概要描述

使用须知：

1. 本实验针对TDH6.2.1以上版本，只有6.2.1以上的版本才可以开启search组件安全
2. 此方式是连接的Search的9300端口

以下开发环境以IDEA + Windows10 + jdk1.8 + Maven3.6.1为例
请安装好以上开发工具

详细说明

准备TDH6.2.1的sdk

请下载星环提供的对应版本的SDK，并解压(联系星环技术支持获取)

配置IDEA Maven仓库

【File->Settings->Build,Execution,Deployment->Build Tools->Maven】

将Local repository的地址更改为SDK解压的位置，然后选择Apply -> OK

pom.xml文件参考如下

注意：在配置maven的过程中，可能会有jar包不存在的问题，比如dnw和netty-all等包，这些包用不到，可以去除掉

demo参考如下

package io.transwarp;
import com.alibaba.fastjson.JSON;
import io.transwarp.plugin.doorkeeper.client.DoorKeeperClientPlugin;
import org.apache.hadoop.conf.Configuration;
import org.apache.hadoop.fs.CommonConfigurationKeys;
import org.apache.hadoop.security.UserGroupInformation;
import transwarp.org.elasticsearch.action.index.IndexResponse;
import transwarp.org.elasticsearch.client.Client;
import transwarp.org.elasticsearch.client.transport.TransportClient;
import transwarp.org.elasticsearch.common.settings.Settings;
import transwarp.org.elasticsearch.common.transport.InetSocketTransportAddress;
import transwarp.org.elasticsearch.common.xcontent.XContentType;
import transwarp.org.elasticsearch.plugins.Plugin;
import transwarp.org.elasticsearch.transport.client.PreBuiltTransportClient;
import javax.security.auth.login.LoginException;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
public class estest {
    private static String principal = "admin/@TDH";
    private static String keytabPath = "D:\\work\\idea_home\\SecuritySearch\\admin.keytab";
    private static String indexName = "my_store";
    private static String type = "products";
    public static void main(String[] args) throws IOException, LoginException {
        initSecurityContext(principal,keytabPath);
        Client client = buildTransportClient();
        Map data = new HashMap();
        //data.put("id", "5");
        data.put("price", "200");
        data.put("productID", "MMMM-M-3333-#### ");
        IndexResponse indexResponse = client.prepareIndex(indexName, type, null).setSource(JSON.toJSONString(data), XContentType.JSON).get();
        System.out.println(indexResponse.toString());
    }
    /**
     * 客户端初始化
     * @param principal
     * @param keytabPath
     * @throws IOException
     */
    private static void initSecurityContext(String principal, String keytabPath)
            throws IOException {
        System.setProperty("java.security.krb5.conf", "D:\\work\\idea_home\\SecuritySearch\\krb5.conf");
        Configuration cnf = new Configuration();
        cnf.set(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION, "kerberos");
        UserGroupInformation.setConfiguration(cnf);
        UserGroupInformation.loginUserFromKeytab(principal, keytabPath);
    }
    /**
     * 构建TransportClient
     * @return
     */
    private static Client buildTransportClient() {
        Settings settings = Settings.builder()
                .put("cluster.name", "cluster")
                .put("security.enable", true)
                .put("transport.type", "security-netty3")
                .build();
        TransportClient client = new PreBuiltTransportClient(settings, Collections.>singletonList(DoorKeeperClientPlugin.class));
        String[] hosts = {"172.22.33.1", "172.22.33.2", "172.22.33.3"};
        for (String host : hosts) {
            client.addTransportAddress(new InetSocketTransportAddress(new
                    InetSocketAddress(host, 9300)));
        }
        return client;
    }
}

注意：

1. 替换demo中的keytab文件为实际路径
2. 替换demo中的krb5文件为实际路径
3. 配置实际的host信息

替换完毕之后，可以看到search中已经插入了数据：