如何通过 Java 高级 Rest 客户端访问安全弹性搜索
[英]How to hit Secure Elastic Search through Java High Level Rest Client
问题描述
I'm new to Elastic search.
我是弹性搜索的新手。 Integrated my Spring boot application with Elastic search through Java High Level Rest Client .通过Java High Level Rest Client将我的 Spring 引导应用程序与弹性搜索集成。
I've configured JHLRC bean as below and it worked fine:我已经如下配置了 JHLRC bean,它工作正常:
@Bean(destroyMethod = "close")
public RestHighLevelClient client() {
RestHighLevelClient client = new RestHighLevelClient(
RestClient.builder(new HttpHost("localhost", 9200, "http")));
return client;
}
Started exploring the security for Elasticsearch, after setup certificate and passwords, I've enabled security by providing below properties:开始探索 Elasticsearch 的安全性,设置证书和密码后,我通过提供以下属性启用了安全性:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
I'm able to login in kibana by using a created username and password but getting 401 Unauthorized while hitting any Elastic search API through JHLRC.我可以使用创建的用户名和密码登录 kibana,但在通过 JHLRC 访问任何弹性搜索 API 时会出现 401 Unauthorized。
Can someone please help me on what further changes I've to make while configuring Java High Level Rest Client to hit secure Elastic search?有人可以帮我解决在配置Java High Level Rest Client以访问安全弹性搜索时需要做的进一步更改吗?
2 个解决方案
解决方案1
1 已采纳 2020-06-23 12:22:43
You need to include the Basic credentials which you are giving while accessing the kibana, below code shows you can pass the username and password in JHLRC.您需要包括在访问 kibana 时提供的基本凭据,下面的代码显示您可以在 JHLRC 中传递用户名和密码。
First, create the encoded string from your username and password, you can use the superuser elastic which has all the access by using the below code.首先,从您的用户名和密码创建编码字符串,您可以使用以下代码使用具有所有访问权限的超级用户elastic 。
private String getEncodedString(String username, String password) {
return HEADER_PREFIX + Base64.getEncoder().encodeToString(
(username + ":" + password)
.getBytes());
}
Now in your request option, you pass the auth header which will include the base 64 encoded string which you will get from the above method.现在在您的请求选项中,您传递 auth header,其中将包含您将从上述方法获得的 base 64 编码字符串。
RequestOptions.Builder builder = RequestOptions.DEFAULT.toBuilder()
.addHeader(AUTH_HEADER_NAME, getEncodedString(basicCredentials));
Last, you just need to build the object of above requestion options builder and pass it to your client in any request like below:最后,您只需要构建上述请求选项构建器的 object 并在任何请求中将其传递给您的客户端,如下所示:
GetResponse getResponse = restHighLevelClient.get(getRequest, builder.build());
解决方案2
1 2020-06-24 03:56:04
It worked after making below changes in JHLRC:在 JHLRC 中进行以下更改后,它起作用了:
@Bean(destroyMethod = "close")
public RestHighLevelClient client() {
final BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
basicCredentialsProvider
.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "password_generated_by_elastic_search"));
RestHighLevelClient restHighLevelClient = new RestHighLevelClient(
RestClient.builder(new HttpHost("localhost", 9200, "http"))
.setHttpClientConfigCallback(new HttpClientConfigCallback() {
@Override
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
httpClientBuilder.disableAuthCaching();
return httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
}
})
);
return restHighLevelClient;
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.