jetty-restrict-writes.xml failure

[mmichon]

The installation of plugin v0.90.0 was successful. Starting ES with the default jetty.xml works fine.

Overwriting the default jetty.xml with jetty-restrict-writes.xml and starting the server results in:

[2013-05-08 17:12:00,608][WARN ][bootstrap                ] jvm uses the client vm, make sure to run `java` with the server vm for best performance by adding `-server` to the command line
[2013-05-08 17:12:01,358][INFO ][node                     ] [Leonus] {0.90.0.Beta1}[30540]: initializing ...
[2013-05-08 17:12:01,373][INFO ][plugins                  ] [Leonus] loaded [lang-python, jetty], sites [head]
[2013-05-08 17:12:04,263][INFO ][node                     ] [Leonus] {0.90.0.Beta1}[30540]: initialized
[2013-05-08 17:12:04,266][INFO ][node                     ] [Leonus] {0.90.0.Beta1}[30540]: starting ...
[2013-05-08 17:12:04,334][INFO ][transport                ] [Leonus] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/10.5.55.134:9300]}
[2013-05-08 17:12:07,368][INFO ][cluster.service          ] [Leonus] new_master [Leonus][E37fBk-eQd-fG5hDRBmoPg][inet[/10.5.55.134:9300]], reason: zen-disco-join (elected_as_master)
[2013-05-08 17:12:07,379][INFO ][discovery                ] [Leonus] elasticsearch/E37fBk-eQd-fG5hDRBmoPg
[2013-05-08 17:12:07,709][WARN ][org.eclipse.jetty.xml.XmlConfiguration] Config error at <Set name="handler"><Ref id="OldHandler"/></Set>
[2013-05-08 17:12:07,709][WARN ][org.eclipse.jetty.xml.XmlConfiguration] Config error at <Set name="handler">
        <New class="com.sonian.elasticsearch.http.jetty.security.RestConstraintSecurityHandler" id="DefaultSecurityHandler"><Set name="handler"><Ref id="OldHandler"/></Set><Set name="loginService">
                <Ref id="DefaultLoginService"/>
            </Set><Set name="realmName">DefaultRealm</Set><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">DELETE</Set><Set name="pathSpec">
                            /,/_template/{name},/{index},/{index}/_query,/{index}/{type},
                            /{index}/{type}/_mapping,/{index}/{type}/_query,/{index}/{type}/{id},
                            /{index}/_warmer,/{index}/_warmer/{name},/{index}/{type}/_warmer/{name}
                        </Set><Set name="constraint">
                            <Ref id="ReadWriteSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">GET</Set><Set name="pathSpec">
                            /
                        </Set><Set name="constraint">
                            <Ref id="NoneSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">GET</Set><Set name="pathSpec">
                            /_count,/_mget,/_search,/_search/scroll,/_search/scroll/{scroll_id},/{index}/_count,
                            /{index}/_mget,/{index}/_search,/{index}/{type}/_count,/{index}/{type}/_mget,
                            /{index}/{type}/_percolate,/{index}/{type}/_search,/{index}/{type}/{id},
                            /{index}/{type}/{id}/_mlt,/_validate/query,/{index}/_validate/query,/{index}/{type}/_validate/query,
                            /_msearch,/{index}/_msearch,/{index}/{type}/_msearch
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyUserDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">GET</Set><Set name="pathSpec">
                            /_aliases,/_cluster/*,/_cluster/*/*,/_cluster/*/*/*,/_cluster/*/*/*/*,/_mapping,/_segments,
                            /_settings,/_stats,/_stats/*,/_stats/*/*,/_status,/_template/{name},/{index}/_aliases,
                            /_analyze,/{index}/_analyze,/{index}/_mapping,/{index}/_ping/broadcast,/{index}/_ping/replication,
                            /{index}/_segments,/{index}/_settings,/{index}/_stats,/{index}/_stats/*,/{index}/_stats/*/*,
                            /{index}/_status,/{index}/{type}/_mapping,/{index}/{type}/{id}/_ping,
                            /_nodes,/_nodes/*,/_nodes/*/*,/_nodes/*/*/*,/{index}/_warmer,/{index}/_warmer/{name},
                            /{index}/{type}/_warmer/{name}
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyClusterDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">GET</Set><Set name="pathSpec">
                            /_cache/clear,/_flush,/_optimize,/_refresh,/{index}/_cache/clear,/{index}/_flush,
                            /{index}/_optimize,/{index}/_refresh
                        </Set><Set name="constraint">
                            <Ref id="ReadWriteSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">HEAD</Set><Set name="pathSpec">
                            /
                        </Set><Set name="constraint">
                            <Ref id="NoneSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">HEAD</Set><Set name="pathSpec">
                            /{index}
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyClusterDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">HEAD</Set><Set name="pathSpec">
                            /{index}/{type}/{id}
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyUserDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">POST</Set><Set name="pathSpec">
                            /_analyze,/{index}/_analyze
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyClusterDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">POST</Set><Set name="pathSpec">
                            /_count,/_mget,/_search,/_search/scroll,/_search/scroll/{scroll_id},/{index}/_count,
                            /{index}/_mget,/{index}/_search,/{index}/{type}/_count,/{index}/{type}/_mget,
                            /{index}/{type}/_percolate,/{index}/{type}/_search,/{index}/{type}/{id}/_mlt,
                            /_validate/query,/{index}/_validate/query,/{index}/{type}/_validate/query,
                            /_msearch,/{index}/_msearch,/{index}/{type}/_msearch
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyUserDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">POST</Set><Set name="pathSpec">
                            /_aliases,/_bulk,/_cache/clear,/_flush,/_gateway/snapshot,/_optimize,/_refresh,
                            /_template/{name},/{index},/{index}/_cache/clear,/{index}/_close,/{index}/_flush,
                            /{index}/_gateway/snapshot,/{index}/_mapping,/{index}/_open,/{index}/_optimize,
                            /{index}/_refresh,/{index}/{type},/{index}/{type}/_mapping,/{index}/{type}/{id},
                            /{index}/{type}/{id}/_create,/{index}/_bulk,/{index}/{type}/_bulk,/{index}/{type}/{id}/_update
                        </Set><Set name="constraint">
                            <Ref id="ReadWriteSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">POST</Set><Set name="pathSpec">
                            /_cluster/nodes/_restart,/_cluster/nodes/_shutdown,
                            /_cluster/nodes/{nodeId}/_restart,/_cluster/nodes/{nodeId}/_shutdown,
                            /_shutdown,/_cluster/reroute
                        </Set><Set name="constraint">
                            <Ref id="AdminSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">PUT</Set><Set name="pathSpec">
                            /_bulk,/_template/{name},/{index},/{index}/_mapping,/{index}/_settings,/{index}/{type}/_mapping,
                            /{index}/{type}/{id},/{index}/{type}/{id}/_create,/{index}/_bulk,/{index}/{type}/_bulk,
                            /{index}/_warmer/{name},/{index}/{type}/_warmer/{name}
                        </Set><Set name="constraint">
                            <Ref id="ReadWriteSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">PUT</Set><Set name="pathSpec">
                            /_cluster/settings,/_settings
                        </Set><Set name="constraint">
                            <Ref id="AdminSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="method">GET</Set><Set name="pathSpec">
                            /_plugin/*,/_plugin/*/*,/_plugin/*/*/*,/_plugin/*/*/*/*,/_plugin/*/*/*/*/*,
                            /_plugin/*/*/*/*/*/*,/_plugin/*/*/*/*/*/*/*,/_plugin/*/*/*/*/*/*/*/*,
                            /_plugin/*/*/*/*/*/*/*/*/*, /_plugin/*/*/*/*/*/*/*/*/*/*
                        </Set><Set name="constraint">
                            <Ref id="ReadOnlyClusterDataSecurityConstraint"/>
                        </Set></New>
                </Arg></Call><Call name="addConstraintMapping"><Arg>
                    <New class="org.eclipse.jetty.security.ConstraintMapping"><Set name="pathSpec">*</Set><Set name="constraint">
                            <Ref id="ForbiddenSecurityConstraint"/>
                        </Set></New>
                </Arg></Call></New>
    </Set>
[2013-05-08 17:12:07,710][ERROR][com.sonian.elasticsearch.http.jetty.JettyHttpServerTransport] [Leonus] Jetty Startup Failed 
java.lang.IllegalStateException: No object for id=OldHandler
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1084)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:997)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.set(XmlConfiguration.java:416)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:378)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.newObj(XmlConfiguration.java:780)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.itemValue(XmlConfiguration.java:1082)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.value(XmlConfiguration.java:997)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.set(XmlConfiguration.java:416)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:378)
        at org.eclipse.jetty.xml.XmlConfiguration$JettyXmlConfiguration.configure(XmlConfiguration.java:338)
        at org.eclipse.jetty.xml.XmlConfiguration.configure(XmlConfiguration.java:291)
        at com.sonian.elasticsearch.http.jetty.JettyHttpServerTransport$1.onPortNumber(JettyHttpServerTransport.java:125)
        at org.elasticsearch.common.transport.PortsRange.iterate(PortsRange.java:68)
        at com.sonian.elasticsearch.http.jetty.JettyHttpServerTransport.doStart(JettyHttpServerTransport.java:100)
        at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
        at org.elasticsearch.http.HttpServer.doStart(HttpServer.java:92)
        at org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:85)
        at org.elasticsearch.node.internal.InternalNode.start(InternalNode.java:216)
        at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:119)
        at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:203)
        at org.elasticsearch.bootstrap.ElasticSearch.main(ElasticSearch.java:32)
[2013-05-08 17:12:07,717][ERROR][bootstrap                ] [Leonus] {0.90.0.Beta1}: Startup Failed ...
- BindHttpException[Failed to bind to [9200-9300]]
        IllegalStateException[No object for id=OldHandler]

Any ideas?

[imotov]

The jetty-restrict-writes.xml file doesn't replace jetty.xml it just adds additional restrictions. So, you shouldn't overwrite jetty.xml but instead add jetty-restrict-writes.xml after jetty.xml and jetty-hash-auth.xml in the list of config files. The Adding Basic Authentication section of README has a couple of examples of such configuration.

[mmichon]

Igor, that was it, thanks!

On May 8, 2013, at 5:41 PM, Igor Motov notifications@github.com wrote:

The jetty-restrict-writes.xml file doesn't replace jetty.xml it just adds additional restrictions. So, you shouldn't overwrite jetty.xml but instead add jetty-restrict-writes.xml after jetty.xml and jetty-hash-auth.xml in the list of config files. The Adding Basic Authentication section of README has a couple of examples of such configuration.

— Reply to this email directly or view it on GitHub.