Initial commit, supporting 6.3.2

Author: Andrea Sessa

.gitignore

@@ -0,0 +1,19 @@
+.idea/*
+*.class
+*.zip
+/build/
+/bin/
+/target/
+*~
+deploy.sh
+.gradle
+.DS_Store
+.classpath
+.metadata/
+.project
+/.gradle/
+.settings/
+data/
+/.local-execution-hints.log
+/.local-*-execution-hints.log
+*.iml

.travis.yml

@@ -0,0 +1,13 @@
+language: java
+script:
+  - mvn clean verify
+  - mvn package
+deploy:
+  skip_cleanup: true
+  provider: releases
+  file: target/releases/elasticsearch-http-basic-plugin.zip
+  api_key: b1f302f147825ef828d64a77cc5e37a9898f34a6
+  on:
+    repo: Sessa93/elasticsearch-http-basic
+    tags: true
+    branch: master

CHANGELOG.md

@@ -0,0 +1,35 @@
+# Change Log
+
+All notable changes to this project will be documented in this
+file. This file is structured according to http://keepachangelog.com/
+Use  `date "+%Y-%m-%d"` to get the correct date formatting
+
+- - -
+## [1.5.1][2015-08-30]
+### - Added
+- allow HEAD root url authentication #39
+- log http method on any request. #42
+- doc: 1.6.0, 1.7.0 support #52
+### - Fix
+- test: adapt to method signature change after 1.5.1 #55
+- test: run custom install and test commands in ci
+
+## [1.5.0][2015-07-04]
+
+### - Added
+- allow disabling ipwhitelist by setting its value to `false`
+- updated pom to depend on elasticsearch-parent project
+- travis test matrix for different ES versions
+
+### Changed
+- restored default healthcheck for authenticated users
+- unauthenticated healthcheck for `/` returns `"{\"OK\":{}}"`
+- thanks @feaster83
+
+## [1.4.0]
+## [1.0.3]
+
+### - Added
+- Changelog
+- Disable Authentication for `/`, allowing it to be used for healtchecks.
+  - thanks @archiloque

COPYING

@@ -0,0 +1 @@
+elasticsearch-http-basic is Copyright (c) 2011, Florian and Felix Gilcher

LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2011 Florian Gilcher <florian.gilcher@asquera.de>, Felix Gilcher <felix.gilcher@asquera.de>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,74 @@
+
+[![Build Status](https://travis-ci.org/Asquera/elasticsearch-http-basic.svg?branch=master)](https://travis-ci.org/Asquera/elasticsearch-http-basic)
+
+
+# HTTP Basic / Ip auth for ElasticSearch
+
+This plugin provides an extension of ElasticSearchs HTTP Transport module to enable **HTTP basic authentication** and/or
+**Ip based authentication**.
+
+Requesting `/` does not request authentication to simplify health check configuration.
+
+There is no way to configure this on a per index basis.
+
+
+## Version Mapping
+
+|     Http Basic Plugin       | elasticsearch                |
+|-----------------------------|------------------------------|
+| v1.0.0                      |                        6.3.2 |
+
+
+## Installation
+
+Download the desired version from https://github.com/Cleafy/elasticsearch6-http-basic/releases and copy it to `plugins/http-basic`.
+
+## Configuration
+
+Once the plugin is installed it can be configured in the [elasticsearch modules configuration file](http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-configuration.html#settings). See the [elasticserach directory layout information](http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/setup-dir-layout.html) for more information about the default paths of an ES installation.
+
+|     Setting key                   |  Default value               | Notes                                                                   |
+|-----------------------------------|------------------------------|-------------------------------------------------------------------------|
+| `http.basic.enabled`              | true                         | **true** disables the default ES HTTP Transport module                  |
+| `http.basic.user`                 | "admin"                      |                                                                         |
+| `http.basic.password`             | "admin_pw"                   |                                   
+| `http.basic.log`                  | false                        | enables plugin logging to ES log. Unauthenticated requests are always logged.                                         |
+
+**Be aware that the password is stored in plain text.**
+
+## Http basic authentication
+
+see [this article](https://en.wikipedia.org/wiki/Basic_access_authentication)
+
+## Configuration example
+
+The following code enables plugin logging, sets user and password.
+
+```
+http.basic.enable: true
+http.basic.log: true
+http.basic.user: "some_user"
+http.basic.password: "some_password"
+```
+
+## Testing
+
+**note:** localhost is a whitelisted ip as default.
+Considering a default configuration with **my_username** and **my_password** configured.
+
+Correct credentials
+```
+$ curl -v --user my_username:my_password no_local_host:9200/foo # works (returns 200) (if credentials are set in configuration)
+```
+
+Wrong credentials
+```
+$ curl -v --user my_username:wrong_password no_local_host:9200/    # health check, returns 200 with  "{\"OK\":{}}" although Unauthorized
+$ curl -v --user my_username:password no_local_host:9200/foo       # returns 401
+```
+
+
+## Issues
+
+Please file your issue here: 
+https://github.com/Cleafy/elasticsearch6-http-basic/issues

pom.xml

@@ -0,0 +1,115 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>com.cleafy.elasticsearch6</groupId>
+    <artifactId>elasticsearch6-http-basic</artifactId>
+    <version>3.0.0</version>
+    <packaging>jar</packaging>
+    <name>Elasticsearch 6.x Http Basic plugin</name>
+    <description>Adds HTTP Basic authentication (BA) to your Elasticsearch cluster</description>
+    <url>https://github.com/Cleafy/elasticsearch-http-basic</url>
+    <inceptionYear>2018</inceptionYear>
+
+    <properties>
+        <tests.jvms>1</tests.jvms>
+        <es.logger.level>INFO</es.logger.level>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.elasticsearch</groupId>
+            <artifactId>elasticsearch</artifactId>
+            <version>6.3.2</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.elasticsearch.test</groupId>
+            <artifactId>framework</artifactId>
+            <version>6.3.2</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>net.java.dev.jna</groupId>
+            <artifactId>jna</artifactId>
+            <version>4.1.0</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.7</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.7</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+            <version>RELEASE</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-core</artifactId>
+            <version>2.11.1</version>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.logging.log4j</groupId>
+            <artifactId>log4j-api</artifactId>
+            <version>2.11.1</version>
+            <scope>compile</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <finalName>elasticsearch6-http-basic-plugin</finalName>
+        <resources>
+            <resource>
+                <directory>src/main/resources</directory>
+                <filtering>false</filtering>
+            </resource>
+        </resources>
+
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.6</version>
+                <configuration>
+                    <appendAssemblyId>false</appendAssemblyId>
+                    <outputDirectory>${project.build.directory}/releases/</outputDirectory>
+                    <descriptors>
+                        <descriptor>${basedir}/src/main/assemblies/plugin.xml</descriptor>
+                    </descriptors>
+                </configuration>
+                <executions>
+                    <execution>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <version>3.3</version>
+                <configuration>
+                    <source>1.8</source>
+                    <target>1.8</target>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

reinstall.sh

@@ -0,0 +1,6 @@
+ES=/usr/share/elasticsearch
+sudo $ES/bin/plugin remove http-basic
+mvn -DskipTests clean package
+FILE=`ls ./target/elasticsearch-*zip`
+sudo $ES/bin/plugin -url file:$FILE -install http-basic
+sudo service elasticsearch restart

src/main/assemblies/plugin.xml

@@ -0,0 +1,26 @@
+<?xml version="1.0"?>
+<assembly>
+    <id>plugin</id>
+    <formats>
+        <format>zip</format>
+    </formats>
+    <includeBaseDirectory>false</includeBaseDirectory>
+    <dependencySets>
+        <dependencySet>
+            <outputDirectory>/</outputDirectory>
+            <useProjectArtifact>true</useProjectArtifact>
+            <useTransitiveFiltering>true</useTransitiveFiltering>
+            <excludes>
+                <exclude>org.elasticsearch:elasticsearch</exclude>
+            </excludes>
+        </dependencySet>
+        <dependencySet>
+            <outputDirectory>/</outputDirectory>
+            <useProjectArtifact>true</useProjectArtifact>
+            <useTransitiveFiltering>true</useTransitiveFiltering>
+            <includes>
+                <include>com.cleafy.elasticsearch:elasticsearch6-http-basic</include>
+            </includes>
+        </dependencySet>
+    </dependencySets>
+</assembly>

src/main/java/com/cleafy/elasticsearch6/plugins/http/BasicRestFilter.java

@@ -0,0 +1,48 @@
+package com.cleafy.elasticsearch6.plugins.http;
+
+import com.cleafy.elasticsearch6.plugins.http.auth.AuthCredentials;
+import com.cleafy.elasticsearch6.plugins.http.auth.HttpBasicAuthenticator;
+import com.cleafy.elasticsearch6.plugins.http.utils.Globals;
+import com.cleafy.elasticsearch6.plugins.http.utils.LoggerUtils;
+import org.elasticsearch.ElasticsearchException;
+import org.elasticsearch.client.node.NodeClient;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.rest.*;
+import org.elasticsearch.transport.TransportException;
+
+public class BasicRestFilter {
+    private final HttpBasicAuthenticator httpBasicAuthenticator;
+    private boolean isUnauthLogEnabled;
+
+    public BasicRestFilter(final Settings settings) {
+        super();
+        this.httpBasicAuthenticator = new HttpBasicAuthenticator(settings, new AuthCredentials(settings.get(Globals.SETTINGS_USERNAME, "pippo"), settings.get(Globals.SETTINGS_PASSWORD, "pluto").getBytes()));
+        this.isUnauthLogEnabled = settings.getAsBoolean(Globals.SETTINGS_LOG, false);
+    }
+
+    public RestHandler wrap(RestHandler original) {
+        return (request, channel, client) -> {
+            if (!checkAndAuthenticateRequest(request, channel, client)) {
+                original.handleRequest(request, channel, client);
+            }
+        };
+    }
+
+    private boolean checkAndAuthenticateRequest(RestRequest request, RestChannel channel, NodeClient client) throws Exception {
+        ElasticsearchException forbiddenException = new TransportException("Forbidden");
+        try {
+            if (this.httpBasicAuthenticator.authenticate(request)) {
+                LoggerUtils.logRequest(request, getClass());
+                return false;
+            }
+
+            if (this.isUnauthLogEnabled) { LoggerUtils.logUnAuthorizedRequest(request, getClass()); }
+            channel.sendResponse(new BytesRestResponse(channel, RestStatus.FORBIDDEN, forbiddenException));
+        } catch (Exception e) {
+            if (this.isUnauthLogEnabled) { LoggerUtils.logUnAuthorizedRequest(request, getClass()); }
+            channel.sendResponse(new BytesRestResponse(channel, RestStatus.FORBIDDEN, forbiddenException));
+            return true;
+        }
+        return true;
+    }
+}