内容纲要
概要描述
使用须知:
- 本实验针对TDH6.2.1以上版本,只有6.2.1以上的版本才可以开启search组件安全
- 此方式是连接的Search的9300端口
以下开发环境以IDEA + Windows10 + jdk1.8 + Maven3.6.1为例
请安装好以上开发工具
详细说明
准备TDH6.2.1的sdk
请下载星环提供的对应版本的SDK,并解压(联系星环技术支持获取)
配置IDEA Maven仓库
【File->Settings->Build,Execution,Deployment->Build Tools->Maven】
将Local repository的地址更改为SDK解压的位置,然后选择Apply -> OK
pom.xml文件参考如下
注意:在配置maven的过程中,可能会有jar包不存在的问题,比如dnw和netty-all等包,这些包用不到,可以去除掉
demo参考如下
package io.transwarp;
import com.alibaba.fastjson.JSON;
import io.transwarp.plugin.doorkeeper.client.DoorKeeperClientPlugin;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.security.UserGroupInformation;
import transwarp.org.elasticsearch.action.index.IndexResponse;
import transwarp.org.elasticsearch.client.Client;
import transwarp.org.elasticsearch.client.transport.TransportClient;
import transwarp.org.elasticsearch.common.settings.Settings;
import transwarp.org.elasticsearch.common.transport.InetSocketTransportAddress;
import transwarp.org.elasticsearch.common.xcontent.XContentType;
import transwarp.org.elasticsearch.plugins.Plugin;
import transwarp.org.elasticsearch.transport.client.PreBuiltTransportClient;
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
public class estest {
private static String principal = "admin/@TDH";
private static String keytabPath = "D:\\work\\idea_home\\SecuritySearch\\admin.keytab";
private static String indexName = "my_store";
private static String type = "products";
public static void main(String[] args) throws IOException, LoginException {
initSecurityContext(principal,keytabPath);
Client client = buildTransportClient();
Map data = new HashMap();
//data.put("id", "5");
data.put("price", "200");
data.put("productID", "MMMM-M-3333-#### ");
IndexResponse indexResponse = client.prepareIndex(indexName, type, null).setSource(JSON.toJSONString(data), XContentType.JSON).get();
System.out.println(indexResponse.toString());
}
/**
* 客户端初始化
* @param principal
* @param keytabPath
* @throws IOException
*/
private static void initSecurityContext(String principal, String keytabPath)
throws IOException {
System.setProperty("java.security.krb5.conf", "D:\\work\\idea_home\\SecuritySearch\\krb5.conf");
Configuration cnf = new Configuration();
cnf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
UserGroupInformation.setConfiguration(cnf);
UserGroupInformation.loginUserFromKeytab(principal, keytabPath);
}
/**
* 构建TransportClient
* @return
*/
private static Client buildTransportClient() {
Settings settings = Settings.builder()
.put("cluster.name", "cluster")
.put("security.enable", true)
.put("transport.type", "security-netty3")
.build();
TransportClient client = new PreBuiltTransportClient(settings, Collections.>singletonList(DoorKeeperClientPlugin.class));
String[] hosts = {"172.22.33.1", "172.22.33.2", "172.22.33.3"};
for (String host : hosts) {
client.addTransportAddress(new InetSocketTransportAddress(new
InetSocketAddress(host, 9300)));
}
return client;
}
}
注意:
- 替换demo中的keytab文件为实际路径
- 替换demo中的krb5文件为实际路径
- 配置实际的host信息
替换完毕之后,可以看到search中已经插入了数据: