Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Per-Request Headers #631

Closed
mdgilene opened this issue Jul 12, 2023 · 5 comments
Closed

Per-Request Headers #631

mdgilene opened this issue Jul 12, 2023 · 5 comments

Comments

@mdgilene
Copy link

Description

Currently I do not see a way to provide per-request headers anywhere in the API. This would be needed for things like JWT authorization documented here https://www.elastic.co/guide/en/elasticsearch/reference/current/jwt-auth-realm.html#hmac-oidc-example-request-headers

The only current solution it seems would be to re-build the entire client with every request which seems extremely wasteful.
@fpeter8
Copy link

fpeter8 commented Aug 16, 2023

You can add both a credential provider and a http request interceptor to the rest client:

RestClient.builder(HttpHost.create("url"))
	.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder.setDefaultCredentialsProvider(elasticCredentialsProvider)
		.addInterceptorFirst((HttpRequestInterceptor) (request, context) -> {
			request.addHeader("Authorization", value);
		})
)
.build();

Did you mean something else?

@mdgilene
Copy link
Author

My specific use case was the need to basically send a request "on behalf" of another user, not just using something like client_credential grant. So, a user makes a request to my service with their authorization token, I then pass that on to elastic so I can take advantage of all of the x-pack security features.

@fpeter8
Copy link

fpeter8 commented Aug 16, 2023

I have implemented Proxy authentication inside the interceptor before, that should work for you as well. It runs before every call to the Elastic cluster, so you can set custom headers and/or parameters for each call individually.

@l-trotta
Copy link
Contributor

Hello @mdgilene, is this still an issue for you or did @fpeter8's solution work?

@mdgilene
Copy link
Author

We ended up going a different direction, so this wasn't specifically needed in the end.

However, to the solution he provided; I think this would work for setting the JWT like I had mentioned. In our case I probably could have used Springs SecurityContextHolder to obtain and inject the token. However, I'm not sure the solution extends more generically as the context in which the interceptor would be created would be during Bean initialization. So, unless you had a static way to reference whatever value you wanted to inject you couldn't do something for example like pull a query parameter out of the request a user made and pass that along by way of a custom header.

I understand Elasticsearch doesn't make much use of headers with its API so the example I gave may seem a bit weird, however there are cases where setting headers are required if let's say there is a proxy in-between you and Elasticsearch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fpeter8 @mdgilene @l-trotta