youjiageng1/doc-exports
1
0
Fork 0
forked from laiweijian4/doc-exports
Code Pull Requests Activity
doc-exports/docs/css/umn/css_01_0012.html
Zheng, Xiu 0c90df93b1 CSS UMN 20230404 Version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Zheng, Xiu <zhengxiu@huawei.com>
Co-committed-by: Zheng, Xiu <zhengxiu@huawei.com>
2023-04-05 08:45:09 +00:00

1002 lines
119 KiB
HTML
Raw Blame History

<a name="css_01_0012"></a><a name="css_01_0012"></a>
<h1 class="topictitle1">Accessing a Cluster</h1>
<div id="body0000001282499390"><p id="css_01_0012__p1296410441210">After a cluster is created, you can access the cluster to use Elasticsearch and perform operations, such as, defining index data, importing data, and searching for data. For more information about Elasticsearch, see the <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" target="_blank" rel="noopener noreferrer">Elasticsearch Reference</a>. You can use any of the following methods to access a cluster:</p>
<ul id="css_01_0012__ul18179192819557"><li id="css_01_0012__li3179428115519"><a href="#css_01_0012__section9848115695612">Accessing a Cluster Using Kibana on the Management Console</a></li><li id="css_01_0012__li10460445185613"><a href="#css_01_0012__section16223134914582">Accessing a Cluster by Calling Elasticsearch APIs on the ECS That Is Located in the Same VPC as the Cluster</a></li><li id="css_01_0012__li753165813590"><a href="#css_01_0012__section1619554519273">Accessing a Cluster Using Java API in Non-security Mode</a></li><li id="css_01_0012__li41041514409"><a href="#css_01_0012__section0445155723816">Accessing a Cluster Using the Java API in Security Mode with Elasticsearch</a></li></ul>
<div class="section" id="css_01_0012__section9848115695612"><a name="css_01_0012__section9848115695612"></a><a name="section9848115695612"></a><h4 class="sectiontitle">Accessing a Cluster Using Kibana on the Management Console</h4><ol id="css_01_0012__ol2046129182411"><li id="css_01_0012__li1244579182412">Log in to the <span id="css_01_0012__text187297118433">CSS</span> management console.</li><li id="css_01_0012__li946189172414">In the left navigation pane, click <span class="parmname" id="css_01_0012__parmname123489094617956"><b>Clusters</b></span>.</li><li id="css_01_0012__li646189132418">On the displayed <strong id="css_01_0012__b842352706152846">Clusters</strong> page, locate the row containing the target cluster and click <span class="parmname" id="css_01_0012__parmname111362771917110"><b>Access Kibana</b></span> in the <span class="parmname" id="css_01_0012__parmname1212784480171038"><b>Operation</b></span> column.<p id="css_01_0012__p15151353439"></p>
</li><li id="css_01_0012__li546111962418">On the Kibana page that is displayed, you can create indices, query indices and documents, and analyze document fields. For details about Kibana, see <a href="css_04_0007.html">Product Components</a>. For details about how to import data to Elasticsearch, see the following sections:<ul id="css_01_0012__ul194611693248"><li id="css_01_0012__li54610913243"><a href="css_01_0048.html">Using Logstash to Import Data to Elasticsearch</a></li><li id="css_01_0012__li346119132415"><a href="css_01_0024.html">Using Kibana or APIs to Import Data to Elasticsearch</a></li></ul>
</li></ol>
</div>
<div class="section" id="css_01_0012__section16223134914582"><a name="css_01_0012__section16223134914582"></a><a name="section16223134914582"></a><h4 class="sectiontitle">Accessing a Cluster by Calling Elasticsearch APIs on the ECS That Is Located in the Same VPC as the Cluster</h4><p id="css_01_0012__p1216184175813">The ECS that you use to access the cluster by calling Elasticsearch APIs, must meet the following requirements. For details about how to create and log in to an ECS, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0092494193.html" target="_blank" rel="noopener noreferrer">Logging In to a Linux ECS</a> or <a href="https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0092494193.html" target="_blank" rel="noopener noreferrer">Logging In to a Windows ECS</a>.</p>
<ul id="css_01_0012__ul1512173017356"><li id="css_01_0012__li5679111965818">Sufficient disk space is allocated for the ECS.</li><li id="css_01_0012__li177641430191913">The ECS and the cluster must be in the same VPC.</li><li id="css_01_0012__li17361956113515">The security group of the ECS must be the same as that of the cluster.<p id="css_01_0012__p1961118514013"><a name="css_01_0012__li17361956113515"></a><a name="li17361956113515"></a>If this requirement is not met, modify the ECS security group or configure the inbound and outbound rules of the ECS security group to allow the ECS security group to be accessed by all security groups of the cluster. For details, see <a href="https://docs.otc.t-systems.com/en-us/usermanual/ecs/en-us_topic_0030878383.html" target="_blank" rel="noopener noreferrer">Configuring Security Group Rules</a>.</p>
</li><li id="css_01_0012__li18615245439">Configure security group rule settings of the target CSS cluster. Set <strong id="css_01_0012__b227371317517">Protocol</strong> to <strong id="css_01_0012__b32861161257">TCP</strong> and <strong id="css_01_0012__b18174121916516">Port Range</strong> to <strong id="css_01_0012__b72700238517">9200</strong> or a port range including port <strong id="css_01_0012__b149632712513">9200</strong> for both the outbound and inbound directions.</li></ul>
<p id="css_01_0012__p1086912347261">To access a cluster by calling Elasticsearch APIs on the ECS that is located in the same VPC as the cluster, perform the following steps:</p>
<ol id="css_01_0012__ol852205619137"><li id="css_01_0012__li13522115661317">Create and then log in to an ECS that meets the requirements.</li><li id="css_01_0012__li05221567130">To access a cluster, use the private network address and port number of one node in the cluster. You can obtain the private network addresses of nodes from the <span class="parmname" id="css_01_0012__parmname264491042234823"><b>Private Network Address</b></span> column in the cluster list. If there is only one node in the cluster, the private network address and port number of this node are displayed. If there are multiple nodes in the cluster, private network addresses and port numbers of all nodes are displayed.<p id="css_01_0012__p1424719152416">Assume that there are two nodes in a cluster. Value <span class="parmvalue" id="css_01_0012__parmvalue14221729105420"><b>10.62.179.32:9200 10.62.179.33:9200</b></span> indicates that the private network addresses of the two nodes are <span class="parmvalue" id="css_01_0012__parmvalue1869691119451"><b>10.62.179.32</b></span> and <span class="parmvalue" id="css_01_0012__parmvalue174861251105011"><b>10.62.179.33</b></span> respectively, and port <span class="parmvalue" id="css_01_0012__parmvalue3540175819459"><b>9200</b></span> is used to access both nodes.</p>
</li><li id="css_01_0012__li6522175620132">Run the cURL command to execute the API or call the API by using a program before accessing the cluster. For details about Elasticsearch operations and APIs, see the <a href="https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html" target="_blank" rel="noopener noreferrer">Elasticsearch Reference</a>.<div class="p" id="css_01_0012__p1776541452111">For example, run the following cURL command to view the index information in the cluster. In this example, the private access IP address of one node in the cluster is <span class="parmname" id="css_01_0012__parmname508562080173237"><b>10.62.179.32</b></span> and the port number is <span class="parmname" id="css_01_0012__parmname78249976173244"><b>9200</b></span>.<ul id="css_01_0012__ul8308721371"><li id="css_01_0012__li1279144813108">If the cluster you access has the communication encryption function enabled, you need to access the cluster using HTTPS and add <strong id="css_01_0012__b1245289039">-k</strong> to the cURL command.<div class="p" id="css_01_0012__p9183185710144">If communication encryption is enabled, the CSS server uses a shared self-signed certificate. In this case, the client cannot authenticate the certificate. You are advised to disable certificate verification on the client. <pre class="screen" id="css_01_0012__screen12183185713140">curl -k 'https://10.62.179.32:9200/_cat/indices'</pre>
</div>
</li><li id="css_01_0012__li5308225379">If encryption has not been enabled for the communication with the cluster, run the following command:<pre class="screen" id="css_01_0012__screen4537184616539">curl 'http://10.62.179.32:9200/_cat/indices'</pre>
</li></ul>
</div>
<div class="note" id="css_01_0012__note417244214611"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_01_0012__p8300641155815">In the preceding command, the private network address and port number of only one node in the cluster are used. If the node fails, the command will fail to be executed. If the cluster contains multiple nodes, you can replace the private network address and port number of the faulty node with those of any available node in the cluster. If the cluster contains only one node, restore the node and execute the command again.</p>
</div></div>
<p id="css_01_0012__p119821843195916">If encryption has not been enabled for the communication with the cluster, the command output is similar to that shown in the following figure.</p>
<div class="fignone" id="css_01_0012__fig129821943205913"><span class="figcap"><b>Figure 1 </b>Command output</span><br><span><img id="css_01_0012__image169501114121419" src="en-us_image_0000001554777361.png"></span></div>
</li></ol>
</div>
<div class="section" id="css_01_0012__section1619554519273"><a name="css_01_0012__section1619554519273"></a><a name="section1619554519273"></a><h4 class="sectiontitle">Accessing a Cluster Using Java API in Non-security Mode</h4><p id="css_01_0012__p1084073062813">For clusters in the non-security mode, you are advised to use use RestHighLevelClient.</p>
<ul id="css_01_0012__ul20605144218317"><li id="css_01_0012__li1940844693114">Create a client using the default method of the RestHighLevelClient class.<div class="codecoloring" codetype="Java" id="css_01_0012__screen19562018103615"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span>
<span class="normal">3</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="p">(</span>
<span class="w"> </span><span class="n">RestClient</span><span class="p">.</span><span class="na">builder</span><span class="p">(</span>
<span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">HttpHost</span><span class="p">(</span><span class="s">&quot;localhost&quot;</span><span class="p">,</span><span class="w"> </span><span class="mi">9200</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;http&quot;</span><span class="p">)));</span>
</pre></div></td></tr></table></div>
</div>
</li></ul>
</div>
<div class="section" id="css_01_0012__section0445155723816"><a name="css_01_0012__section0445155723816"></a><a name="section0445155723816"></a><h4 class="sectiontitle">Accessing a Cluster Using the Java API in Security Mode with Elasticsearch</h4><p id="css_01_0012__p7845247124613">After enabling the security mode function for Elasticsearch 7.1.1 and later versions, accessing a cluster requires the use of HTTPS and the username and password for authentication.</p>
<p id="css_01_0012__p179282024416">You need to use clusters 7.1.1 and later versions as well as related APIs if you use the Java API to access a cluster, because the TransportClient class in the earlier version cannot access a cluster using the username and password.</p>
<p id="css_01_0012__p1558213211419">Two access modes are available: Create a client using either the TransportClient or RestHighLevelClient class. RestHighLevelClient is recommended.</p>
<ul id="css_01_0012__ul8513152315408"><li id="css_01_0012__li135132774015"><strong id="css_01_0012__b1786920684918">Create a client using the TransportClient class.</strong><div class="p" id="css_01_0012__p1023281573220">Run the following commands on the client to generate the keystore and truststore files. The certificate (<strong id="css_01_0012__b2027315310315">CloudSearchService.cer</strong>) downloaded from the cluster management page is used. <div class="codecoloring" codetype="Java" id="css_01_0012__screen142111235476"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal">1</span>
<span class="normal">2</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">keytool</span><span class="w"> </span><span class="o">-</span><span class="n">genkeypair</span><span class="w"> </span><span class="o">-</span><span class="n">alias</span><span class="w"> </span><span class="n">certificatekey</span><span class="w"> </span><span class="o">-</span><span class="n">keyalg</span><span class="w"> </span><span class="n">RSA</span><span class="w"> </span><span class="o">-</span><span class="n">keystore</span><span class="w"> </span><span class="n">transport</span><span class="o">-</span><span class="n">keystore</span><span class="p">.</span><span class="na">jks</span>
<span class="n">keytool</span><span class="w"> </span><span class="o">-</span><span class="kn">import</span><span class="w"> </span><span class="err">-</span><span class="nn">alias</span><span class="w"> </span><span class="n">certificatekey</span><span class="w"> </span><span class="o">-</span><span class="n">file</span><span class="w"> </span><span class="n">CloudSearchService</span><span class="p">.</span><span class="na">cer</span><span class="w"> </span><span class="o">-</span><span class="n">keystore</span><span class="w"> </span><span class="n">truststore</span><span class="p">.</span><span class="na">jks</span>
</pre></div></td></tr></table></div>
</div>
</div>
<p id="css_01_0012__p27521451183117">Use the keystore and truststore files to access the cluster, create the TransportClient class using the PreBuiltTransportClient method, and add the settings in the client thread.</p>
<p id="css_01_0012__p411173184218"></p>
<div class="p" id="css_01_0012__p1915975210476">The key code is as follows:<div class="codecoloring" codetype="Java" id="css_01_0012__screen155716303482"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span></pre></div></td><td class="code"><div><pre><span></span><span class="n">String</span><span class="w"> </span><span class="n">userPw</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="s">&quot;username:password&quot;</span><span class="p">;</span>
<span class="n">String</span><span class="w"> </span><span class="n">path</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Paths</span><span class="p">.</span><span class="na">get</span><span class="p">(</span><span class="n">SecurityTransportClientDemo</span><span class="p">.</span><span class="na">class</span><span class="p">.</span><span class="na">getClassLoader</span><span class="p">().</span><span class="na">getResource</span><span class="p">(</span><span class="s">&quot;.&quot;</span><span class="p">).</span><span class="na">toURI</span><span class="p">()).</span><span class="na">toString</span><span class="p">();</span>
<span class="w"> </span>
<span class="n">Settings</span><span class="w"> </span><span class="n">settings</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Settings</span><span class="p">.</span><span class="na">builder</span><span class="p">()</span>
<span class="w"> </span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&quot;opendistro_security.ssl.transport.enforce_hostname_verification&quot;</span><span class="p">,</span><span class="w"> </span><span class="kc">false</span><span class="p">)</span>
<span class="w"> </span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&quot;opendistro_security.ssl.transport.keystore_filepath&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">path</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="s">&quot;/transport-keystore.jks&quot;</span><span class="p">)</span>
<span class="w"> </span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&quot;opendistro_security.ssl.transport.keystore_password&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;tscpass&quot;</span><span class="p">)</span>
<span class="w"> </span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&quot;opendistro_security.ssl.transport.truststore_filepath&quot;</span><span class="p">,</span><span class="w"> </span><span class="n">path</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="s">&quot;/truststore.jks&quot;</span><span class="p">)</span>
<span class="w"> </span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&quot;client.transport.ignore_cluster_name&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;true&quot;</span><span class="p">)</span>
<span class="w"> </span><span class="p">.</span><span class="na">put</span><span class="p">(</span><span class="s">&quot;client.transport.sniff&quot;</span><span class="p">,</span><span class="w"> </span><span class="kc">false</span><span class="p">).</span><span class="na">build</span><span class="p">();</span>
<span class="w"> </span>
<span class="n">TransportClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="k">new</span><span class="w"> </span><span class="n">PreBuiltTransportClient</span><span class="p">(</span><span class="n">settings</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">Class</span><span class="o">[]</span><span class="p">{</span><span class="n">OpenDistroSecurityPlugin</span><span class="p">.</span><span class="na">class</span><span class="p">})).</span><span class="na">addTransportAddress</span><span class="p">(</span><span class="k">new</span>
<span class="w"> </span><span class="n">TransportAddress</span><span class="p">(</span><span class="n">InetAddress</span><span class="p">.</span><span class="na">getByName</span><span class="p">(</span><span class="n">ip</span><span class="p">),</span><span class="w"> </span><span class="mi">9300</span><span class="p">));</span>
<span class="w"> </span>
<span class="n">String</span><span class="w"> </span><span class="n">base64UserPw</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Base64</span><span class="p">.</span><span class="na">getEncoder</span><span class="p">().</span><span class="na">encodeToString</span><span class="p">(</span><span class="n">userPw</span><span class="p">.</span><span class="na">getBytes</span><span class="p">(</span><span class="s">&quot;utf-8&quot;</span><span class="p">));</span><span class="w"> </span>
<span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="na">threadPool</span><span class="p">().</span><span class="na">getThreadContext</span><span class="p">().</span><span class="na">putHeader</span><span class="p">(</span><span class="s">&quot;Authorization&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;Basic &quot;</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">base64UserPw</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</div>
</li><li id="css_01_0012__li535122719408"><strong id="css_01_0012__b122142211218">Create a client using the RestHighLevelClient class.</strong><p id="css_01_0012__p299693817479">The HttpHost class is used to process HTTP requests. In the HttpHost class, the CredentialsProvider and SSLIOSessionStrategy configuration parameter classes are encapsulated in the customized SecuredHttpClientConfigCallback class to configure request connection parameters.</p>
<p id="css_01_0012__p15301152914">SecuredHttpClientConfigCallback: encapsulates all user-defined connection parameters.</p>
<p id="css_01_0012__p11952028185119">CredentialsProvider: Elasticsearch API, which is used to encapsulate the username and password using the method provided by Elasticsearch.</p>
<p id="css_01_0012__p595272819516">SSLIOSessionStrategy: Configure SSL parameters, including the SSL domain name authentication mode and certificate processing mode. The SSLContext class is used to encapsulate related settings.</p>
<p id="css_01_0012__p12114184113">You can access a cluster through either of the following modes: ignore certificates and use certificates.</p>
<ul id="css_01_0012__ul17992148165316"><li id="css_01_0012__li16410554165310">Ignore all certificates and skip certificate authentication.<p id="css_01_0012__p648113204544"><a name="css_01_0012__li16410554165310"></a><a name="li16410554165310"></a>Construct the TrustManager. Use the default X509TrustManager. Do not rewrite any method. That is, ignore all related operations.</p>
<div class="p" id="css_01_0012__p145033321544">Construct the SSLContext. Use TrustManager in the preceding step as the parameter and construct the SSLContext with the default method.<div class="codecoloring" codetype="Java" id="css_01_0012__screen1251815463575"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span>
<span class="normal">23</span>
<span class="normal">24</span>
<span class="normal">25</span>
<span class="normal">26</span>
<span class="normal">27</span>
<span class="normal">28</span>
<span class="normal">29</span>
<span class="normal">30</span>
<span class="normal">31</span>
<span class="normal">32</span>
<span class="normal">33</span>
<span class="normal">34</span></pre></div></td><td class="code"><div><pre><span></span><span class="kd">static</span><span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="n">trustAllCerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">X509TrustManager</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">checkClientTrusted</span><span class="p">(</span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="n">chain</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">authType</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">CertificateException</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">checkServerTrusted</span><span class="p">(</span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="n">chain</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">authType</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">CertificateException</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="nf">getAcceptedIssuers</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}};</span>
<span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">BasicCredentialsProvider</span><span class="p">();</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">.</span><span class="na">setCredentials</span><span class="p">(</span><span class="n">AuthScope</span><span class="p">.</span><span class="na">ANY</span><span class="p">,</span>
<span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">UsernamePasswordCredentials</span><span class="p">(</span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">));</span>
<span class="w"> </span><span class="n">SSLContext</span><span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="k">try</span><span class="p">{</span>
<span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSLContext</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SSL&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">sc</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="n">trustAllCerts</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecureRandom</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span><span class="k">catch</span><span class="p">(</span><span class="n">KeyManagementException</span><span class="w"> </span><span class="n">e</span><span class="p">){</span><span class="w"> </span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span><span class="k">catch</span><span class="p">(</span><span class="n">NoSuchAlgorithmException</span><span class="w"> </span><span class="n">e</span><span class="p">){</span><span class="w"> </span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sessionStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="p">(</span><span class="n">sc</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">NullHostNameVerifier</span><span class="p">());</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="n">httpClientConfigCallback</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="n">sessionStrategy</span><span class="p">,</span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">RestClientBuilder</span><span class="w"> </span><span class="n">builder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">RestClient</span><span class="p">.</span><span class="na">builder</span><span class="p">(</span><span class="k">new</span><span class="w"> </span><span class="n">HttpHost</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="mi">9200</span><span class="p">,</span>
<span class="w"> </span><span class="s">&quot;https&quot;</span><span class="p">)).</span><span class="na">setHttpClientConfigCallback</span><span class="p">(</span><span class="n">httpClientConfigCallback</span><span class="p">);</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="p">(</span><span class="n">builder</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</div>
</li><li id="css_01_0012__li34108549532">Upload the downloaded certificate (<strong id="css_01_0012__b932791184815">CloudSearchService.cer</strong>) for accessing the cluster.<div class="p" id="css_01_0012__p135431746145512">Upload the certificate to the client and use the keytool to convert the certificate into a format that can be read by Java. (The default password of the keytool is <strong id="css_01_0012__b8251541144919">changeit</strong>).<pre class="screen" id="css_01_0012__screen171111320115718">keytool -import -alias <em id="css_01_0012__i26421452526">custom name</em> -keystore <em id="css_01_0012__i1699684855216">path for exporting the certificate and its new name</em> -file <em id="css_01_0012__i14444181812556">path for uploading the certificate</em></pre>
</div>
<p id="css_01_0012__p13544146105519">Customize the TrustManager class, which is inherited from the X509TrustManager. Read the certificate generated in the preceding step, add it to the trust certificate, and rewrite the three methods of the X509TrustManager interface.</p>
<div class="p" id="css_01_0012__p454494618559">Construct the SSLContext. Use TrustManager in the preceding step as the parameter and construct the SSLContext with the default method.<div class="codecoloring" codetype="Java" id="css_01_0012__screen10100175110571"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span>
<span class="normal">23</span>
<span class="normal">24</span>
<span class="normal">25</span>
<span class="normal">26</span>
<span class="normal">27</span>
<span class="normal">28</span>
<span class="normal">29</span>
<span class="normal">30</span>
<span class="normal">31</span>
<span class="normal">32</span>
<span class="normal">33</span>
<span class="normal">34</span>
<span class="normal">35</span>
<span class="normal">36</span>
<span class="normal">37</span>
<span class="normal">38</span>
<span class="normal">39</span>
<span class="normal">40</span>
<span class="normal">41</span>
<span class="normal">42</span>
<span class="normal">43</span>
<span class="normal">44</span></pre></div></td><td class="code"><div><pre><span></span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">class</span> <span class="nc">MyX509TrustManager</span><span class="w"> </span><span class="kd">implements</span><span class="w"> </span><span class="n">X509TrustManager</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">X509TrustManager</span><span class="w"> </span><span class="n">sunJSSEX509TrustManager</span><span class="p">;</span>
<span class="w"> </span><span class="n">MyX509TrustManager</span><span class="p">()</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">Exception</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">File</span><span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">File</span><span class="p">(</span><span class="s">&quot;certification file path&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">file</span><span class="p">.</span><span class="na">isFile</span><span class="p">()</span><span class="w"> </span><span class="o">==</span><span class="w"> </span><span class="kc">false</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">throw</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">Exception</span><span class="p">(</span><span class="s">&quot;Wrong Certification Path&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;Loading KeyStore &quot;</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="s">&quot;...&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">InputStream</span><span class="w"> </span><span class="n">in</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">FileInputStream</span><span class="p">(</span><span class="n">file</span><span class="p">);</span>
<span class="w"> </span><span class="n">KeyStore</span><span class="w"> </span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">KeyStore</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;JKS&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">ks</span><span class="p">.</span><span class="na">load</span><span class="p">(</span><span class="n">in</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;changeit&quot;</span><span class="p">.</span><span class="na">toCharArray</span><span class="p">());</span>
<span class="w"> </span><span class="n">TrustManagerFactory</span><span class="w"> </span><span class="n">tmf</span><span class="w"> </span><span class="o">=</span>
<span class="w"> </span><span class="n">TrustManagerFactory</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SunX509&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;SunJSSE&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">tmf</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w"> </span><span class="n">TrustManager</span><span class="w"> </span><span class="n">tms</span><span class="w"> </span><span class="o">[]</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">tmf</span><span class="p">.</span><span class="na">getTrustManagers</span><span class="p">();</span>
<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="kt">int</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="mi">0</span><span class="p">;</span><span class="w"> </span><span class="n">i</span><span class="w"> </span><span class="o">&lt;</span><span class="w"> </span><span class="n">tms</span><span class="p">.</span><span class="na">length</span><span class="p">;</span><span class="w"> </span><span class="n">i</span><span class="o">++</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">tms</span><span class="o">[</span><span class="n">i</span><span class="o">]</span><span class="w"> </span><span class="k">instanceof</span><span class="w"> </span><span class="n">X509TrustManager</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">sunJSSEX509TrustManager</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">X509TrustManager</span><span class="p">)</span><span class="w"> </span><span class="n">tms</span><span class="o">[</span><span class="n">i</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="k">return</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">throw</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">Exception</span><span class="p">(</span><span class="s">&quot;Couldn't initialize&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span>
<span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">BasicCredentialsProvider</span><span class="p">();</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">.</span><span class="na">setCredentials</span><span class="p">(</span><span class="n">AuthScope</span><span class="p">.</span><span class="na">ANY</span><span class="p">,</span>
<span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">UsernamePasswordCredentials</span><span class="p">(</span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">));</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">SSLContext</span><span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="k">try</span><span class="p">{</span>
<span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="n">tm</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span><span class="k">new</span><span class="w"> </span><span class="n">MyX509TrustManager</span><span class="p">()};</span>
<span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSLContext</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SSL&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;SunJSSE&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">sc</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="n">tm</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecureRandom</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">Exception</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span><span class="w"> </span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sessionStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="p">(</span><span class="n">sc</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">NullHostNameVerifier</span><span class="p">());</span>
<span class="w"> </span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="n">httpClientConfigCallback</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="n">sessionStrategy</span><span class="p">,</span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestClientBuilder</span><span class="w"> </span><span class="n">builder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">RestClient</span><span class="p">.</span><span class="na">builder</span><span class="p">(</span><span class="k">new</span><span class="w"> </span><span class="n">HttpHost</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="mi">9200</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;https&quot;</span><span class="p">))</span>
<span class="w"> </span><span class="p">.</span><span class="na">setHttpClientConfigCallback</span><span class="p">(</span><span class="n">httpClientConfigCallback</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="p">(</span><span class="n">builder</span><span class="p">);</span>
</pre></div></td></tr></table></div>
</div>
</div>
</li></ul>
<ul id="css_01_0012__ul12262135411197"><li id="css_01_0012__li20262454121918">Sample code<p id="css_01_0012__p174121343192018"><a name="css_01_0012__li20262454121918"></a><a name="li20262454121918"></a>When the code is running, transfer three parameters: access address, cluster login username, and password. The request is <strong id="css_01_0012__b1828317582114">GET /_search{"query": {"match_all": {}}}</strong>.</p>
<div class="note" id="css_01_0012__note635124214101"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="css_01_0012__p183511842171017">The access address of a cluster with security mode enabled usually starts with <strong id="css_01_0012__b1980315831211">https</strong>.</p>
</div></div>
<p id="css_01_0012__p096953862219"><strong id="css_01_0012__b583714021414">ESSecuredClient class (Ignore certificates)</strong></p>
<div class="codecoloring" codetype="Java" id="css_01_0012__screen5753629123118"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal"> 10</span>
<span class="normal"> 11</span>
<span class="normal"> 12</span>
<span class="normal"> 13</span>
<span class="normal"> 14</span>
<span class="normal"> 15</span>
<span class="normal"> 16</span>
<span class="normal"> 17</span>
<span class="normal"> 18</span>
<span class="normal"> 19</span>
<span class="normal"> 20</span>
<span class="normal"> 21</span>
<span class="normal"> 22</span>
<span class="normal"> 23</span>
<span class="normal"> 24</span>
<span class="normal"> 25</span>
<span class="normal"> 26</span>
<span class="normal"> 27</span>
<span class="normal"> 28</span>
<span class="normal"> 29</span>
<span class="normal"> 30</span>
<span class="normal"> 31</span>
<span class="normal"> 32</span>
<span class="normal"> 33</span>
<span class="normal"> 34</span>
<span class="normal"> 35</span>
<span class="normal"> 36</span>
<span class="normal"> 37</span>
<span class="normal"> 38</span>
<span class="normal"> 39</span>
<span class="normal"> 40</span>
<span class="normal"> 41</span>
<span class="normal"> 42</span>
<span class="normal"> 43</span>
<span class="normal"> 44</span>
<span class="normal"> 45</span>
<span class="normal"> 46</span>
<span class="normal"> 47</span>
<span class="normal"> 48</span>
<span class="normal"> 49</span>
<span class="normal"> 50</span>
<span class="normal"> 51</span>
<span class="normal"> 52</span>
<span class="normal"> 53</span>
<span class="normal"> 54</span>
<span class="normal"> 55</span>
<span class="normal"> 56</span>
<span class="normal"> 57</span>
<span class="normal"> 58</span>
<span class="normal"> 59</span>
<span class="normal"> 60</span>
<span class="normal"> 61</span>
<span class="normal"> 62</span>
<span class="normal"> 63</span>
<span class="normal"> 64</span>
<span class="normal"> 65</span>
<span class="normal"> 66</span>
<span class="normal"> 67</span>
<span class="normal"> 68</span>
<span class="normal"> 69</span>
<span class="normal"> 70</span>
<span class="normal"> 71</span>
<span class="normal"> 72</span>
<span class="normal"> 73</span>
<span class="normal"> 74</span>
<span class="normal"> 75</span>
<span class="normal"> 76</span>
<span class="normal"> 77</span>
<span class="normal"> 78</span>
<span class="normal"> 79</span>
<span class="normal"> 80</span>
<span class="normal"> 81</span>
<span class="normal"> 82</span>
<span class="normal"> 83</span>
<span class="normal"> 84</span>
<span class="normal"> 85</span>
<span class="normal"> 86</span>
<span class="normal"> 87</span>
<span class="normal"> 88</span>
<span class="normal"> 89</span>
<span class="normal"> 90</span>
<span class="normal"> 91</span>
<span class="normal"> 92</span>
<span class="normal"> 93</span>
<span class="normal"> 94</span>
<span class="normal"> 95</span>
<span class="normal"> 96</span>
<span class="normal"> 97</span>
<span class="normal"> 98</span>
<span class="normal"> 99</span>
<span class="normal">100</span>
<span class="normal">101</span>
<span class="normal">102</span>
<span class="normal">103</span>
<span class="normal">104</span>
<span class="normal">105</span>
<span class="normal">106</span>
<span class="normal">107</span>
<span class="normal">108</span>
<span class="normal">109</span>
<span class="normal">110</span>
<span class="normal">111</span></pre></div></td><td class="code"><div><pre><span></span><span class="kn">package</span><span class="w"> </span><span class="nn">securitymode</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.auth.AuthScope</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.auth.UsernamePasswordCredentials</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.client.CredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.impl.client.BasicCredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.HttpHost</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.nio.conn.ssl.SSLIOSessionStrategy</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.action.search.SearchRequest</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.action.search.SearchResponse</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RequestOptions</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClient</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestHighLevelClient</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.index.query.QueryBuilders</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.SearchHit</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.SearchHits</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.builder.SearchSourceBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.IOException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.KeyManagementException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.NoSuchAlgorithmException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.SecureRandom</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.cert.CertificateException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.cert.X509Certificate</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.HostnameVerifier</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.SSLContext</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.SSLSession</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.TrustManager</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.X509TrustManager</span><span class="p">;</span>
<span class="kd">public</span><span class="w"> </span><span class="kd">class</span> <span class="nc">ESSecuredClientIgnoreCerDemo</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">main</span><span class="p">(</span><span class="n">String</span><span class="o">[]</span><span class="w"> </span><span class="n">args</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">clusterAddress</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">userName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">1</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">2</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="c1">// Create a client.</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">initESClient</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">);</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// Search match_all, which is equivalent to {\&quot;query\&quot;: {\&quot;match_all\&quot;: {}}}.</span>
<span class="w"> </span><span class="n">SearchRequest</span><span class="w"> </span><span class="n">searchRequest</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SearchRequest</span><span class="p">();</span>
<span class="w"> </span><span class="n">SearchSourceBuilder</span><span class="w"> </span><span class="n">searchSourceBuilder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SearchSourceBuilder</span><span class="p">();</span>
<span class="w"> </span><span class="n">searchSourceBuilder</span><span class="p">.</span><span class="na">query</span><span class="p">(</span><span class="n">QueryBuilders</span><span class="p">.</span><span class="na">matchAllQuery</span><span class="p">());</span>
<span class="w"> </span><span class="n">searchRequest</span><span class="p">.</span><span class="na">source</span><span class="p">(</span><span class="n">searchSourceBuilder</span><span class="p">);</span>
<span class="w"> </span><span class="n">SearchResponse</span><span class="w"> </span><span class="n">searchResponse</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="na">search</span><span class="p">(</span><span class="n">searchRequest</span><span class="p">,</span><span class="w"> </span><span class="n">RequestOptions</span><span class="p">.</span><span class="na">DEFAULT</span><span class="p">);</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;query result: &quot;</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">searchResponse</span><span class="p">.</span><span class="na">toString</span><span class="p">());</span>
<span class="w"> </span><span class="n">SearchHits</span><span class="w"> </span><span class="n">hits</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">searchResponse</span><span class="p">.</span><span class="na">getHits</span><span class="p">();</span>
<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="n">SearchHit</span><span class="w"> </span><span class="n">hit</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">hits</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="n">hit</span><span class="p">.</span><span class="na">getSourceAsString</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;query success&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">Thread</span><span class="p">.</span><span class="na">sleep</span><span class="p">(</span><span class="mi">2000L</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">InterruptedException</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">IOException</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">finally</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="na">close</span><span class="p">();</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;close client&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">IOException</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="nf">initESClient</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">password</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">BasicCredentialsProvider</span><span class="p">();</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">.</span><span class="na">setCredentials</span><span class="p">(</span><span class="n">AuthScope</span><span class="p">.</span><span class="na">ANY</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">UsernamePasswordCredentials</span><span class="p">(</span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">));</span>
<span class="w"> </span><span class="n">SSLContext</span><span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSLContext</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SSL&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">sc</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="n">trustAllCerts</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecureRandom</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">KeyManagementException</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">NoSuchAlgorithmException</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sessionStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="p">(</span><span class="n">sc</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">NullHostNameVerifier</span><span class="p">());</span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="n">httpClientConfigCallback</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="n">sessionStrategy</span><span class="p">,</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestClientBuilder</span><span class="w"> </span><span class="n">builder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">RestClient</span><span class="p">.</span><span class="na">builder</span><span class="p">(</span><span class="k">new</span><span class="w"> </span><span class="n">HttpHost</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="mi">9200</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;https&quot;</span><span class="p">))</span>
<span class="w"> </span><span class="p">.</span><span class="na">setHttpClientConfigCallback</span><span class="p">(</span><span class="n">httpClientConfigCallback</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="p">(</span><span class="n">builder</span><span class="p">);</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="n">trustAllCerts</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">X509TrustManager</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">checkClientTrusted</span><span class="p">(</span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="n">chain</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">authType</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">CertificateException</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">checkServerTrusted</span><span class="p">(</span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="n">chain</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">authType</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">CertificateException</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="nf">getAcceptedIssuers</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">};</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">class</span> <span class="nc">NullHostNameVerifier</span><span class="w"> </span><span class="kd">implements</span><span class="w"> </span><span class="n">HostnameVerifier</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">boolean</span><span class="w"> </span><span class="nf">verify</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">arg0</span><span class="p">,</span><span class="w"> </span><span class="n">SSLSession</span><span class="w"> </span><span class="n">arg1</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">true</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></td></tr></table></div>
</div>
<p id="css_01_0012__p52288212261"><strong id="css_01_0012__b188299364157">ESSecuredClient class (Uses certificates)</strong></p>
<div class="codecoloring" codetype="Java" id="css_01_0012__screen20735043112820"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal"> 10</span>
<span class="normal"> 11</span>
<span class="normal"> 12</span>
<span class="normal"> 13</span>
<span class="normal"> 14</span>
<span class="normal"> 15</span>
<span class="normal"> 16</span>
<span class="normal"> 17</span>
<span class="normal"> 18</span>
<span class="normal"> 19</span>
<span class="normal"> 20</span>
<span class="normal"> 21</span>
<span class="normal"> 22</span>
<span class="normal"> 23</span>
<span class="normal"> 24</span>
<span class="normal"> 25</span>
<span class="normal"> 26</span>
<span class="normal"> 27</span>
<span class="normal"> 28</span>
<span class="normal"> 29</span>
<span class="normal"> 30</span>
<span class="normal"> 31</span>
<span class="normal"> 32</span>
<span class="normal"> 33</span>
<span class="normal"> 34</span>
<span class="normal"> 35</span>
<span class="normal"> 36</span>
<span class="normal"> 37</span>
<span class="normal"> 38</span>
<span class="normal"> 39</span>
<span class="normal"> 40</span>
<span class="normal"> 41</span>
<span class="normal"> 42</span>
<span class="normal"> 43</span>
<span class="normal"> 44</span>
<span class="normal"> 45</span>
<span class="normal"> 46</span>
<span class="normal"> 47</span>
<span class="normal"> 48</span>
<span class="normal"> 49</span>
<span class="normal"> 50</span>
<span class="normal"> 51</span>
<span class="normal"> 52</span>
<span class="normal"> 53</span>
<span class="normal"> 54</span>
<span class="normal"> 55</span>
<span class="normal"> 56</span>
<span class="normal"> 57</span>
<span class="normal"> 58</span>
<span class="normal"> 59</span>
<span class="normal"> 60</span>
<span class="normal"> 61</span>
<span class="normal"> 62</span>
<span class="normal"> 63</span>
<span class="normal"> 64</span>
<span class="normal"> 65</span>
<span class="normal"> 66</span>
<span class="normal"> 67</span>
<span class="normal"> 68</span>
<span class="normal"> 69</span>
<span class="normal"> 70</span>
<span class="normal"> 71</span>
<span class="normal"> 72</span>
<span class="normal"> 73</span>
<span class="normal"> 74</span>
<span class="normal"> 75</span>
<span class="normal"> 76</span>
<span class="normal"> 77</span>
<span class="normal"> 78</span>
<span class="normal"> 79</span>
<span class="normal"> 80</span>
<span class="normal"> 81</span>
<span class="normal"> 82</span>
<span class="normal"> 83</span>
<span class="normal"> 84</span>
<span class="normal"> 85</span>
<span class="normal"> 86</span>
<span class="normal"> 87</span>
<span class="normal"> 88</span>
<span class="normal"> 89</span>
<span class="normal"> 90</span>
<span class="normal"> 91</span>
<span class="normal"> 92</span>
<span class="normal"> 93</span>
<span class="normal"> 94</span>
<span class="normal"> 95</span>
<span class="normal"> 96</span>
<span class="normal"> 97</span>
<span class="normal"> 98</span>
<span class="normal"> 99</span>
<span class="normal">100</span>
<span class="normal">101</span>
<span class="normal">102</span>
<span class="normal">103</span>
<span class="normal">104</span>
<span class="normal">105</span>
<span class="normal">106</span>
<span class="normal">107</span>
<span class="normal">108</span>
<span class="normal">109</span>
<span class="normal">110</span>
<span class="normal">111</span>
<span class="normal">112</span>
<span class="normal">113</span>
<span class="normal">114</span>
<span class="normal">115</span>
<span class="normal">116</span>
<span class="normal">117</span>
<span class="normal">118</span>
<span class="normal">119</span>
<span class="normal">120</span>
<span class="normal">121</span>
<span class="normal">122</span>
<span class="normal">123</span>
<span class="normal">124</span>
<span class="normal">125</span>
<span class="normal">126</span>
<span class="normal">127</span>
<span class="normal">128</span>
<span class="normal">129</span>
<span class="normal">130</span>
<span class="normal">131</span>
<span class="normal">132</span>
<span class="normal">133</span>
<span class="normal">134</span>
<span class="normal">135</span>
<span class="normal">136</span>
<span class="normal">137</span>
<span class="normal">138</span>
<span class="normal">139</span>
<span class="normal">140</span>
<span class="normal">141</span>
<span class="normal">142</span>
<span class="normal">143</span>
<span class="normal">144</span></pre></div></td><td class="code"><div><pre><span></span><span class="kn">package</span><span class="w"> </span><span class="nn">securitymode</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.auth.AuthScope</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.auth.UsernamePasswordCredentials</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.client.CredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.impl.client.BasicCredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.HttpHost</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.nio.conn.ssl.SSLIOSessionStrategy</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.action.search.SearchRequest</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.action.search.SearchResponse</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RequestOptions</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClient</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestHighLevelClient</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.index.query.QueryBuilders</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.SearchHit</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.SearchHits</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.search.builder.SearchSourceBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.File</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.FileInputStream</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.IOException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.io.InputStream</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.KeyStore</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.SecureRandom</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.cert.CertificateException</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.security.cert.X509Certificate</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.HostnameVerifier</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.SSLContext</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.SSLSession</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.TrustManager</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.TrustManagerFactory</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">javax.net.ssl.X509TrustManager</span><span class="p">;</span>
<span class="kd">public</span><span class="w"> </span><span class="kd">class</span> <span class="nc">ESSecuredClientWithCerDemo</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">main</span><span class="p">(</span><span class="n">String</span><span class="o">[]</span><span class="w"> </span><span class="n">args</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">clusterAddress</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">0</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">userName</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">1</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">password</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">2</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">cerFilePath</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">3</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">cerPassword</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">args</span><span class="o">[</span><span class="mi">4</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="c1">// Create a client.</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">initESClient</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">,</span><span class="w"> </span><span class="n">cerFilePath</span><span class="p">,</span><span class="w"> </span><span class="n">cerPassword</span><span class="p">);</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// Search match_all, which is equivalent to {\&quot;query\&quot;: {\&quot;match_all\&quot;: {}}}.</span>
<span class="w"> </span><span class="n">SearchRequest</span><span class="w"> </span><span class="n">searchRequest</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SearchRequest</span><span class="p">();</span>
<span class="w"> </span><span class="n">SearchSourceBuilder</span><span class="w"> </span><span class="n">searchSourceBuilder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SearchSourceBuilder</span><span class="p">();</span>
<span class="w"> </span><span class="n">searchSourceBuilder</span><span class="p">.</span><span class="na">query</span><span class="p">(</span><span class="n">QueryBuilders</span><span class="p">.</span><span class="na">matchAllQuery</span><span class="p">());</span>
<span class="w"> </span><span class="n">searchRequest</span><span class="p">.</span><span class="na">source</span><span class="p">(</span><span class="n">searchSourceBuilder</span><span class="p">);</span>
<span class="w"> </span><span class="c1">// query</span>
<span class="w"> </span><span class="n">SearchResponse</span><span class="w"> </span><span class="n">searchResponse</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="na">search</span><span class="p">(</span><span class="n">searchRequest</span><span class="p">,</span><span class="w"> </span><span class="n">RequestOptions</span><span class="p">.</span><span class="na">DEFAULT</span><span class="p">);</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;query result: &quot;</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">searchResponse</span><span class="p">.</span><span class="na">toString</span><span class="p">());</span>
<span class="w"> </span><span class="n">SearchHits</span><span class="w"> </span><span class="n">hits</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">searchResponse</span><span class="p">.</span><span class="na">getHits</span><span class="p">();</span>
<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="n">SearchHit</span><span class="w"> </span><span class="n">hit</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">hits</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="n">hit</span><span class="p">.</span><span class="na">getSourceAsString</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;query success&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">Thread</span><span class="p">.</span><span class="na">sleep</span><span class="p">(</span><span class="mi">2000L</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">InterruptedException</span><span class="w"> </span><span class="o">|</span><span class="w"> </span><span class="n">IOException</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">finally</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">client</span><span class="p">.</span><span class="na">close</span><span class="p">();</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;close client&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">IOException</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="nf">initESClient</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">password</span><span class="p">,</span>
<span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">cerFilePath</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">cerPassword</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">BasicCredentialsProvider</span><span class="p">();</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">.</span><span class="na">setCredentials</span><span class="p">(</span><span class="n">AuthScope</span><span class="p">.</span><span class="na">ANY</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">UsernamePasswordCredentials</span><span class="p">(</span><span class="n">userName</span><span class="p">,</span><span class="w"> </span><span class="n">password</span><span class="p">));</span>
<span class="w"> </span><span class="n">SSLContext</span><span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="kc">null</span><span class="p">;</span>
<span class="w"> </span><span class="k">try</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="n">tm</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">{</span><span class="k">new</span><span class="w"> </span><span class="n">MyX509TrustManager</span><span class="p">(</span><span class="n">cerFilePath</span><span class="p">,</span><span class="w"> </span><span class="n">cerPassword</span><span class="p">)};</span>
<span class="w"> </span><span class="n">sc</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">SSLContext</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SSL&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;SunJSSE&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="c1">//You can also use SSLContext sslContext = SSLContext.getInstance(&quot;TLSv1.2&quot;);</span>
<span class="w"> </span><span class="n">sc</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="kc">null</span><span class="p">,</span><span class="w"> </span><span class="n">tm</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecureRandom</span><span class="p">());</span>
<span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="k">catch</span><span class="w"> </span><span class="p">(</span><span class="n">Exception</span><span class="w"> </span><span class="n">e</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">e</span><span class="p">.</span><span class="na">printStackTrace</span><span class="p">();</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sessionStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="p">(</span><span class="n">sc</span><span class="p">,</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">NullHostNameVerifier</span><span class="p">());</span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="n">httpClientConfigCallback</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="n">sessionStrategy</span><span class="p">,</span>
<span class="w"> </span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestClientBuilder</span><span class="w"> </span><span class="n">builder</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">RestClient</span><span class="p">.</span><span class="na">builder</span><span class="p">(</span><span class="k">new</span><span class="w"> </span><span class="n">HttpHost</span><span class="p">(</span><span class="n">clusterAddress</span><span class="p">,</span><span class="w"> </span><span class="mi">9200</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;https&quot;</span><span class="p">))</span>
<span class="w"> </span><span class="p">.</span><span class="na">setHttpClientConfigCallback</span><span class="p">(</span><span class="n">httpClientConfigCallback</span><span class="p">);</span>
<span class="w"> </span><span class="n">RestHighLevelClient</span><span class="w"> </span><span class="n">client</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">RestHighLevelClient</span><span class="p">(</span><span class="n">builder</span><span class="p">);</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">client</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">class</span> <span class="nc">MyX509TrustManager</span><span class="w"> </span><span class="kd">implements</span><span class="w"> </span><span class="n">X509TrustManager</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">X509TrustManager</span><span class="w"> </span><span class="n">sunJSSEX509TrustManager</span><span class="p">;</span>
<span class="w"> </span><span class="n">MyX509TrustManager</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">cerFilePath</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">cerPassword</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">Exception</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">File</span><span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">File</span><span class="p">(</span><span class="n">cerFilePath</span><span class="p">);</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="o">!</span><span class="n">file</span><span class="p">.</span><span class="na">isFile</span><span class="p">())</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">throw</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">Exception</span><span class="p">(</span><span class="s">&quot;Wrong Certification Path&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="n">System</span><span class="p">.</span><span class="na">out</span><span class="p">.</span><span class="na">println</span><span class="p">(</span><span class="s">&quot;Loading KeyStore &quot;</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="n">file</span><span class="w"> </span><span class="o">+</span><span class="w"> </span><span class="s">&quot;...&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">InputStream</span><span class="w"> </span><span class="n">in</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">FileInputStream</span><span class="p">(</span><span class="n">file</span><span class="p">);</span>
<span class="w"> </span><span class="n">KeyStore</span><span class="w"> </span><span class="n">ks</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">KeyStore</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;JKS&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">ks</span><span class="p">.</span><span class="na">load</span><span class="p">(</span><span class="n">in</span><span class="p">,</span><span class="w"> </span><span class="n">cerPassword</span><span class="p">.</span><span class="na">toCharArray</span><span class="p">());</span>
<span class="w"> </span><span class="n">TrustManagerFactory</span><span class="w"> </span><span class="n">tmf</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">TrustManagerFactory</span><span class="p">.</span><span class="na">getInstance</span><span class="p">(</span><span class="s">&quot;SunX509&quot;</span><span class="p">,</span><span class="w"> </span><span class="s">&quot;SunJSSE&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="n">tmf</span><span class="p">.</span><span class="na">init</span><span class="p">(</span><span class="n">ks</span><span class="p">);</span>
<span class="w"> </span><span class="n">TrustManager</span><span class="o">[]</span><span class="w"> </span><span class="n">tms</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">tmf</span><span class="p">.</span><span class="na">getTrustManagers</span><span class="p">();</span>
<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="p">(</span><span class="n">TrustManager</span><span class="w"> </span><span class="n">tm</span><span class="w"> </span><span class="p">:</span><span class="w"> </span><span class="n">tms</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">tm</span><span class="w"> </span><span class="k">instanceof</span><span class="w"> </span><span class="n">X509TrustManager</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">sunJSSEX509TrustManager</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="p">(</span><span class="n">X509TrustManager</span><span class="p">)</span><span class="w"> </span><span class="n">tm</span><span class="p">;</span>
<span class="w"> </span><span class="k">return</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">throw</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">Exception</span><span class="p">(</span><span class="s">&quot;Couldn't initialize&quot;</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">checkClientTrusted</span><span class="p">(</span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="n">chain</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">authType</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">CertificateException</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">void</span><span class="w"> </span><span class="nf">checkServerTrusted</span><span class="p">(</span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="n">chain</span><span class="p">,</span><span class="w"> </span><span class="n">String</span><span class="w"> </span><span class="n">authType</span><span class="p">)</span><span class="w"> </span><span class="kd">throws</span><span class="w"> </span><span class="n">CertificateException</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="n">X509Certificate</span><span class="o">[]</span><span class="w"> </span><span class="nf">getAcceptedIssuers</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="k">new</span><span class="w"> </span><span class="n">X509Certificate</span><span class="o">[</span><span class="mi">0</span><span class="o">]</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kd">static</span><span class="w"> </span><span class="kd">class</span> <span class="nc">NullHostNameVerifier</span><span class="w"> </span><span class="kd">implements</span><span class="w"> </span><span class="n">HostnameVerifier</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="kt">boolean</span><span class="w"> </span><span class="nf">verify</span><span class="p">(</span><span class="n">String</span><span class="w"> </span><span class="n">arg0</span><span class="p">,</span><span class="w"> </span><span class="n">SSLSession</span><span class="w"> </span><span class="n">arg1</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="kc">true</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></td></tr></table></div>
</div>
<p id="css_01_0012__p1450422262"><strong id="css_01_0012__b474044421520">SecuredHttpClientConfigCallback class</strong></p>
<div class="codecoloring" codetype="Java" id="css_01_0012__screen6117430133014"><div class="highlight"><table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><span class="normal"> 1</span>
<span class="normal"> 2</span>
<span class="normal"> 3</span>
<span class="normal"> 4</span>
<span class="normal"> 5</span>
<span class="normal"> 6</span>
<span class="normal"> 7</span>
<span class="normal"> 8</span>
<span class="normal"> 9</span>
<span class="normal">10</span>
<span class="normal">11</span>
<span class="normal">12</span>
<span class="normal">13</span>
<span class="normal">14</span>
<span class="normal">15</span>
<span class="normal">16</span>
<span class="normal">17</span>
<span class="normal">18</span>
<span class="normal">19</span>
<span class="normal">20</span>
<span class="normal">21</span>
<span class="normal">22</span>
<span class="normal">23</span>
<span class="normal">24</span>
<span class="normal">25</span>
<span class="normal">26</span>
<span class="normal">27</span>
<span class="normal">28</span>
<span class="normal">29</span>
<span class="normal">30</span>
<span class="normal">31</span>
<span class="normal">32</span>
<span class="normal">33</span>
<span class="normal">34</span>
<span class="normal">35</span>
<span class="normal">36</span>
<span class="normal">37</span>
<span class="normal">38</span>
<span class="normal">39</span>
<span class="normal">40</span>
<span class="normal">41</span>
<span class="normal">42</span>
<span class="normal">43</span>
<span class="normal">44</span>
<span class="normal">45</span>
<span class="normal">46</span>
<span class="normal">47</span>
<span class="normal">48</span>
<span class="normal">49</span>
<span class="normal">50</span>
<span class="normal">51</span>
<span class="normal">52</span>
<span class="normal">53</span>
<span class="normal">54</span>
<span class="normal">55</span>
<span class="normal">56</span>
<span class="normal">57</span>
<span class="normal">58</span>
<span class="normal">59</span></pre></div></td><td class="code"><div><pre><span></span><span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.client.CredentialsProvider</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.impl.nio.client.HttpAsyncClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.apache.http.nio.conn.ssl.SSLIOSessionStrategy</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.client.RestClientBuilder</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">org.elasticsearch.common.Nullable</span><span class="p">;</span>
<span class="kn">import</span><span class="w"> </span><span class="nn">java.util.Objects</span><span class="p">;</span>
<span class="kd">class</span> <span class="nc">SecuredHttpClientConfigCallback</span><span class="w"> </span><span class="kd">implements</span><span class="w"> </span><span class="n">RestClientBuilder</span><span class="p">.</span><span class="na">HttpClientConfigCallback</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="nd">@Nullable</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">;</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * The {@link SSLIOSessionStrategy} for all requests to enable SSL / TLS encryption.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="kd">private</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sslStrategy</span><span class="p">;</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Create a new {@link SecuredHttpClientConfigCallback}.</span>
<span class="cm"> *</span>
<span class="cm"> * @param credentialsProvider The credential provider, if a username/password have been supplied</span>
<span class="cm"> * @param sslStrategy The SSL strategy, if SSL / TLS have been supplied</span>
<span class="cm"> * @throws NullPointerException if {@code sslStrategy} is {@code null}</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="n">SecuredHttpClientConfigCallback</span><span class="p">(</span><span class="kd">final</span><span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="n">sslStrategy</span><span class="p">,</span>
<span class="w"> </span><span class="nd">@Nullable</span><span class="w"> </span><span class="kd">final</span><span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="na">sslStrategy</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">Objects</span><span class="p">.</span><span class="na">requireNonNull</span><span class="p">(</span><span class="n">sslStrategy</span><span class="p">);</span>
<span class="w"> </span><span class="k">this</span><span class="p">.</span><span class="na">credentialsProvider</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Get the {@link CredentialsProvider} that will be added to the HTTP client.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Can be {@code null}.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="nd">@Nullable</span>
<span class="w"> </span><span class="n">CredentialsProvider</span><span class="w"> </span><span class="nf">getCredentialsProvider</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">credentialsProvider</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Get the {@link SSLIOSessionStrategy} that will be added to the HTTP client.</span>
<span class="cm"> *</span>
<span class="cm"> * @return Never {@code null}.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="n">SSLIOSessionStrategy</span><span class="w"> </span><span class="nf">getSSLStrategy</span><span class="p">()</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">sslStrategy</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="cm">/**</span>
<span class="cm"> * Sets the {@linkplain HttpAsyncClientBuilder#setDefaultCredentialsProvider(CredentialsProvider) credential provider},</span>
<span class="cm"> *</span>
<span class="cm"> * @param httpClientBuilder The client to configure.</span>
<span class="cm"> * @return Always {@code httpClientBuilder}.</span>
<span class="cm"> */</span>
<span class="w"> </span><span class="nd">@Override</span>
<span class="w"> </span><span class="kd">public</span><span class="w"> </span><span class="n">HttpAsyncClientBuilder</span><span class="w"> </span><span class="nf">customizeHttpClient</span><span class="p">(</span><span class="kd">final</span><span class="w"> </span><span class="n">HttpAsyncClientBuilder</span><span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="c1">// enable SSL / TLS</span>
<span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">.</span><span class="na">setSSLStrategy</span><span class="p">(</span><span class="n">sslStrategy</span><span class="p">);</span>
<span class="w"> </span><span class="c1">// enable user authentication</span>
<span class="w"> </span><span class="k">if</span><span class="w"> </span><span class="p">(</span><span class="n">credentialsProvider</span><span class="w"> </span><span class="o">!=</span><span class="w"> </span><span class="kc">null</span><span class="p">)</span><span class="w"> </span><span class="p">{</span>
<span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">.</span><span class="na">setDefaultCredentialsProvider</span><span class="p">(</span><span class="n">credentialsProvider</span><span class="p">);</span>
<span class="w"> </span><span class="p">}</span>
<span class="w"> </span><span class="k">return</span><span class="w"> </span><span class="n">httpClientBuilder</span><span class="p">;</span>
<span class="w"> </span><span class="p">}</span>
<span class="p">}</span>
</pre></div></td></tr></table></div>
</div>
<div class="p" id="css_01_0012__p249020415292"><strong id="css_01_0012__b117366464155">pom.xml file</strong><pre class="screen" id="css_01_0012__screen28137202501">&lt;?xml version="1.0" encoding="UTF-8"?&gt;
&lt;project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"&gt;
&lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt;
&lt;groupId&gt;1&lt;/groupId&gt;
&lt;artifactId&gt;ESClient&lt;/artifactId&gt;
&lt;version&gt;1.0-SNAPSHOT&lt;/version&gt;
&lt;name&gt;ESClient&lt;/name&gt;
&lt;!-- FIXME change it to the project's website --&gt;
&lt;url&gt;http://www.example.com&lt;/url&gt;
&lt;properties&gt;
&lt;project.build.sourceEncoding&gt;UTF-8&lt;/project.build.sourceEncoding&gt;
&lt;maven.compiler.source&gt;1.7&lt;/maven.compiler.source&gt;
&lt;maven.compiler.target&gt;1.7&lt;/maven.compiler.target&gt;
&lt;/properties&gt;
&lt;dependencies&gt;
&lt;dependency&gt;
&lt;groupId&gt;junit&lt;/groupId&gt;
&lt;artifactId&gt;junit&lt;/artifactId&gt;
&lt;version&gt;4.11&lt;/version&gt;
&lt;scope&gt;test&lt;/scope&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.elasticsearch.client&lt;/groupId&gt;
&lt;artifactId&gt;transport&lt;/artifactId&gt;
&lt;version&gt;6.5.4&lt;/version&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.elasticsearch&lt;/groupId&gt;
&lt;artifactId&gt;elasticsearch&lt;/artifactId&gt;
&lt;version&gt;6.5.4&lt;/version&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.elasticsearch.client&lt;/groupId&gt;
&lt;artifactId&gt;elasticsearch-rest-high-level-client&lt;/artifactId&gt;
&lt;version&gt;6.5.4&lt;/version&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.apache.logging.log4j&lt;/groupId&gt;
&lt;artifactId&gt;log4j-api&lt;/artifactId&gt;
&lt;version&gt;2.7&lt;/version&gt;
&lt;/dependency&gt;
&lt;dependency&gt;
&lt;groupId&gt;org.apache.logging.log4j&lt;/groupId&gt;
&lt;artifactId&gt;log4j-core&lt;/artifactId&gt;
&lt;version&gt;2.7&lt;/version&gt;
&lt;/dependency&gt;
&lt;/dependencies&gt;
&lt;build&gt;
&lt;pluginManagement&gt;&lt;!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --&gt;
&lt;plugins&gt;
&lt;!-- clean lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#clean_Lifecycle --&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-clean-plugin&lt;/artifactId&gt;
&lt;version&gt;3.1.0&lt;/version&gt;
&lt;/plugin&gt;
&lt;!-- default lifecycle, jar packaging: see https://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging --&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-resources-plugin&lt;/artifactId&gt;
&lt;version&gt;3.0.2&lt;/version&gt;
&lt;/plugin&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-compiler-plugin&lt;/artifactId&gt;
&lt;version&gt;3.8.0&lt;/version&gt;
&lt;/plugin&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-surefire-plugin&lt;/artifactId&gt;
&lt;version&gt;2.22.1&lt;/version&gt;
&lt;/plugin&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-jar-plugin&lt;/artifactId&gt;
&lt;version&gt;3.0.2&lt;/version&gt;
&lt;/plugin&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-install-plugin&lt;/artifactId&gt;
&lt;version&gt;2.5.2&lt;/version&gt;
&lt;/plugin&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-deploy-plugin&lt;/artifactId&gt;
&lt;version&gt;2.8.2&lt;/version&gt;
&lt;/plugin&gt;
&lt;!-- site lifecycle, see https://maven.apache.org/ref/current/maven-core/lifecycles.html#site_Lifecycle --&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-site-plugin&lt;/artifactId&gt;
&lt;version&gt;3.7.1&lt;/version&gt;
&lt;/plugin&gt;
&lt;plugin&gt;
&lt;artifactId&gt;maven-project-info-reports-plugin&lt;/artifactId&gt;
&lt;version&gt;3.0.0&lt;/version&gt;
&lt;/plugin&gt;
&lt;/plugins&gt;
&lt;/pluginManagement&gt;
&lt;/build&gt;
&lt;/project&gt;</pre>
</div>
</li></ul>
<p id="css_01_0012__p1340716284917"></p>
</li></ul>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="css_01_0008.html">Creating and Accessing a Cluster</a></div>
</div>
</div>
View Git Blame Copy Permalink