Hacking MongoDB java driver to enforce authentication for every connection
Post date: Jul 23, 2014 1:53:55 PM
For v2.7.3
A strange design decision for mongoDB driver: cannot authenticate more than once! WTF!
if ( _username != null )
throw new IllegalStateException( "can't call authenticate twice on the same DBObject" );
This is fixed by never letting _username changes
String hash = _hash( username , passwd );
CommandResult res = _doauth( username , hash.getBytes() );
if ( !res.ok())
return false;
//_username = username;
_authhash = hash.getBytes();
return true;
For v2.12
Credentials are set in authenticate() of DBTCPConnector.java, hence just comment out one line as follows.
CommandResult result = port.authenticate(_mongo, credentials);
//_mongo.getAuthority().getCredentialsStore().add(credentials);
return result;
The trace history is:
DBTCPConnector.java: authenticate()
DBApiLayer.java: doAuthenticate()
DB.java: authenticateCommandHelper()