- Add security filter

- Remove embedded Cesium (no more plugin site)
- refactoring on RestActions

duniter4j-elasticsearch/pom.xml

@@ -27,7 +27,6 @@
     <duniter4j-elasticsearch.config>${project.basedir}/src/test/resources/duniter4j-elasticsearch-test.properties</duniter4j-elasticsearch.config>
 
     <assembly.skip>false</assembly.skip>
-    <cesium.download.url>https://github.com/duniter/cesium/releases/download/v${cesium.version}/cesium-v${cesium.version}-web.zip</cesium.download.url>
   </properties>
 
   <dependencies>
@@ -191,42 +190,6 @@
         </executions>
       </plugin>
 
-      <plugin>
-        <groupId>org.apache.maven.plugins</groupId>
-        <artifactId>maven-antrun-plugin</artifactId>
-        <dependencies>
-          <dependency>
-            <groupId>ant-contrib</groupId>
-            <artifactId>ant-contrib</artifactId>
-            <version>1.0b3</version>
-            <exclusions>
-              <exclusion>
-                <groupId>ant</groupId>
-                <artifactId>ant</artifactId>
-              </exclusion>
-            </exclusions>
-          </dependency>
-        </dependencies>
-        <executions>
-          <execution>
-            <id>download-cesium</id>
-            <phase>prepare-package</phase>
-            <goals>
-              <goal>run</goal>
-            </goals>
-            <configuration>
-              <target>
-
-                <!-- download cesium -->
-                <get src="${cesium.download.url}" dest="${project.build.directory}/cesium-web-${cesium.version}.zip" verbose="false" usetimestamp="true" />
-                <unzip src="${project.build.directory}/cesium-web-${cesium.version}.zip" dest="${project.build.directory}/elasticsearch-${elasticsearch.version}/plugins/${project.artifactId}/_site" overwrite="true">
-                </unzip>
-              </target>
-              <skip>${assembly.skip}</skip>
-            </configuration>
-          </execution>
-        </executions>
-      </plugin>
       <plugin>
         <artifactId>maven-assembly-plugin</artifactId>
         <executions>

duniter4j-elasticsearch/src/main/filtered-resources/plugin-descriptor.properties

 name=duniter4j-elasticsearch
 description=Plugin for Duniter node indexation
 version=${project.version}
-site=true
+site=false
 jvm=true
 classname=org.duniter.elasticsearch.Plugin
 java.version=1.7

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/PluginSettings.java

@@ -225,6 +225,10 @@ public class PluginSettings extends AbstractLifecycleComponent<PluginSettings> {
         return settings.get("duniter.keyring.sec");
     }
 
+    public boolean enableSecurity() {
+        return settings.getAsBoolean("duniter.security.enable", true);
+    }
+
     /* protected methods */
 
     protected void initI18n() throws IOException {

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/AbstractRestPostIndexAction.java

@@ -23,6 +23,7 @@ package org.duniter.elasticsearch.action;
  */
 
 import org.duniter.core.exception.BusinessException;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
 import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
 import org.elasticsearch.client.Client;
@@ -31,6 +32,7 @@ import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.rest.*;
 
+import static org.elasticsearch.rest.RestRequest.Method.GET;
 import static org.elasticsearch.rest.RestRequest.Method.POST;
 import static org.elasticsearch.rest.RestStatus.OK;
 
@@ -42,6 +44,7 @@ public abstract class AbstractRestPostIndexAction extends BaseRestHandler {
 
 
     public AbstractRestPostIndexAction(Settings settings, RestController controller, Client client,
+                                       RestSecurityController securityController,
                                        String indexName,
                                        String typeName,
                                        JsonIndexer indexer) {
@@ -49,6 +52,8 @@ public abstract class AbstractRestPostIndexAction extends BaseRestHandler {
         controller.registerHandler(POST,
                 String.format("/%s/%s", indexName, typeName),
                 this);
+        securityController.allowIndexType(POST, indexName, typeName);
+        securityController.allowIndexType(GET, indexName, typeName);
         log = ESLoggerFactory.getLogger(String.format("[%s]", indexName));
         this.indexer = indexer;
     }

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/AbstractRestPostUpdateAction.java

@@ -23,6 +23,7 @@ package org.duniter.elasticsearch.action;
  */
 
 import org.duniter.core.exception.BusinessException;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
 import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
 import org.elasticsearch.client.Client;
@@ -42,6 +43,7 @@ public abstract class AbstractRestPostUpdateAction extends BaseRestHandler {
 
 
     public AbstractRestPostUpdateAction(Settings settings, RestController controller, Client client,
+                                        RestSecurityController securityController,
                                         String indexName,
                                         String typeName,
                                         JsonUpdater updater) {
@@ -49,6 +51,7 @@ public abstract class AbstractRestPostUpdateAction extends BaseRestHandler {
         controller.registerHandler(POST,
                 String.format("/%s/%s/{id}/_update", indexName, typeName),
                 this);
+        securityController.allowIndexType(POST, indexName, typeName);
         log = ESLoggerFactory.getLogger(String.format("[%s]", indexName));
         this.updater = updater;
     }

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/RestModule.java

@@ -24,16 +24,13 @@ package org.duniter.elasticsearch.action;
 
 import org.duniter.elasticsearch.action.currency.RestCurrencyIndexAction;
 import org.duniter.elasticsearch.action.history.RestHistoryDeleteIndexAction;
-import org.duniter.elasticsearch.action.market.RestMarketCommentIndexAction;
-import org.duniter.elasticsearch.action.market.RestMarketCommentUpdateAction;
-import org.duniter.elasticsearch.action.market.RestMarketRecordIndexAction;
-import org.duniter.elasticsearch.action.market.RestMarketRecordUpdateAction;
+import org.duniter.elasticsearch.action.market.*;
 import org.duniter.elasticsearch.action.message.RestMessageIndexAction;
-import org.duniter.elasticsearch.action.registry.RestRegistryRecordIndexAction;
-import org.duniter.elasticsearch.action.registry.RestRegistryRecordUpdateAction;
+import org.duniter.elasticsearch.action.registry.*;
 import org.duniter.elasticsearch.action.security.RestSecurityAuthAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
+import org.duniter.elasticsearch.action.security.RestSecurityFilter;
 import org.duniter.elasticsearch.action.security.RestSecurityGetChallengeAction;
-import org.duniter.elasticsearch.action.site.RestCesiumConfigAction;
 import org.duniter.elasticsearch.action.user.RestUserProfileIndexAction;
 import org.duniter.elasticsearch.action.user.RestUserProfileUpdateAction;
 import org.duniter.elasticsearch.action.user.RestUserSettingsIndexAction;
@@ -53,10 +50,14 @@ public class RestModule extends AbstractModule implements Module {
         bind(RestMarketRecordUpdateAction.class).asEagerSingleton();
         bind(RestMarketCommentIndexAction.class).asEagerSingleton();
         bind(RestMarketCommentUpdateAction.class).asEagerSingleton();
+        bind(RestMarketCategoryAction.class).asEagerSingleton();
 
         // Registry
         bind(RestRegistryRecordIndexAction.class).asEagerSingleton();
         bind(RestRegistryRecordUpdateAction.class).asEagerSingleton();
+        bind(RestRegistryCommentIndexAction.class).asEagerSingleton();
+        bind(RestregistryCommentUpdateAction.class).asEagerSingleton();
+        bind(RestRegistryCategoryAction.class).asEagerSingleton();
 
         // User
         bind(RestUserProfileIndexAction.class).asEagerSingleton();
@@ -64,9 +65,11 @@ public class RestModule extends AbstractModule implements Module {
         bind(RestUserSettingsIndexAction.class).asEagerSingleton();
         bind(RestUserSettingsUpdateAction.class).asEagerSingleton();
 
-        // Authentication
+        // Authentication & Security
         bind(RestSecurityGetChallengeAction.class).asEagerSingleton();
         bind(RestSecurityAuthAction.class).asEagerSingleton();
+        bind(RestSecurityFilter.class).asEagerSingleton();
+        bind(RestSecurityController.class).asEagerSingleton();
 
         // History
         bind(RestHistoryDeleteIndexAction.class).asEagerSingleton();
@@ -74,8 +77,5 @@ public class RestModule extends AbstractModule implements Module {
         // Message
         bind(RestMessageIndexAction.class).asEagerSingleton();
 
-        // Cesium
-        bind(RestCesiumConfigAction.class).asEagerSingleton();
-
     }
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/history/RestHistoryDeleteIndexAction.java

@@ -22,50 +22,26 @@ package org.duniter.elasticsearch.action.history;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
+import org.duniter.elasticsearch.action.AbstractRestPostIndexAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.HistoryService;
-import org.duniter.elasticsearch.service.MarketService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.BAD_REQUEST;
-import static org.elasticsearch.rest.RestStatus.OK;
-
-public class RestHistoryDeleteIndexAction extends BaseRestHandler {
+public class RestHistoryDeleteIndexAction extends AbstractRestPostIndexAction {
 
     private static final ESLogger log = ESLoggerFactory.getLogger(RestHistoryDeleteIndexAction.class.getName());
 
-    private HistoryService service;
-
     @Inject
-    public RestHistoryDeleteIndexAction(Settings settings, RestController controller, Client client, HistoryService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/history/delete", this);
-        this.service = service;
+    public RestHistoryDeleteIndexAction(Settings settings, RestController controller, Client client,
+                                        RestSecurityController securityController, HistoryService service) {
+        super(settings, controller, client, securityController,
+                HistoryService.INDEX,
+                HistoryService.DELETE_TYPE,
+                json -> service.indexDeleteFromJson(json));
     }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-
-        try {
-            String recordId = service.indexDeleteFromJson(request.content().toUtf8());
-
-            restChannel.sendResponse(new BytesRestResponse(OK, recordId));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
-    }
-
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/market/RestMarketCategoryAction.java

+package org.duniter.elasticsearch.action.market;
+
+/*
+ * #%L
+ * duniter4j-elasticsearch-plugin
+ * %%
+ * Copyright (C) 2014 - 2016 EIS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/gpl-3.0.html>.
+ * #L%
+ */
+
+import org.duniter.elasticsearch.action.security.RestSecurityController;
+import org.duniter.elasticsearch.service.MarketService;
+import org.elasticsearch.common.inject.Inject;
+import org.elasticsearch.rest.RestRequest;
+
+public class RestMarketCategoryAction {
+
+    @Inject
+    public RestMarketCategoryAction(RestSecurityController securityController) {
+        // Add security rule for category
+        securityController.allowIndexType(RestRequest.Method.GET, MarketService.INDEX, MarketService.RECORD_CATEGORY_TYPE);
+    }
+
+}
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/market/RestMarketCommentIndexAction.java

@@ -22,49 +22,22 @@ package org.duniter.elasticsearch.action.market;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
+import org.duniter.elasticsearch.action.AbstractRestPostIndexAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.MarketService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.logging.ESLogger;
-import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.BAD_REQUEST;
-import static org.elasticsearch.rest.RestStatus.OK;
-
-public class RestMarketCommentIndexAction extends BaseRestHandler {
-
-    private static final ESLogger log = ESLoggerFactory.getLogger(RestMarketCommentIndexAction.class.getName());
-
-    private MarketService service;
+public class RestMarketCommentIndexAction extends AbstractRestPostIndexAction {
 
     @Inject
-    public RestMarketCommentIndexAction(Settings settings, RestController controller, Client client, MarketService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/market/comment", this);
-        this.service = service;
-    }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-
-        try {
-            String recordId = service.indexCommentFromJson(request.content().toUtf8());
-
-            restChannel.sendResponse(new BytesRestResponse(OK, recordId));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
+    public RestMarketCommentIndexAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                        MarketService service) {
+        super(settings, controller, client, securityController,
+                MarketService.INDEX, MarketService.RECORD_COMMENT_TYPE,
+                json -> service.indexCommentFromJson(json));
     }
 
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/market/RestMarketCommentUpdateAction.java

@@ -22,48 +22,22 @@ package org.duniter.elasticsearch.action.market;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
+import org.duniter.elasticsearch.action.AbstractRestPostUpdateAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.MarketService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.logging.ESLogger;
-import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.OK;
-
-public class RestMarketCommentUpdateAction extends BaseRestHandler {
-
-    private static final ESLogger log = ESLoggerFactory.getLogger(RestMarketCommentUpdateAction.class.getName());
-
-    private MarketService service;
+public class RestMarketCommentUpdateAction extends AbstractRestPostUpdateAction {
 
     @Inject
-    public RestMarketCommentUpdateAction(Settings settings, RestController controller, Client client, MarketService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/market/comment/{id}/_update", this);
-        this.service = service;
-    }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-
-        String id = request.param("id");
-        try {
-            service.updateCommentFromJson(request.content().toUtf8(), id);
-            restChannel.sendResponse(new BytesRestResponse(OK, id));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
+    public RestMarketCommentUpdateAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                         MarketService service) {
+        super(settings, controller, client, securityController,
+                MarketService.INDEX, MarketService.RECORD_COMMENT_TYPE,
+                (json, id) -> service.updateCommentFromJson(json, id));
     }
 
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/market/RestMarketRecordIndexAction.java

@@ -22,49 +22,22 @@ package org.duniter.elasticsearch.action.market;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
+import org.duniter.elasticsearch.action.AbstractRestPostIndexAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.MarketService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.logging.ESLogger;
-import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.BAD_REQUEST;
-import static org.elasticsearch.rest.RestStatus.OK;
-
-public class RestMarketRecordIndexAction extends BaseRestHandler {
-
-    private static final ESLogger log = ESLoggerFactory.getLogger(RestMarketRecordIndexAction.class.getName());
-
-    private MarketService service;
+public class RestMarketRecordIndexAction extends AbstractRestPostIndexAction {
 
     @Inject
-    public RestMarketRecordIndexAction(Settings settings, RestController controller, Client client, MarketService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/market/record", this);
-        this.service = service;
-    }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-
-        try {
-            String recordId = service.indexRecordFromJson(request.content().toUtf8());
-
-            restChannel.sendResponse(new BytesRestResponse(OK, recordId));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
+    public RestMarketRecordIndexAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                       MarketService service) {
+        super(settings, controller, client, securityController,
+                MarketService.INDEX, MarketService.RECORD_TYPE,
+                json -> service.indexRecordFromJson(json));
     }
 
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/market/RestMarketRecordUpdateAction.java

@@ -22,47 +22,22 @@ package org.duniter.elasticsearch.action.market;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
+import org.duniter.elasticsearch.action.AbstractRestPostUpdateAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.MarketService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.logging.ESLogger;
-import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.OK;
-
-public class RestMarketRecordUpdateAction extends BaseRestHandler {
-
-    private static final ESLogger log = ESLoggerFactory.getLogger(RestMarketRecordUpdateAction.class.getName());
-
-    private MarketService service;
+public class RestMarketRecordUpdateAction extends AbstractRestPostUpdateAction {
 
     @Inject
-    public RestMarketRecordUpdateAction(Settings settings, RestController controller, Client client, MarketService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/market/record/{id}/_update", this);
-        this.service = service;
-    }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-        String id = request.param("id");
-        try {
-            service.updateRecordFromJson(request.content().toUtf8(), id);
-            restChannel.sendResponse(new BytesRestResponse(OK, id));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
+    public RestMarketRecordUpdateAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                        MarketService service) {
+        super(settings, controller, client, securityController,
+                MarketService.INDEX, MarketService.RECORD_TYPE,
+                (json, id) -> service.updateRecordFromJson(json, id));
     }
 
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/message/RestMessageIndexAction.java

@@ -23,6 +23,7 @@ package org.duniter.elasticsearch.action.message;
  */
 
 import org.duniter.elasticsearch.action.AbstractRestPostIndexAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.MessageService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
@@ -32,8 +33,10 @@ import org.elasticsearch.rest.RestController;
 public class RestMessageIndexAction extends AbstractRestPostIndexAction {
 
     @Inject
-    public RestMessageIndexAction(Settings settings, RestController controller, Client client, final MessageService service) {
-        super(settings, controller, client,
+    public RestMessageIndexAction(Settings settings, RestController controller, Client client,
+                                  RestSecurityController securityController,
+                                  final MessageService service) {
+        super(settings, controller, client, securityController,
                 MessageService.INDEX,
                 MessageService.RECORD_TYPE,
                 json -> service.indexRecordFromJson(json));

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/registry/RestRegistryCategoryAction.java

+package org.duniter.elasticsearch.action.registry;
+
+/*
+ * #%L
+ * duniter4j-elasticsearch-plugin
+ * %%
+ * Copyright (C) 2014 - 2016 EIS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/gpl-3.0.html>.
+ * #L%
+ */
+
+import org.duniter.elasticsearch.action.security.RestSecurityController;
+import org.duniter.elasticsearch.service.RegistryService;
+import org.elasticsearch.common.inject.Inject;
+import org.elasticsearch.rest.RestRequest;
+
+public class RestRegistryCategoryAction {
+
+    @Inject
+    public RestRegistryCategoryAction(RestSecurityController securityController) {
+        // Add security rule for category
+        securityController.allowIndexType(RestRequest.Method.GET, RegistryService.INDEX, RegistryService.RECORD_CATEGORY_TYPE);
+    }
+
+}
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/registry/RestRegistryCommentIndexAction.java

+package org.duniter.elasticsearch.action.registry;
+
+/*
+ * #%L
+ * duniter4j-elasticsearch-plugin
+ * %%
+ * Copyright (C) 2014 - 2016 EIS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/gpl-3.0.html>.
+ * #L%
+ */
+
+import org.duniter.elasticsearch.action.AbstractRestPostIndexAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
+import org.duniter.elasticsearch.service.RegistryService;
+import org.elasticsearch.client.Client;
+import org.elasticsearch.common.inject.Inject;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.rest.RestController;
+
+public class RestRegistryCommentIndexAction extends AbstractRestPostIndexAction {
+
+    @Inject
+    public RestRegistryCommentIndexAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                          RegistryService service) {
+        super(settings, controller, client, securityController,
+                RegistryService.INDEX, RegistryService.RECORD_COMMENT_TYPE,
+                json -> service.indexCommentFromJson(json));
+    }
+
+}
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/registry/RestRegistryRecordIndexAction.java

@@ -22,49 +22,22 @@ package org.duniter.elasticsearch.action.registry;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
+import org.duniter.elasticsearch.action.AbstractRestPostIndexAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.RegistryService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.logging.ESLogger;
-import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.BAD_REQUEST;
-import static org.elasticsearch.rest.RestStatus.OK;
+public class RestRegistryRecordIndexAction extends AbstractRestPostIndexAction {
 
-public class RestRegistryRecordIndexAction extends BaseRestHandler {
-
-    private static final ESLogger log = ESLoggerFactory.getLogger(RestRegistryRecordIndexAction.class.getName());
-
-    private RegistryService service;
 
     @Inject
-    public RestRegistryRecordIndexAction(Settings settings, RestController controller, Client client, RegistryService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/registry/record", this);
-        this.service = service;
+    public RestRegistryRecordIndexAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                         RegistryService service) {
+        super(settings, controller, client, securityController,
+                RegistryService.INDEX, RegistryService.RECORD_TYPE,
+                json -> service.indexRecordFromJson(json));
     }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-
-        try {
-            String recordId = service.indexRecordFromJson(request.content().toUtf8());
-
-            restChannel.sendResponse(new BytesRestResponse(OK, recordId));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
-    }
-
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/registry/RestRegistryRecordUpdateAction.java

@@ -22,48 +22,22 @@ package org.duniter.elasticsearch.action.registry;
  * #L%
  */
 
-import org.duniter.core.exception.BusinessException;
-import org.duniter.elasticsearch.exception.DuniterElasticsearchException;
-import org.duniter.elasticsearch.rest.XContentThrowableRestResponse;
-import org.duniter.elasticsearch.service.MarketService;
+import org.duniter.elasticsearch.action.AbstractRestPostUpdateAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
 import org.duniter.elasticsearch.service.RegistryService;
 import org.elasticsearch.client.Client;
 import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.logging.ESLogger;
-import org.elasticsearch.common.logging.ESLoggerFactory;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.rest.*;
+import org.elasticsearch.rest.RestController;
 
-import static org.elasticsearch.rest.RestRequest.Method.POST;
-import static org.elasticsearch.rest.RestStatus.OK;
-
-public class RestRegistryRecordUpdateAction extends BaseRestHandler {
-
-    private static final ESLogger log = ESLoggerFactory.getLogger(RestRegistryRecordUpdateAction.class.getName());
-
-    private RegistryService service;
+public class RestRegistryRecordUpdateAction extends AbstractRestPostUpdateAction {
 
     @Inject
-    public RestRegistryRecordUpdateAction(Settings settings, RestController controller, Client client, RegistryService service) {
-        super(settings, controller, client);
-        controller.registerHandler(POST, "/registry/record/{id}/_update", this);
-        this.service = service;
-    }
-
-    @Override
-    protected void handleRequest(final RestRequest request, RestChannel restChannel, Client client) throws Exception {
-        String id = request.param("id");
-        try {
-            service.updateRecordFromJson(request.content().toUtf8(), id);
-            restChannel.sendResponse(new BytesRestResponse(OK, id));
-        }
-        catch(DuniterElasticsearchException | BusinessException e) {
-            log.error(e.getMessage(), e);
-            restChannel.sendResponse(new XContentThrowableRestResponse(request, e));
-        }
-        catch(Exception e) {
-            log.error(e.getMessage(), e);
-        }
+    public RestRegistryRecordUpdateAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                          RegistryService service) {
+        super(settings, controller, client, securityController,
+                RegistryService.INDEX, RegistryService.RECORD_TYPE,
+                (json, id) -> service.updateRecordFromJson(json, id));
     }
 
 }
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/registry/RestregistryCommentUpdateAction.java

+package org.duniter.elasticsearch.action.registry;
+
+/*
+ * #%L
+ * duniter4j-elasticsearch-plugin
+ * %%
+ * Copyright (C) 2014 - 2016 EIS
+ * %%
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as
+ * published by the Free Software Foundation, either version 3 of the 
+ * License, or (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public 
+ * License along with this program.  If not, see
+ * <http://www.gnu.org/licenses/gpl-3.0.html>.
+ * #L%
+ */
+
+import org.duniter.elasticsearch.action.AbstractRestPostUpdateAction;
+import org.duniter.elasticsearch.action.security.RestSecurityController;
+import org.duniter.elasticsearch.service.MarketService;
+import org.duniter.elasticsearch.service.RegistryService;
+import org.elasticsearch.client.Client;
+import org.elasticsearch.common.inject.Inject;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.rest.RestController;
+
+public class RestregistryCommentUpdateAction extends AbstractRestPostUpdateAction {
+
+    @Inject
+    public RestregistryCommentUpdateAction(Settings settings, RestController controller, Client client, RestSecurityController securityController,
+                                           RegistryService service) {
+        super(settings, controller, client, securityController,
+                RegistryService.INDEX, RegistryService.RECORD_COMMENT_TYPE,
+                (json, id) -> service.updateCommentFromJson(json, id));
+    }
+
+}
\ No newline at end of file

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/security/RestSecurityAuthAction.java

@@ -47,12 +47,14 @@ public class RestSecurityAuthAction extends BaseRestHandler {
 
     @Inject
     public RestSecurityAuthAction(Settings settings, RestController controller, Client client,
+                                  RestSecurityController securityController,
                                   ChallengeMessageStore challengeMessageStore,
                                   SecurityTokenStore securityTokenStore) {
         super(settings, controller, client);
         this.challengeMessageStore = challengeMessageStore;
         this.securityTokenStore = securityTokenStore;
         controller.registerHandler(POST, "/auth", this);
+        securityController.allow(POST, "/auth");
     }
 
     @Override

duniter4j-elasticsearch/src/main/java/org/duniter/elasticsearch/action/security/RestSecurityController.java

+package org.duniter.elasticsearch.action.security;
+
+import org.duniter.elasticsearch.PluginSettings;
+import org.elasticsearch.common.component.AbstractLifecycleComponent;
+import org.elasticsearch.common.inject.Inject;
+import org.elasticsearch.common.logging.ESLogger;
+import org.elasticsearch.common.logging.ESLoggerFactory;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.rest.RestRequest;
+
+import java.util.*;
+
+/**
+ * Created by blavenie on 11/10/16.
+ */
+public class RestSecurityController extends AbstractLifecycleComponent<RestSecurityController> {
+
+    private static final ESLogger log = ESLoggerFactory.getLogger("security");
+
+    private boolean enable;
+
+    private Map<RestRequest.Method, Set<String>> allowRulesByMethod;
+
+    @Inject
+    public RestSecurityController(Settings settings, PluginSettings pluginSettings) {
+        super(settings);
+        this.enable = pluginSettings.enableSecurity();
+        this.allowRulesByMethod = new HashMap<>();
+    }
+
+    public RestSecurityController allowIndexType(RestRequest.Method method, String index, String type) {
+        return allow(method, String.format("/%s/%s", index, type));
+    }
+
+    public RestSecurityController allow(RestRequest.Method method, String path) {
+        Set<String> allowRules = allowRulesByMethod.get(method);
+        if (allowRules == null) {
+            allowRules = new TreeSet<>();
+            allowRulesByMethod.put(method, allowRules);
+        }
+        allowRules.add(path);
+        return this;
+    }
+
+    public boolean isAllow(RestRequest request) {
+        RestRequest.Method method = request.method();
+        if (log.isTraceEnabled()) {
+            log.trace(String.format("Checking rules for %s request [%s]...", method, request.path()));
+        }
+
+        Set<String> allowRules = allowRulesByMethod.get(request.method());
+        String path = request.path();
+        if (allowRules != null) {
+            for (String allowRule : allowRules) {
+                if (path.startsWith(allowRule)) {
+                    if (log.isTraceEnabled()) {
+                        log.trace(String.format("Find matching rule [%s] for %s request [%s]: allow", allowRule, method, path));
+                    }
+                    return true;
+                }
+            }
+        }
+
+        log.trace(String.format("No matching rules for %s request [%s]: reject", method, path));
+        return false;
+    }
+
+    @Override
+    protected void doStart() {
+
+    }
+
+    @Override
+    protected void doStop() {
+
+    }
+
+    @Override
+    protected void doClose() {
+
+    }
+
+    /* -- Internal method -- */
+
+}