[
https://issues.apache.org/jira/browse/CONNECTORS-642?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14605583#comment-14605583
]
Bartłomiej Superson commented on CONNECTORS-642:
------------------------------------------------
ElasticSearch-Plugin-MCF v3.0 works properly with ElasticSearch v1.5.2 (not
tested with older versions, tested with v1.6 - not working - will be fixed in
v3.1). To provide security filtering of results of the queries there should be
only "u" HTTP GET query parameter passed with username as a value to obtain
filtered results (without "u" parameter ElasticSearch works as normally). E.g.
with 'http://elasticsearchHostAndPort/_all/_search?u=ben' results are filtered
using tokens obtained from provided ManifoldCF Authority Connector (default:
http://localhost:8345/mcf-authority-service/UserACLs?username=ben) for user
'ben'.
To work with APIs additional point to forward the request to the proper
ElasticSearch instance and in meantime with addition of the "u" parameter
(obtained e.g. from the Spring Security) should be prepared.
E.g. with Spring Framework prepare Controller such like this:
@RestController
@RequestMapping("/search")
public class SearchController {
private SearchService searchService;
@Autowired
public SearchController(SearchService searchService){
this.searchService = searchService;
}
@RequestMapping(value="**", method = RequestMethod.POST)
public ResponseEntity<String> forwardQuery(HttpServletRequest request)
throws ServletException, IOException {
try {
return new ResponseEntity<>(searchService.search(request),new
HttpHeaders(),HttpStatus.OK);
} catch (IOException e) {
return new ResponseEntity<>( "IO Problem: " + e.getMessage(),new
HttpHeaders(),HttpStatus.INTERNAL_SERVER_ERROR);
}
}
}
and service such like this:
@Service
public class SearchService {
private final CloseableHttpClient httpClient = HttpClients.createDefault();
public String search(HttpServletRequest request) throws IOException {
String jsonBody = IOUtils.toString(request.getInputStream());
Authentication auth =
SecurityContextHolder.getContext().getAuthentication();
String username = auth.getName();
String forwardTo = "http://elasticsearchHostAndPort"; +
request.getServletPath() + "?u=" + username;
forwardTo = forwardTo.replace("/search", "");
HttpPost post = new HttpPost(forwardTo);
post.setEntity(new StringEntity(jsonBody));
HttpResponse httpResponse = httpClient.execute(post);
int rval = httpResponse.getStatusLine().getStatusCode();
if (rval != 200)
{
String response = EntityUtils.toString(httpResponse.getEntity(),
"utf-8");
throw new IOException(" Connection problem: " +
Integer.toString(rval)+"; " + response);
}
InputStream is = httpResponse.getEntity().getContent();
return IOUtils.toString(is);
}
}
and use in host field in ElasticSearch client "yourSiteHostAndPort/search".
> Need an ElasticSearch plugin for enforcing ManifoldCF security
> --------------------------------------------------------------
>
> Key: CONNECTORS-642
> URL: https://issues.apache.org/jira/browse/CONNECTORS-642
> Project: ManifoldCF
> Issue Type: New Feature
> Components: Elastic Search connector
> Affects Versions: ManifoldCF 1.1
> Reporter: Karl Wright
> Assignee: Karl Wright
> Fix For: ManifoldCF 1.2
>
>
> ElasticSearch is becoming popular and we need to support it fully. In order
> for that to happen, we really need an ElasticSearch ManifoldCF plugin.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
