原文地址: https://www.elastic.co/guide/en/elasticsearch/reference/7.7/http-clients.html, 原文档版权归 www.elastic.co 所有
IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elasticsearch Guide [7.7] » Secure a cluster » Cross cluster search, clients, and integrations » HTTP/REST clients and security
« Java Client and security ES-Hadoop and Security »

HTTP/REST clients and securityedit

The Elasticsearch security features work with standard HTTP basic authentication headers to authenticate users. Since Elasticsearch is stateless, this header must be sent with every request:

Authorization: Basic <TOKEN>

The <TOKEN> is computed as base64(USERNAME:PASSWORD)

Client examplesedit

This example uses curl without basic auth to create an index:

curl -XPUT 'localhost:9200/idx'
{
  "error":  "AuthenticationException[Missing authentication token]",
  "status": 401
}

Since no user is associated with the request above, an authentication error is returned. Now we’ll use curl with basic auth to create an index as the rdeniro user:

curl --user rdeniro:taxidriver -XPUT 'localhost:9200/idx'
{
  "acknowledged": true
}

Client libraries over HTTPedit

For more information about using security features with the language specific clients, refer to:

« Java Client and security ES-Hadoop and Security »