Hello everyone,
I have a custom realm implemented and installed as an extension with X-Pack. Now I need to query ES via java api. I am using below code to create TransportClient
However this is not working as the setting xpack.security.authc.realms.custom.type and xpack.security.authc.realms.realm.order are not known to ES and thus it throws exception. How the TransportClient can be created accepting custom setting ?
There is no need to configure the above in a client, that only needs to be configured on the server side, as the transport client is not doing any realm auth.
Hi @spinscale,
I removed the xpack.security properties from the client creation but now I am getting another error. In custom realm, we are expecting user to send two headers namely Tenant and AccessToken
which will validate the user based on the token . To do this , sample code is shown below :
I am getting following error on hitting the request:
Caused by: org.elasticsearch.ElasticsearchSecurityException: missing authentication token for action [cluster:monitor/nodes/liveness]
at org.elasticsearch.xpack.security.support.Exceptions.authenticationError(Exceptions.java:39) ~[x-pack-api-5.4.1.jar:5.4.1]
at org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:74) ~[x-pack-api-5.4.1.jar:5.4.1]
at org.elasticsearch.example.realm.CustomAuthenticationFailureHandler.missingToken(CustomAuthenticationFailureHandler.java:74) ~[classes/:?]
at org.elasticsearch.xpack.security.authc.AuthenticationService$AuditableTransportRequest.anonymousAccessDenied(AuthenticationService.java:513) ~[x-pack-api-5.4.1.jar:5.4.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$handleNullToken$14(AuthenticationService.java:331) ~[x-pack-api-5.4.1.jar:5.4.1]
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator$$Lambda$2265/1905907575.run(Unknown Source) ~[?:?]
Any idea regarding this and does xpack.security.user needs to be passed in the Settings built for the client ?
So instead of passing the headers using client.filterWithHeader , the headers are passed in the settings itself and this seem to work . However I am not sure as to why it is not working when we pass the token as header using client.filterWithHeader .
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.