Supplying settings for custom realm while creating TransportClient

(Sumit Monga) #1

Hello everyone,
I have a custom realm implemented and installed as an extension with X-Pack. Now I need to query ES via java api. I am using below code to create TransportClient

TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
	        .put("", CLUSTER_NAME)
	        .put("", "0")

However this is not working as the setting and are not known to ES and thus it throws exception. How the TransportClient can be created accepting custom setting ?

(Alexander Reelsen) #2

There is no need to configure the above in a client, that only needs to be configured on the server side, as the transport client is not doing any realm auth.

(Sumit Monga) #3

Hi @spinscale,
I removed the properties from the client creation but now I am getting another error. In custom realm, we are expecting user to send two headers namely Tenant and AccessToken
which will validate the user based on the token . To do this , sample code is shown below :

TransportClient client = new PreBuiltXPackTransportClient(Settings.builder()
		        .put("", CLUSTER_NAME)
		.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(IP_ADD), 9300));
Map<String, String> headersMap = new HashMap<String, String>();
		headersMap.put(USER, queryuser);
		headersMap.put(ACCESS_TOKEN, token);

I am getting following error on hitting the request:

Caused by: org.elasticsearch.ElasticsearchSecurityException: missing authentication token for action [cluster:monitor/nodes/liveness]
	at ~[x-pack-api-5.4.1.jar:5.4.1]
	at ~[x-pack-api-5.4.1.jar:5.4.1]
	at org.elasticsearch.example.realm.CustomAuthenticationFailureHandler.missingToken( ~[classes/:?]
	at$AuditableTransportRequest.anonymousAccessDenied( ~[x-pack-api-5.4.1.jar:5.4.1]
	at$Authenticator.lambda$handleNullToken$14( ~[x-pack-api-5.4.1.jar:5.4.1]
	at$Authenticator$$Lambda$2265/ Source) ~[?:?]

Any idea regarding this and does needs to be passed in the Settings built for the client ?

(Alexander Reelsen) #4

have you overwritten XPackExtension.getRestHeaders() in your plugin and added those two?

(Sumit Monga) #5

Yes I have added both the headers and the realm is working properly via http. Now I want to achieve the same thing via transportclient in Java.

(Sumit Monga) #6

@spinscale any idea what could be the issue as I am sending proper headers as well.

(Sumit Monga) #7

I was able to resolve the issue by making the below changes :

final String yaml = "/elasticsearch.yml";
		TransportClient client = null;
		Settings settings = null;
		settings = Settings.builder()
				.loadFromStream(yaml, getClass().getResourceAsStream(yaml))
				.put(ThreadContext.PREFIX + "." + USER, queryuser)
				.put(ThreadContext.PREFIX + "." + ACCESS_TOKEN, token)
		client = new PreBuiltXPackTransportClient(settings)
				.addTransportAddress(new InetSocketTransportAddress(InetAddress
						.getByName(IP_ADD), 9300));

So instead of passing the headers using client.filterWithHeader , the headers are passed in the settings itself and this seem to work . However I am not sure as to why it is not working when we pass the token as header using client.filterWithHeader .

(system) #8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.