JAVA通过用户验证访问Elasticsearch

为了保证安全，Elasticsearch中启用用户权限验证。本文将对服务端的配置、客户端访问的配置进行一些个人总结。
环境：CentOS 7.0
软件版本：elasticsearch 7.3.1

1. 服务端配置
   进入安装目录下config，编辑elasticsearch.yml文件，在最后添加如下配置：

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

重启elasticserch生效。

2. 客户端访问配置
   （1） 通过RestHighLevelClient访问

public RestHighLevelClient restHighLevelClient() {
        RestHighLevelClient client;
        try {
            RestClientBuilder builder = RestClient.builder(getHttpHosts());
            // 配置connect超时时间、socket超时时间
            RestClientBuilder.RequestConfigCallback requestConfigCallback = new RestClientBuilder.RequestConfigCallback() {
                @Override
                public RequestConfig.Builder customizeRequestConfig(RequestConfig.Builder builder) {
                    return builder.setConnectTimeout(10 * 60 * 1000).setSocketTimeout(10 * 60 * 1000);
                }
            };
            builder.setRequestConfigCallback(requestConfigCallback);
            
            // 配置用户、密码验证
            CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("用户名", "密码"));
            builder.setHttpClientConfigCallback(f -> f.setDefaultCredentialsProvider(credentialsProvider));

            client = new RestHighLevelClient(builder);

            ClusterHealthRequest request = new ClusterHealthRequest();
            ClusterHealthResponse clusterHealthResponse = client.cluster().health(request, RequestOptions.DEFAULT);
            logger.info("连接ES集群成功！集群状态：{}", clusterHealthResponse.getStatus().name());
            return client;
        } catch (Exception e) {
            logger.error("连接ES集群失败！", e);
            return null;
        }
    }

（2）使用http访问
访问url模板：http://用户名:密码@IP:PORT/_cat/health，示例如下：

public static String get(String url, String encoding) {
		String url = String.format("http://%s:%s@%s:%s/_cat/health", "用户名","密码","IP","PORT");
        CloseableHttpClient httpClient = HttpClients.createDefault();
        CloseableHttpResponse response;
        HttpGet httpGet;
        HttpEntity httpEntity;
        String re = null;
        try {
            httpGet = new HttpGet(url);
            response = httpClient.execute(httpGet);
            httpEntity = response.getEntity();
            if (httpEntity != null) {
                re = EntityUtils.toString(httpEntity, encoding);
            }
        } catch (Exception e) {
            logger.error(e.getMessage(), e);
        } finally {
            try {
                httpClient.close();
            } catch (IOException e) {
                logger.error(e.getMessage(), e);
            }
        }
        return re;
    }