如何通过Java High Level Rest Client打安全弹性搜索 [英] How to hit Secure Elastic Search through Java High Level Rest Client

问题描述

我是Elastic Search的新手.通过 Java High Level Rest Client 将我的Spring Boot应用程序与Elastic搜索集成.

I'm new to Elastic search. Integrated my Spring boot application with Elastic search through Java High Level Rest Client.

我已经按照以下方式配置了JHLRC bean，它运行良好:

I've configured JHLRC bean as below and it worked fine:

@Bean(destroyMethod = "close")
public RestHighLevelClient client() {
  RestHighLevelClient client = new RestHighLevelClient(
      RestClient.builder(new HttpHost("localhost", 9200, "http")));
  return client;
}

开始探索Elasticsearch的安全性，在设置证书和密码后，我通过提供以下属性来启用安全性:

Started exploring the security for Elasticsearch, after setup certificate and passwords, I've enabled security by providing below properties :

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

我能够使用创建的用户名和密码登录kibana，但通过JHLRC击中任何Elastic search API时会获得401 Unauthorized.

I'm able to login in kibana by using a created username and password but getting 401 Unauthorized while hitting any Elastic search API through JHLRC.

有人可以帮助我配置 Java High Level Rest Client 以进行安全的弹性搜索时需要做哪些进一步的更改?

Can someone please help me on what further changes I've to make while configuring Java High Level Rest Client to hit secure Elastic search?

推荐答案

您需要包括访问kibana时提供的基本凭据，以下代码显示您可以在JHLRC中传递用户名和密码.

You need to include the Basic credentials which you are giving while accessing the kibana, below code shows you can pass the username and password in JHLRC.

首先，使用用户名和密码创建编码后的字符串，您可以使用超级用户 elastic ，该超级用户可以通过以下代码使用所有访问权限.

First, create the encoded string from your username and password, you can use the superuser elastic which has all the access by using the below code.

private String getEncodedString(String username, String password) {
        return HEADER_PREFIX + Base64.getEncoder().encodeToString(
                (username + ":" + password)
                        .getBytes());
    }

现在，在您的请求选项中，您传递auth标头，该标头将包含从上述方法中获取的以64为基数的字符串.

Now in your request option, you pass the auth header which will include the base 64 encoded string which you will get from the above method.

RequestOptions.Builder builder = RequestOptions.DEFAULT.toBuilder()
                .addHeader(AUTH_HEADER_NAME, getEncodedString(basicCredentials));

最后，您只需要构建上述请求选项构建器的对象，并在如下所示的任何请求中将其传递给客户端:

Last, you just need to build the object of above requestion options builder and pass it to your client in any request like below:

GetResponse getResponse = restHighLevelClient.get(getRequest, builder.build());

这篇关于如何通过Java High Level Rest Client打安全弹性搜索的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！