如何在 elasticsearch 8.5.3 using Starter Data Elasticsearch maven java springboot 3.0.1 中配置安全
[英]How to configure security in elasticsearch 8.5.3 using Starter Data Elasticsearch 3.0.1 in maven java springboot
问题描述
I was able to create an elasticsearch 8.5.3 server as a docker image, but with security completely disabled, and in my springboot application I am using ElasticsearchRepository to perform insert,update, and delete and ElasticsearchOperations to perform selection and search, both of these classes/interfaces are included in the Spring Boot Starter Data Elasticsearch 3.0.1 dependency, and I am also using the following application.yaml property to tell both where the server is at
我能够创建一个 elasticsearch 8.5.3 服务器作为 docker 图像,但安全性完全禁用,在我的 springboot 应用程序中,我使用ElasticsearchRepository执行插入、更新和删除,使用ElasticsearchOperations执行选择和搜索,这两个类/接口包含在 Spring Boot Starter Data Elasticsearch 3.0.1 依赖项中,我还使用以下 application.yaml 属性来告知服务器所在的位置
spring:
elasticsearch:
uris =
- http://localhost:9700
# username: elastic
# password: 123
Now, here is my issue: I set up another elasticsearch server with complete security features to test my springboot code in a real life scenario, but I can't figure out how to change the application.yaml to add the certificate portion of the security options, I've been stuck on this portion for a week now, I know it contains options like spring.elasticsearch.username and spring.elasticsearch.password , which aren't the issue, but where is the option for the certificate, and how can I make the certificate work on both ElasticsearchRepository and ElasticsearchOperation ?现在,这是我的问题:我设置了另一个具有完整安全功能的 elasticsearch 服务器来在现实生活场景中测试我的 springboot 代码,但我不知道如何更改应用程序。yaml 以添加安全的证书部分选项,我已经在这部分停留了一个星期了,我知道它包含诸如spring.elasticsearch.username和spring.elasticsearch.password之类的选项,这不是问题,但证书的选项在哪里,我该如何制作证书适用于ElasticsearchRepository和ElasticsearchOperation吗? I gathered from the majority of tutorials that I need to construct a @configuration class, however the point is that, most, if not all of the tutorials use deprecated methods(I am stuck in a 'This is deprecated' loop), like for example High Level Rest Client.我从大多数教程中收集到我需要构建一个@configuration class,但关键是,大多数(如果不是所有)教程都使用已弃用的方法(我陷入了“这已被弃用”循环),例如例如高级 Rest 客户端。 I'm confused as to how to make ElasticsearchRepository and ElasticsearchOperation utilize the specified @Configuration, and what is the alternative to the High Level Rest Client (I think its RestClient based on what I read on the official documentations, but I cant figure out how to implement it with spring boot elasticsearch data starter)我对如何使 ElasticsearchRepository 和 ElasticsearchOperation 使用指定的@Configuration 感到困惑,以及高级 Rest Client 的替代方案是什么(我认为它的RestClient基于我在官方文档中阅读的内容,但我无法弄清楚如何用 spring 启动 elasticsearch 数据启动器来实现它)
2 个解决方案
解决方案1
1 2023-01-11 12:11:59
You can configure the client used by Spring Data Elasticsearch by providing a configuration bean, this is described in the documentation at https://docs.spring.io/spring-data/elasticsearch/docs/current/reference/html/#elasticsearch.clients.restclient .您可以通过提供配置bean 来配置Spring 数据Elasticsearch 使用的客户端,这在https://docs.spring.io/spring-data/elasticsearch/docs/current/reference/html/#elasticsearch 的文档中有描述。客户.restclient 。 Details for the client configuration are a little further down the docs: https://docs.spring.io/spring-data/elasticsearch/docs/current/reference/html/#elasticsearch.clients.configuration .客户端配置的详细信息位于文档下方:https://docs.spring.io/spring-data/elasticsearch/docs/current/reference/html/#elasticsearch.clients.configuration 。
This gives you the possibility to configure authentication and ssl setup (there is also a usingSsl method taking a ssl context which can be customized further).这使您可以配置身份验证和 ssl 设置(还有一个usingSsl方法采用 ssl 上下文,可以进一步自定义)。
I can't tell you which properties to set in the application configuration, this is a Spring Boot topic, Spring Data Elasticsearch does not read or use any configured values by itself.我不能告诉你在应用程序配置中设置哪些属性,这是一个 Spring 引导主题, Spring 数据 Elasticsearch 本身不读取或使用任何配置值。
解决方案2
1 2023-01-11 13:03:54
What you can do is to extend ElasticsearchConfiguration and override clientConfiguration method.您可以做的是扩展ElasticsearchConfiguration并覆盖clientConfiguration方法。 There you can use usingSsl method and pass SSLContext :在那里你可以使用usingSsl方法并传递SSLContext :
@Configuration
class ElasitcSearchConfig extends ElasticsearchConfiguration {
@Value("${spring.elasticsearch.client.certificate}")
private String certificateBase64;
@Override
ClientConfiguration clientConfiguration() {
final ClientConfiguration clientConfiguration = ClientConfiguration.builder()
.connectedTo("localhost:9200")
.usingSsl(getSSLConetxt())
.withBasicAuth("elastic", "changeme")
.build();
return clientConfiguration;
}
private SSLContext getSSLContext() {
byte[] decode = Base64.decoder.decode(certificateBase64)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca;
try (InputStream certificateInputStream = new ByteArrayInputStream(decode)) {
ca = cf.generateCertificate(certificateInputStream);
}
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
return context;
}
}
certificateBase64 will hold elasticsearch certificate encoded in base64 format and can be injected through properties file or environment variable (name of the property spring.elasticsearch.client.certificate ). certificateBase64将持有以 base64 格式编码的 elasticsearch 证书,可以通过属性文件或环境变量(属性名称spring.elasticsearch.client.certificate )注入。 The code to create ssl context was originally taken from this answer .创建 ssl 上下文的代码最初取自此答案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.