es:6.3.1
kibana:6.3.1
首先需要在java中引入search-guard的6.3.1的包,包括ssl的包
<dependency>
<groupId>com.floragunn</groupId>
<artifactId>search-guard-ssl</artifactId>
<version>6.3.1-25.4</version>
</dependency>
<dependency>
<groupId>com.floragunn</groupId>
<artifactId>search-guard-6</artifactId>
<version>6.3.1-23.0</version>
<scope>provided</scope>
</dependency>
2.将之前权限需要的jks文件,和秘钥要加入到项目中来,在elasticsearch.yaml中配置ssl相关的信息
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.authcz.admin_dn:
- CN=sgadmin,OU=client,O=client,L=Test, C=DE
searchguard.nodes_dn:
- 'CN=node-*.example.com,OU=SSL,O=Test,L=Test,C=DE'
在ElasticSearchConnection类中中代码中需要如下指定:
Settings settings = Settings.builder()
.put("client.transport.ignore_cluster_name", true)
.put("path.home", ".")
// .put("path.conf", "E:\\gitlab\\DpGodFarm\\DpGodFarm2\\DpGodFarm\\src\\main\\resources")
.put("cluster.name", "testes-cluster")
.put("searchguard.ssl.transport.enabled", true)
.put("searchguard.ssl.transport.keystore_filepath", "sgadmin-keystore.jks")
.put("searchguard.ssl.transport.truststore_filepath", "truststore.jks")
.put("searchguard.ssl.http.keystore_password", "changeit")
.put("searchguard.ssl.http.truststore_password", "changeit")
.put("searchguard.ssl.transport.keystore_password", "changeit")
.put("searchguard.ssl.transport.truststore_password", "changeit")
.put("searchguard.ssl.transport.enforce_hostname_verification", false)
.build();
try {
(一定要加入SearchGuardPlugin.class,否则启动一直报错找不到searchguard.ssl.transport.keystore_filepath)
TransportClient transportClient = new PreBuiltTransportClient(settings,SearchGuardPlugin.class);
我觉得是要设置用户的,万一开发的不小心把库删了怎么办
.put("request.headers.sg_impersonate_as", "kibana5")
网友评论