本文整理汇总了Java中org.elasticsearch.ElasticsearchSecurityException类的典型用法代码示例。如果您正苦于以下问题:Java ElasticsearchSecurityException类的具体用法?Java ElasticsearchSecurityException怎么用?Java ElasticsearchSecurityException使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
ElasticsearchSecurityException类属于org.elasticsearch包,在下文中一共展示了ElasticsearchSecurityException类的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Java代码示例。
示例1: apply
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public <Request extends ActionRequest, Response extends ActionResponse> void apply(Task task, String action,
Request request, ActionListener<Response> listener, ActionFilterChain<Request, Response> chain) {
if (false == action.equals(SearchAction.NAME)) {
chain.proceed(task, action, request, listener);
return;
}
if (context.getHeader(EXAMPLE_HEADER) != null) {
throw new IllegalArgumentException("Hurray! Sent the header!");
}
String auth = context.getHeader(AUTHORIZATION_HEADER);
if (auth == null) {
ElasticsearchSecurityException e = new ElasticsearchSecurityException("Authentication required",
RestStatus.UNAUTHORIZED);
e.addHeader("WWW-Authenticate", "Basic realm=auth-realm");
throw e;
}
if (false == REQUIRED_AUTH.equals(auth)) {
throw new ElasticsearchSecurityException("Bad Authorization", RestStatus.FORBIDDEN);
}
chain.proceed(task, action, request, listener);
}
示例2: create
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
/**
* Create a user context from the given request
*
* @param cache - The cache of user projects to create ACLs
* @return an OpenshiftRequestContext
* @throws All exceptions
*/
public OpenshiftRequestContext create(final RestRequest request, final UserProjectCache cache) throws Exception {
logRequest(request, cache);
Set<String> projects = new HashSet<>();
boolean isClusterAdmin = false;
String user = utils.getUser(request);
String token = utils.getBearerToken(request);
if (StringUtils.isNotBlank(token)){
user = utils.assertUser(request);
isClusterAdmin = utils.isOperationsUser(request);
projects = listProjectsFor(user, token);
if(user.contains("\\")){
user = user.replace("\\", "/");
}
utils.setUser(request, user);
} else if (utils.isClientCertAuth(request) && StringUtils.isBlank(token) && StringUtils.isBlank(user)) {
return OpenshiftRequestContext.EMPTY; // nothing more we can do here
} else {
String message = "Incorrect authentication credentials were given - must provide client cert, or token with optional username, or all of these.";
LOGGER.debug(message);
throw new ElasticsearchSecurityException(message);
}
return new OpenshiftRequestContext(user, token, isClusterAdmin, projects, getKibanaIndex(user, isClusterAdmin), this.kibanaIndexMode);
}
开发者ID:fabric8io,项目名称:openshift-elasticsearch-plugin,代码行数:33,代码来源:OpenshiftRequestContextFactory.java
示例3: checkRequest
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
protected void checkRequest(final RestRequest request, final RestChannel channel) {
if(SSLRequestHelper.containsBadHeader(threadContext, "_sg_ssl_")) {
final ElasticsearchException exception = ExceptionUtils.createBadHeaderException();
errorHandler.logError(exception, request, 1);
throw exception;
}
try {
if(SSLRequestHelper.getSSLInfo(settings, configPath, request, null) == null) {
logger.error("Not an SSL request");
throw new ElasticsearchSecurityException("Not an SSL request", RestStatus.INTERNAL_SERVER_ERROR);
}
} catch (SSLPeerUnverifiedException e) {
logger.error("No client certificates found but such are needed (SG 8).");
errorHandler.logError(e, request, 0);
throw ExceptionsHelper.convertToElastic(e);
}
}
示例4: exceptionProcessingRequest
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public ElasticsearchSecurityException exceptionProcessingRequest(final RestRequest request, final Exception e) {
final ElasticsearchSecurityException se = super.exceptionProcessingRequest(request, e);
String outToken = "";
if (e instanceof ElasticsearchException) {
final ElasticsearchException kae = (ElasticsearchException) e;
if (kae.getHeader("kerberos_out_token") != null) {
outToken = " " + kae.getHeader("kerberos_out_token").get(0);
}
}
se.addHeader(KrbConstants.WWW_AUTHENTICATE, KrbConstants.NEGOTIATE + outToken);
if (logger.isDebugEnabled()) {
logger.debug("exception for rest request: {}", e.toString());
}
return se;
}
开发者ID:codecentric,项目名称:elasticsearch-shield-kerberos-realm,代码行数:20,代码来源:KerberosAuthenticationFailureHandler.java
示例5: process
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public void process(RestRequest request, RestChannel channel, RestFilterChain chain) throws Exception {
boolean continueProcessing = true;
try {
if (enabled) {
// create authenticates the request - if it returns null, this means
// this plugin cannot handle this request, and should pass it to the
// next plugin for processing e.g. client cert auth with no username/password
// if create throws an exception, it means there was an issue with the token
// and username and the request failed authentication
final OpenshiftRequestContext requestContext = contextFactory.create(request, cache);
if (requestContext == OpenshiftRequestContext.EMPTY) {
return; // do not process in this plugin
}
request = utils.modifyRequest(request, requestContext);
request.putInContext(OPENSHIFT_REQUEST_CONTEXT, requestContext);
// grab the kibana version here out of "kbn-version" if we can
// -- otherwise use the config one
final String kbnVersion = getKibanaVersion(request);
if (updateCache(requestContext, kbnVersion)) {
kibanaSeed.setDashboards(requestContext, client, kbnVersion, cdmProjectPrefix);
syncAcl(requestContext);
}
}
} catch (ElasticsearchSecurityException ese) {
LOGGER.info("Could not authenticate user");
channel.sendResponse(new BytesRestResponse(RestStatus.UNAUTHORIZED));
continueProcessing = false;
} catch (Exception e) {
LOGGER.error("Error handling request in {}", e, this.getClass().getSimpleName());
} finally {
if (continueProcessing) {
chain.continueProcessing(request, channel);
}
}
}
示例6: sha256
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
private String sha256(Path p) {
if(!Files.isRegularFile(p, LinkOption.NOFOLLOW_LINKS)) {
return "";
}
try {
MessageDigest digester = MessageDigest.getInstance("SHA256");
final String hash = org.bouncycastle.util.encoders.Hex.toHexString(digester.digest(Files.readAllBytes(p)));
log.debug(hash +" :: "+p);
return hash;
} catch (Exception e) {
throw new ElasticsearchSecurityException("Unable to digest file", e);
}
}
示例7: AuthCredentials
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
private AuthCredentials(final String username, byte[] password, Object nativeCredentials, String... backendRoles) {
super();
if (username == null || username.isEmpty()) {
throw new IllegalArgumentException("username must not be null or empty");
}
this.username = username;
// make defensive copy
this.password = password == null ? null : Arrays.copyOf(password, password.length);
if(this.password != null) {
try {
MessageDigest digester = MessageDigest.getInstance(DIGEST_ALGORITHM);
internalPasswordHash = digester.digest(this.password);
} catch (NoSuchAlgorithmException e) {
throw new ElasticsearchSecurityException("Unable to digest password", e);
}
} else {
internalPasswordHash = null;
}
if(password != null) {
Arrays.fill(password, (byte) '\0');
password = null;
}
this.nativeCredentials = nativeCredentials;
nativeCredentials = null;
if(backendRoles != null && backendRoles.length > 0) {
this.backendRoles.addAll(Arrays.asList(backendRoles));
}
}
示例8: extractCredentials
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public AuthCredentials extractCredentials(final RestRequest request, ThreadContext context) {
if(context.getTransient(ConfigConstants.SG_XFF_DONE) != Boolean.TRUE) {
throw new ElasticsearchSecurityException("xff not done");
}
final String userHeader = settings.get("user_header");
final String rolesHeader = settings.get("roles_header");
if(log.isDebugEnabled()) {
log.debug("headers {}", request.getHeaders());
log.debug("userHeader {}, value {}", userHeader, userHeader == null?null:request.header(userHeader));
log.debug("rolesHeader {}, value {}", rolesHeader, rolesHeader == null?null:request.header(rolesHeader));
}
if (!Strings.isNullOrEmpty(userHeader) && !Strings.isNullOrEmpty((String) request.header(userHeader))) {
String[] backendRoles = null;
if (!Strings.isNullOrEmpty(rolesHeader) && !Strings.isNullOrEmpty((String) request.header(rolesHeader))) {
backendRoles = ((String) request.header(rolesHeader)).split(",");
}
return new AuthCredentials((String) request.header(userHeader), backendRoles).markComplete();
} else {
if(log.isTraceEnabled()) {
log.trace("No '{}' header, send 401", userHeader);
}
return null;
}
}
示例9: resolve
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
public TransportAddress resolve(final RestRequest request) throws ElasticsearchSecurityException {
if(log.isTraceEnabled()) {
log.trace("resolve {}", request.getRemoteAddress());
}
if(enabled && request.getRemoteAddress() instanceof InetSocketAddress && request instanceof Netty4HttpRequest) {
final InetSocketAddress isa = new InetSocketAddress(detector.detect((Netty4HttpRequest) request, threadContext), ((InetSocketAddress)request.getRemoteAddress()).getPort());
if(isa.isUnresolved()) {
throw new ElasticsearchSecurityException("Cannot resolve address "+isa.getHostString());
}
if(log.isTraceEnabled()) {
if(threadContext.getTransient(ConfigConstants.SG_XFF_DONE) == Boolean.TRUE) {
log.trace("xff resolved {} to {}", request.getRemoteAddress(), isa);
} else {
log.trace("no xff done for {}",request.getClass());
}
}
return new TransportAddress(isa);
} else if(request.getRemoteAddress() instanceof InetSocketAddress){
if(log.isTraceEnabled()) {
log.trace("no xff done (enabled or no netty request) {},{},{},{}",enabled, request.getClass());
}
return new TransportAddress((InetSocketAddress)request.getRemoteAddress());
} else {
throw new ElasticsearchSecurityException("Cannot handle this request. Remote address is "+request.getRemoteAddress()+" with request class "+request.getClass());
}
}
示例10: impersonate
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
private User impersonate(final TransportRequest tr, final User origPKIuser) throws ElasticsearchSecurityException {
final String impersonatedUser = threadPool.getThreadContext().getHeader("sg_impersonate_as");
if(Strings.isNullOrEmpty(impersonatedUser)) {
return null; //nothing to do
}
if (!isInitialized()) {
throw new ElasticsearchSecurityException("Could not check for impersonation because Search Guard is not yet initialized");
}
if (origPKIuser == null) {
throw new ElasticsearchSecurityException("no original PKI user found");
}
User aU = origPKIuser;
if (adminDns.isAdmin(impersonatedUser)) {
throw new ElasticsearchSecurityException("'"+origPKIuser.getName() + "' is not allowed to impersonate as an adminuser '" + impersonatedUser+"'");
}
try {
if (impersonatedUser != null && !adminDns.isTransportImpersonationAllowed(new LdapName(origPKIuser.getName()), impersonatedUser)) {
throw new ElasticsearchSecurityException("'"+origPKIuser.getName() + "' is not allowed to impersonate as '" + impersonatedUser+"'");
} else if (impersonatedUser != null) {
aU = new User(impersonatedUser);
if(log.isDebugEnabled()) {
log.debug("Impersonate from '{}' to '{}'",origPKIuser.getName(), impersonatedUser);
}
}
} catch (final InvalidNameException e1) {
throw new ElasticsearchSecurityException("PKI does not have a valid name ('" + origPKIuser.getName() + "'), should never happen",
e1);
}
return aU;
}
示例11: failedAuthentication
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public ElasticsearchSecurityException failedAuthentication(RestRequest request, AuthenticationToken token, ThreadContext context) {
ElasticsearchSecurityException e = super.failedAuthentication(request, token, context);
// set a custom header
e.addHeader("WWW-Authenticate", "custom-challenge");
return e;
}
示例12: missingToken
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public ElasticsearchSecurityException missingToken(RestRequest request, ThreadContext context) {
ElasticsearchSecurityException e = super.missingToken(request, context);
// set a custom header
e.addHeader("WWW-Authenticate", "custom-challenge");
return e;
}
示例13: exceptionProcessingRequest
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public ElasticsearchSecurityException exceptionProcessingRequest(RestRequest request, Exception e, ThreadContext context) {
ElasticsearchSecurityException se = super.exceptionProcessingRequest(request, e, context);
// set a custom header
se.addHeader("WWW-Authenticate", "custom-challenge");
return se;
}
示例14: authenticationRequired
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public ElasticsearchSecurityException authenticationRequired(String action, ThreadContext context) {
ElasticsearchSecurityException se = super.authenticationRequired(action, context);
// set a custom header
se.addHeader("WWW-Authenticate", "custom-challenge");
return se;
}
示例15: unsuccessfulAuthentication
import org.elasticsearch.ElasticsearchSecurityException; //导入依赖的package包/类
@Override
public ElasticsearchSecurityException unsuccessfulAuthentication(final RestRequest request, final AuthenticationToken token) {
final ElasticsearchSecurityException e = super.unsuccessfulAuthentication(request, token);
e.addHeader(KrbConstants.WWW_AUTHENTICATE, KrbConstants.NEGOTIATE);
if (logger.isDebugEnabled()) {
logger.debug("unsuccessfulAuthentication for rest request and token {}", token);
}
return e;
}
开发者ID:codecentric,项目名称:elasticsearch-shield-kerberos-realm,代码行数:10,代码来源:KerberosAuthenticationFailureHandler.java