ElasticSearch is a very usefull FullText Search Engine, it can be easily installed and managed. However there is no security level and restiriction on the standart package. I add a security layer which control username, password and IP adress when try to access ElasticSearch.

First of all, you can read my first ElasticSearch article https://amungen.wordpress.com/2014/02/19/elasticsearch-icin-basit-bir-java-programi/   in turkish language.

ElasticSearch do not have any security properties in the standart package. There are two approach to provide security on elasticsearch. One of them is using container like jetty or docker and use their security layer. Other of them is change elasticsearch properties and add security layer on elastic.  In this article, we focus on second approach. Contributers prepare more than one security packed  as a plugin for elasticsearch. One of them, and probably most popular of them is Asquera/elasticsearch-http-basic. This plugin basically manage ip restrictions, add authorization and logging. I explain how add this basic security layer on elasticsearch with 3 step.

Step 1) Download Jar

Download Jar from “https://github.com/Asquera/elasticsearch-http-basic/releases”. When I write this article, the up-to-date version is “Elasticsearch 1.2.0”. and download this jar to “elasticsearch/plugins/http-basic” folder. Probably you must create directories as plugins/http-basic in elasticsearch folder.

Step 2) Edit Configuration

Open the elasticsearch/config/elasticsearch.yml and add these settings on bottom of page:

http.basic.enabled: true
http.basic.log: true
http.basic.user: “ahmet”
http.basic.password: “ahmet”
http.basic.whitelist: [“localhost”,”127.0.0.1″]

You can change this settings or remove some of them such as whitelist and/or log. Do not forget to write first line which enable autorization.

Elasticsearch must be restarted  to apply this new settings.

Step 3) Edit Java Program

String authString = “ahmet:ahmet”;
byte[] authEncBytes = Base64.encodeBase64(authString.getBytes());
String authStringEnc = new String(authEncBytes);
con.setRequestProperty(“Authorization”,”Basic “+authStringEnc);

Add these sentences to HttpURLConnection con. For detailed information about Java -ElasticSearch Connection please look at my first elasticsearch article in this link.

PS: If you use dpkg to install elastic, you should create folders on /usr/share/$NAME/plugins and /usr/share/$NAME/bin/plugins

References

1) Asquera/elasticsearch-http-basic – https://github.com/Asquera/elasticsearch-http-basic/releases

2)http://www.avajava.com/tutorials/lessons/how-do-i-connect-to-a-url-using-basic-authentication.html

3)http://brudtkuhl.com/securing-elasticsearch/

 

This article is available in Turkish on this link
Bu Makalenin Türkçesine şuradan ulaşabilirsiniz.

Reklamlar