ES version : 2.4.0 , OS:Windows
I have these settings
Settings settings = Settings.settingsBuilder()
.put(“cluster.name”, “mycluster”)
.put(“path.home”, “.”)
.put(“searchguard.ssl.transport.enabled”,“true”)
.put(“searchguard.ssl.transport.keystore_filepath”, “E:\ElasticSearch\certis\kirk-keystore.jks”)
.put(“searchguard.ssl.transport.keystore_password”, “changeit”)
.put(“searchguard.ssl.transport.truststore_filepath”, “E:\ElasticSearch\certis\truststore.jks”)
.put(“searchguard.ssl.transport.enforce_hostname_verification”,false)
.put(“searchguard.ssl.transport.truststore_password”, “changeit”)
.build();
I have a Transport client which makes use of the above settings
TransportClient client = TransportClient.builder().settings(settings)
.addPlugin(SearchGuardSSLPlugin.class)
.build()
.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(“127.0.0.1”), 9300)); System.out.println(client.admin().indices().prepareExists(“index1080”).putHeader(“Authorization”, "basic "+encodeBasicHeader(“spock”, “wrongpassword”)));
I expect the about sysout should return ElasticSearchSecurity Exception as i have specifiec a wrong password, but authentication passes thorugh
My requirement here is to validate the username and password from every request from the transport client… These username and password will differ for every request as we have the same client being used by many users…
I am not very sure how the below 2 would work in tandem
- put(“request.headers.sg_impersonate_as”, “myuser”)
- putHeader(“Authorization”, "Basic "+encodeBasicHeader(“admin”,“admin”))
Do i even have to use the impersonate_as setting as all the users will have same privileges for my use case…I just needed Authntication of user credentials passed as Authorization headers…Can i set the Authorization Header while constructing the settings object using put(“Authorization”,"Basic "+ encode-------------------)… Is this expected to work ?Am i rightly setting the Authorization header
Thanks in advance