You can configure application-managed or container-managed security for MongoDB
connections in Liberty.
About this task
You can secure MongoDB applications by using application-managed security or container-managed
security. For both types of security, the MongoDB server must be running with authentication that is
explicitly enabled to secure MongoDB connections.
Procedure
- Configure application-managed security for MongoDB.
If the mongo configuration element does not specify user and password
attributes, the product assumes that an application is either using application-managed security or
is not using security. To enable application-managed security, the application must authenticate by
using the MongoDB APIs, for example:
<mongo id="mongo1" libraryRef="MongoLib" />
<mongoDB jndiName="mongo/testdb" mongoRef="mongo1" databaseName="db-test-1"/>
{ ...
// Java snippet
@Resource(name = "mongo/testdb")
protected DB db;
private void auth() {
if (!db.isAuthenticated())
db.authenticate("user", "password".toCharArray());
}
- Configure container-managed security for MongoDB.
To use container-managed security, the mongo configuration element must specify a user and password. Only one
user is allowed for each mongo configuration. All
MongoDB instances use the specified user and password. For example,
all MongoDB instances that reference mongo1 in the
following example use mongoUserName and pw:
<mongo id="mongo1" libraryRef="MongoLib" user="mongoUserName" password="pw"/>
<mongoDB jndiName="mongo/testdb" mongoRef="mongo1" databaseName="db-test-1"/>
<mongoDB jndiName="mongo/testdb2" mongoRef="mongo1" databaseName="db-test-2"/>
Applications that use container-managed security must not call com.mongodb.DB.authenticate(user, pass).
What to do next
Ensure that the MongoDB server is running, and then test
the MongoDB security from your application.