目录

es设置用户名密码认证

elasticsearch.yml 中添加配置

重启elasticsearch服务

设置elasticsearch密码

访问验证

kibana设置用户名密码认证

kibana.yml添加验证信息

启动kibana

访问验证

JAVA REST Client设置身份认证

HTTP Client设置身份认证

es设置用户名密码认证

elasticsearch.yml 中添加配置

# 配置X-Packhttp.cors.enabled: truehttp.cors.allow-origin: "*"http.cors.allow-headers: Authorizationxpack.security.enabled: truexpack.security.transport.ssl.enabled: true

重启elasticsearch服务

systemctl restart elasticsearch

设置elasticsearch密码

/opt/elk/elasticsearch/bin/elasticsearch-setup-passwords interactive

依次设置elastic，apm_system，kibana，kibana_system，logstash_system，beats_system，remote_monitoring_user 这些用户的密码。需要使用kibana的话，建议kibana用户密码与elastic用户密码不一致。

访问验证

浏览器访问http://127.0.0.1:9200出现认证弹框输入elastic和对应的密码。

kibana设置用户名密码认证

kibana.yml添加验证信息

elasticsearch.username: "kibana"elasticsearch.password: "password"

打开这两行注释，在password中输入为kibana设置的密码。

启动kibana

/opt/elk/kibana-7.2.0-linux-x86_64/bin$ ./kibana

访问验证

浏览器访问http://127.0.0.1:5601出现认证弹框输入elastic和对应的密码。

JAVA REST Client设置身份认证

通过RestHighLevelClient发送的es请求验证方式：

final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(ElasticsearchConstants.ELASTIC_USER_NAME, ElasticsearchConstants.ELASTIC_PASSWORD));RestHighLevelClient client = new RestHighLevelClient( RestClient.builder(new HttpHost(ElasticsearchConstants.ELASTIC_SEARCH_HOST, ElasticsearchConstants.ELASTIC_SEARCH_PORT, "http")) .setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() { @Override public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) { return httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialsProvider); } }));

HTTP Client设置身份认证

通过http直接发送的es请求认证方式：

CloseableHttpClient httpClient = HttpClients.createDefault();HttpPut httpPut = new HttpPut(url);RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(35000).setConnectionRequestTimeout(35000).setSocketTimeout(60000).build();httpPut.setConfig(requestConfig);httpPut.setHeader("Content-type", "application/json");httpPut.setHeader("Accept", "application/json");httpPut.setHeader("DataEncoding", "UTF-8");// 加es身份认证HttpHost targetHost = new HttpHost(ElasticsearchConstants.ELASTIC_SEARCH_HOST, ElasticsearchConstants.ELASTIC_SEARCH_PORT, "http");CredentialsProvider credentialsProvider = new BasicCredentialsProvider();credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(ElasticsearchConstants.ELASTIC_USER_NAME, ElasticsearchConstants.ELASTIC_PASSWORD));// Create AuthCache instanceAuthCache authCache = new BasicAuthCache();// Generate BASIC scheme object and add it to the local auth cacheBasicScheme basicAuth = new BasicScheme();authCache.put(targetHost, basicAuth);// Add AuthCache to the execution contextHttpClientContext context = HttpClientContext.create();context.setCredentialsProvider(credentialsProvider);context.setAuthCache(authCache);CloseableHttpResponse httpResponse = httpClient.execute(httpPut, context);