https://github.com/mongodb/mongosql-auth-java

A MySQL authentication plugin for Java that implements the client-side of MongoDB authentication mechanisms supported by mongosqld
https://github.com/mongodb/mongosql-auth-java

Last synced: 3 months ago
JSON representation

A MySQL authentication plugin for Java that implements the client-side of MongoDB authentication mechanisms supported by mongosqld

• Host: GitHub
• URL: https://github.com/mongodb/mongosql-auth-java
• Owner: mongodb
• License: apache-2.0
• Created: 2017-05-01T15:32:43.000Z (about 8 years ago)
• Default Branch: master
• Last Pushed: 2023-04-10T12:48:06.000Z (about 2 years ago)
• Last Synced: 2025-01-29T09:43:38.804Z (4 months ago)
• Language: Java
• Homepage: https://www.mongodb.com/products/bi-connector
• Size: 94.7 KB
• Stars: 8
• Watchers: 15
• Forks: 10
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# mongosql-java-auth

A MySQL authentication plugin that implements the client-side of MongoDB-supported authentication mechanisms, including

* SCRAM-SHA-1

* SCRAM-SHA-256

* PLAIN

* GSSAPI (Kerberos)

## Usage

Include this library in the classpath.  The Maven coordinates are:

    

        org.mongodb

        mongosql-auth

        1.2.0

    

Next, add a reference to the authentication plugin via the MySQL connection string:

    jdbc:mysql://127.0.0.1:3307?useSSL=false&authenticationPlugins=org.mongodb.mongosql.auth.plugin.MongoSqlAuthenticationPlugin

Optionally, specify the authentication mechanism via a query parameter on the user name.  The default mechanism is SCRAM-SHA-1.  

For example:

    username?mechanism=PLAIN   

Optionally, specify the authentication source via a query parameter on the user name.  The default source is "admin" for 

SCRAM-SHA-1 and MONGODB-CR, and "$external" for PLAIN and GSSAPI. For example:

    username?source=somedb

Optionally, if using GSSAPI, specify the service name via a query parameter on the user name.  The default service name is "mongosql". For example:

    username?mechanism=GSSAPI&serviceName=myservicename

## Notes

* The SCRAM-SHA-1 and SCRAM-SHA-256 mechanisms hash the passwords in the client plugin, so it can be used on an unencrypted connection without exposing the password (however, subsequent communication over that channel will be unencrypted).

* The PLAIN mechanism sends the password in cleartext, so should only be used on an encrypted connection.

* The GSSAPI mechanism sends the end-user's credentials to the mongosqld - allowing mongosqld to reuse those credentials to access MongoDB.