You can configure application-managed or container-managed
security for MongoDB connections in the Liberty profile.
About this task
You can secure MongoDB applications by using application-managed
security or container-managed security. For both types of security,
the MongoDB server must be running with authentication explicitly
enabled to secure MongoDB connections.
Procedure
- Configure application-managed security for MongoDB.
If the mongo configuration element does
not specify user and password attributes, the product assumes that
an application is either using application-managed security or is
not using security. To enable application-managed security, the application
must authenticate using the MongoDB APIs; for example:
<mongo id="mongo1" libraryRef="MongoLib" />
<mongoDB jndiName="mongo/testdb" mongoRef="mongo1" databaseName="db-test-1"/>
{ ...
// Java snippet
@Resource(name = "mongo/testdb")
protected DB db;
private void auth() {
if (!db.isAuthenticated())
db.authenticate("user", "password".toCharArray());
}
- Configure container-managed security for MongoDB.
To use container-managed security, the mongo configuration
element must specify a user and password. Only one user is allowed
for each mongo configuration. All MongoDB instances
use the specified user and password. For example, all MongoDB instances
that reference mongo1 in the following example use mongoUserName and pw:
<mongo id="mongo1" libraryRef="MongoLib" user="mongoUserName" password="pw"/>
<mongoDB jndiName="mongo/testdb" mongoRef="mongo1" databaseName="db-test-1"/>
<mongoDB jndiName="mongo/testdb2" mongoRef="mongo1" databaseName="db-test-2"/>
Applications
that use container-managed security must not call com.mongodb.DB.authenticate(user,
pass).
What to do next
Ensure that the MongoDB server is running, and then test
the MongoDB security from your application.