DATAES-607 - Client-security-configuration.

Original PR: #293

src/main/java/org/springframework/data/elasticsearch/client/ClientConfiguration.java

@@ -29,6 +29,7 @@ import org.springframework.http.HttpHeaders;
  * Configuration interface exposing common client configuration properties for Elasticsearch clients.
  *
  * @author Mark Paluch
+ * @author Peter-Josef Meisch
  * @since 3.2
  */
 public interface ClientConfiguration {
@@ -257,6 +258,15 @@ public interface ClientConfiguration {
 		 */
 		TerminalClientConfigurationBuilder withSocketTimeout(Duration timeout);
 
+		/**
+		 * Configure the username and password to be sent as a Basic Authentication header
+		 *
+		 * @param username the username. Must not be {@literal null}.
+		 * @param password the password. Must not be {@literal null}.
+		 * @return the {@link TerminalClientConfigurationBuilder}
+		 */
+		TerminalClientConfigurationBuilder withBasicAuth(String username, String password);
+
 		/**
 		 * Build the {@link ClientConfiguration} object.
 		 *

src/main/java/org/springframework/data/elasticsearch/client/ClientConfigurationBuilder.java

@@ -36,6 +36,7 @@ import org.springframework.util.Assert;
  *
  * @author Christoph Strobl
  * @author Mark Paluch
+ * @author Peter-Josef Meisch
  * @since 3.2
  */
 class ClientConfigurationBuilder
@@ -47,6 +48,8 @@ class ClientConfigurationBuilder
 	private @Nullable SSLContext sslContext;
 	private Duration connectTimeout = Duration.ofSeconds(10);
 	private Duration soTimeout = Duration.ofSeconds(5);
+	private String username;
+	private String password;
 
 	/*
 	 * (non-Javadoc)
@@ -139,12 +142,31 @@ class ClientConfigurationBuilder
 		return this;
 	}
 
+	@Override
+	public TerminalClientConfigurationBuilder withBasicAuth(String username, String password) {
+
+		Assert.notNull(username, "username must not be null");
+		Assert.notNull(password, "password must not be null");
+
+		this.username = username;
+		this.password = password;
+
+		return this;
+	}
+
 	/*
 	 * (non-Javadoc)
 	 * @see org.springframework.data.elasticsearch.client.ClientConfiguration.ClientConfigurationBuilderWithOptionalDefaultHeaders#build()
 	 */
 	@Override
 	public ClientConfiguration build() {
+
+		if (username != null && password != null) {
+			if (HttpHeaders.EMPTY.equals(headers)) {
+				headers = new HttpHeaders();
+			}
+			headers.setBasicAuth(username, password);
+		}
 		return new DefaultClientConfiguration(this.hosts, this.headers, this.useSsl, this.sslContext, this.soTimeout,
 				this.connectTimeout);
 	}
@@ -152,4 +174,5 @@ class ClientConfigurationBuilder
 	private static InetSocketAddress parse(String hostAndPort) {
 		return InetSocketAddressParser.parse(hostAndPort, ElasticsearchHost.DEFAULT_PORT);
 	}
+
 }

src/test/java/org/springframework/data/elasticsearch/client/ClientConfigurationUnitTests.java

@@ -30,9 +30,12 @@ import org.springframework.http.HttpHeaders;
  * Unit tests for {@link ClientConfiguration}.
  *
  * @author Mark Paluch
+ * @author Peter-Josef Meisch
  */
 public class ClientConfigurationUnitTests {
 
+	private static final String AUTHORIZATION_HEADER = "Authorization";
+
 	@Test // DATAES-488
 	public void shouldCreateSimpleConfiguration() {
 
@@ -78,4 +81,45 @@ public class ClientConfigurationUnitTests {
 		assertThat(clientConfiguration.getConnectTimeout()).isEqualTo(Duration.ofSeconds(10));
 		assertThat(clientConfiguration.getSocketTimeout()).isEqualTo(Duration.ofSeconds(5));
 	}
+
+	@Test // DATAES-607
+	public void shouldAddBasicAuthenticationHeaderWhenNoHeadersAreSet() {
+
+		final String username = "secretUser";
+		final String password = "secretPassword";
+
+		ClientConfiguration clientConfiguration = ClientConfiguration.builder() //
+				.connectedTo("foo", "bar") //
+				.withBasicAuth(username, password) //
+				.build();
+
+		assertThat(clientConfiguration.getDefaultHeaders().get(AUTHORIZATION_HEADER))
+				.containsOnly(buildBasicAuth(username, password));
+	}
+
+	@Test // DATAES-607
+	public void shouldAddBasicAuthenticationHeaderAndKeepHeaders() {
+
+		final String username = "secretUser";
+		final String password = "secretPassword";
+
+		HttpHeaders defaultHeaders = new HttpHeaders();
+		defaultHeaders.set("foo", "bar");
+
+		ClientConfiguration clientConfiguration = ClientConfiguration.builder() //
+				.connectedTo("foo", "bar") //
+				.withBasicAuth(username, password) //
+				.withDefaultHeaders(defaultHeaders).build();
+		final HttpHeaders httpHeaders = clientConfiguration.getDefaultHeaders();
+
+		assertThat(httpHeaders.get(AUTHORIZATION_HEADER)).containsOnly(buildBasicAuth(username, password));
+		assertThat(httpHeaders.get("foo")).containsOnly("bar");
+	}
+
+	private String buildBasicAuth(String username, String password) {
+
+		HttpHeaders headers = new HttpHeaders();
+		headers.setBasicAuth(username, password);
+		return headers.get(AUTHORIZATION_HEADER).get(0);
+	}
 }

src/test/java/org/springframework/data/elasticsearch/utils/IndexInitializer.java

@@ -1,5 +1,17 @@
 /*
- * (c) Copyright 2019 codecentric AG
+ * Copyright 2019 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
  */
 package org.springframework.data.elasticsearch.utils;