manifoldcf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bartłomiej Superson (JIRA) <>
Subject [jira] [Commented] (CONNECTORS-642) Need an ElasticSearch plugin for enforcing ManifoldCF security
Date Mon, 29 Jun 2015 13:08:04 GMT


Bartłomiej Superson commented on CONNECTORS-642:

ElasticSearch-Plugin-MCF v3.0 works properly with ElasticSearch v1.5.2 (not tested with older
versions, tested with v1.6 - not working - will be fixed in v3.1). To provide security filtering
of results of the queries there should be only "u" HTTP GET query parameter passed with username
as a value to obtain filtered results (without "u" parameter ElasticSearch works as normally).
E.g. with 'http://elasticsearchHostAndPort/_all/_search?u=ben' results are filtered using
tokens obtained from provided ManifoldCF Authority Connector (default: http://localhost:8345/mcf-authority-service/UserACLs?username=ben)
for user 'ben'.

To work with APIs additional point to forward the request to the proper ElasticSearch instance
and in meantime with addition of the "u" parameter (obtained e.g. from the Spring Security)
should be prepared.

E.g. with Spring Framework prepare Controller such like this:

public class SearchController {

    private SearchService searchService;

    public SearchController(SearchService searchService){
        this.searchService = searchService;

    @RequestMapping(value="**", method = RequestMethod.POST)
        public ResponseEntity<String> forwardQuery(HttpServletRequest request) throws
ServletException, IOException {
        try {
            return new ResponseEntity<>(,new HttpHeaders(),HttpStatus.OK);
        } catch (IOException e) {
            return new ResponseEntity<>( "IO Problem: " + e.getMessage(),new HttpHeaders(),HttpStatus.INTERNAL_SERVER_ERROR);


and service such like this:

public class SearchService {

    private final CloseableHttpClient httpClient = HttpClients.createDefault();

    public String search(HttpServletRequest request) throws IOException {
        String jsonBody = IOUtils.toString(request.getInputStream());
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        String username = auth.getName();
        String forwardTo = "http://elasticsearchHostAndPort" + request.getServletPath() +
"?u=" + username;
        forwardTo = forwardTo.replace("/search", "");
        HttpPost post = new HttpPost(forwardTo);
        post.setEntity(new StringEntity(jsonBody));
        HttpResponse httpResponse = httpClient.execute(post);
        int rval = httpResponse.getStatusLine().getStatusCode();

        if (rval != 200)
            String response = EntityUtils.toString(httpResponse.getEntity(), "utf-8");
            throw new IOException(" Connection problem: " + Integer.toString(rval)+"; " +

        InputStream is = httpResponse.getEntity().getContent();

        return IOUtils.toString(is);


and use in host field in ElasticSearch client "yourSiteHostAndPort/search".

> Need an ElasticSearch plugin for enforcing ManifoldCF security
> --------------------------------------------------------------
>                 Key: CONNECTORS-642
>                 URL:
>             Project: ManifoldCF
>          Issue Type: New Feature
>          Components: Elastic Search connector
>    Affects Versions: ManifoldCF 1.1
>            Reporter: Karl Wright
>            Assignee: Karl Wright
>             Fix For: ManifoldCF 1.2
> ElasticSearch is becoming popular and we need to support it fully.  In order for that
to happen, we really need an ElasticSearch ManifoldCF plugin.

This message was sent by Atlassian JIRA

View raw message