public TransportAddress resolve(final RestRequest request) throws ElasticsearchSecurityException { log.trace("resolve {}", request.getRemoteAddress()); if(enabled && request.getRemoteAddress() instanceof InetSocketAddress && request instanceof Netty4HttpRequest) { final InetSocketAddress isa = new InetSocketAddress(detector.detect((Netty4HttpRequest) request, threadContext), ((InetSocketAddress)request.getRemoteAddress()).getPort()); log.trace("xff resolved {} to {}", request.getRemoteAddress(), isa); } else { log.trace("no xff done for {}",request.getClass()); } else if(request.getRemoteAddress() instanceof InetSocketAddress){ return new TransportAddress((InetSocketAddress)request.getRemoteAddress()); } else { throw new ElasticsearchSecurityException("Cannot handle this request. Remote address is "+request.getRemoteAddress()+" with request class "+request.getClass());
log.debug("Rest authentication request from {} [original: {}]", remoteAddress, request.getRemoteAddress());
public static RequestIdentifier from(RestRequest request) { if(request.getRemoteAddress() != null) { return new RequestIdentifier(request.getRemoteAddress().toString(), false); } return new RequestIdentifier(ANONYMOUS_ID, true); }
public TransportAddress resolve(final RestRequest request) throws ElasticsearchSecurityException { log.trace("resolve {}", request.getRemoteAddress()); if(enabled && request.getRemoteAddress() instanceof InetSocketAddress && request instanceof Netty4HttpRequest) { final InetSocketAddress isa = new InetSocketAddress(detector.detect((Netty4HttpRequest) request, threadContext), ((InetSocketAddress)request.getRemoteAddress()).getPort()); log.trace("xff resolved {} to {}", request.getRemoteAddress(), isa); } else { log.trace("no xff done for {}",request.getClass()); } else if(request.getRemoteAddress() instanceof InetSocketAddress){ return new TransportAddress((InetSocketAddress)request.getRemoteAddress()); } else { throw new ElasticsearchSecurityException("Cannot handle this request. Remote address is "+request.getRemoteAddress()+" with request class "+request.getClass());
final String oaddr = ((InetSocketAddress) request.getRemoteAddress()).getHostString();
private boolean allow(RestRequest request, AuthConfig config) { List<String> authorization = request.getHeaders().getOrDefault(HttpHeaderNames.AUTHORIZATION.toString(), Collections.emptyList()); RequestIdentifier requestIdentifier = RequestIdentifier.from(request); if (authorization.size() != 1) { return false; } if (limiter.isRequestAllowed(requestIdentifier) && config.isAuthorized(authorization.get(0))) { limiter.addTrustedRequest(requestIdentifier); return true; } if (!"".equals(authorization.get(0))) { log.warn("Request has been blocked due to AuthRateLimiter settings or and incorrect password from: {}", request.getRemoteAddress().toString()); limiter.registerFailure(requestIdentifier); } return false; }
@Override public User authenticate(final RestRequest request, final RestChannel channel, final AuthenticationBackend backend, final Authorizator authorizator) throws AuthException { final String headerName = settings.get(ConfigConstants.SEARCHGUARD_AUTHENTICATION_PROXY_HEADER, "X-Authenticated-User"); final List<String> trustedSourceIps = Arrays.asList(settings.getAsArray( ConfigConstants.SEARCHGUARD_AUTHENTICATION_PROXY_TRUSTED_IPS, new String[0])); if (!trustedSourceIps.contains("*") && !trustedSourceIps.contains(((InetSocketAddress) request.getRemoteAddress()).getAddress().getHostAddress())) { throw new AuthException("source ip not trusted"); } final String proxyUser = request.header(headerName); if (proxyUser == null || proxyUser.isEmpty()) { throw new AuthException("no or empty " + headerName + " header"); } final User authenticatedUser = backend.authenticate(new AuthCredentials(proxyUser, null)); authorizator.fillRoles(authenticatedUser, new AuthCredentials(authenticatedUser.getName(), null)); log.debug("User '{}' is authenticated", authenticatedUser); return authenticatedUser; }
@Override protected void handleRequest(final RestRequest request, final RestChannel channel, final Client client) throws Exception { final boolean isLoopback = ((InetSocketAddress) request.getRemoteAddress()).getAddress().isLoopbackAddress(); final InetAddress resolvedAddress = SecurityUtil.getProxyResolvedHostAddressFromRequest(request, settings);
log.debug("Rest authentication request from {} [original: {}]", remoteAddress, request.getRemoteAddress());
final InetSocketAddress address = ((InetSocketAddress) request.getRemoteAddress()); final String connectionId = Joiner.on(":").useForNull("").join(address.getHostName(), address.getPort()); final String securityPackage = authorizationHeader.getSecurityPackage();
&& ((InetSocketAddress) request.getRemoteAddress()).getAddress().isLoopbackAddress();
try { String ipaddr = ((InetSocketAddress) request.getRemoteAddress()).getAddress().getHostAddress();