codelibs / elasticsearch-auth

Authentication filter for Elasticsearch
Apache License 2.0
75 stars 25 forks source link

access constraint to auth and security index #6

Open tumeteor opened 10 years ago

tumeteor commented 10 years ago

Hi, we tried to put a secondary security level on top of this plugin, more specifically, we put the access constraints to the auth and security indexes. So that we can control that no normal user can touch the security part. However, now we got the permission deny for all the writing access. Maybe its the default thing that auth and security indexes are protected from 'user' role and we did the redundant thing that we shouldnt?

Thanks,

marevol commented 10 years ago

Could you give me steps(ex. curl commands) to reproduce it?

tumeteor commented 10 years ago

yes, we put this constraint on the auth index:

curl -XPOST 'localhost:9200/security/constraint/' -d "{ \"authenticator\" : \"index\", \"paths\" : [\"/auth\"], \"methods\" : [\"get\", \"post\"], \"roles\" : [\"admin\"] }" but then we got permission denied for any auth access even when we log in as 'admin' role.

rjoberon commented 10 years ago

I wonder what the general procedure is to protect the authentication index? It clearly is not desirable to allow users to access the index, so is the procedure described above the way to go?