Authenticate Elasticsearch from spring boot

AshishUser · April 2, 2020, 10:32am

I have setup open distro version 1.4, ES version 7.4 with LDAP authentication and authorization and it is working perfectly fine.
Kibana/logstash able to connect to my elasticsearch using ldap service account (which has assigned permissions).

I also have one spring boot app which i need to connect to my elasticsearch, I am using High level rest client for this and following this link
https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/_encrypted_communication.html

I want to implement authentication from my spring boot app using LDAP user.

This is my code from connection.

final CredentialsProvider provider = new BasicCredentialsProvider();

        provider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(ldapSecurityPrincipal, ldapPrincipalPassword));
        Path caCertificatePath = Paths.get("/path/truststore.p12");
        KeyStore truststore = KeyStore.getInstance("pkcs12");
        try (InputStream is = Files.newInputStream(caCertificatePath)) {
            truststore.load(is, "password".toCharArray());
        }
        SSLContextBuilder sslContextBuilder = SSLContexts.custom()
                .loadTrustMaterial(truststore, null);
        final SSLContext sslContext = sslContextBuilder.build();
        return new RestHighLevelClient(RestClient.builder(
            new HttpHost(config.getHostname(), config.getPort(), config.getSchemeName())).setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
            @Override
            public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpAsyncClientBuilder) {
                httpAsyncClientBuilder.setDefaultCredentialsProvider(provider);
                httpAsyncClientBuilder.setSSLContext(sslContext);
                return httpAsyncClientBuilder;
            }
        }));

Looks like ssl handshake is happening with my elastic node but it is not authenticating my LDAP user.

org.elasticsearch.ElasticsearchStatusException: Unable to parse response body
at > org.elasticsearch.client.RestHighLevelClient.parseResponseException(RestHighLevelClient.java:2030) ~[elasticsearch-rest-high-level-client]

Caused by: org.elasticsearch.client.ResponseException: method [POST], host [https://hostname:9200], URI [/api/myendpoint*/_search?typed_keys=true&ignore_unavailable=false&expand_wildcards=open&allow_no_indices=true&search_type=query_then_fetch&batched_reduce_size=512], status line [HTTP/1.1 401 Unauthorized]
Can someone please help here?
Thanks

dadoonet · April 2, 2020, 1:00pm

We don't support here this project. I think they have a dedicated forum for this.

But the URL looks weird here:

/api/myendpoint

Are you running behind a proxy?

system · April 30, 2020, 1:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.