCharArray()));

    return new TransportClient(settings).addTransportAddress(new InetSocketTransportAddress(host, port));

    public static void getResponse(String index, String indextype) throws InvalidFormatException, Exception {
    SearchHits hits = null;
    SearchHit hit = null;

    SearchResponse response = client.prepareSearch(index).setTypes(indextype).putHeader("Authorization", token).get();

    hits = response.getHits();
    Iterator<SearchHit> hitsIte = hits.iterator();
    while (hitsIte.hasNext()) {
        hit =;
        // jsonArray.add(hit.getSource());


(Anusha) #15

Hi David,

I hope this information supports you to trace the root cause..

(Anusha) #16

Thanks David,

Got the response,

Here token need to set after client....

(system) #17