http://localhost:9200/_search works even after auth enabled

codelibs / elasticsearch-auth

Authentication filter for Elasticsearch

Apache License 2.0

75 stars 25 forks source link

http://localhost:9200/_search works even after auth enabled #13

Open anurag321 opened 10 years ago

anurag321 commented 10 years ago

I have set up the following code: curl -XPUT "localhost:9200/_auth/account" -d "{\"authenticator\":\"index\",\"username\" : \"testuser\", \"password\" : \"test123\", \"roles\" : [\"user\", \"admin\"]}"

But even after this basic http://localhost:9200/_search works and does not ask for authentication.

Please help.

anurag321 commented 10 years ago

Hi, I have done the following steps:

Mongodb installation - working
Elastic Search: a. basic search is working b. user creation - working c. auth token creation with login - working But, authentication is not restricting users without login.

bugkiwi commented 9 years ago

Yes,I aslo meet those questionl; The auth only worked serverl minutes,and then you can search without any token. #elasticsearch 1.3.4#

marevol commented 9 years ago

I think that you need to create constraints: https://github.com/codelibs/elasticsearch-auth#content-constraints

bugkiwi commented 9 years ago

thank you @marevol :+1: ,It works:)