SecurityException when connecting to ESCloud with TransportClient

Elastic Stack Elasticsearch
1

I'm following https://github.com/elastic/found-shield-example/blob/master/src/main/java/org/elasticsearch/cloud/transport/example/TransportExample.java to connect to ESCloud 6.5.4 instance. I am using admin creds. Is there some special role I need to set?

org.elasticsearch.client.transport.TransportClientNodesService: failed to get node info for {#transport#-1}{CWjAyzdGRPW2aOMx1zZI2Q}{dc4d6708e82c4b0dac52fadd92b9a08f.us-east-1.aws.found.io}{34.199.9.77:9343}, disconnecting...
org.elasticsearch.transport.RemoteTransportException: [instance-0000000000][172.17.0.34:20516][cluster:monitor/nodes/liveness]
Caused by: org.elasticsearch.ElasticsearchSecurityException: unable to authenticate user [elastic] for action [cluster:monitor/nodes/liveness]

2

First of all you should better use the Rest Client. The Transport client will be removed at some point.

Yes you need a user with a special role transport_client. See https://www.elastic.co/guide/en/elastic-stack-overview/6.5/java-clients.html#transport-client

3

I am using a user with roles: readwrite,transport_client.
Still getting the same exception:
ElasticsearchSecurityException: unable to authenticate user [jstest] for action [cluster:monitor/nodes/liveness]

Any other ideas?

4

You need to check that the user has a role which allows this action: cluster:monitor/nodes/livenes.

I'm not using the TransportClient so I don't think I can help more. May be someone else knows if you don't find how to add this action.

5

That explicitly says it's a failure to authenticate. You are not passing the correct username/password credentials for jstest.
The Elasticsearch logs might have more details.

6

Thanks TimV, it was a copy/paste error :frowning:
But now I am getting another exception. Should I open a new topic?

org.elasticsearch.transport.ConnectTransportException: [][35.175.19.120:9343] general node connection failure
 ...

org.elasticsearch.client.transport.TransportClientNodesService.addTransportAddresses(TransportClientNodesService.java:200)
at org.elasticsearch.client.transport.TransportClient.addTransportAddress(TransportClient.java:338)
...
Caused by: java.lang.IllegalStateException: handshake failed
... 26 common frames omitted
Caused by: org.elasticsearch.transport.RemoteTransportException: [Failed to deserialize exception response from stream]
Caused by: org.elasticsearch.transport.TransportSerializationException: Failed to deserialize exception response from stream
at org.elasticsearch.transport.TcpTransport.handlerResponseError(TcpTransport.java:1256)
...
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:323)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:426)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:241)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1429)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1434)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:965)
Caused by: java.lang.IndexOutOfBoundsException: readerIndex(90) + length(1) exceeds writerIndex(90): UnpooledDuplicatedByteBuf(ridx: 90, widx: 90, cap: 149, unwrapped: PooledHeapByteBuf(ridx: 6, widx: 90, cap: 149))
at io.netty.buffer.AbstractByteBuf.checkReadableBytes0(AbstractByteBuf.java:1433)
at io.netty.buffer.AbstractByteBuf.readByte(AbstractByteBuf.java:726)
at org.elasticsearch.transport.netty4.ByteBufStreamInput.readByte(ByteBufStreamInput.java:135)
at org.elasticsearch.common.io.stream.FilterStreamInput.readByte(FilterStreamInput.java:40)
at org.elasticsearch.common.io.stream.StreamInput.readVInt(StreamInput.java:214)
at org.elasticsearch.common.io.stream.StreamInput.readArraySize(StreamInput.java:1016)
at org.elasticsearch.common.io.stream.StreamInput.readMapOfLists(StreamInput.java:505)
at org.elasticsearch.ElasticsearchException.(ElasticsearchException.java:141)
at org.elasticsearch.ElasticsearchException.readException(ElasticsearchException.java:306)
at org.elasticsearch.common.io.stream.StreamInput.readException(StreamInput.java:782)
at org.elasticsearch.transport.TcpTransport.handlerResponseError(TcpTransport.java:1254)
at org.elasticsearch.transport.TcpTransport.messageReceived(TcpTransport.java:1188)
at org.elasticsearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:65)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:323)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:426)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.logging.LoggingHandler.channelRead(LoggingHandler.java:241)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1429)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1199)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1243)

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.