Missing authentication token for REST

security

(@JPVay) #1

ES + SHIELD - 1 node (everythig is local)
admin account (realm)
SHIELD : trial version

curl -u jpv -XGET 'http://localhost:9200/' works fine

http://localhost:9200/ in browser (chrome) works fine (ask user/passw dialog)

with elasticsearch.js (nodejs/iojs and in browser/js app ) :

var es = require('elasticsearch');
var client = new es.Client({
host: 'http://localhost:9200',
auth : "admin:admin",
log: 'trace'
});

client.count(function(err,resp,sta) {
console.log(err,resp); // **got 401 !!! AuthenticationException[missing authentication token for REST **!
})

Please notice in the browser (javascript app) : no Authorization headers like

Authorization:Basic blablablabla=

Something wrong somewhere ?

Update
WTF ? for EACH query, adding parameters:

size : 100,
body : { .....},
headers: {
Authorization: "Basic anB2Omtlcm5pc2k=" //base64 user:pwd
}

WORKS FINE. But it's a absurd !!!!!!!


(Spencer Alger) #3

The auth config needs to be configured as a part of the host definition. This would make your config look like this:

var es = require('elasticsearch');
var client = new es.Client({
  host: 'http://admin:admin@localhost:9200',
  log: 'trace'
});

Please see the SSL and Authentication documentation for more information.


(@JPVay) #4

It works. I tried first this config but with a bad CORS config in elasticsearch.yml :-(.
Thanks.


(SK) #5

I am facing the same issue,How do you set the headers for each request.

For ES i have set the CORS as follows

http.cors.allow-origin : "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type, Content-Length


(system) #6