Shield with Java Client

Hi,
trying to get Shield working with a java client. When setting the header
token on the client, there is no problem. But when I try to use the header
of a request there is no succes. I am trying this code, which is almost a
copy of the sample code in the documentation. It does not work, if I
uncomment the line with shield.user, it does work: Any clues on what I
should do are appreciated.

package nl.gridshore.dwes.elastic;

import org.elasticsearch.action.count.CountResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.shield.authc.support.SecuredString;

import java.util.ArrayList;
import java.util.List;

import static java.util.stream.Collectors.toList;
import static
org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;

public class SecureElastic {
public static void main(String[] args) {
Settings settings = ImmutableSettings.settingsBuilder()
.put("cluster.name", "jc-play")
// .put("shield.user", "jettro:nopiforme")
.build();

    Client client = new TransportClient(settings)
            .addTransportAddress(new 

InetSocketTransportAddress("localhost",9300));

    String token = basicAuthHeaderValue("jettro", new 

SecuredString("nopiforme".toCharArray()));

    SearchResponse searchResponse = 

client.prepareSearch("gridshore").putHeader("Authorization", token).get();
long totalHits = searchResponse.getHits().totalHits();

    System.out.println(totalHits);
}

}

The exception:
Caused by: org.elasticsearch.shield.authc.AuthenticationException: missing
authentication token for action [cluster:monitor/nodes/info]

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/89dd6e89-680a-435c-824b-b11b8128beda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Never mind, misread the documentation. It seems a node info request is
done first, therefore you need to provide the username password in the
client. Than if you want to, you can change the username password for each
request that you do.

It works now.

Op woensdag 28 januari 2015 22:12:31 UTC+1 schreef Jettro Coenradie:

Hi,
trying to get Shield working with a java client. When setting the header
token on the client, there is no problem. But when I try to use the header
of a request there is no succes. I am trying this code, which is almost a
copy of the sample code in the documentation. It does not work, if I
uncomment the line with shield.user, it does work: Any clues on what I
should do are appreciated.

package nl.gridshore.dwes.elastic;

import org.elasticsearch.action.count.CountResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.shield.authc.support.SecuredString;

import java.util.ArrayList;
import java.util.List;

import static java.util.stream.Collectors.toList;
import static
org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;

public class SecureElastic {
public static void main(String[] args) {
Settings settings = ImmutableSettings.settingsBuilder()
.put("cluster.name", "jc-play")
// .put("shield.user", "jettro:nopiforme")
.build();

    Client client = new TransportClient(settings)
            .addTransportAddress(new 

InetSocketTransportAddress("localhost",9300));

    String token = basicAuthHeaderValue("jettro", new 

SecuredString("nopiforme".toCharArray()));

    SearchResponse searchResponse = 

client.prepareSearch("gridshore").putHeader("Authorization", token).get();
long totalHits = searchResponse.getHits().totalHits();

    System.out.println(totalHits);
}

}

The exception:
Caused by: org.elasticsearch.shield.authc.AuthenticationException: missing
authentication token for action [cluster:monitor/nodes/info]

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/2d6284d4-324d-43be-82f9-36a8975ba8af%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Dear Jettro.

Can you help me, how could you do it?
I try to comminicate to Elasticsearch with Shield plugin. This is done when
I make CURL requests.
Without shield plugin my JAVA code ( Client is same as yours ) works well.
But after install Shield, and put Shield into maven depencies in my
application:

org.elasticsearch elasticsearch-shield 1.0.1

I got strange error, without creating any change in my code:

12:53:23,746 INFO [org.elasticsearch.plugins] (default task-1) [Honey
Lemon] loaded [shield], sites []
12:53:23,987 INFO [org.elasticsearch.transport] (default task-1) [Honey
Lemon] Using
[org.elasticsearch.shield.transport.ShieldClientTransportService] as
transport service, overridden by [shield]
12:53:23,987 INFO [org.elasticsearch.transport] (default task-1) [Honey
Lemon] Using
[org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as
transport, overridden by [shield]
12:53:24,232 ERROR [org.jboss.as.ejb3.invocation] (default task-1)
JBAS014134: EJB Invocation failed on component ElasticSearch for method
public org.elasticsearch.client.Client
net.***.***.search.ElasticSearch.AuthElasticSearch(java.lang.String,java.lang.String):
javax.ejb.EJBException: org.elasticsearch.common.inject.CreationException:
Guice creation errors:

  1. A binding to org.elasticsearch.shield.transport.filter.IPFilter was
    already configured at unknown.

at unknown

  1. A binding to org.elasticsearch.shield.transport.ClientTransportFilter
    was already configured at unknown.

at unknown

  1. A binding to org.elasticsearch.shield.ssl.SSLService was already
    configured at unknown.

at unknown

3 errors

My code:

@SuppressWarnings("resource")
public Client AuthElasticSearch(String user, String pass) {

Settings settings = ImmutableSettings.settingsBuilder().put("cluster.name",
"****").put("client.transport.sniff", true)
.put("shield.user", user + ":" + pass).build();
Client client = new TransportClient(settings).addTransportAddress(new
InetSocketTransportAddress("localhost", 9300));

return client;

}

Both ES versions in Ubuntu and app are 1.4.4
Both SHIELD versions are 1.0.1

java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b25)
Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

Thank you.

  1. január 29., csütörtök 0:46:53 UTC+1 időpontban Jettro Coenradie a
    következőt írta:

Never mind, misread the documentation. It seems a node info request is
done first, therefore you need to provide the username password in the
client. Than if you want to, you can change the username password for each
request that you do.

It works now.

Op woensdag 28 januari 2015 22:12:31 UTC+1 schreef Jettro Coenradie:

Hi,
trying to get Shield working with a java client. When setting the header
token on the client, there is no problem. But when I try to use the header
of a request there is no succes. I am trying this code, which is almost a
copy of the sample code in the documentation. It does not work, if I
uncomment the line with shield.user, it does work: Any clues on what I
should do are appreciated.

package nl.gridshore.dwes.elastic;

import org.elasticsearch.action.count.CountResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.shield.authc.support.SecuredString;

import java.util.ArrayList;
import java.util.List;

import static java.util.stream.Collectors.toList;
import static
org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;

public class SecureElastic {
public static void main(String[] args) {
Settings settings = ImmutableSettings.settingsBuilder()
.put("cluster.name", "jc-play")
// .put("shield.user", "jettro:nopiforme")
.build();

    Client client = new TransportClient(settings)
            .addTransportAddress(new 

InetSocketTransportAddress("localhost",9300));

    String token = basicAuthHeaderValue("jettro", new 

SecuredString("nopiforme".toCharArray()));

    SearchResponse searchResponse = 

client.prepareSearch("gridshore").putHeader("Authorization", token).get();
long totalHits = searchResponse.getHits().totalHits();

    System.out.println(totalHits);
}

}

The exception:
Caused by: org.elasticsearch.shield.authc.AuthenticationException:
missing authentication token for action [cluster:monitor/nodes/info]

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/860e98d4-63a3-4bd7-816b-095405e799a4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Can you try to switch off client.transport.sniff, this might trigger
another authority rule. I am not sure, but it is worth a try.

On Tue, Mar 10, 2015 at 5:30 AM, Zsolt Bákonyi info@netmango.net wrote:

Dear Jettro.

Can you help me, how could you do it?
I try to comminicate to Elasticsearch with Shield plugin. This is done
when I make CURL requests.
Without shield plugin my JAVA code ( Client is same as yours ) works
well. But after install Shield, and put Shield into maven depencies in my
application:

org.elasticsearch elasticsearch-shield 1.0.1

I got strange error, without creating any change in my code:

12:53:23,746 INFO [org.elasticsearch.plugins] (default task-1) [Honey
Lemon] loaded [shield], sites []
12:53:23,987 INFO [org.elasticsearch.transport] (default task-1) [Honey
Lemon] Using
[org.elasticsearch.shield.transport.ShieldClientTransportService] as
transport service, overridden by [shield]
12:53:23,987 INFO [org.elasticsearch.transport] (default task-1) [Honey
Lemon] Using
[org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as
transport, overridden by [shield]
12:53:24,232 ERROR [org.jboss.as.ejb3.invocation] (default task-1)
JBAS014134: EJB Invocation failed on component ElasticSearch for method
public org.elasticsearch.client.Client
net.***.***.search.ElasticSearch.AuthElasticSearch(java.lang.String,java.lang.String):
javax.ejb.EJBException: org.elasticsearch.common.inject.CreationException:
Guice creation errors:

  1. A binding to org.elasticsearch.shield.transport.filter.IPFilter was
    already configured at unknown.

at unknown

  1. A binding to org.elasticsearch.shield.transport.ClientTransportFilter
    was already configured at unknown.

at unknown

  1. A binding to org.elasticsearch.shield.ssl.SSLService was already
    configured at unknown.

at unknown

3 errors

My code:

@SuppressWarnings("resource")
public Client AuthElasticSearch(String user, String pass) {

Settings settings = ImmutableSettings.settingsBuilder().put("cluster.name",
"****").put("client.transport.sniff", true)
.put("shield.user", user + ":" + pass).build();
Client client = new TransportClient(settings).addTransportAddress(new
InetSocketTransportAddress("localhost", 9300));

return client;

}

Both ES versions in Ubuntu and app are 1.4.4
Both SHIELD versions are 1.0.1

java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b25)
Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

Thank you.

  1. január 29., csütörtök 0:46:53 UTC+1 időpontban Jettro Coenradie a
    következőt írta:

Never mind, misread the documentation. It seems a node info request is
done first, therefore you need to provide the username password in the
client. Than if you want to, you can change the username password for each
request that you do.

It works now.

Op woensdag 28 januari 2015 22:12:31 UTC+1 schreef Jettro Coenradie:

Hi,
trying to get Shield working with a java client. When setting the header
token on the client, there is no problem. But when I try to use the header
of a request there is no succes. I am trying this code, which is almost a
copy of the sample code in the documentation. It does not work, if I
uncomment the line with shield.user, it does work: Any clues on what I
should do are appreciated.

package nl.gridshore.dwes.elastic;

import org.elasticsearch.action.count.CountResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.shield.authc.support.SecuredString;

import java.util.ArrayList;
import java.util.List;

import static java.util.stream.Collectors.toList;
import static org.elasticsearch.shield.authc.support.
UsernamePasswordToken.basicAuthHeaderValue;

public class SecureElastic {
public static void main(String[] args) {
Settings settings = ImmutableSettings.settingsBuilder()
.put("cluster.name", "jc-play")
// .put("shield.user", "jettro:nopiforme")
.build();

    Client client = new TransportClient(settings)
            .addTransportAddress(new InetSocketTransportAddress("

localhost",9300));

    String token = basicAuthHeaderValue("jettro", new

SecuredString("nopiforme".toCharArray()));

    SearchResponse searchResponse = client.prepareSearch("

gridshore").putHeader("Authorization", token).get();
long totalHits = searchResponse.getHits().totalHits();

    System.out.println(totalHits);
}

}

The exception:
Caused by: org.elasticsearch.shield.authc.AuthenticationException:
missing authentication token for action [cluster:monitor/nodes/info]

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/WcD4Ej9cMbA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/860e98d4-63a3-4bd7-816b-095405e799a4%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/860e98d4-63a3-4bd7-816b-095405e799a4%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Jettro Coenradie

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CABB4caOxpt%3DRkRqGq%2BS_qbhhCqMC6ZhyPFtEbA9C3UZPxN-52A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Thank you for reply, but nothing changed...

You know the most "funny" thing is, if i left only this in my code:

Client client = new TransportClient().addTransportAddress(new
InetSocketTransportAddress("localhost", 9300));

Basic client without settings, and the exception is the same. If i
commented out the shield depency in pom.xml the error has gone, Of course
it is not working, but this exception disappear... I deploy it in wildfly
8.2.

:frowning:

  1. március 10., kedd 16:48:53 UTC+1 időpontban Jettro Coenradie a
    következőt írta:

Can you try to switch off client.transport.sniff, this might trigger
another authority rule. I am not sure, but it is worth a try.

On Tue, Mar 10, 2015 at 5:30 AM, Zsolt Bákonyi <in...@netmango.net
<javascript:>> wrote:

Dear Jettro.

Can you help me, how could you do it?
I try to comminicate to Elasticsearch with Shield plugin. This is done
when I make CURL requests.
Without shield plugin my JAVA code ( Client is same as yours ) works
well. But after install Shield, and put Shield into maven depencies in my
application:

org.elasticsearch elasticsearch-shield 1.0.1

I got strange error, without creating any change in my code:

12:53:23,746 INFO [org.elasticsearch.plugins] (default task-1) [Honey
Lemon] loaded [shield], sites []
12:53:23,987 INFO [org.elasticsearch.transport] (default task-1) [Honey
Lemon] Using
[org.elasticsearch.shield.transport.ShieldClientTransportService] as
transport service, overridden by [shield]
12:53:23,987 INFO [org.elasticsearch.transport] (default task-1) [Honey
Lemon] Using
[org.elasticsearch.shield.transport.netty.ShieldNettyTransport] as
transport, overridden by [shield]
12:53:24,232 ERROR [org.jboss.as.ejb3.invocation] (default task-1)
JBAS014134: EJB Invocation failed on component ElasticSearch for method
public org.elasticsearch.client.Client
net.***.***.search.ElasticSearch.AuthElasticSearch(java.lang.String,java.lang.String):
javax.ejb.EJBException: org.elasticsearch.common.inject.CreationException:
Guice creation errors:

  1. A binding to org.elasticsearch.shield.transport.filter.IPFilter was
    already configured at unknown.

at unknown

  1. A binding to org.elasticsearch.shield.transport.ClientTransportFilter
    was already configured at unknown.

at unknown

  1. A binding to org.elasticsearch.shield.ssl.SSLService was already
    configured at unknown.

at unknown

3 errors

My code:

@SuppressWarnings("resource")
public Client AuthElasticSearch(String user, String pass) {

Settings settings = ImmutableSettings.settingsBuilder().put("cluster.name",
"****").put("client.transport.sniff", true)
.put("shield.user", user + ":" + pass).build();
Client client = new TransportClient(settings).addTransportAddress(new
InetSocketTransportAddress("localhost", 9300));

return client;

}

Both ES versions in Ubuntu and app are 1.4.4
Both SHIELD versions are 1.0.1

java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b25)
Java HotSpot(TM) 64-Bit Server VM (build 25.40-b25, mixed mode)

Thank you.

  1. január 29., csütörtök 0:46:53 UTC+1 időpontban Jettro Coenradie a
    következőt írta:

Never mind, misread the documentation. It seems a node info request is
done first, therefore you need to provide the username password in the
client. Than if you want to, you can change the username password for each
request that you do.

It works now.

Op woensdag 28 januari 2015 22:12:31 UTC+1 schreef Jettro Coenradie:

Hi,
trying to get Shield working with a java client. When setting the
header token on the client, there is no problem. But when I try to use the
header of a request there is no succes. I am trying this code, which is
almost a copy of the sample code in the documentation. It does not work, if
I uncomment the line with shield.user, it does work: Any clues on what I
should do are appreciated.

package nl.gridshore.dwes.elastic;

import org.elasticsearch.action.count.CountResponse;
import org.elasticsearch.action.search.SearchResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.shield.authc.support.SecuredString;

import java.util.ArrayList;
import java.util.List;

import static java.util.stream.Collectors.toList;
import static org.elasticsearch.shield.authc.support.
UsernamePasswordToken.basicAuthHeaderValue;

public class SecureElastic {
public static void main(String[] args) {
Settings settings = ImmutableSettings.settingsBuilder()
.put("cluster.name", "jc-play")
// .put("shield.user", "jettro:nopiforme")
.build();

    Client client = new TransportClient(settings)
            .addTransportAddress(new InetSocketTransportAddress("

localhost",9300));

    String token = basicAuthHeaderValue("jettro", new 

SecuredString("nopiforme".toCharArray()));

    SearchResponse searchResponse = client.prepareSearch("

gridshore").putHeader("Authorization", token).get();
long totalHits = searchResponse.getHits().totalHits();

    System.out.println(totalHits);
}

}

The exception:
Caused by: org.elasticsearch.shield.authc.AuthenticationException:
missing authentication token for action [cluster:monitor/nodes/info]

--
You received this message because you are subscribed to a topic in the
Google Groups "elasticsearch" group.
To unsubscribe from this topic, visit
https://groups.google.com/d/topic/elasticsearch/WcD4Ej9cMbA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
elasticsearc...@googlegroups.com <javascript:>.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/860e98d4-63a3-4bd7-816b-095405e799a4%40googlegroups.com
https://groups.google.com/d/msgid/elasticsearch/860e98d4-63a3-4bd7-816b-095405e799a4%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
Jettro Coenradie
http://www.gridshore.nl

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/80ae9b81-32c2-42d1-a04f-c737664ac7b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.