jqueryelasticsearchelasticsearch-x-pack

ElasticSearch: user authentication required in jquery ajax http request


I'm using ElasticSearch 14-day trial service deployed on Google Cloud and I'm trying to make a HTTP request from JQuery to realize a generic search on ElasticSearch.

            $.ajax({
              method: "GET",
              url: "https://6ce.......5d14.us-west1.gcp.cloud.es.io:9243/itens/_search",
              dataType : 'json',
              contentType: 'application/json',
            })
            .done(function( data ) {
              console.log(data);
            })
            .fail(function( data ) {
              console.log(data);
            });

But it gives me an error of 401-Unauthorized saying:

responseText: "{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search] requires authentication\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\"security\\\"\",\"ApiKey\",\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"]}}],\"type\":\"security_exception\",\"reason\":\"action [indices:data/read/search] requires authentication\",\"header\":{\"WWW-Authenticate\":[\"Bearer realm=\\\"security\\\"\",\"ApiKey\",\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"]}},\"status\":401}"

I edited my elasticsearch.yml file to be like:

http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-methods: OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers: "Authorization, X-Requested-With, X-Auth-Token, Content-Type, Content-Length"
http.cors.allow-credentials: true

An then I restarted the deployment, but it still doesn't work.

I also tried to add xpack.security.enabled: false to elasticsearch.yml file but it gives me an error of 'xpack.security.enabled': is not allowed when I click on save button.

How can I disable user authentication requirement or how can I inform user/password in my HTTP request?


Solution

  • I would do it like this by adding the authentication in the headers hash:

            $.ajax({
              method: "GET",
              url: "https://6ce.......5d14.us-west1.gcp.cloud.es.io:9243/itens/_search",
              dataType : 'json',
              contentType: 'application/json',
        -->   headers: {
        -->     "Authorization": "Basic " + btoa("elastic:XXX_PASSWORD_XXX")
        -->   }
            })