先做准备工作,浏览器方式访问 ES7.X url https://127.0.0.1:8027 弹出用户名和密码
输入后在浏览器得到
{
"name" : "DTCNPEMS04",
"cluster_name" : "cnp-es-cluster",
"cluster_uuid" : "wb0So_FqQBOKqtXnsqofTg",
"version" : {
"number" : "7.14.1",
"build_flavor" : "default",
"build_type" : "docker",
"build_hash" : "66b55ebfa59c92c15db3f69a335d500018b3331e",
"build_date" : "2021-08-26T09:01:05.390870785Z",
"build_snapshot" : false,
"lucene_version" : "8.9.0",
"minimum_wire_compatibility_version" : "6.8.0",
"minimum_index_compatibility_version" : "6.0.0-beta1"
},
"tagline" : "You Know, for Search"
}
说明浏览器可以获得SSL证书,然后用户可以按用户名/密码访问
后续思路就是从浏览器导出证书(略过),导入到JDK的security目录下,然后在代码里调用嵌入用户名和密码,SSL访问即可。
1) 假设浏览器导出证书为
2) 将证书转换为cer格式
openssl x509 -outform der -in es-devtest -out es-devtest.cer
3) 将证书导入到JDK的security目录下
keytool -import -alias es-devtest -keystore $HOME/java/jdk-8u291-linux-x64/jdk1.8.0_291/jre/lib/security/cacerts -file es-devtest.cer -trustcacerts -storepass changeit
4) 代码
bash
String username="elastic";
String password="123456789";
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(username, password));
esClient = new RestHighLevelClient(
RestClient.builder(HttpHost.create("https://127.0.0.1:8027"))
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setDefaultCredentialsProvider(credentialsProvider))
);连接不报错,就是成功,之后可以操作索引