Added security instructions to Java clients
Signed-off-by: keithhc2 <keithhc2@users.noreply.github.com>
This commit is contained in:
parent
f2dea3736c
commit
0ab79cbdb6
|
@ -6,9 +6,6 @@ nav_order: 60
|
||||||
|
|
||||||
# Java high-level REST client
|
# Java high-level REST client
|
||||||
|
|
||||||
Although the OpenSearch Java high-level REST client is still usable, we recommend that you use the [OpenSearch Java client]({{site.url}}{{site.baseurl}}/clients/java/), which replaces the existing Java high-level REST client.
|
|
||||||
{: .note}
|
|
||||||
|
|
||||||
The OpenSearch Java high-level REST client lets you interact with your OpenSearch clusters and indices through Java methods and data structures rather than HTTP methods and JSON.
|
The OpenSearch Java high-level REST client lets you interact with your OpenSearch clusters and indices through Java methods and data structures rather than HTTP methods and JSON.
|
||||||
|
|
||||||
## Setup
|
## Setup
|
||||||
|
@ -25,7 +22,33 @@ To start using the OpenSearch Java high-level REST client, ensure that you have
|
||||||
|
|
||||||
You can now start your OpenSearch cluster. The OpenSearch 1.x high-level REST client works with the 1.x versions of OpenSearch.
|
You can now start your OpenSearch cluster. The OpenSearch 1.x high-level REST client works with the 1.x versions of OpenSearch.
|
||||||
|
|
||||||
The following example uses credentials that come with the default OpenSearch configuration. If you’re using the high-level REST client with your own OpenSearch cluster, be sure to change the code to use your own credentials.
|
## Security
|
||||||
|
|
||||||
|
This code example uses basic credentials that come with the default OpenSearch configuration. If you’re using the OpenSearch Java high-level REST client with your own OpenSearch cluster, be sure to change the code to use your own credentials.
|
||||||
|
{: .note}
|
||||||
|
|
||||||
|
Before you can securely connect to an OpenSearch cluster, you need to first add your root certificates to a truststore:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
keytool -import <path-to-cert> -alias <alias-to-call-cert> -keystore <truststore-name>
|
||||||
|
```
|
||||||
|
|
||||||
|
You can now point your Java client to the truststore and set basic authentication credentials that can access a secure cluster.
|
||||||
|
|
||||||
|
```java
|
||||||
|
//Point to keystore with appropriate certificates for security.
|
||||||
|
System.setProperty("javax.net.ssl.trustStore", "/full/path/to/keystore");
|
||||||
|
System.setProperty("javax.net.ssl.trustStorePassword", "password-to-keystore");
|
||||||
|
|
||||||
|
//Establish credentials to use basic authentication.
|
||||||
|
//Only for demo purposes. Don't specify your credentials in code.
|
||||||
|
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
|
||||||
|
credentialsProvider.setCredentials(AuthScope.ANY,
|
||||||
|
new UsernamePasswordCredentials("admin", "admin"));
|
||||||
|
```
|
||||||
|
|
||||||
|
If you run into issues when configuring security, see [common issues]({{site.url}}{{site.baseurl}}/troubleshoot/index) and [troubleshoot TLS]({{site.url}}{{site.baseurl}}/troubleshoot/tls).
|
||||||
|
|
||||||
|
|
||||||
## Sample code
|
## Sample code
|
||||||
|
|
||||||
|
@ -64,7 +87,7 @@ public class RESTClientSample {
|
||||||
System.setProperty("javax.net.ssl.trustStorePassword", "password-to-keystore");
|
System.setProperty("javax.net.ssl.trustStorePassword", "password-to-keystore");
|
||||||
|
|
||||||
//Establish credentials to use basic authentication.
|
//Establish credentials to use basic authentication.
|
||||||
//Only for demo purposes. Do not specify your credentials in code.
|
//Only for demo purposes. Don't specify your credentials in code.
|
||||||
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
|
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
|
||||||
|
|
||||||
credentialsProvider.setCredentials(AuthScope.ANY,
|
credentialsProvider.setCredentials(AuthScope.ANY,
|
||||||
|
|
149
_clients/java.md
149
_clients/java.md
|
@ -6,11 +6,14 @@ nav_order: 65
|
||||||
|
|
||||||
# Java client
|
# Java client
|
||||||
|
|
||||||
|
The OpenSearch Java client is currently in its beta phase, so we recommend that you use the [OpenSearch Java high-level REST client]({{site.url}}{{site.baseurl}}/clients/java-rest-high-level).
|
||||||
|
{: .note}
|
||||||
|
|
||||||
The OpenSearch Java client allows you to interact with your OpenSearch clusters through Java methods and data structures rather than HTTP methods and raw JSON.
|
The OpenSearch Java client allows you to interact with your OpenSearch clusters through Java methods and data structures rather than HTTP methods and raw JSON.
|
||||||
|
|
||||||
For example, you can submit requests to your cluster using objects to create indices, add data to documents, or complete some other operation using the client's built-in methods.
|
For example, you can submit requests to your cluster using objects to create indices, add data to documents, or complete some other operation using the client's built-in methods.
|
||||||
|
|
||||||
## Setup
|
## Install the client
|
||||||
|
|
||||||
To start using the OpenSearch Java client, ensure that you have the following dependencies in your project's `pom.xml` file:
|
To start using the OpenSearch Java client, ensure that you have the following dependencies in your project's `pom.xml` file:
|
||||||
|
|
||||||
|
@ -38,9 +41,32 @@ dependencies {
|
||||||
|
|
||||||
You can now start your OpenSearch cluster.
|
You can now start your OpenSearch cluster.
|
||||||
|
|
||||||
The following example uses credentials that come with the default OpenSearch configuration. If you're using the OpenSearch Java client with your own OpenSearch cluster, be sure to change the code to use your own credentials.
|
## Security
|
||||||
|
|
||||||
## Sample code
|
This code example uses basic credentials that come with the default OpenSearch configuration. If you’re using the OpenSearch Java client with your own OpenSearch cluster, be sure to change the code to use your own credentials.
|
||||||
|
{: .note}
|
||||||
|
|
||||||
|
Before you can securely connect to an OpenSearch cluster, you need to first add your root certificates to a truststore:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
keytool -import <path-to-cert> -alias <alias-to-call-cert> -keystore <truststore-name>
|
||||||
|
```
|
||||||
|
|
||||||
|
You can now point your Java client to the truststore and set basic authentication credentials that can access a secure cluster.
|
||||||
|
|
||||||
|
```java
|
||||||
|
System.setProperty("javax.net.ssl.trustStore", "/full/path/to/keystore");
|
||||||
|
System.setProperty("javax.net.ssl.trustStorePassword", "password-to-keystore");
|
||||||
|
|
||||||
|
//Only for demo purposes. Don't specify your credentials in code.
|
||||||
|
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
|
||||||
|
credentialsProvider.setCredentials(AuthScope.ANY,
|
||||||
|
new UsernamePasswordCredentials("admin", "admin"));
|
||||||
|
```
|
||||||
|
|
||||||
|
If you run into issues when configuring security, see [common issues]({{site.url}}{{site.baseurl}}/troubleshoot/index) and [troubleshoot TLS]({{site.url}}{{site.baseurl}}/troubleshoot/tls).
|
||||||
|
|
||||||
|
## Sample data
|
||||||
|
|
||||||
This section uses a class called `IndexData`, which is a simple Java class that stores basic data and methods. For your own OpenSearch cluster, you might find that you need a more robust class to store your data.
|
This section uses a class called `IndexData`, which is a simple Java class that stores basic data and methods. For your own OpenSearch cluster, you might find that you need a more robust class to store your data.
|
||||||
|
|
||||||
|
@ -79,7 +105,122 @@ static class IndexData {
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
### OpenSearch client example
|
## Initialize the client with SSL and TLS enabled
|
||||||
|
|
||||||
|
The following sample code initializes a client with SSL and TLS enabled:
|
||||||
|
|
||||||
|
```java
|
||||||
|
import org.apache.http.HttpHost;
|
||||||
|
import org.apache.http.auth.AuthScope;
|
||||||
|
import org.apache.http.auth.UsernamePasswordCredentials;
|
||||||
|
import org.apache.http.client.CredentialsProvider;
|
||||||
|
import org.apache.http.impl.client.BasicCredentialsProvider;
|
||||||
|
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
|
||||||
|
import org.opensearch.client.RestClient;
|
||||||
|
import org.opensearch.client.RestClientBuilder;
|
||||||
|
import org.opensearch.clients.base.RestClientTransport;
|
||||||
|
import org.opensearch.clients.base.Transport;
|
||||||
|
import org.opensearch.clients.json.jackson.JacksonJsonpMapper;
|
||||||
|
import org.opensearch.clients.opensearch.OpenSearchClient;
|
||||||
|
import org.opensearch.clients.opensearch._global.IndexRequest;
|
||||||
|
import org.opensearch.clients.opensearch._global.IndexResponse;
|
||||||
|
import org.opensearch.clients.opensearch._global.SearchResponse;
|
||||||
|
import org.opensearch.clients.opensearch.indices.*;
|
||||||
|
import org.opensearch.clients.opensearch.indices.put_settings.IndexSettingsBody;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
public class OpenSearchClientExample {
|
||||||
|
public static void main(String[] args) {
|
||||||
|
try{
|
||||||
|
System.setProperty("javax.net.ssl.trustStore", "/full/path/to/keystore");
|
||||||
|
System.setProperty("javax.net.ssl.trustStorePassword", "password-to-keystore");
|
||||||
|
|
||||||
|
//Only for demo purposes. Don't specify your credentials in code.
|
||||||
|
final CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
|
||||||
|
credentialsProvider.setCredentials(AuthScope.ANY,
|
||||||
|
new UsernamePasswordCredentials("admin", "admin"));
|
||||||
|
|
||||||
|
//Initialize the client with SSL and TLS enabled
|
||||||
|
RestClient restClient = RestClient.builder(new HttpHost("localhost", 9200, "https")).
|
||||||
|
setHttpClientConfigCallback(new RestClientBuilder.HttpClientConfigCallback() {
|
||||||
|
@Override
|
||||||
|
public HttpAsyncClientBuilder customizeHttpClient(HttpAsyncClientBuilder httpClientBuilder) {
|
||||||
|
return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
|
||||||
|
}
|
||||||
|
}).build();
|
||||||
|
Transport transport = new RestClientTransport(restClient, new JacksonJsonpMapper());
|
||||||
|
OpenSearchClient client = new OpenSearchClient(transport);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## OpenSearch client examples
|
||||||
|
|
||||||
|
This section has sample code that shows you how to create an index with non-default settings, add a document to the index, search for the document, delete the document, and finally delete the index.
|
||||||
|
|
||||||
|
### Create an index with non-default settings
|
||||||
|
|
||||||
|
```java
|
||||||
|
String index = "sample-index";
|
||||||
|
CreateRequest createIndexRequest = new CreateRequest.Builder().index(index).build();
|
||||||
|
client.indices().create(createIndexRequest);
|
||||||
|
|
||||||
|
IndexSettings indexSettings = new IndexSettings.Builder().autoExpandReplicas("0-all").build();
|
||||||
|
IndexSettingsBody settingsBody = new IndexSettingsBody.Builder().settings(indexSettings).build();
|
||||||
|
PutSettingsRequest putSettingsRequest = new PutSettingsRequest.Builder().index(index).value(settingsBody).build();
|
||||||
|
client.indices().putSettings(putSettingsRequest);
|
||||||
|
```
|
||||||
|
|
||||||
|
### Index data
|
||||||
|
|
||||||
|
```java
|
||||||
|
IndexData indexData = new IndexData("first_name", "Bruce");
|
||||||
|
IndexRequest<IndexData> indexRequest = new IndexRequest.Builder<IndexData>().index(index).id("1").value(indexData).build();
|
||||||
|
client.index(indexRequest);
|
||||||
|
```
|
||||||
|
|
||||||
|
### Search for the document
|
||||||
|
|
||||||
|
```java
|
||||||
|
SearchResponse<IndexData> searchResponse = client.search(s -> s.index(index), IndexData.class);
|
||||||
|
for (int i = 0; i< searchResponse.hits().hits().size(); i++) {
|
||||||
|
System.out.println(searchResponse.hits().hits().get(i).source());
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
### Delete the document
|
||||||
|
|
||||||
|
The following sample code deletes a document whose ID is 1.
|
||||||
|
|
||||||
|
```java
|
||||||
|
client.delete(b -> b.index(index).id("1"));
|
||||||
|
```
|
||||||
|
|
||||||
|
### Delete the index
|
||||||
|
|
||||||
|
```java
|
||||||
|
DeleteRequest deleteRequest = new DeleteRequest.Builder().index(index).build();
|
||||||
|
DeleteResponse deleteResponse = client.indices().delete(deleteRequest);
|
||||||
|
|
||||||
|
restClient.close();
|
||||||
|
} catch (IOException e){
|
||||||
|
System.out.println(e.toString());
|
||||||
|
} finally {
|
||||||
|
try {
|
||||||
|
if (client != null) {
|
||||||
|
client.close();
|
||||||
|
}
|
||||||
|
} catch (IOException e) {
|
||||||
|
System.out.println(e.toString());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Complete code sample
|
||||||
|
|
||||||
```java
|
```java
|
||||||
import org.apache.http.HttpHost;
|
import org.apache.http.HttpHost;
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
layout: default
|
layout: default
|
||||||
title: Audit log field reference
|
title: Audit log field reference
|
||||||
parent: Audit Logs
|
parent: Audit logs
|
||||||
nav_order: 1
|
nav_order: 1
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
layout: default
|
layout: default
|
||||||
title: Audit log storage types
|
title: Audit log storage types
|
||||||
parent: Audit Logs
|
parent: Audit logs
|
||||||
nav_order: 10
|
nav_order: 10
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue