Commit 9e30b37

committed

Merge pull request #1 from plizy/master

Disable authentication on / to simplify health heck configuration

2 parents 3910c8c + 2a05762 commit 9e30b37Copy full SHA for 9e30b37

File tree

+11

-3

lines changed

+11

-3

lines changed

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,8 @@`
`2`	`2`
`3`	`3`	`This plugin provides an extension of ElasticSearchs HTTP Transport module to enable HTTP Basic authorization.`
`4`	`4`
	`5`	`+Requesting / does not request authentication to simplify health heck configuration.`
	`6`	`+`
`5`	`7`	`## Installation`
`6`	`8`
`7`	`9`	Download the current version from https://github.com/Asquera/elasticsearch-http-basic/downloads and copy it to `plugins/http-basic`.
`@@ -21,8 +23,9 @@ Be aware that the password is stored in plain text.`
`21`	`23`	`## Testing`
`22`	`24`
`23`	`25`	```
`24`		`-$ curl -v --user my_username:my_password localhost:9200 # works`
`25`		`-$ curl -v --user my_username:password localhost:9200 # sends 403`
	`26`	`+$ curl -v localhost:9200 # works`
	`27`	`+$ curl -v --user my_username:my_password localhost:9200/foo # works`
	`28`	`+$ curl -v --user my_username:password localhost:9200/foo # sends 401`
`26`	`29`	```
`27`	`30`
`28`	`31`	`## Problems`

Lines changed: 6 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,7 @@`
`8`	`8`	`import org.elasticsearch.common.inject.Inject;`
`9`	`9`	`import org.elasticsearch.common.Base64;`
`10`	`10`
	`11`	`+import org.elasticsearch.rest.RestRequest;`
`11`	`12`	`import org.elasticsearch.rest.StringRestResponse;`
`12`	`13`
`13`	`14`	`import static org.elasticsearch.rest.RestStatus.*;`
`@@ -31,12 +32,16 @@ public class HttpBasicServer extends HttpServer {`
`31`	`32`	`}`
`32`	`33`
`33`	`34`	`public void internalDispatchRequest(final HttpRequest request, final HttpChannel channel) {`
`34`		`- if (authBasic(request)) {`
	`35`	`+ if (shouldLetPass(request) \|\| authBasic(request)) {`
`35`	`36`	`super.internalDispatchRequest(request, channel);`
`36`	`37`	`} else {`
`37`	`38`	`channel.sendResponse(new StringRestResponse(UNAUTHORIZED));`
`38`	`39`	`}`
`39`	`40`	`}`
	`41`	`+`
	`42`	`+ private boolean shouldLetPass(final HttpRequest request) {`
	`43`	`+ return (request.method() == RestRequest.Method.GET) && request.path().equals("/");`
	`44`	`+ }`
`40`	`45`
`41`	`46`	`private boolean authBasic(final HttpRequest request){`
`42`	`47`	`String authHeader = request.header("Authorization");`

Comments

(0)