ElasticSearch is a very usefull FullText Search Engine, it can be easily installed and managed. However there is no security level and restiriction on the standart package. I add a security layer which control username, password and IP adress when try to access ElasticSearch.
First of all, you can read my first ElasticSearch article https://amungen.wordpress.com/2014/02/19/elasticsearch-icin-basit-bir-java-programi/ in turkish language.
ElasticSearch do not have any security properties in the standart package. There are two approach to provide security on elasticsearch. One of them is using container like jetty or docker and use their security layer. Other of them is change elasticsearch properties and add security layer on elastic. In this article, we focus on second approach. Contributers prepare more than one security packed as a plugin for elasticsearch. One of them, and probably most popular of them is Asquera/elasticsearch-http-basic. This plugin basically manage ip restrictions, add authorization and logging. I explain how add this basic security layer on elasticsearch with 3 step.
Step 1) Download Jar
Download Jar from “https://github.com/Asquera/elasticsearch-http-basic/releases”. When I write this article, the up-to-date version is “Elasticsearch 1.2.0”. and download this jar to “elasticsearch/plugins/http-basic” folder. Probably you must create directories as plugins/http-basic in elasticsearch folder.
Step 2) Edit Configuration
Open the elasticsearch/config/elasticsearch.yml and add these settings on bottom of page:
http.basic.enabled: true
http.basic.log: true
http.basic.user: “ahmet”
http.basic.password: “ahmet”
http.basic.whitelist: [“localhost”,”127.0.0.1″]
You can change this settings or remove some of them such as whitelist and/or log. Do not forget to write first line which enable autorization.
Elasticsearch must be restarted to apply this new settings.
Step 3) Edit Java Program
String authString = “ahmet:ahmet”;
byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
String authStringEnc = new String(authEncBytes);
con.setRequestProperty(“Authorization”,”Basic “+authStringEnc);
Add these sentences to HttpURLConnection con. For detailed information about Java -ElasticSearch Connection please look at my first elasticsearch article in this link.
PS: If you use dpkg to install elastic, you should create folders on /usr/share/$NAME/plugins and /usr/share/$NAME/bin/plugins
References
1) Asquera/elasticsearch-http-basic – https://github.com/Asquera/elasticsearch-http-basic/releases
2)http://www.avajava.com/tutorials/lessons/how-do-i-connect-to-a-url-using-basic-authentication.html
3)http://brudtkuhl.com/securing-elasticsearch/
Hocam şimdi benim anlamadıgım nokta bu ElasticSearch ne kadar elastik yani security pack i istedigimiz gibi esnetebiliyor muyuz?
ElasticSearch’in security extention’unu contributer’ler plugin olarak yazmış. Sende kendi plugin’ini yazıp istediğin gibi yönetebilirsin.