ElasticSearch学习（十）—— 增加身份认证

目录

es设置用户名密码认证

elasticsearch.yml 中添加配置

重启elasticsearch服务

设置elasticsearch密码

访问验证

kibana设置用户名密码认证

kibana.yml添加验证信息

启动kibana

访问验证

JAVA REST Client设置身份认证

HTTP Client设置身份认证

---

 

1. es设置用户名密码认证

   1. elasticsearch.yml 中添加配置

      # 配置X-Pack
      http.cors.enabled: true
      http.cors.allow-origin: "*"
      http.cors.allow-headers: Authorization
      xpack.security.enabled: true
      xpack.security.transport.ssl.enabled: true

   2. 重启elasticsearch服务

      systemctl restart elasticsearch
      

   3. 设置elasticsearch密码

      /opt/elk/elasticsearch/bin/elasticsearch-setup-passwords interactive

      依次设置elastic，apm_system，kibana，kibana_system，logstash_system，beats_system，remote_monitoring_user 这些用户的密码。需要使用kibana的话，建议kibana用户密码与elastic用户密码不一致。

   4. 访问验证

      浏览器访问http://127.0.0.1:9200出现认证弹框输入elastic和对应的密码。

2. kibana设置用户名密码认证

   1. kibana.yml添加验证信息

      elasticsearch.username: "kibana"
      elasticsearch.password: "password"

      打开这两行注释，在password中输入为kibana设置的密码。

   2. 启动kibana

      /opt/elk/kibana-7.2.0-linux-x86_64/bin$ ./kibana

   3. 访问验证

      浏览器访问http://127.0.0.1:5601出现认证弹框输入elastic和对应的密码。

3. JAVA REST Client设置身份认证

   通过RestHighLevelClient发送的es请求验证方式：

   final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
   /** 设置账号密码 */
   credentialsProvider.setCredentials(AuthScope.ANY,
           new UsernamePasswordCredentials(ElasticsearchConstants.ELASTIC_USER_NAME, ElasticsearchConstants.ELASTIC_PASSWORD));
   RestHighLevelClient client = new RestHighLevelClient(
           RestClient.builder(new HttpHost(ElasticsearchConstants.ELASTIC_SEARCH_HOST, ElasticsearchConstants.ELASTIC_SEARCH_PORT, "http"))
           .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
               @Override
               public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
                   return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
               }
           })
   );

4. HTTP Client设置身份认证

   通过http直接发送的es请求认证方式：

   CloseableHttpClient httpClient = HttpClients.createDefault();
   HttpPut httpPut = new HttpPut(url);
   RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(35000).setConnectionRequestTimeout(35000).setSocketTimeout(60000).build();
   httpPut.setConfig(requestConfig);
   httpPut.setHeader("Content-type", "application/json");
   httpPut.setHeader("Accept", "application/json");
   httpPut.setHeader("DataEncoding", "UTF-8");
   
   // 加es身份认证
   HttpHost targetHost = new HttpHost(ElasticsearchConstants.ELASTIC_SEARCH_HOST, ElasticsearchConstants.ELASTIC_SEARCH_PORT, "http");
   /** 设置账号密码 */
   CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
   credentialsProvider.setCredentials(AuthScope.ANY,
                           new UsernamePasswordCredentials(ElasticsearchConstants.ELASTIC_USER_NAME, ElasticsearchConstants.ELASTIC_PASSWORD));
   
   // Create AuthCache instance
   AuthCache authCache = new BasicAuthCache();
   // Generate BASIC scheme object and add it to the local auth cache
   BasicScheme basicAuth = new BasicScheme();
   authCache.put(targetHost, basicAuth);
   
   // Add AuthCache to the execution context
   HttpClientContext context = HttpClientContext.create();
   context.setCredentialsProvider(credentialsProvider);
   context.setAuthCache(authCache);
   
   CloseableHttpResponse httpResponse = httpClient.execute(httpPut, context);