Platform Explorer / Nuxeo Platform 2021.7

Bundle org.nuxeo.elasticsearch.http.readonly

In bundle group org.nuxeo.elasticsearch

Documentation

  • README.md

    nuxeo-elasticsearch-http-read-only

    About

    This addon exposes a limited set of Read Only Elasticsearch HTTP REST API, taking in account the Nuxeo authentication and authorization.

    Building

     mvn clean install
    

    Requirements

    • An Elasticsearch instance with an HTTP REST API, the default port is 9200.

    • Deploy the nuxeo-elasticsearch-http-read-only-VERSION.jar into your Nuxeo server under nxserver/bundles/.

    • Configure the base URL to access the REST API, in the nuxeo.conf add:

        elasticsearch.httpReadOnly.baseUrl = http://localhost:9200
      

    Usage

    A Nuxeo webengine module acts as a proxy and provides:

    • The Nuxeo authentication: only valid Nuxeo user can access the REST API.
    • The Nuxeo ACL authorization, user can access only documents that they are allowed to see.
    • Limit access to Elasticsearch index (and types) defined inside Nuxeo.

    For instance if your REST client application want to query Elasticsearch like this:

    curl -XGET 'http://localhost:9200/_search?size=0' -d '{ "query": { "match_all":{}}}'
    

    To do this search through Nuxeo, you need to change the base URL and use authentication:

    curl -XGET -u jdoe:password  'http://localhost:8080/nuxeo/site/es/_search?size=0' -d '{ "query": { "match_all":{}}}'
    

    Note that the base URL change from http://my-elastic-search-server:9200 to http://my-nuxeo-server:8080/nuxeo/site/es.

    The previous request is rewritten and the final request submitted to Elasticsearch is equivalent to:

    curl -XGET 'http://localhost:9200/nuxeo/doc/_search?size=0' -d '{"query":{"bool":{"filter":{"terms":{"ecm:acl":["members","user1","Everyone"]}},"must":{"match_all":{}}}}}'
    

    We can see that index and type have been explicitly set and the query has a filter to match the jdoe user ACL.

    Nuxeo will submit only HTTP GET request to Elasticsearch, even if Nuxeo accepts search using HTTP POST.

    The Document GET API is also filtered, for non Adminitrator user, there is a first request to retrieve the document ACL then only if it is allowed the original request is forwarded.

    REST API exposed

    Only a small part of the API is exposed:

    The Search APIs:

    The Document APIs:

    Limitations

    Request Body Search with POST request

    The Elasticsearch Request Body Search API can be done using GET or POST request. The reason for this is that some clients are not able to send GET request with a body.

    The Nuxeo proxy accepts POST request, but only if the content type is set properly, like this:

    curl -XPOST -u jdoe:password -H "Content-Type: application/json" 'http://localhost:8080/nuxeo/site/es/_search?size=0' -d '{ "query": { "match_all":{}}}'
    

    If you don't set this header you will get error like:

    {"entity-type":"exception","code":"javax.ws.rs.WebApplicationException","status":500,"message":null}1
    

    GET API with HEAD request

    There is no HEAD request support at the moment.

    GET API _source endpoint

    No support for the /{index}/{type}/{id}/_source endpoint at the moment.

    Links

    • Administration: http://doc.nuxeo.com/x/UBY5AQ
  • Parent Documentation: README.md

    nuxeo-elasticsearch

    About

    This project aims at providing Nuxeo bundles to integrate Elasticsearch with the Nuxeo Platform.

    The idea is to index/query Nuxeo Documents to/from Elasticsearch.

    Building

    To build and run the tests, simply start the Maven build:

    mvn clean install
    

    Running tests

    Using the embedded Elasticsearch

    With the default RestClient:

    mvn -nsu test
    # -Dnuxeo.test.elasticsearch.client=RestClient is set by default
    

    Or with the TransportClient

    mvn -nsu test -Dnuxeo.test.elasticsearch.client=TransportClient
    

    Using an external Elasticsearch

    1. Start an Elasticsearch using docker:
    docker run -p 9400:9200 -p 9600:9300 docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.3
    

    2.a Run the test with RestClient:

    mvn -nsu test -Dnuxeo.test.elasticsearch.addressList=http://localhost:9400
    

    2.b Or run the test with TransportClient:

    mvn -nsu test -Dnuxeo.test.elasticsearch.client=TransportClient -Dnuxeo.test.elasticsearch.clusterName=docker-cluster -Dnuxeo.test.elasticsearch.addressList=localhost:9600
    

    Links

    • Administration: http://doc.nuxeo.com/x/UBY5AQ
    • Configuring mapping: http://doc.nuxeo.com/x/WxI5AQ
    • Overview: http://doc.nuxeo.com/x/iYElAQ
    • Open jira tikets

Requirements

Resolution Order

[187, 188]
The resolution order represents the order in which components have been resolved by the Nuxeo Runtime framework. This range represents the minimal and maximal orders for this bundle's components.
You can influence this order by adding "require" tags in the component declaration, to make sure it is resolved after another component. It will also impact the order in which contributions are registered on their target extension point (see "Registration Order" on contributions).

Components

Maven Artifact

Filenuxeo-elasticsearch-http-read-only-2021.7.15.jar
Group Idorg.nuxeo.elasticsearch
Artifact Idnuxeo-elasticsearch-http-read-only
Version2021.7.15

Manifest

Manifest-Version: 1.0
Archiver-Version: Plexus Archiver
Created-By: Apache Maven
Built-By: root
Build-Jdk: 11.0.12
Bundle-ManifestVersion: 2
Bundle-Version: 0.0.0.SNAPSHOT
Export-Package: org.nuxeo.elasticsearch.http.readonly
Bundle-ActivationPolicy: lazy
Bundle-ClassPath: .
Bundle-Localization: bundle
Bundle-Name: Elasticsearch HTTP Read Only API
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
Require-Bundle: org.nuxeo.ecm.webengine.core,org.nuxeo.elasticsearch.c
 ore
Bundle-Vendor: Nuxeo
Bundle-SymbolicName: org.nuxeo.elasticsearch.http.readonly;singleton:=
 true
Nuxeo-WebModule: org.nuxeo.ecm.webengine.app.WebEngineModule
Nuxeo-Component: OSGI-INF/request-filter-service.xml,OSGI-INF/es-audit
 -http-readonly-filter.xml

Exports

Charts

    Raw Data: Json Contribution Stats

    Contributions by Code Type

    Loading data

    Contributions by Target Extension Point

    Loading data

    Contributions by Studio Source

    Loading data