Bundle org.nuxeo.elasticsearch.http.readonly
Documentation
-
README.md
nuxeo-elasticsearch-http-read-only
About
This addon exposes a limited set of Read Only Elasticsearch HTTP REST API, taking in account the Nuxeo authentication and authorization.
Building
mvn clean installRequirements
-
An Elasticsearch instance with an HTTP REST API, the default port is 9200.
-
Deploy the
nuxeo-elasticsearch-http-read-only-VERSION.jarinto your Nuxeo server undernxserver/bundles/. -
Configure the base URL to access the REST API, in the
nuxeo.confadd:elasticsearch.httpReadOnly.baseUrl = http://localhost:9200
Usage
A Nuxeo webengine module acts as a proxy and provides:
- The Nuxeo authentication: only valid Nuxeo user can access the REST API.
- The Nuxeo ACL authorization, user can access only documents that they are allowed to see.
- Limit access to Elasticsearch index (and types) defined inside Nuxeo.
For instance if your REST client application want to query Elasticsearch like this:
curl -XGET 'http://localhost:9200/_search?size=0' -d '{ "query": { "match_all":{}}}'To do this search through Nuxeo, you need to change the base URL and use authentication:
curl -XGET -u jdoe:password 'http://localhost:8080/nuxeo/site/es/_search?size=0' -d '{ "query": { "match_all":{}}}'Note that the base URL change from http://my-elastic-search-server:9200 to http://my-nuxeo-server:8080/nuxeo/site/es.
The previous request is rewritten and the final request submitted to Elasticsearch is equivalent to:
curl -XGET 'http://localhost:9200/nuxeo/doc/_search?size=0' -d '{"query":{"bool":{"filter":{"terms":{"ecm:acl":["members","user1","Everyone"]}},"must":{"match_all":{}}}}}'We can see that
indexandtypehave been explicitly set and the query has a filter to match the jdoe user ACL.Nuxeo will submit only HTTP GET request to Elasticsearch, even if Nuxeo accepts search using HTTP POST.
The Document GET API is also filtered, for non Adminitrator user, there is a first request to retrieve the document ACL then only if it is allowed the original request is forwarded.
REST API exposed
Only a small part of the API is exposed:
The Search APIs:
The Document APIs:
- The Get API
Limitations
Request Body Search with POST request
The Elasticsearch Request Body Search API can be done using GET or POST request. The reason for this is that some clients are not able to send GET request with a body.
The Nuxeo proxy accepts POST request, but only if the content type is set properly, like this:
curl -XPOST -u jdoe:password -H "Content-Type: application/json" 'http://localhost:8080/nuxeo/site/es/_search?size=0' -d '{ "query": { "match_all":{}}}'If you don't set this header you will get error like:
{"entity-type":"exception","code":"javax.ws.rs.WebApplicationException","status":500,"message":null}1GET API with HEAD request
There is no HEAD request support at the moment.
GET API _source endpoint
No support for the /{index}/{type}/{id}/_source endpoint at the moment.
Links
- Administration: http://doc.nuxeo.com/x/UBY5AQ
-
-
Parent Documentation: README.md
nuxeo-elasticsearch
About
This project aims at providing Nuxeo bundles to integrate Elasticsearch with the Nuxeo Platform.
The idea is to index/query Nuxeo Documents to/from Elasticsearch.
Building
To build and run the tests, simply start the Maven build:
mvn clean installRunning tests
Using the embedded Elasticsearch
With the default
RestClient:mvn -nsu test # -Dnuxeo.test.elasticsearch.client=RestClient is set by defaultOr with the
TransportClientmvn -nsu test -Dnuxeo.test.elasticsearch.client=TransportClientUsing an external Elasticsearch
- Start an Elasticsearch using docker:
docker run -p 9400:9200 -p 9600:9300 docker.elastic.co/elasticsearch/elasticsearch-oss:6.5.32.a Run the test with
RestClient:mvn -nsu test -Dnuxeo.test.elasticsearch.addressList=http://localhost:94002.b Or run the test with
TransportClient:mvn -nsu test -Dnuxeo.test.elasticsearch.client=TransportClient -Dnuxeo.test.elasticsearch.clusterName=docker-cluster -Dnuxeo.test.elasticsearch.addressList=localhost:9600Links
- Administration: http://doc.nuxeo.com/x/UBY5AQ
- Configuring mapping: http://doc.nuxeo.com/x/WxI5AQ
- Overview: http://doc.nuxeo.com/x/iYElAQ
- Open jira tikets
Requirements
Resolution Order
You can influence this order by adding "require" tags in the component declaration, to make sure it is resolved after another component. It will also impact the order in which contributions are registered on their target extension point (see "Registration Order" on contributions).
Components
- org.nuxeo.elasticsearch.http.readonly.RequestFilterService
- org.nuxeo.elasticsearch.http.readonly.audit.filter
Maven Artifact
| File | nuxeo-elasticsearch-http-read-only-2021.7.15.jar |
|---|---|
| Group Id | org.nuxeo.elasticsearch |
| Artifact Id | nuxeo-elasticsearch-http-read-only |
| Version | 2021.7.15 |
Manifest
Manifest-Version: 1.0
Archiver-Version: Plexus Archiver
Created-By: Apache Maven
Built-By: root
Build-Jdk: 11.0.12
Bundle-ManifestVersion: 2
Bundle-Version: 0.0.0.SNAPSHOT
Export-Package: org.nuxeo.elasticsearch.http.readonly
Bundle-ActivationPolicy: lazy
Bundle-ClassPath: .
Bundle-Localization: bundle
Bundle-Name: Elasticsearch HTTP Read Only API
Bundle-RequiredExecutionEnvironment: JavaSE-1.6
Require-Bundle: org.nuxeo.ecm.webengine.core,org.nuxeo.elasticsearch.c
ore
Bundle-Vendor: Nuxeo
Bundle-SymbolicName: org.nuxeo.elasticsearch.http.readonly;singleton:=
true
Nuxeo-WebModule: org.nuxeo.ecm.webengine.app.WebEngineModule
Nuxeo-Component: OSGI-INF/request-filter-service.xml,OSGI-INF/es-audit
-http-readonly-filter.xml
Exports
- Json Export Default Json serialization
- Json Graph Json dependency graph
- Json Contribution Stats Json statistics for contributions
- CSV Contribution Stats CSV statistics for contributions
Charts
-
Raw Data: Json Contribution Stats