2

I'm new to Elastic search. Integrated my Spring boot application with Elastic search through Java High Level Rest Client.

I've configured JHLRC bean as below and it worked fine:

@Bean(destroyMethod = "close")
public RestHighLevelClient client() {
  RestHighLevelClient client = new RestHighLevelClient(
      RestClient.builder(new HttpHost("localhost", 9200, "http")));
  return client;
}

Started exploring the security for Elasticsearch, after setup certificate and passwords, I've enabled security by providing below properties :

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

I'm able to login in kibana by using a created username and password but getting 401 Unauthorized while hitting any Elastic search API through JHLRC.

Can someone please help me on what further changes I've to make while configuring Java High Level Rest Client to hit secure Elastic search?

Devkinandan Chauhan
  • 1,785
  • 1
  • 17
  • 42

2 Answers2

3

It worked after making below changes in JHLRC:

@Bean(destroyMethod = "close")
  public RestHighLevelClient client() {

    final BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
    basicCredentialsProvider
        .setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "password_generated_by_elastic_search"));

    RestHighLevelClient restHighLevelClient = new RestHighLevelClient(
        RestClient.builder(new HttpHost("localhost", 9200, "http"))
            .setHttpClientConfigCallback(new HttpClientConfigCallback() {
              @Override
              public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
                httpClientBuilder.disableAuthCaching();
                return httpClientBuilder.setDefaultCredentialsProvider(basicCredentialsProvider);
              }
            })

    );

    return restHighLevelClient;
  }
Devkinandan Chauhan
  • 1,785
  • 1
  • 17
  • 42
1

You need to include the Basic credentials which you are giving while accessing the kibana, below code shows you can pass the username and password in JHLRC.

First, create the encoded string from your username and password, you can use the superuser elastic which has all the access by using the below code.

private String getEncodedString(String username, String password) {
        return HEADER_PREFIX + Base64.getEncoder().encodeToString(
                (username + ":" + password)
                        .getBytes());
    }

Now in your request option, you pass the auth header which will include the base 64 encoded string which you will get from the above method.

RequestOptions.Builder builder = RequestOptions.DEFAULT.toBuilder()
                .addHeader(AUTH_HEADER_NAME, getEncodedString(basicCredentials));

Last, you just need to build the object of above requestion options builder and pass it to your client in any request like below:

GetResponse getResponse = restHighLevelClient.get(getRequest, builder.build());
Amit
  • 30,756
  • 6
  • 57
  • 88
  • It looks like we need to this in all API calls. Is there any way to configure this through the client's definition? – Devkinandan Chauhan Jun 23 '20 at 12:34
  • 1
    @DevChauhan nice follow up question, answered it here https://stackoverflow.com/questions/62547260/configure-elasticsearch-rest-high-level-client-with-basic-credential-provider – Amit Jun 24 '20 at 03:48
  • Just to put resolution in the same page, not somebody searching all comments. – Devkinandan Chauhan Jun 24 '20 at 04:31
  • I have figured out this yesterday only before seeing your answer! Don't worry! I've accepted your answer. – Devkinandan Chauhan Jun 24 '20 at 04:40
  • @DevChauhan I see make senses, thanks for marking an answer, also its not comments its a new question with a specific problem(client level security) and this answer is for request level security, if you want to add full working method then I would suggest adding it to https://stackoverflow.com/questions/62547260/configure-elasticsearch-rest-high-level-client-with-basic-credential-provider this question as it makes sense to add it there :) and thanks for understanding the concern and clearing the confusion. – Amit Jun 24 '20 at 05:12
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/216542/discussion-between-opster-elasticsearch-ninja-and-dev-chauhan). – Amit Jun 24 '20 at 05:16