SpringBoot集成Elasticsearch,SSL证书认证

1.Pom文件配置<properties><elasticsearch.version>6.3.1</elasticsearch.version></properties><dependency><groupId>org.springframework.boot</groupId>&l

A®磊

3762人浏览 · 2021-02-07 15:53:34

A®磊 · 2021-02-07 15:53:34 发布

1.Pom文件配置

        <properties>
		    <elasticsearch.version>6.3.1</elasticsearch.version>
	    </properties>

		<!--ES-->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-data-elasticsearch</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.data</groupId>
			<artifactId>spring-data-elasticsearch</artifactId>
			<version>3.1.8.RELEASE</version>
		</dependency>

		<dependency>
			<groupId>org.elasticsearch</groupId>
			<artifactId>elasticsearch</artifactId>
			<version>${elasticsearch.version}</version>
		</dependency>
		<dependency>
			<groupId>org.elasticsearch.client</groupId>
			<artifactId>transport</artifactId>
			<version>${elasticsearch.version}</version>
		</dependency>
		<dependency>
			<groupId>com.floragunn</groupId>
			<artifactId>search-guard-ssl</artifactId>
			<version>6.3.1-25.3</version>
		</dependency>

2.properties配置

#ElasticSearch
elasticsearch.cluster-name=es-dev
elasticsearch.cluster-nodes=ip1:port1,ip2:port1,ip3:port1
elasticsearch.key-store=classpath:certs-di/sgadmin-keystore.jks
elasticsearch.trust-store=classpath:certs-di/truststore.jks
elasticsearch.key-store-password=
elasticsearch.trust-store-password=

spring.elasticsearch.rest.uris=http://ip1:port,http://ip2:port,http://ip3:port
spring.elasticsearch.rest.username=
spring.elasticsearch.rest.password=

3.config配置

读取properties文件，加载到ElasticsearchTemplate


import com.floragunn.searchguard.ssl.SearchGuardSSLPlugin;
import com.floragunn.searchguard.ssl.util.SSLConfigConstants;
import lombok.extern.slf4j.Slf4j;
import lombok.val;
import org.apache.commons.io.IOUtils;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.transport.client.PreBuiltTransportClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.data.elasticsearch.core.ElasticsearchTemplate;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;

/**
 * @program: app
 * @description:
 * @author: xiaol001
 * @create: 2021-02-05 15:58
 **/
@Slf4j
@Configuration
@EnableConfigurationProperties(ElasticsearchProperties.class)
public class ElasticSearchConfiguration {

    @Autowired
    ElasticsearchProperties properties;

    @Bean
    public ElasticsearchTemplate elasticsearchTemplate() throws IOException {
        return new ElasticsearchTemplate(initTranSportClient());
    }

    @Bean
    public TransportClient initTranSportClient() throws IOException {
        val settings = settings();

        log.info("准备初始化elasticsearch客户端, 配置:{}", settings);

        val client = new PreBuiltTransportClient(settings, SearchGuardSSLPlugin.class);

        for (String node : properties.getClusterNodes()) {
            String[] splits = node.split(":");
            val ip = InetAddress.getByName(splits[0]);
            val port = Integer.parseInt(splits[1]);
            client.addTransportAddress(new TransportAddress(ip, port));
            log.info("添加elasticsearch客户端节点:"+node);
        }

        log.info("elasticsearch客户端初始化成功");
        return client;
    }

    private Settings settings() throws IOException {
        String keystore,truststore;
        if (isInsideJar(properties.getKeyStore())) {
            keystore = createTempFile("keystore.jks", properties.getKeyStore().getInputStream());
        } else {
            keystore = properties.getKeyStore().getFile().getPath();
        }

        if (isInsideJar(properties.getTrustStore())) {
            truststore = createTempFile("truststore.jks", properties.getTrustStore().getInputStream());
        } else {
            truststore = properties.getTrustStore().getFile().getPath();
        }

        return Settings.builder()
                .put("path.home", ".")
                .put("cluster.name", properties.getClusterName())
                .put(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED, false)
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_FILEPATH, keystore)
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_FILEPATH, truststore)
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_PASSWORD, properties.getKeyStorePassword())
                .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_TRUSTSTORE_PASSWORD, properties.getTrustStorePassword())
                .put("searchguard.ssl.transport.enforce_hostname_verification", false)
                .build();
    }

    private static boolean isInsideJar(Resource resource) throws IOException {
        return resource.getURL().getPath().contains("jar!");
    }

    private static String createTempFile(String fileName, InputStream is) {
        String tmpDir = System.getProperty("java.io.tmpdir");
        String tempFilePath = tmpDir + File.separator + fileName;
        try (val os = new FileOutputStream(tempFilePath)) {
            IOUtils.copy(is, os);
        } catch (IOException e) {
            log.error("拷贝jks证书文件到临时目录({})异常：{}", tmpDir, e.getMessage());
            return null;
        }
        return tempFilePath;
    }


import lombok.Data;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.core.io.Resource;

import java.util.List;

/**
 * @program: app
 * @description:
 * @author: xiaol001
 * @create: 2021-02-05 16:24
 **/
@Data
@ConfigurationProperties(prefix = "elasticsearch")
public class ElasticsearchProperties {
    private List<String> clusterNodes;
    private String clusterName;
    private Resource keyStore;
    private Resource trustStore;
    private String keyStorePassword;
    private String trustStorePassword;
}

4.配置SpringData ES

import com.cmft.firmheadline.entity.ArticleEsEntity;
import org.springframework.data.elasticsearch.repository.ElasticsearchRepository;

public interface ChArticleESRepository extends ElasticsearchRepository<ArticleEsEntity, String> {
}

5.配置SpringData Entity


import com.fasterxml.jackson.annotation.JsonFormat;
import com.fasterxml.jackson.annotation.JsonProperty;
import lombok.Data;
import lombok.experimental.Accessors;
import org.springframework.data.annotation.Id;
import org.springframework.data.elasticsearch.annotations.DateFormat;
import org.springframework.data.elasticsearch.annotations.Document;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;

import java.util.Date;

/**
 * @program: slas-ch-app
 * @description:
 * @author: ex-xiaol001
 * @create: 2021-02-07 11:45
 **/
@Data
@Accessors(chain = true)
@Document(indexName = "slas_ch_article",type = "slas_cmuop_article",createIndex = false)
public class ArticleEsEntity {

    @Id
    private String id;

    /**
     * 标题
     */
    @JsonProperty("title")
    private String title;

    /**
     * 正文
     */
    @JsonProperty("context")
    private String content;

    /**
     * html正文
     */
    @JsonProperty("context_html")
    private String contentHtml;

    /**
     * 发布时间
     */
    @Field(type = FieldType.Date,format = DateFormat.date_optional_time)
    @JsonFormat(shape = JsonFormat.Shape.STRING,pattern = "yyyy-MM-dd'T'HH:mm:ss.SSSZ",timezone = "GMT-8")
    private Date pubTime;

}