Hi,
I have a custom Realm authorization plugin which validates with an external endpoint, when there is a failure I want to be able to return specific error codes back to the client calling the Elasticsearch endpoint. For example, if there was an Internal Server Error within the plugin, I want to return status code 500 in the response. Currently, when the AuthenticationToken
object is not set in the extended Realm's token
method irrespective of the type of error, Elasticsearch responds with 401Unauthorized to the calling client. I tried extending the DefaultAuthenticationFailureHandler
but this seems to add optional headers in addition to the 401Unauthorized status code since it's method createAuthenticationError
is always looking for the 401. Is there a way we can modify a RestStatus code back in the response or the only way around it is to use the 401 response code and play around with the headers? The default response I see on a failure -
{
"error": {
"root_cause": [
{
"type": "security_exception",
"reason": "missing authentication token for REST request [/]",
"header": {
"WWW-Authenticate": "Basic realm="security" charset="UTF-8""
}
}
],
"type": "security_exception",
"reason": "missing authentication token for REST request [/]",
"header": {
"WWW-Authenticate": "Basic realm="security" charset="UTF-8""
}
},
"status": 401
}