热门标签
热门文章
- 1SpringAOP的实现原理_spring aop 实现原理
- 2可以说今年最详细的面试要点!耗时两个礼拜,五章8000字面试长文,写简历—阿里Offer一步到位!(2)
- 3meta-data android,AndroidManifest meta-data 知识介绍
- 4如何使用Python从视频中提取图像?(帧提取)详细代码实现_python 读取特定路径下的视频文件,并对视频中的图像进行编号,最后将编号后的图像
- 5uCOS-II v2.52在MCS-51系列单片机上的移植实例(修订版)_ucos-ii v2.52基于51单片机的移植实例 + proteus仿真
- 6idea 回滚某次提交的代码_idea代码回滚到指定提交位置
- 7Gradle的学习
- 8学习Python语言有什么优势?_谈谈如果让你再深入学习python语言,你想深入哪方面?
- 9Spark源码——Job全流程以及DAGScheduler的Stage划分_spark dag划分源码
- 10Ubuntu Linux下通过代理(proxy)使用git上github.com
当前位置: article > 正文
Elastic Search + Search Guard做es安全认证(RestHighLevelClient)。_java es restclient 安全认证
作者:繁依Fanyi0 | 2024-06-02 15:25:20
赞
踩
java es restclient 安全认证
首先:es集群安装Search Guard,运维完成,或者参考Search Guard官网进行安装。(我也不会)
需要4个东西:truststore.jks文件,truststore.jks的秘钥,es的登录用户、密码
在没有search guard的时候,实例化es的就不多说了。(网上自己搜)
建议使用es的java高级客户端:RestHighLevelClient,在es7之后已经不支持使用transportclient。
下面是源码:
import lombok.extern.slf4j.Slf4j;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContexts;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.AbstractFactoryBean;
import org.springframework.context.annotation.Configuration;
import javax.net.ssl.SSLContext;
import java.io.File;
@Configuration
@Slf4j
public class ElasticSearchConfiguration extends AbstractFactoryBean<RestHighLevelClient> {
@Value("${elasticsearch.host}")
private String host;//es-node1.com,es-node2.com
@Value("${elasticsearch.port}")
private String port;//9200,9200
@Value("${elasticsearch.cluster-name}")
private String clusterName;
@Value("${elasticsearch.truststore.password}")
private String truststorePasswordStr;//truststore.jks的生成秘钥
@Value("${elasticsearch.truststore.path}")
private String truststorePath;//truststore.jks的路径
@Value("${elasticsearch.username}")
private String username;
@Value("${elasticsearch.password}")
private String password;
@Value("${elasticsearch.scheme}")
private String scheme;//加上searchguard之后是https
private static int connectTimeOut = 1000; // 连接超时时间
private static int socketTimeOut = 30000; // 连接超时时间
private static int connectionRequestTimeOut = 500; // 获取连接的超时时间
private RestHighLevelClient restHighLevelClient;
@Override
public void destroy() throws Exception {
// 关闭Client
if (restHighLevelClient != null) {
restHighLevelClient.close();
}
}
@Override
public Class<RestHighLevelClient> getObjectType() {
return RestHighLevelClient.class;
}
@Override
public boolean isSingleton() {
return false;
}
@Override
protected RestHighLevelClient createInstance() throws Exception {
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
//用户名密码
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
//(searchguard需要加上,构建sslcontext)
//truststore的密码
boolean trustSelfSigned = true;
char[] truststorePassword = truststorePasswordStr.toCharArray();
SSLContext sslContextFromJks = SSLContexts
.custom()
.loadTrustMaterial(new File(truststorePath), truststorePassword, trustSelfSigned ? new TrustSelfSignedStrategy() : null)
.build();
//多个节点
String[] hostArray = host.split(",");
String[] portArray = port.split(",");
if (hostArray.length != portArray.length) {
log.error("Elastic Search 初始化失败:Host和Port不对应,host:{} ,port:{}", hostArray, portArray);
return null;
}
HttpHost[] httpHosts = new HttpHost[hostArray.length];
for (int i = 0; i < hostArray.length; i++) {
httpHosts[i] = new HttpHost(hostArray[i], Integer.parseInt(portArray[i]), scheme);
}
try {
RestClientBuilder builder = RestClient.builder(httpHosts);
// 异步httpclient连接延时配置
builder.setRequestConfigCallback(requestConfigBuilder -> {
requestConfigBuilder.setConnectTimeout(connectTimeOut);
requestConfigBuilder.setSocketTimeout(socketTimeOut);
requestConfigBuilder.setConnectionRequestTimeout(connectionRequestTimeOut);
return requestConfigBuilder;
});
//设置安全(searchguard)
builder.setHttpClientConfigCallback(httpClientBuilder ->
httpClientBuilder
.setDefaultCredentialsProvider(credentialsProvider)
.setSSLContext(sslContextFromJks)
);
restHighLevelClient = new RestHighLevelClient(builder);
} catch (Exception e) {
log.error("Elastic Search 初始化失败:" + e.getMessage());
}
return restHighLevelClient;
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/繁依Fanyi0/article/detail/663238
推荐阅读
相关标签
