Search-guard does not integrate with elasticsearch
My current elasticsearch version is 1.5.2. I recently installed search protection with the following command - bin/plugin -i com.floragunn/search-guard/0.5
. Prior to that, I created an index with the following configuration -
curl -XPUT 'http://localhost:9200/searchguard/ac/ac' -d '{
"acl": [
{
"__Comment__": "By default no filters are executed and no filters a by-passed. In such a case an exception is thrown and access will be denied.",
"filters_bypass": [],
"filters_execute": []
},
{
"__Comment__": "For role *admin* all filters are bypassed (so none will be executed). This means unrestricted access.",
"roles": [
"admin"
],
"filters_bypass": ["*"],
"filters_execute": []
}
]
}'
Then I made some changes to elasticsearch.yml file and below is the config -
#############################################################################################
# SEARCH GUARD #
# Configuration #
#############################################################################################
Note: All waffle related options are only valid if your ES node is running on windows OS
# Enable or disable the complete Searchguard plugin functionality
#searchguard.enabled: true
# Path where to write/read the searchguard master key file
searchguard.key_path: /home/pavan/Documents/interns2015/elasticsearch-1.5.2
# When using DLS or FLS and a get or mget is performed then rewrite it as search request
searchguard.rewrite_get_as_search: true
# The index name where Searchguard will store its configuration and various other informations related to Searchguard itself
# This index can only be access from localhost
#searchguard.config_index_name: searchguard
# Enable or disable HTTP session which caches the authentication and authorization informations in a cookie
#searchguard.http.enable_sessions: false
# Enable or disable audit logging
#searchguard.auditlog.enabled: true
# If this is true (default is false) then Searchguard will check if elasticsearch is running as root/windows admin and if so then abort.
#searchguard.check_for_root: false
# If this is true (default is false) then allow all HTTP REST requests from nodes loopback (e.g. localhost)
#searchguard.allow_all_from_loopback: false
# If this is true (default: false) then enable authenticated transports requests (e.g. TransportClient authentication)
# This can be done in that way (for example):
# TransportClient.get(new GetRequest("marketing", "customer", "tp_3").putHeader("searchguard_transport_creds", "c2FseWg6c2VjcmV0"))
# Add a header "searchguard_transport_creds"
# base64(username":"password) is the credentials string
# base64(spock:secret) -> c3BvY2s6c2VjcmV0
#searchguard.transport_auth.enabled: false
#############################################################################################
# Transport layer SSL #
# #
#############################################################################################
# Enable or disable node-to-node ssl encryption
#searchguard.ssl.transport.node.enabled: false
# JKS or PKCS12
#searchguard.ssl.transport.node.keystore_type: JKS
# Absolute path to the keystore file (this stores the server certificates)
#searchguard.ssl.transport.node.keystore_filepath: null
# Keystore password
#searchguard.ssl.transport.node.keystore_password: changeit
# Do other nodes have to authenticate themself to the cluster, default is true
#searchguard.ssl.transport.node.enforce_clientauth: true
# JKS or PKCS12
#searchguard.ssl.transport.node.truststore_type: JKS
# Absolute path to the truststore file (this stores the client certificates)
#searchguard.ssl.transport.node.truststore_filepath: null
# Truststore password
#searchguard.ssl.transport.node.truststore_password: changeit
# Enforce hostname verification
#searchguard.ssl.transport.node.encforce_hostname_verification: true
# If hostname verification specify if hostname should be resolved
#searchguard.ssl.transport.node.encforce_hostname_verification.resolve_host_name: true
#############################################################################################
# REST layer SSL #
# #
#############################################################################################
# Enable or disable rest layer security (https)
#searchguard.ssl.transport.http.enabled: false
# JKS or PKCS12
#searchguard.ssl.transport.http.keystore_type: JKS
# Absolute path to the keystore file (this stores the server certificates)
#searchguard.ssl.transport.http.keystore_filepath: null
# Keystore password
#searchguard.ssl.transport.http.keystore_password: changeit
# Do the clients (typically the browser or the proxy) have to authenticate themself to the http server, default is false
#searchguard.ssl.transport.http.enforce_clientauth: false
# JKS or PKCS12
#searchguard.ssl.transport.http.truststore_type: JKS
# Absolute path to the truststore file (this stores the client certificates)
#searchguard.ssl.transport.http.truststore_filepath: null
# Truststore password
#searchguard.ssl.transport.http.truststore_password: changeit
#############################################################################################
# X-Forwarded-For (XFF) header #
# #
#############################################################################################
# X-Forwarded-For (XFF) header
# If you have a http proxy in front of elasticsearch you have to configure this options to handle XFF properly
#searchguard.http.xforwardedfor.header: X-Forwarded-For
#searchguard.http.xforwardedfor.trustedproxies: null
#searchguard.http.xforwardedfor.enforce: false
#############################################################################################
# Authentication backend #
# #
#############################################################################################
# Validates the username and credentials
searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.ldap.LDAPAuthenticationBackend
#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.AlwaysSucceedAuthenticationBackend
#searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.waffle.WaffleAuthenticationBackend
# If caching is enabled then the authentication succeed for 24 h since the first successful login without hitting the backend again and again
searchguard.authentication.authentication_backend.cache.enable: false
#############################################################################################
# Authorization backend (authorizer) #
# #
#############################################################################################
searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
#searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.ldap.LDAPAuthorizator
#searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.waffle.WaffleAuthorizator
# If caching is enabled then the role informations will be cached for 24 h without hitting the backend again and again
searchguard.authentication.authorizer.cache.enable: false
#############################################################################################
# HTTP authentication method #
# #
#############################################################################################
# Define HTTP authentication method. In future we will here have more like NTLM, SPNEGO/Kerberos and Digest.
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
# HTTPProxyAuthenticator assume there is kind of proxy in front of elasticsearch which handles the authentication and stores the
# username of the authenticated user in a http header
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.proxy.HTTPProxyAuthenticator
# SSL mutual authentication (works only if searchguard.ssl.transport.http.enabled is 'true' with client auth enabled)
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.clientcert.HTTPSClientCertAuthenticator
# SPNEGO
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.spnego.HTTPSpnegoAuthenticator
# Absolute file path to jaas login config file
#searchguard.authentication.spnego.login_config_filepath: null
# Absolute file path to krb5 config file
#searchguard.authentication.spnego.krb5_config_filepath: null
# Name of the login entry in jaas login config file which represents the acceptor (server)
#searchguard.authentication.spnego.login_config_name: com.sun.security.jgss.krb5.accept
# Strip the realmname from username (hnelson@EXAMPLE.COM -> hnelson)
#searchguard.authentication.spnego.strip_realm: true
# Authenticates always a user with username 'searchguard_unauthenticated_user'
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.HTTPUnauthenticatedAuthenticator
# Waffle (Windows only, must be used with WaffleAuthorizator)
#searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.waffle.HTTPWaffleAuthenticator
# Strip domain name from user (COMPANY\spock -> spock)
#searchguard.authentication.waffle.strip_domain: true
#####################################################
# Settings based authentication (define users and password directly here in the settings. Note: this is per node)
#searchguard.authentication.settingsdb.user.<username>: password
searchguard.authentication.settingsdb.user.pavan: password
# If plain text password should be hashed use this. Supported digests are: SHA1 SHA256 SHA384 SHA512 MD5
#searchguard.authentication.settingsdb.digest: SHA1
#searchguard.authentication.settingsdb.user.michaeljackson: 824d55e7a62b7ca8751dff346ffab845a8f26d08
#####################################################
#####################################################
# Settings based authorization (define users and their roles directly here in the settings. Note: this is per node)
#searchguard.authentication.authorization.settingsdb.roles.<username>: <array of roles>
searchguard.authentication.authorization.settingsdb.roles.pavan: ["admin"]
#####################################################
#####################################################
# LDAP authentication backend (authenticate users against a LDAP or Active Directory)
# The defaults are sufficient for Active Directory
#searchguard.authentication.ldap.host: ["localhost:389"]
#searchguard.authentication.ldap.ldaps.ssl.enabled: false
#searchguard.authentication.ldap.ldaps.starttls.enabled: false
# JKS or PKCS12
#searchguard.authentication.ldap.ldaps.truststore_type: JKS
#searchguard.authentication.ldap.ldaps.truststore_filepath: null
#searchguard.authentication.ldap.ldaps.truststore_password: null
#searchguard.authentication.ldap.bind_dn: null
#searchguard.authentication.ldap.password: null
# Default is root dse ("")
#searchguard.authentication.ldap.userbase: ""
# Filter to search for users (currently in the whole subtree beneath userbase)
# {0} is substituted with the username
#searchguard.authentication.ldap.usersearch: (sAMAccountName={0})
# Use this attribute from the user as username (if not set then DN is used)
#searchguard.authentication.ldap.username_attribute: null
#####################################################
#####################################################
# LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
# The defaults are sufficient for Active Directory
# Default is root dse ("")
#searchguard.authentication.authorization.ldap.rolebase: ""
# Filter to search for roles (currently in the whole subtree beneath rolebase)
# {0} is substituted with the DN of the user
# {1} is substituted with the username
# {2} is substituted with an attribute value from user directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute
#searchguard.authentication.authorization.ldap.rolesearch: (member={0})
# Specify the name of the attribute which value should be substituted with {2} above
#searchguard.authentication.authorization.ldap.userroleattribute: null
# Roles as an attribute of the user entry
#searchguard.authentication.authorization.ldap.userrolename: memberOf
# The attribute in a role entry containing the name of that role
#searchguard.authentication.authorization.ldap.rolename: name
# Resolve nested roles transitive (roles which are members of other roles and so on ...)
#searchguard.authentication.authorization.ldap.resolve_nested_roles: false
#####################################################
#####################################################
# HTTP proxy authenticator configuration
# Header name which contains the username
#searchguard.authentication.proxy.header:X-Authenticated-User
# Array of trusted IP addresses (this are typically your proxy server(s))
#searchguard.authentication.proxy.trusted_ips: null
#####################################################
#####################################################
# HTTP SSL mutual authentication configuration
# Attribute of that attribute in the certificate dn which holds the username
#searchguard.authentication.https.clientcert.attributename: cn
#####################################################
##############################################################################################
# Below here you configure what authenticated and authorized users are allowed to do (or not)#
# This maps to the acl defined in the searchguard configuration index #
#############################################################################################
# Configure the restactionfilter to allow or forbid action
#searchguard.restactionfilter.names: ["readonly"]
#searchguard.restactionfilter.readonly.allowed_actions: ["*SearchAction", "RestSearchScrollAction", "RestClearScrollAction", "RestGetAction", "RestGetSourceAction", "*MainAction", "RestValidateQueryAction", "RestMoreLikeThisAction", "RestPercolateAction"]
#searchguard.restactionfilter.readonly.forbidden_actions: [...]
# Configure the actionrequestfilter to allow or forbid action
searchguard.actionrequestfilter.names: ["readonly"]
searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:admin*", "indices:data/write*"]
# Configure document level security (dls) filter
# Warning: All this (with the exception of "exists") only works with not_analyzed fields because a term filter is used internally
# http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/query-dsl-term-filter.html
#searchguard.dlsfilter.names: ["a", "b", "c", "d", "e", "f", "g"]
#searchguard.dlsfilter.a: ["exists","field", "false"] # if field exists (or not) match -> false means field must exist
#searchguard.dlsfilter.b: ["term", "field","value", "false"] # if field==value (or not) match
#searchguard.dlsfilter.d: ["user_name","field", "false"] # if field==username (or not) match
#searchguard.dlsfilter.e: ["user_roles","field", "false"] # if field contaions a user role (or not) match
#searchguard.dlsfilter.f: ["ldap_user_attribute","field", "attribute", "false"] # if field==userldapattribute(attribute) (or not) match
#searchguard.dlsfilter.g: ["ldap_user_roles","field", "attribute", "false"] # if field contains ldaprole(attribute) (or not) match
# Configure the field level security (fls) filter to filter _source
#searchguard.flsfilter.names: ["stripsensitive"]
#searchguard.flsfilter.stripsensitive.source_includes: []
#searchguard.flsfilter.stripsensitive.source_excludes: ["sensitive*", "public.sensitive*.sub"]
When I start searching for elastics I get the following answer -
[2015-07-12 14:10:27,828][INFO ][node ] [Typeface] version[1.5.2], pid[4567], build[62ff986/2015-04-27T09:21:06Z]
[2015-07-12 14:10:27,829][INFO ][node ] [Typeface] initializing ...
[2015-07-12 14:10:27,989][INFO ][com.floragunn.searchguard.SearchGuardPlugin] Class enhancements for DLS/FLS successful
[2015-07-12 14:10:27,990][INFO ][plugins ] [Typeface] loaded [searchguard, jdbc-1.5.0.5-da4ba96, river-csv], sites []
[2015-07-12 14:10:30,146][WARN ][com.floragunn.searchguard.util.SecurityUtil] AES 256 not supported, max key length for AES is 128. To enable AES 256 install 'Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files'
[2015-07-12 14:10:30,392][WARN ][com.floragunn.searchguard.service.SearchGuardService] script.disable_dynamic has the default value sandbox, consider setting it to false if not needed
[2015-07-12 14:10:30,549][INFO ][node ] [Typeface] initialized
[2015-07-12 14:10:30,550][INFO ][node ] [Typeface] starting ...
[2015-07-12 14:10:30,623][INFO ][transport ] [Typeface] bound_address {inet[/0:0:0:0:0:0:0:0:9300]}, publish_address {inet[/192.168.1.7:9300]}
[2015-07-12 14:10:30,636][INFO ][discovery ] [Typeface] pavan/UdgVgXLWQ72XuJGhxdFTHA
[2015-07-12 14:10:33,670][INFO ][cluster.service ] [Typeface] new_master [Typeface][UdgVgXLWQ72XuJGhxdFTHA][pavan-Inspiron-7537][inet[/192.168.1.7:9300]], reason: zen-disco-join (elected_as_master)
[2015-07-12 14:10:33,695][INFO ][http ] [Typeface] bound_address {inet[/0:0:0:0:0:0:0:0:9200]}, publish_address {inet[/192.168.1.7:9200]}
[2015-07-12 14:10:33,697][INFO ][node ] [Typeface] started
[2015-07-12 14:10:34,168][INFO ][gateway ] [Typeface] recovered [2] indices into cluster_state
[2015-07-12 14:10:35,568][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:36,561][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:37,561][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:38,561][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:39,561][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:40,561][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:41,562][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:42,562][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:43,563][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:44,564][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:45,564][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:46,564][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:47,565][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:48,566][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:49,566][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:50,568][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:51,568][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:52,569][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:53,569][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:54,570][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:55,571][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:56,571][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:57,571][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
Later, when I try to query elasticsearch indexes through POSTMAN, it asks for authentication. Although I enter the correct credentials, I am getting the following error in POSTMAN -
{
"error": "RuntimeException[java.lang.NullPointerException]; nested: NullPointerException; ",
"status": 500
}
Below will be the answer in terminal -
[2015-07-12 14:10:58,403][INFO ][com.floragunn.searchguard.rest.DefaultRestFilter] Authenticated user is User [name=pavan, roles=[role2, role3, admin]]
[2015-07-12 14:10:58,563][WARN ][com.floragunn.searchguard.filter.SearchGuardActionFilter] Cannot determine types for indices:monitor/stats (class org.elasticsearch.action.admin.indices.stats.IndicesStatsRequest) due to type[s]() method not found
[2015-07-12 14:10:58,564][ERROR][com.floragunn.searchguard.filter.SearchGuardActionFilter] Error while apply() due to java.lang.NullPointerException for action indices:monitor/stats
java.lang.NullPointerException
at java.util.Objects.requireNonNull(Objects.java:203)
at java.util.Arrays$ArrayList.<init>(Arrays.java:3813)
at java.util.Arrays.asList(Arrays.java:3800)
at com.floragunn.searchguard.filter.SearchGuardActionFilter.apply0(SearchGuardActionFilter.java:187)
at com.floragunn.searchguard.filter.SearchGuardActionFilter.apply(SearchGuardActionFilter.java:89)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165)
at com.floragunn.searchguard.filter.FLSActionFilter.applySecure(FLSActionFilter.java:76)
at com.floragunn.searchguard.filter.AbstractActionFilter.apply(AbstractActionFilter.java:97)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165)
at com.floragunn.searchguard.filter.DLSActionFilter.applySecure(DLSActionFilter.java:73)
at com.floragunn.searchguard.filter.AbstractActionFilter.apply(AbstractActionFilter.java:97)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165)
at com.floragunn.searchguard.filter.RequestActionFilter.applySecure(RequestActionFilter.java:94)
at com.floragunn.searchguard.filter.AbstractActionFilter.apply(AbstractActionFilter.java:97)
at org.elasticsearch.action.support.TransportAction$RequestFilterChain.proceed(TransportAction.java:165)
at org.elasticsearch.action.support.TransportAction.execute(TransportAction.java:82)
at org.elasticsearch.client.node.NodeIndicesAdminClient.execute(NodeIndicesAdminClient.java:77)
at org.elasticsearch.client.FilterClient$IndicesAdmin.execute(FilterClient.java:120)
at org.elasticsearch.rest.BaseRestHandler$HeadersAndContextCopyClient$IndicesAdmin.execute(BaseRestHandler.java:149)
at org.elasticsearch.client.support.AbstractIndicesAdminClient.stats(AbstractIndicesAdminClient.java:524)
at org.elasticsearch.rest.action.cat.RestIndicesAction$1$1.processResponse(RestIndicesAction.java:83)
at org.elasticsearch.rest.action.cat.RestIndicesAction$1$1.processResponse(RestIndicesAction.java:78)
at org.elasticsearch.rest.action.support.RestActionListener.onResponse(RestActionListener.java:49)
at org.elasticsearch.action.support.TransportAction$ThreadedActionListener$1.run(TransportAction.java:113)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
[2015-07-12 14:10:58,572][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:10:59,572][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:11:00,573][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:11:01,573][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:11:02,574][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:11:03,574][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:11:04,575][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
^X[2015-07-12 14:11:05,575][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
[2015-07-12 14:11:06,576][INFO ][com.floragunn.searchguard.service.SearchGuardConfigService] [Typeface] Security configuration reloaded
^C[2015-07-12 14:11:07,249][INFO ][node ] [Typeface] stopping ...
[2015-07-12 14:11:07,301][INFO ][node ] [Typeface] stopped
[2015-07-12 14:11:07,301][INFO ][node ] [Typeface] closing ...
[2015-07-12 14:11:07,318][INFO ][node ] [Typeface] closed
Can anyone help me overcome this?
+3
source to share
No one has answered this question yet
Check out similar questions: