- Also introduced an option to disable esusers auth (such that if users configured ldap, the audit trails won't get cluttered by failed authentication in esusers
- Moved the realms initialization to a dedicated Realms class
- Also introduce an option to completely disable shield while keeping the installed plugin and its settings
Original commit: elastic/x-pack-elasticsearch@b554ad5ba7
Now the UsernamePasswordToken, once resolved, is placed in the (new) request context as is (avoids the need to re-parse headers)
Original commit: elastic/x-pack-elasticsearch@f898a94157
Two new commands to the command line tool have been added
* esusers list: Allows to list all users with their roles or only a single one
* esusers roles: Allows to add or remove roles
Roles have been configured as to only consist of lowercase alphanumeric characters.
Original commit: elastic/x-pack-elasticsearch@6fcb4c56e4
Changed the scope of the guava dependency to prevent wrong imports and always use the shaded ones.
This required a change in the forbidden API signatures, as that tool alwyas try load the class and fail
if the class cannot be found.
Original commit: elastic/x-pack-elasticsearch@90a245423a
* Add config and bin directory to assembly
* Add main method to ESUsersTool so it starts
* Fix bin/esusers to actually start
* Fix ESUsersTool to write files in config/shield by default as each plugin has its own directory after installation
* Changed bin/ and config/ directory to reflect path after installation in ES
Original commit: elastic/x-pack-elasticsearch@7d4165e389
Used the existing infra structure to filter by ip in the netty pipeline
before any other handler is hit, in order to reject as soon as possible.
Right now the connection is simply closed.
The configuration is a simple YAML file which uses allow/deny rules
Original commit: elastic/x-pack-elasticsearch@000e44f8cc
Settings for SSL now all start with `shield` as well. Changed documentation and tests to reflect this.
Original commit: elastic/x-pack-elasticsearch@9dd3bc865e
There are four modules:
- authc: realm based authentication module
- authz: role based privileges & permissions authorization module
- n2n: node to node authentication module (incl. IP filtering auth)
- audit: audit trail module (only includes log file audit trails for now)
Original commit: elastic/x-pack-elasticsearch@b1ec9e2923