You can configure application-managed or container-managed
security for MongoDB connections in Liberty.
About this task
You can secure MongoDB applications by using application-managed
security or container-managed security. For both types of security,
the MongoDB server must be running with authentication explicitly
enabled to secure MongoDB connections.
Procedure
- Configure application-managed security for MongoDB.
If the mongo configuration element does
not specify user and password attributes, the product assumes that
an application is either using application-managed security or is
not using security. To enable application-managed security, the application
must authenticate using the MongoDB APIs; for example:
<mongo id="mongo1" libraryRef="MongoLib" />
<mongoDB jndiName="mongo/testdb" mongoRef="mongo1" databaseName="db-test-1"/>
{ ...
// Java snippet
@Resource(name = "mongo/testdb")
protected DB db;
private void auth() {
if (!db.isAuthenticated())
db.authenticate("user", "password".toCharArray());
}
- Configure container-managed security for MongoDB.
To use container-managed security, the mongo configuration element must specify a user and password. Only one
user is allowed for each mongo configuration. All
MongoDB instances use the specified user and password. For example,
all MongoDB instances that reference mongo1 in the
following example use mongoUserName and pw:
<mongo id="mongo1" libraryRef="MongoLib" user="mongoUserName" password="pw"/>
<mongoDB jndiName="mongo/testdb" mongoRef="mongo1" databaseName="db-test-1"/>
<mongoDB jndiName="mongo/testdb2" mongoRef="mongo1" databaseName="db-test-2"/>
Applications that use container-managed security must not call com.mongodb.DB.authenticate(user, pass).
What to do next
Ensure that the MongoDB server is running, and then test
the MongoDB security from your application.