Enter code here…
``
Hi, I’ve configured search-guard with my Elasticsearch cluster (using their sample acl list in the searchguard index) and I’ve used their default configuration
Example 1
No SSL/TLS at all
No XFF
SettingsBasedAuthenticationBackend with caching enabled
SettingsBasedAuthorizator with caching enabled
HTTPBasicAuthenticator with sessions turned off
three sample users: spock, admin, michaeljackson with simple plaintext passwords and some roles
one simple readonly actionrequestfilter
···
#####################################################
Settings based authentication (define users and password directly here in the settings. Note: this is per node)
searchguard.authentication.settingsdb.user.spock: vulcan
searchguard.authentication.settingsdb.user.admin: secret
searchguard.authentication.settingsdb.user.michaeljackson: neverland
#####################################################
#####################################################
Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)
searchguard.authentication.authorization.settingsdb.roles.spock: [“kolinahr”,“starfleet”,“command”]
searchguard.authentication.authorization.settingsdb.roles.admin: [“root”]
searchguard.authentication.authorization.settingsdb.roles.michaeljackson: [“kingofpop”,“superstar”]
#####################################################
#############################################################################################
#Below here you configure what authenticated and authorized users are allowed to do (or not)#
#This maps to the acl defined in the searchguard configuration index #
#############################################################################################
Configure the actionrequestfilter to allow or forbid action
searchguard.actionrequestfilter.names: [“readonly”]
searchguard.actionrequestfilter.readonly.allowed_actions: [“indices:data/read/", “monitor”]
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:”, “indices:admin*”]
``
Now I can perform curl -XGETs fine, but when I try to do anything else, including an -XPUT, I get the error message
No handler found for uri [blah] and method [PUT]
``
Even when I use the user: admin, I still get a 401 HTTP error. Any ideas?
I’ve looked in the logs and I keep getting the message
[2015-06-24 09:31:17,077][WARN ][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identical execute and bypass filters
[2015-06-24 09:31:17,077][WARN ][com.floragunn.searchguard.tokeneval.TokenEvaluator] bypassFilters: [*]
[2015-06-24 09:31:17,077][WARN ][com.floragunn.searchguard.tokeneval.TokenEvaluator] executeFilters: [*]
I’ve looked in the acl list though and it doesn’t have identical execute and bypass filters in the root role
{"acl": [
{
"__Comment__": "Default is to execute all filters",
"filters_bypass": [],
"filters_execute": ["*"]
},
{
"__Comment__": "Any authenticated user do anything on the public index - n
o filter will be executed",
"indices": ["public"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means any user with the role starfleet or command can
do anything with the starfleetinfos index",
"roles" : ["starfleet", "command"],
"indices": ["starfleetinfos"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means that every requestor (regardless of the request
ors hostname and username) which has the root role can do anything",
"roles": [
"root"
],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means that the user michaeljackson can do anything on
index popstuff.",
"users": ["michaeljackson"],
"indices": ["popstuff"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means that for the user spock on index popstuff only
the actionrequestfilter.readonly will be executed, no other",
"users": ["spock"],
"indices": ["popstuff"],
"filters_bypass": [],
"filters_execute": ["actionrequestfilter.readonly"]
}
]}}
Is my default somehow interfering with my admin user?
duplicate of https://github.com/floragunncom/search-guard/issues/17
···
Am 25.06.2015 um 00:28 schrieb Nathan Miranda <nate845@gmail.com>:
I've looked in the logs and I keep getting the message
[2015-06-24 09:31:17,077][WARN ][com.floragunn.searchguard.tokeneval.TokenEvaluator] Identical execute and bypass filters
[2015-06-24 09:31:17,077][WARN ][com.floragunn.searchguard.tokeneval.TokenEvaluator] bypassFilters: [*]
[2015-06-24 09:31:17,077][WARN ][com.floragunn.searchguard.tokeneval.TokenEvaluator] executeFilters: [*]
I've looked in the acl list though and it doesn't have identical execute and bypass filters in the `root` role
{"acl": [
{
"__Comment__": "Default is to execute all filters",
"filters_bypass": [],
"filters_execute": ["*"]
},
{
"__Comment__": "Any authenticated user do anything on the public index - n
o filter will be executed",
"indices": ["public"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means any user with the role starfleet or command can
do anything with the starfleetinfos index",
"roles" : ["starfleet", "command"],
"indices": ["starfleetinfos"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means that every requestor (regardless of the request
ors hostname and username) which has the root role can do anything",
"roles": [
"root"
],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means that the user michaeljackson can do anything on
index popstuff.",
"users": ["michaeljackson"],
"indices": ["popstuff"],
"filters_bypass": ["*"],
"filters_execute": []
},
{
"__Comment__": "This means that for the user spock on index popstuff only
the actionrequestfilter.readonly will be executed, no other",
"users": ["spock"],
"indices": ["popstuff"],
"filters_bypass": [],
"filters_execute": ["actionrequestfilter.readonly"]
}
]}}
Is my default somehow interfering with my `admin` user?
--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/02ebdc33-db43-4a3c-a74a-2e6b96900f64%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.