java 访问es_search-gurad权限整合es6.3.1后，java client访问无法连接问题解决

es:6.3.1

kibana:6.3.1

首先需要在java中引入search-guard的6.3.1的包，包括ssl的包

com.floragunn

search-guard-ssl

6.3.1-25.4

com.floragunn

search-guard-6

6.3.1-23.0

provided

2.将之前权限需要的jks文件，和秘钥要加入到项目中来，在elasticsearch.yaml中配置ssl相关的信息

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.transport.resolve_hostname: false

searchguard.authcz.admin_dn:

- CN=sgadmin,OU=client,O=client,L=Test, C=DE

searchguard.nodes_dn:

- 'CN=node-*.example.com,OU=SSL,O=Test,L=Test,C=DE'

在ElasticSearchConnection类中中代码中需要如下指定：

Settings settings = Settings.builder()

.put("client.transport.ignore_cluster_name", true)

.put("path.home", ".")

//                .put("path.conf", "E:\\gitlab\\DpGodFarm\\DpGodFarm2\\DpGodFarm\\src\\main\\resources")

.put("cluster.name", "testes-cluster")

.put("searchguard.ssl.transport.enabled", true)

.put("searchguard.ssl.transport.keystore_filepath", "sgadmin-keystore.jks")

.put("searchguard.ssl.transport.truststore_filepath", "truststore.jks")

.put("searchguard.ssl.http.keystore_password", "changeit")

.put("searchguard.ssl.http.truststore_password", "changeit")

.put("searchguard.ssl.transport.keystore_password", "changeit")

.put("searchguard.ssl.transport.truststore_password", "changeit")

.put("searchguard.ssl.transport.enforce_hostname_verification", false)

.build();

try {

(一定要加入SearchGuardPlugin.class，否则启动一直报错找不到searchguard.ssl.transport.keystore_filepath)

TransportClient transportClient = new PreBuiltTransportClient(settings,SearchGuardPlugin.class);

我觉得是要设置用户的，万一开发的不小心把库删了怎么办

.put("request.headers.sg_impersonate_as", "kibana5")