在Kibana 3中如何以及在何处实施基本身份验证
鄂和璧
问题内容:
问题答案:
我将我的elasticsearch服务器放在提供基本身份验证的Apache反向代理后面。
直接从浏览器向Apache进行身份验证可以正常工作。但是,当我使用Kibana 3访问服务器时,会收到身份验证错误。
显然是因为没有auth标头与Kibana的Ajax调用一起发送。
我将以下内容添加到Kibana供应商目录中的elastic-angular-client.js中,以实现快速而肮脏的身份验证。但是由于某种原因,它不起作用。
$http.defaults.headers.common.Authorization = 'Basic ' + Base64Encode('user:Password');
在Kibana中实施基本身份验证的最佳方法和地点是什么?
/*! elastic.js - v1.1.1 - 2013-05-24
* https://github.com/fullscale/elastic.js
* Copyright (c) 2013 FullScale Labs, LLC; Licensed MIT */
/*jshint browser:true */
/*global angular:true */
'use strict';
/*
Angular.js service wrapping the elastic.js API. This module can simply
be injected into your angular controllers.
*/
angular.module('elasticjs.service', [])
.factory('ejsResource', ['$http', function ($http) {
return function (config) {
var
// use existing ejs object if it exists
ejs = window.ejs || {},
/* results are returned as a promise */
promiseThen = function (httpPromise, successcb, errorcb) {
return httpPromise.then(function (response) {
(successcb || angular.noop)(response.data);
return response.data;
}, function (response) {
(errorcb || angular.noop)(response.data);
return response.data;
});
};
// check if we have a config object
// if not, we have the server url so
// we convert it to a config object
if (config !== Object(config)) {
config = {server: config};
}
// set url to empty string if it was not specified
if (config.server == null) {
config.server = '';
}
/* implement the elastic.js client interface for angular */
ejs.client = {
server: function (s) {
if (s == null) {
return config.server;
}
config.server = s;
return this;
},
post: function (path, data, successcb, errorcb) {
$http.defaults.headers.common.Authorization = 'Basic ' + Base64Encode('user:Password');
console.log($http.defaults.headers);
path = config.server + path;
var reqConfig = {url: path, data: data, method: 'POST'};
return promiseThen($http(angular.extend(reqConfig, config)), successcb, errorcb);
},
get: function (path, data, successcb, errorcb) {
$http.defaults.headers.common.Authorization = 'Basic ' + Base64Encode('user:Password');
path = config.server + path;
// no body on get request, data will be request params
var reqConfig = {url: path, params: data, method: 'GET'};
return promiseThen($http(angular.extend(reqConfig, config)), successcb, errorcb);
},
put: function (path, data, successcb, errorcb) {
$http.defaults.headers.common.Authorization = 'Basic ' + Base64Encode('user:Password');
path = config.server + path;
var reqConfig = {url: path, data: data, method: 'PUT'};
return promiseThen($http(angular.extend(reqConfig, config)), successcb, errorcb);
},
del: function (path, data, successcb, errorcb) {
$http.defaults.headers.common.Authorization = 'Basic ' + Base64Encode('user:Password');
path = config.server + path;
var reqConfig = {url: path, data: data, method: 'DELETE'};
return promiseThen($http(angular.extend(reqConfig, config)), successcb, errorcb);
},
head: function (path, data, successcb, errorcb) {
$http.defaults.headers.common.Authorization = 'Basic ' + Base64Encode('user:Password');
path = config.server + path;
// no body on HEAD request, data will be request params
var reqConfig = {url: path, params: data, method: 'HEAD'};
return $http(angular.extend(reqConfig, config))
.then(function (response) {
(successcb || angular.noop)(response.headers());
return response.headers();
}, function (response) {
(errorcb || angular.noop)(undefined);
return undefined;
});
}
};
return ejs;
};
}]);
更新1:
我实现了Matts的建议。但是,服务器返回一个奇怪的响应。授权标头似乎不起作用。我可能在端口81上运行Kibana,而在8181上运行elasticsearch呢?
OPTIONS /solar_vendor/_search HTTP/1.1
Host: 46.252.46.173:8181
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Origin: http://46.252.46.173:81
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
这是回应
HTTP/1.1 401 Authorization Required
Date: Fri, 08 Nov 2013 23:47:02 GMT
WWW-Authenticate: Basic realm="Username/Password"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 346
Connection: close
Content-Type: text/html; charset=iso-8859-1
更新2: 使用这些Kibana文件中的已修改标头更新所有实例
root@localhost:/var/www/kibana# grep -r 'ejsResource(' .
./src/app/controllers/dash.js: $scope.ejs = ejsResource({server: config.elasticsearch, headers: {'Access-Control-Request-Headers': 'Accept, Origin, Authorization', 'Authorization': 'Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXX=='}});
./src/app/services/querySrv.js: var ejs = ejsResource({server: config.elasticsearch, headers: {'Access-Control-Request-Headers': 'Accept, Origin, Authorization', 'Authorization': 'Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXX=='}});
./src/app/services/filterSrv.js: var ejs = ejsResource({server: config.elasticsearch, headers: {'Access-Control-Request-Headers': 'Accept, Origin, Authorization', 'Authorization': 'Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXX=='}});
./src/app/services/dashboard.js: var ejs = ejsResource({server: config.elasticsearch, headers: {'Access-Control-Request-Headers': 'Accept, Origin, Authorization', 'Authorization': 'Basic XXXXXXXXXXXXXXXXXXXXXXXXXXXXX=='}});
并为反向代理修改了我的vhost conf,如下所示
<VirtualHost *:8181>
ProxyRequests Off
ProxyPass / http://127.0.0.1:9200/
ProxyPassReverse / https://127.0.0.1:9200/
<Location />
Order deny,allow
Allow from all
AuthType Basic
AuthName “Username/Password”
AuthUserFile /var/www/cake2.2.4/.htpasswd
Require valid-user
Header always set Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS, PUT"
Header always set Access-Control-Allow-Headers "Content-Type, X-Requested-With, X-HTTP-Method-Override, Origin, Accept, Authorization"
Header always set Access-Control-Allow-Credentials "true"
Header always set Cache-Control "max-age=0"
Header always set Access-Control-Allow-Origin *
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
</VirtualHost>
Apache发送回新的响应标头,但请求标头在某处仍然似乎是错误的。身份验证不起作用。
请求标题
OPTIONS /solar_vendor/_search HTTP/1.1
Host: 46.252.26.173:8181
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Origin: http://46.252.26.173:81
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization,content-type
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
响应标题
HTTP/1.1 401 Authorization Required
Date: Sat, 09 Nov 2013 08:48:48 GMT
Access-Control-Allow-Methods: GET, POST, DELETE, OPTIONS, PUT
Access-Control-Allow-Headers: Content-Type, X-Requested-With, X-HTTP-Method-Override, Origin, Accept, Authorization
Access-Control-Allow-Credentials: true
Cache-Control: max-age=0
Access-Control-Allow-Origin: *
WWW-Authenticate: Basic realm="Username/Password"
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 346
Connection: close
Content-Type: text/html; charset=iso-8859-1
解决方案:
经过更多研究,我发现这绝对是CORS的配置问题。关于该主题有很多可用的帖子,但是看来为了解决我的问题,有必要在apache上进行一些非常精细的配置,并确保从浏览器发送正确的内容。
因此,我重新考虑了该策略,并找到了一个更简单的解决方案。只需修改vhost反向代理配置,即可将elastisearch服务器和kibana移至同一http端口。这也为Kibana增加了更好的安全性。
这是我所做的:
<VirtualHost *:8181>
ProxyRequests Off
ProxyPass /bigdatadesk/ http://127.0.0.1:81/bigdatadesk/src/
ProxyPassReverse /bigdatadesk/ http://127.0.0.1:81/bigdatadesk/src/
ProxyPass / http://127.0.0.1:9200/
ProxyPassReverse / https://127.0.0.1:9200/
<Location />
Order deny,allow
Allow from all
AuthType Basic
AuthName “Username/Password”
AuthUserFile /var/www/.htpasswd
Require valid-user
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
</VirtualHost>
问题答案:
在Kibana中,将最新的Elastic-angular-
client.js替换为可以在此处找到的最新版本。然后,在Kibana代码中替换以下所有实例:
$scope.ejs = ejsResource(config.elasticsearch);
与
$scope.ejs = ejsResource({server: config.elasticsearch, headers: {'Access-Control-Request-Headers': 'accept, origin, authorization', 'Authorization': 'Basic ' + Base64Encode('user:Password')}});
那应该是您所需要的。
更新:
是否为CORS配置了apache?看到这个。
Header always set Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS, PUT"
Header always set Access-Control-Allow-Headers "Content-Type, X-Requested-With, X-HTTP-Method-Override, Origin, Accept, Authorization"
Header always set Access-Control-Allow-Credentials "true"
Header always set Cache-Control "max-age=0"
Header always set Access-Control-Allow-Origin *
类似资料:
-
问题内容: 如何在AngularJs中使用基本身份验证?我已经在Google上搜索了,但是资源对我来说不起作用。我 非常 新AngularJS 问题答案: 假设您的html定义如下: 您可以使用以下基本身份验证将后端连接到rest api: 请注意,此代码的大部分是方法。如果不需要支持IE9及更低版本,则可以将其替换为本地JS实现- atob()和btoa():https : //develope
-
在斯威格中有一个.BasicAuth(“基本”)。我取消注释的描述(“基本HTTP授权”)行。 但是,当尝试使用其中一个endpoint时,单击“试用!”按钮时,系统会提示我登录。无论我在这个框中放了什么(用户名和密码框),我都无法运行或测试endpoint,因为我未经授权。我需要在 SwaggerConfig.cs 文件或其他位置执行哪些操作才能进行测试? 我使用的是.Net Framework
-
我正在开发一个JavaFX应用程序,并试图使用WebView访问一个web应用程序。这个web应用程序有基本的身份验证,我想通过编程提交凭据(不想提示用户提供他的凭据,它们存储在JavaFX应用程序中,我知道这种方法的安全含义)。 我在谷歌上找到的唯一链接是: https://community.oracle.com/message/12518017 还没有答案。
-
问题内容: 我相信我可以使用基本身份验证,但是我不确定如何保护资源,以便仅在用户登录时才能访问它们。 我的登录资源是这样的: 我用以下方式签署用户: 题 假设用户使用端点从浏览器或本机移动应用程序前端登录。那么如何我可以保护另一个端点,比方说,它 要求用户要signedin 问题答案: 尝试实现REST时有两件事。一个是身份验证(似乎已经可以使用),另一个是授权(我相信您的问题是)。 我之前在dr
-
问题内容: 我不确定如何发送HTTP Auth标头。 我有以下HttpClient来获取请求,但不确定如何发送请求? 问题答案: HttpClient 文档及其示例代码中对此进行了介绍。
-
问题内容: 我有一个具有基本身份验证的RESTFull服务,我想从iOS + swift调用它。我必须如何以及在何处为此请求提供凭据? 我的代码(对不起,我刚刚开始学习iOS / obj-c / swift): } 问题答案: 您需要在实例中提供凭据,例如Swift 3: 或在Swift 2中: