PreBuiltXPackTransportClient 5.4.3 does not throw any exceptions on wrong username and password


(Thejan Rupasinghe) #1

I'm using PreBuiltXPackTransportClient v5.4.3 to access a elasticsearch cluster protected with xpack. I'm adding my credentials as ,

Settings xpack_settings = Settings.builder()
                .put("cluster.name", "my-cluster")
                .put("xpack.security.user", "transport_client:change")
                .build();

and creating and configuring the client as,

TransportClient client = new PreBuiltXPackTransportClient(xpack_settings);
 client.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(host), port));

When the wrong credentials are provided, it prints out the exception,

10:34:09.902 [localhost-startStop-1] INFO  org.elasticsearch.client.transport.TransportClientNodesService - failed to get node info for {#transport#-1}{5_UO4CxBRo6ac1xmMo3RWw}{localhost}{127.0.0.1:9300}, disconnecting...
org.elasticsearch.transport.RemoteTransportException: [node-0][127.0.0.1:9300][cluster:monitor/nodes/liveness]
Caused by: org.elasticsearch.ElasticsearchSecurityException: unable to authenticate user [transport_client] for action [cluster:monitor/nodes/liveness]
	at org.elasticsearch.xpack.security.support.Exceptions.authenticationError(Exceptions.java:39) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler.failedAuthentication(DefaultAuthenticationFailureHandler.java:43) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$AuditableTransportRequest.authenticationFailed(AuthenticationService.java:508) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeUser(AuthenticationService.java:354) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.common.IteratingActionListener.onResponse(IteratingActionListener.java:108) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$null$8(AuthenticationService.java:272) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$authenticateWithCache$0(CachingUsernamePasswordRealm.java:111) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.support.CachingUsernamePasswordRealm.lambda$doAuthenticateAndCache$3(CachingUsernamePasswordRealm.java:143) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore.lambda$verifyPassword$7(NativeUsersStore.java:586) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore$1.onResponse(NativeUsersStore.java:192) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore$1.onResponse(NativeUsersStore.java:189) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:88) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:84) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$apply$0(SecurityActionFilter.java:122) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:43) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.single.shard.TransportSingleShardAction$AsyncSingleAction$2.handleResponse(TransportSingleShardAction.java:247) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.single.shard.TransportSingleShardAction$AsyncSingleAction$2.handleResponse(TransportSingleShardAction.java:233) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1043) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.TransportService$ContextRestoreResponseHandler.handleResponse(TransportService.java:1043) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.TransportService$DirectResponseChannel.processResponse(TransportService.java:1117) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:1107) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.TransportService$DirectResponseChannel.sendResponse(TransportService.java:1096) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.DelegatingTransportChannel.sendResponse(DelegatingTransportChannel.java:60) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.RequestHandlerRegistry$TransportChannelWrapper.sendResponse(RequestHandlerRegistry.java:111) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.single.shard.TransportSingleShardAction$ShardTransportHandler.messageReceived(TransportSingleShardAction.java:295) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.action.support.single.shard.TransportSingleShardAction$ShardTransportHandler.messageReceived(TransportSingleShardAction.java:287) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.transport.TransportRequestHandler.messageReceived(TransportRequestHandler.java:33) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler$1.doRun(SecurityServerTransportInterceptor.java:258) ~[x-pack-api-5.4.3.jar:5.4.3]
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) ~[elasticsearch-5.4.3.jar:5.4.3]
	at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:110) ~[elasticsearch-5.4.3.jar:5.4.3] .....

Transport Client does not throw any exception and it only prints this. How can I handle this Exception (RemoteTransportException) by my code, without get this log printed out ?


(Tim Vernum) #2

I moved this post to the x-pack topic.


(Tim Vernum) #3

I do not believe it is possible to do what you are asking (at least not exactly).

What you want to do instead is, after adding a transport address, check client.connectedNodes().isEmpty()

If the client failed to connect then that list will be empty.


(Thejan Rupasinghe) #4

Ok thanks.
I offed printing logs from Transport Client in log4j2.properties to get rid of these log lines.
But how can I know that whether the client connection failed because of the wrong access credentials or of any other reason ?


(Tim Vernum) #5

If you enable sniffing in the underlying TransportClient, then it will send connection failure notifications to the HostFailureListener.

Settings xpack_settings = Settings.builder()
                .put("cluster.name", "my-cluster")
                .put("xpack.security.user", "transport_client:change")
                .put("client.transport.sniff", "true")
                .build();

TransportClient client = new PreBuiltXPackTransportClient(xpack_settings, Collections.emptyList(),
   (node, exception) -> System.err.println("Node connection failed : " + exception )
);

(Thejan Rupasinghe) #6

Ok thanks a lot for your help


(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.