From 9a6ae3e98dc8f964207773cf4d59e6cdf65fd7c2 Mon Sep 17 00:00:00 2001 From: Julien Nioche Date: Fri, 21 Apr 2023 12:14:26 +0100 Subject: [PATCH] README gives examples in authenticated context + use localhost Signed-off-by: Julien Nioche --- README.md | 18 +++++++++--------- .../SynonymGraphTokenFilterFactory.java | 8 ++++---- src/main/resources/plugin-security.policy | 3 +-- 3 files changed, 14 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 9ad56e6..bb47cdd 100644 --- a/README.md +++ b/README.md @@ -28,7 +28,6 @@ When installing the plugin, you will see a message similar to this one: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: plugin requires additional permissions @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -* java.net.SocketPermission 0.0.0.0 connect,listen,accept,resolve * java.net.SocketPermission localhost connect,listen,accept,resolve See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html for descriptions of what these permissions allow and the associated risks. @@ -46,7 +45,7 @@ This way the plugin will be preinstalled. ## Getting Started -First, you need to declare the analyzers when creating your index (assuming OpenSearch is running locally on the default port and that the [security plugin is deactivated](https://opensearch.org/docs/2.6/security/configuration/disable)): +First, you need to declare the analyzers when creating your index (assuming OpenSearch is running locally on the default port and that the default security settings are applied): ``` curl --insecure -u admin:admin -XPUT "https://localhost:9200/my_index" -H 'Content-Type: application/json' -d' @@ -89,14 +88,13 @@ curl --insecure -u admin:admin -XPUT "https://localhost:9200/my_index" -H 'Conte The index synonym graph is used only during search and can't be applied during indexing. The parameters _lenient_ and _expand_ are similar to those of synonym-graph-tokenfilter, their default values are indicated above. The parameter _index_ specifies where the plugin will load the synonym mappings from. The default value is _.synonyms_. +The parameters "username" and "password" allow to specify the credentials to use for connecting to OpenSearch. If the [security plugin is deactivated](https://opensearch.org/docs/2.6/security/configuration/disable), +remove these parameters. -The next step is to declare the index used to store the synonyms and populate it. +The next step is to index the synonyms. ``` -curl -XPUT "http://localhost:9200/.synonyms" - - -curl -XPOST -H "Content-Type: application/json" "http://localhost:9200/.synonyms/_doc/synonyms" -d '{ +curl --insecure -u admin:admin -XPOST -H "Content-Type: application/json" "https://localhost:9200/.synonyms/_doc/synonyms" -d '{ "synonyms": [ "i-pod, i pod => ipod", "sea biscuit, sea biscit => seabiscuit", @@ -116,12 +114,14 @@ The synonyms can be stored in any number of documents in the index, a query load Now that the synonym index has been populated, you can check that it is being applied. First, since the synonym data have been created *after* configuring the analysis for the search, the config must be reloaded with -`curl -XPOST "http://localhost:9200/_plugins/_refresh_search_analyzers/my_index"` +``` +curl --insecure -u admin:admin -XPOST "https://localhost:9200/_plugins/_refresh_search_analyzers/my_index" +``` you can then use the analyze endpoint to get a description of how a field will be analysed at search time, for instance ``` -curl -XPOST "http://localhost:9200/my_index/_analyze" -H 'Content-Type: application/json' -d' +curl --insecure -u admin:admin -XPOST "https://localhost:9200/my_index/_analyze" -H 'Content-Type: application/json' -d' { "analyzer": "default_search", "text": "Is this universe déja vu?" diff --git a/src/main/java/io/telicent/opensearch/SynonymGraphTokenFilterFactory.java b/src/main/java/io/telicent/opensearch/SynonymGraphTokenFilterFactory.java index dd71707..4d5102e 100644 --- a/src/main/java/io/telicent/opensearch/SynonymGraphTokenFilterFactory.java +++ b/src/main/java/io/telicent/opensearch/SynonymGraphTokenFilterFactory.java @@ -25,7 +25,7 @@ /** * Alternative implementation of the SynonymGraphTokenFilter which loads its dictionary from an - * opensearch index instead of a file. Used at search time only and not during indexing. + * OpenSearch index instead of a file. Used at search time only and not during indexing. */ public class SynonymGraphTokenFilterFactory extends AbstractTokenFilterFactory { @@ -34,7 +34,9 @@ public class SynonymGraphTokenFilterFactory extends AbstractTokenFilterFactory { protected final String indexName; protected final int port; - protected final String host; + + // always connect to localhost + protected final String host = "localhost"; protected final String username; protected final String password; @@ -46,12 +48,10 @@ public class SynonymGraphTokenFilterFactory extends AbstractTokenFilterFactory { this.expand = settings.getAsBoolean("expand", true); this.lenient = settings.getAsBoolean("lenient", false); this.indexName = settings.get("index", ".synonyms"); - this.username = settings.get("username"); this.password = settings.get("password"); this.port = env.settings().getAsInt("http.port", 9200); - this.host = env.settings().get("network.host", "localhost"); } @Override diff --git a/src/main/resources/plugin-security.policy b/src/main/resources/plugin-security.policy index f0ba23c..fcc2b75 100644 --- a/src/main/resources/plugin-security.policy +++ b/src/main/resources/plugin-security.policy @@ -1,4 +1,3 @@ grant { permission java.net.SocketPermission "localhost", "accept,connect,listen,resolve"; - permission java.net.SocketPermission "0.0.0.0", "accept,connect,listen,resolve"; -}; \ No newline at end of file +};