Skip to content
This repository has been archived by the owner on Nov 14, 2019. It is now read-only.

access constraint to auth and security index #6

Open
tumeteor opened this issue May 26, 2014 · 3 comments
Open

access constraint to auth and security index #6

tumeteor opened this issue May 26, 2014 · 3 comments
Labels
question

Comments

@tumeteor
Copy link

Hi,
we tried to put a secondary security level on top of this plugin, more specifically, we put the access constraints to the auth and security indexes. So that we can control that no normal user can touch the security part. However, now we got the permission deny for all the writing access.
Maybe its the default thing that auth and security indexes are protected from 'user' role and we did the redundant thing that we shouldnt?

Thanks,
@marevol
Copy link
Contributor

marevol commented May 27, 2014

Could you give me steps(ex. curl commands) to reproduce it?

@tumeteor
Copy link
Author

yes, we put this constraint on the auth index:

curl -XPOST 'localhost:9200/security/constraint/' -d "{
"authenticator" : "index",
"paths" : ["/auth"],
"methods" : ["get", "post"],
"roles" : ["admin"]
}"
but then we got permission denied for any auth access even when we log in as 'admin' role.

@rjoberon
Copy link

I wonder what the general procedure is to protect the authentication index? It clearly is not desirable to allow users to access the index, so is the procedure described above the way to go?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@marevol @tumeteor @rjoberon