计算
弹性云服务器 ECS
Flexus云服务
裸金属服务器 BMS
弹性伸缩 AS
镜像服务 IMS
专属主机 DeH
函数工作流 FunctionGraph
云手机服务器 CPH
Huawei Cloud EulerOS
网络
虚拟私有云 VPC
弹性公网IP EIP
虚拟专用网络 VPN
弹性负载均衡 ELB
NAT网关 NAT
云专线 DC
VPC终端节点 VPCEP
云连接 CC
企业路由器 ER
企业交换机 ESW
全球加速 GA
安全与合规
安全技术与应用
Web应用防火墙 WAF
企业主机安全 HSS
云防火墙 CFW
安全云脑 SecMaster
DDoS防护 AAD
数据加密服务 DEW
数据库安全服务 DBSS
云堡垒机 CBH
数据安全中心 DSC
云证书管理服务 CCM
边缘安全 EdgeSec
威胁检测服务 MTD
CDN与智能边缘
内容分发网络 CDN
CloudPond云服务
智能边缘云 IEC
迁移
主机迁移服务 SMS
对象存储迁移服务 OMS
云数据迁移 CDM
迁移中心 MGC
大数据
MapReduce服务 MRS
数据湖探索 DLI
表格存储服务 CloudTable
云搜索服务 CSS
数据接入服务 DIS
数据仓库服务 GaussDB(DWS)
数据治理中心 DataArts Studio
数据可视化 DLV
数据湖工厂 DLF
湖仓构建 LakeFormation
企业应用
云桌面 Workspace
应用与数据集成平台 ROMA Connect
云解析服务 DNS
专属云
专属计算集群 DCC
IoT物联网
IoT物联网
设备接入 IoTDA
智能边缘平台 IEF
用户服务
账号中心
费用中心
成本中心
资源中心
企业管理
工单管理
国际站常见问题
ICP备案
我的凭证
支持计划
客户运营能力
合作伙伴支持计划
专业服务
区块链
区块链服务 BCS
Web3节点引擎服务 NES
解决方案
SAP
高性能计算 HPC
视频
视频直播 Live
视频点播 VOD
媒体处理 MPC
实时音视频 SparkRTC
数字内容生产线 MetaStudio
存储
对象存储服务 OBS
云硬盘 EVS
云备份 CBR
存储容灾服务 SDRS
高性能弹性文件服务 SFS Turbo
弹性文件服务 SFS
云硬盘备份 VBS
云服务器备份 CSBS
数据快递服务 DES
专属分布式存储服务 DSS
容器
云容器引擎 CCE
容器镜像服务 SWR
应用服务网格 ASM
华为云UCS
云容器实例 CCI
管理与监管
云监控服务 CES
统一身份认证服务 IAM
资源编排服务 RFS
云审计服务 CTS
标签管理服务 TMS
云日志服务 LTS
配置审计 Config
资源访问管理 RAM
消息通知服务 SMN
应用运维管理 AOM
应用性能管理 APM
组织 Organizations
优化顾问 OA
IAM 身份中心
云运维中心 COC
资源治理中心 RGC
应用身份管理服务 OneAccess
数据库
云数据库 RDS
文档数据库服务 DDS
数据管理服务 DAS
数据复制服务 DRS
云数据库 GeminiDB
云数据库 GaussDB
分布式数据库中间件 DDM
数据库和应用迁移 UGO
云数据库 TaurusDB
人工智能
人脸识别服务 FRS
图引擎服务 GES
图像识别 Image
内容审核 Moderation
文字识别 OCR
AI开发平台ModelArts
图像搜索 ImageSearch
对话机器人服务 CBS
华为HiLens
视频智能分析服务 VIAS
语音交互服务 SIS
应用中间件
分布式缓存服务 DCS
API网关 APIG
微服务引擎 CSE
分布式消息服务Kafka版
分布式消息服务RabbitMQ版
分布式消息服务RocketMQ版
多活高可用服务 MAS
事件网格 EG
企业协同
华为云会议 Meeting
云通信
消息&短信 MSGSMS
云生态
合作伙伴中心
云商店
开发者工具
SDK开发指南
API签名指南
Terraform
华为云命令行工具服务 KooCLI
其他
产品价格详情
系统权限
管理控制台
客户关联华为云合作伙伴须知
消息中心
公共问题
开发与运维
应用管理与运维平台 ServiceStage
软件开发生产线 CodeArts
需求管理 CodeArts Req
部署 CodeArts Deploy
性能测试 CodeArts PerfTest
编译构建 CodeArts Build
流水线 CodeArts Pipeline
制品仓库 CodeArts Artifact
测试计划 CodeArts TestPlan
代码检查 CodeArts Check
代码托管 CodeArts Repo
云应用引擎 CAE
开天aPaaS
云消息服务 KooMessage
云手机服务 KooPhone
云空间服务 KooDrive

接入集群

更新时间:2023-06-20 GMT+08:00

集群创建完成后,可以接入集群开始使用Elasticsearch搜索引擎,如定义索引数据、导入数据、搜索数据等,Elasticsearch搜索引擎相关内容的深入介绍可参见《Elasticsearch:权威指南》。接入方式有4种:

在管理控制台通过Kibana接入集群

  1. 登录云搜索服务管理控制台。
  2. 在左侧导航栏,单击“集群管理”
  3. 在集群对应的“操作”列,单击“Kibana”,即可打开Kibana界面。
    说明:

    单击“Kibana”将会在浏览器中打开一个新窗口,而弹出的新窗口有可能被浏览器拦截。如果单击“Kibana”后无新窗口打开,表示已被浏览器拦截。建议在浏览器中查看拦截信息,允许浏览器访问已拦截的弹出式窗口,即kibana的访问地址。

  4. 在打开的Kibana页面中,您可以创建索引、查询索引和文档、对文档字段进行分析。 其中导入数据到Elasticsearch的操作指导请参见如下章节:

在同一VPC内的弹性云服务器,直接调用Elasticsearch API

直接调用Elasticsearch API的弹性云服务器,需满足如下要求。创建并登录弹性云服务器的操作指导请参见弹性云服务器的“登录Linux弹性云服务器”或“登录Windows弹性云服务器”。

  • 为弹性云服务分配足够的磁盘空间。
  • 此弹性云服务器的VPC需要与集群在同一个VPC中。
  • 此弹性云服务器的安全组需要和集群的安全组相同。

    如果不同,请修改弹性云服务器安全组或配置弹性云服务器安全组的出入规则允许集群所有安全组的访问。修改操作请参见《虚拟私有云用户指南》。

  • 待接入的CSS集群,其安全组的出方向和入方向需允许TCP协议及9200端口,或者允许端口范围包含9200端口。

操作步骤如下所示:

  1. 创建并登录满足要求的弹性云服务器。
  2. 接入集群时需要使用内网访问地址和端口号,您可以在集群列表中的“内网访问地址”列获取节点内网访问地址。如果集群只有1个节点,此处仅显示1个节点的内网访问地址和端口号,如果集群有多个节点,此处显示所有节点的内网访问地址和端口号。

    例如,集群中有2个节点,集群列表显示的值为“10.62.179.32:9200 10.62.179.33:9200”,表示2个节点的内网访问地址分别为“10.62.179.32”“10.62.179.33”,访问节点需使用端口都为“9200”

  3. 在此弹性云服务器中,直接通过curl执行API或者开发程序调用API并执行程序即可使用集群。Elasticsearch操作和接口请参见《Elasticsearch:权威指南》
    例如,使用curl执行如下命令,查看集群中的索引信息,集群中某一个节点的内网访问地址为“10.62.179.32”,端口为“9200”
    • 如果接入集群未启用安全模式,接入方式为:
      curl 'http://10.62.179.32:9200/_cat/indices'
    • 如果接入集群已启用安全模式,则需要使用https方式访问,并附加用户名和密码,在curl命令中添加-u选项。
      curl -u username:password -k 'https://10.62.179.32:9200/_cat/indices'
    说明:

    此处仅使用集群中某一个节点内网访问地址和端口号,当该节点出现故障时,将导致命令执行失败。如果集群包含多个节点,可以将节点内网访问地址和端口号替换为集群中另一节点的内网访问地址和端口号;如果集群只包含一个节点,则需要将该节点修复之后再次执行命令。

    以接入未设置通信加密的集群为例,其结果如下图所示。

    图1 执行结果

非安全模式使用Java API接入集群

非安全模式即集群未开启安全模式状态,为您提供两种方式:TransportClient类和RestHighLevelClient类建立客户端推荐您使用RestHighLevelClient。

  • 使用TransportClient类默认方法建立客户端:
    1
    2
    Settings settings = ImmutableSettings.settingsBuilder().put("client.transport.sniff",false).build();   
    TransportClient client = new TransportClient(settings) .addTransportAddress(new InetSocketTransportAddress("host1", 9300));
    
  • 使用RestHighLevelClient类默认方法建立客户端:
    1
    2
    3
    RestHighLevelClient client = new RestHighLevelClient(
            RestClient.builder(
                    new HttpHost("localhost", 9200, "http")));
    

Elasticsearch安全模式Java API接入集群

当Elasticsearch集群开启安全模式后,需要使用https方式连接集群,同时还需要提供用户名和密码进行身份验证。

使用RestHighLevelClient建立客户端

其中将CredentialsProvider和SSLIOSessionStrategy作为自定义SecuredHttpClientConfigCallback类的成员变量。

SecuredHttpClientConfigCallback:封装所有自定义的连接参数。

CredentialsProvider:Elasticsearch API,主要使用Elasticsearch提供的方法封装用户名和密码。

SSLIOSessionStrategy:配置SSL相关参数,包括SSL域名验证方式、证书处理方式等。主要使用SSLContext类封装相关设置。

有两种方式连接集群:忽略证书方式和使用证书方式。

  • 忽略所有证书,跳过证书校验环节进行连接

    构造TrustManager,使用默认X509TrustManager,不重写任何方法,相当于忽略所有相关操作。

    构造SSLContext:使用上一步的TrustManager为参数,默认方法构造SSLContext。
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    static TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                
            }
            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                
            }
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }};
     final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY,
                    new UsernamePasswordCredentials(userName, password));
            SSLContext sc = null;
            try{
                sc = SSLContext.getInstance("SSL");
                sc.init(null, trustAllCerts, new SecureRandom());
            }catch(KeyManagementException e){ 
                    e.printStackTrace();
            }catch(NoSuchAlgorithmException e){ 
                    e.printStackTrace();
            }
            SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc, new NullHostNameVerifier());
     
            SecuredHttpClientConfigCallback httpClientConfigCallback = new SecuredHttpClientConfigCallback(sessionStrategy,credentialsProvider);
     
            RestClientBuilder builder = RestClient.builder(new HttpHost(clusterAddress, 9200,
                                    "https")).setHttpClientConfigCallback(httpClientConfigCallback);
     
            RestHighLevelClient client = new RestHighLevelClient(builder);
    
  • 使用下载的证书(CloudSearchService.cer),加载证书进行连接。

    其中使用到从集群管理界面下载的证书(CloudSearchService.cer)。

    上传证书到客户端,在命令行中使用keytool工具将证书转换成Java可以读取的证书格式:(keytool默认密码为changeit)
    keytool -import -alias 别名 -keystore 证书的输出路径和别名 -file 证书的上传路径 

    自定义TrustManager类,继承于X509TrustManager,读取上一步输出的证书,将其加入信任证书里,重写X509TrustManager接口的三个方法;

    构造SSLContext:使用上一步的TrustManager为参数,默认方法构造SSLContext。
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    public static class MyX509TrustManager implements X509TrustManager {
     
            X509TrustManager sunJSSEX509TrustManager;
            MyX509TrustManager() throws Exception {
                File file = new File("certification file path");
                if (file.isFile() == false) {
                    throw new Exception("Wrong Certification Path");
                }
                System.out.println("Loading KeyStore " + file + "...");
                InputStream in = new FileInputStream(file);
                KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(in, "changeit".toCharArray());
                TrustManagerFactory tmf =
                        TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                tmf.init(ks);
                TrustManager tms [] = tmf.getTrustManagers();
                for (int i = 0; i < tms.length; i++) {
                    if (tms[i] instanceof X509TrustManager) {
                        sunJSSEX509TrustManager = (X509TrustManager) tms[i];
                        return;
                    }
                }
                throw new Exception("Couldn't initialize");
            }
     
    final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY,
                    new UsernamePasswordCredentials(userName, password));
     
            SSLContext sc = null;
            try{
                TrustManager[] tm = {new MyX509TrustManager()};
                sc = SSLContext.getInstance("SSL", "SunJSSE");
                sc.init(null, tm, new SecureRandom());
            }catch (Exception e) { 
                e.printStackTrace();
            }
     
            SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc, new NullHostNameVerifier());
     
            SecuredHttpClientConfigCallback httpClientConfigCallback = new SecuredHttpClientConfigCallback(sessionStrategy,credentialsProvider);
            RestClientBuilder builder = RestClient.builder(new HttpHost(clusterAddress, 9200, "https"))
                    .setHttpClientConfigCallback(httpClientConfigCallback);
            RestHighLevelClient client = new RestHighLevelClient(builder);
    
  • 代码示例

    代码运行时,传入3个参数,分别是连接地址集群登录用户名密码,示例实现的请求是GET /_search{"query": {"match_all": {}}}。

    说明:

    pom文件中客户端版本需与集群版本保持一致。

    ESSecuredClient类(忽略证书方式)

      1
      2
      3
      4
      5
      6
      7
      8
      9
     10
     11
     12
     13
     14
     15
     16
     17
     18
     19
     20
     21
     22
     23
     24
     25
     26
     27
     28
     29
     30
     31
     32
     33
     34
     35
     36
     37
     38
     39
     40
     41
     42
     43
     44
     45
     46
     47
     48
     49
     50
     51
     52
     53
     54
     55
     56
     57
     58
     59
     60
     61
     62
     63
     64
     65
     66
     67
     68
     69
     70
     71
     72
     73
     74
     75
     76
     77
     78
     79
     80
     81
     82
     83
     84
     85
     86
     87
     88
     89
     90
     91
     92
     93
     94
     95
     96
     97
     98
     99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    package securitymode;
    
    import org.apache.http.auth.AuthScope;
    import org.apache.http.auth.UsernamePasswordCredentials;
    import org.apache.http.client.CredentialsProvider;
    import org.apache.http.impl.client.BasicCredentialsProvider;
    import org.apache.http.HttpHost;
    import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
    import org.elasticsearch.action.search.SearchRequest;
    import org.elasticsearch.action.search.SearchResponse;
    import org.elasticsearch.client.RequestOptions;
    import org.elasticsearch.client.RestClient;
    import org.elasticsearch.client.RestClientBuilder;
    import org.elasticsearch.client.RestHighLevelClient;
    import org.elasticsearch.index.query.QueryBuilders;
    import org.elasticsearch.search.SearchHit;
    import org.elasticsearch.search.SearchHits;
    import org.elasticsearch.search.builder.SearchSourceBuilder;
    
    import java.io.IOException;
    import java.security.KeyManagementException;
    import java.security.NoSuchAlgorithmException;
    import java.security.SecureRandom;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    
    public class ESSecuredClientIgnoreCerDemo {
    
        public static void main(String[] args) {
            String clusterAddress = args[0];
            String userName = args[1];
            String password = args[2];
            // 建立客户端
            RestHighLevelClient client = initESClient(clusterAddress, userName, password);
            try {
                // 查询 match_all,相当于 {\"query\": {\"match_all\": {}}}
                SearchRequest searchRequest = new SearchRequest();
                SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
                searchSourceBuilder.query(QueryBuilders.matchAllQuery());
                searchRequest.source(searchSourceBuilder);
    
                SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
                System.out.println("query result: " + searchResponse.toString());
                SearchHits hits = searchResponse.getHits();
                for (SearchHit hit : hits) {
                    System.out.println(hit.getSourceAsString());
                }
                System.out.println("query success");
                Thread.sleep(2000L);
            } catch (InterruptedException | IOException e) {
                e.printStackTrace();
            } finally {
                try {
                    client.close();
                    System.out.println("close client");
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    
        private static RestHighLevelClient initESClient(String clusterAddress, String userName, String password) {
            final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(userName, password));
            SSLContext sc = null;
            try {
                sc = SSLContext.getInstance("SSL");
                sc.init(null, trustAllCerts, new SecureRandom());
            } catch (KeyManagementException | NoSuchAlgorithmException e) {
                e.printStackTrace();
            }
            SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc, new NullHostNameVerifier());
            SecuredHttpClientConfigCallback httpClientConfigCallback = new SecuredHttpClientConfigCallback(sessionStrategy,
                credentialsProvider);
            RestClientBuilder builder = RestClient.builder(new HttpHost(clusterAddress, 9200, "https"))
                .setHttpClientConfigCallback(httpClientConfigCallback);
            RestHighLevelClient client = new RestHighLevelClient(builder);
            return client;
        }
    
        static TrustManager[] trustAllCerts = new TrustManager[] {
            new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }
    
                @Override
                public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                }
    
                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            }
        };
    
        public static class NullHostNameVerifier implements HostnameVerifier {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        }
    
    }
    

    ESSecuredClient类(使用证书方式)

      1
      2
      3
      4
      5
      6
      7
      8
      9
     10
     11
     12
     13
     14
     15
     16
     17
     18
     19
     20
     21
     22
     23
     24
     25
     26
     27
     28
     29
     30
     31
     32
     33
     34
     35
     36
     37
     38
     39
     40
     41
     42
     43
     44
     45
     46
     47
     48
     49
     50
     51
     52
     53
     54
     55
     56
     57
     58
     59
     60
     61
     62
     63
     64
     65
     66
     67
     68
     69
     70
     71
     72
     73
     74
     75
     76
     77
     78
     79
     80
     81
     82
     83
     84
     85
     86
     87
     88
     89
     90
     91
     92
     93
     94
     95
     96
     97
     98
     99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    package securitymode;
    
    import org.apache.http.auth.AuthScope;
    import org.apache.http.auth.UsernamePasswordCredentials;
    import org.apache.http.client.CredentialsProvider;
    import org.apache.http.impl.client.BasicCredentialsProvider;
    import org.apache.http.HttpHost;
    import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
    import org.elasticsearch.action.search.SearchRequest;
    import org.elasticsearch.action.search.SearchResponse;
    import org.elasticsearch.client.RequestOptions;
    import org.elasticsearch.client.RestClient;
    import org.elasticsearch.client.RestClientBuilder;
    import org.elasticsearch.client.RestHighLevelClient;
    import org.elasticsearch.index.query.QueryBuilders;
    import org.elasticsearch.search.SearchHit;
    import org.elasticsearch.search.SearchHits;
    import org.elasticsearch.search.builder.SearchSourceBuilder;
    
    import java.io.File;
    import java.io.FileInputStream;
    import java.io.IOException;
    import java.io.InputStream;
    import java.security.KeyStore;
    import java.security.SecureRandom;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.TrustManagerFactory;
    import javax.net.ssl.X509TrustManager;
    
    public class ESSecuredClientWithCerDemo {
    
        public static void main(String[] args) {
            String clusterAddress = args[0];
            String userName = args[1];
            String password = args[2];
            String cerFilePath = args[3];
            String cerPassword = args[4];
            // 建立客户端
            RestHighLevelClient client = initESClient(clusterAddress, userName, password, cerFilePath, cerPassword);
            try {
                // 查询 match_all,相当于 {\"query\": {\"match_all\": {}}}
                SearchRequest searchRequest = new SearchRequest();
                SearchSourceBuilder searchSourceBuilder = new SearchSourceBuilder();
                searchSourceBuilder.query(QueryBuilders.matchAllQuery());
                searchRequest.source(searchSourceBuilder);
    
                // query
                SearchResponse searchResponse = client.search(searchRequest, RequestOptions.DEFAULT);
                System.out.println("query result: " + searchResponse.toString());
                SearchHits hits = searchResponse.getHits();
                for (SearchHit hit : hits) {
                    System.out.println(hit.getSourceAsString());
                }
                System.out.println("query success");
                Thread.sleep(2000L);
            } catch (InterruptedException | IOException e) {
                e.printStackTrace();
            } finally {
                try {
                    client.close();
                    System.out.println("close client");
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
        }
    
        private static RestHighLevelClient initESClient(String clusterAddress, String userName, String password,
            String cerFilePath, String cerPassword) {
            final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(userName, password));
            SSLContext sc = null;
            try {
                TrustManager[] tm = {new MyX509TrustManager(cerFilePath, cerPassword)};
                sc = SSLContext.getInstance("SSL", "SunJSSE");
                //也可以使用SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
                sc.init(null, tm, new SecureRandom());
            } catch (Exception e) {
                e.printStackTrace();
            }
    
            SSLIOSessionStrategy sessionStrategy = new SSLIOSessionStrategy(sc, new NullHostNameVerifier());
            SecuredHttpClientConfigCallback httpClientConfigCallback = new SecuredHttpClientConfigCallback(sessionStrategy,
                credentialsProvider);
            RestClientBuilder builder = RestClient.builder(new HttpHost(clusterAddress, 9200, "https"))
                .setHttpClientConfigCallback(httpClientConfigCallback);
            RestHighLevelClient client = new RestHighLevelClient(builder);
            return client;
        }
    
        public static class MyX509TrustManager implements X509TrustManager {
            X509TrustManager sunJSSEX509TrustManager;
    
            MyX509TrustManager(String cerFilePath, String cerPassword) throws Exception {
                File file = new File(cerFilePath);
                if (!file.isFile()) {
                    throw new Exception("Wrong Certification Path");
                }
                System.out.println("Loading KeyStore " + file + "...");
                InputStream in = new FileInputStream(file);
                KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(in, cerPassword.toCharArray());
                TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
                tmf.init(ks);
                TrustManager[] tms = tmf.getTrustManagers();
                for (TrustManager tm : tms) {
                    if (tm instanceof X509TrustManager) {
                        sunJSSEX509TrustManager = (X509TrustManager) tm;
                        return;
                    }
                }
                throw new Exception("Couldn't initialize");
            }
    
            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    
            }
    
            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
    
            }
    
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        }
    
        public static class NullHostNameVerifier implements HostnameVerifier {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        }
    
    }
    

    SecuredHttpClientConfigCallback类

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    import org.apache.http.client.CredentialsProvider;
    import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
    import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
    import org.elasticsearch.client.RestClientBuilder;
    import org.elasticsearch.common.Nullable;
    import java.util.Objects;
    class SecuredHttpClientConfigCallback implements RestClientBuilder.HttpClientConfigCallback {
        @Nullable
        private final CredentialsProvider credentialsProvider;
        /**
         * The {@link SSLIOSessionStrategy} for all requests to enable SSL / TLS encryption.
         */
        private final SSLIOSessionStrategy sslStrategy;
        /**
         * Create a new {@link SecuredHttpClientConfigCallback}.
         *
         * @param credentialsProvider The credential provider, if a username/password have been supplied
         * @param sslStrategy         The SSL strategy, if SSL / TLS have been supplied
         * @throws NullPointerException if {@code sslStrategy} is {@code null}
         */
        SecuredHttpClientConfigCallback(final SSLIOSessionStrategy sslStrategy,
                                        @Nullable final CredentialsProvider credentialsProvider) {
            this.sslStrategy = Objects.requireNonNull(sslStrategy);
            this.credentialsProvider = credentialsProvider;
        }
        /**
         * Get the {@link CredentialsProvider} that will be added to the HTTP client.
         *
         * @return Can be {@code null}.
         */
        @Nullable
        CredentialsProvider getCredentialsProvider() {
            return credentialsProvider;
        }
        /**
         * Get the {@link SSLIOSessionStrategy} that will be added to the HTTP client.
         *
         * @return Never {@code null}.
         */
        SSLIOSessionStrategy getSSLStrategy() {
            return sslStrategy;
        }
        /**
         * Sets the {@linkplain HttpAsyncClientBuilder#setDefaultCredentialsProvider(CredentialsProvider) credential provider},
         *
         * @param httpClientBuilder The client to configure.
         * @return Always {@code httpClientBuilder}.
         */
        @Override
        public HttpAsyncClientBuilder customizeHttpClient(final HttpAsyncClientBuilder httpClientBuilder) {
            // enable SSL / TLS
            httpClientBuilder.setSSLStrategy(sslStrategy);
            // enable user authentication
            if (credentialsProvider != null) {
                httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
            }
            return httpClientBuilder;
        }
    }
    
    pom.xml文件
    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>1</groupId>
        <artifactId>ESClient</artifactId>
        <version>1.0-SNAPSHOT</version>
        <name>ESClient</name>
        <!-- FIXME change it to the project's website -->
        <url>http://www.example.com</url>
        <properties>
            <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
            <maven.compiler.source>1.7</maven.compiler.source>
            <maven.compiler.target>1.7</maven.compiler.target>
        </properties>
        <dependencies>
            <dependency>
                <groupId>junit</groupId>
                <artifactId>junit</artifactId>
                <version>4.11</version>
                <scope>test</scope>
            </dependency>
    
    
    
    
    
            <dependency>
                <groupId>org.elasticsearch</groupId>
                <artifactId>elasticsearch</artifactId>
                <version>6.5.4</version>
            </dependency>
            <dependency>
                <groupId>org.elasticsearch.client</groupId>
                <artifactId>elasticsearch-rest-high-level-client</artifactId>
                <version>6.5.4</version>
            </dependency>
            <dependency>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-api</artifactId>
                <version>2.7</version>
            </dependency>
            <dependency>
                <groupId>org.apache.logging.log4j</groupId>
                <artifactId>log4j-core</artifactId>
                <version>2.7</version>
            </dependency>
        </dependencies>
        <build>
            <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
                <plugins>
                    <!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle -->
                    <plugin>
                        <artifactId>maven-clean-plugin</artifactId>
                        <version>3.1.0</version>
                    </plugin>
                    <!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
                    <plugin>
                        <artifactId>maven-resources-plugin</artifactId>
                        <version>3.0.2</version>
                    </plugin>
                    <plugin>
                        <artifactId>maven-compiler-plugin</artifactId>
                        <version>3.8.0</version>
                    </plugin>
                    <plugin>
                        <artifactId>maven-surefire-plugin</artifactId>
                        <version>2.22.1</version>
                    </plugin>
                    <plugin>
                        <artifactId>maven-jar-plugin</artifactId>
                        <version>3.0.2</version>
                    </plugin>
                    <plugin>
                        <artifactId>maven-install-plugin</artifactId>
                        <version>2.5.2</version>
                    </plugin>
                    <plugin>
                        <artifactId>maven-deploy-plugin</artifactId>
                        <version>2.8.2</version>
                    </plugin>
                    <!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle -->
                    <plugin>
                        <artifactId>maven-site-plugin</artifactId>
                        <version>3.7.1</version>
                    </plugin>
                    <plugin>
                        <artifactId>maven-project-info-reports-plugin</artifactId>
                        <version>3.0.0</version>
                    </plugin>
                </plugins>
            </pluginManagement>
        </build>
    </project>

我们使用cookie来确保您的高速浏览体验。继续浏览本站,即表示您同意我们使用cookie。 详情

文档反馈

文档反馈

意见反馈

0/500

标记内容

同时提交标记内容