Hacking MongoDB java driver to enforce authentication for every connection

Post date: Jul 23, 2014 1:53:55 PM

For v2.7.3

A strange design decision for mongoDB driver: cannot authenticate more than once! WTF!

if ( _username != null )

    throw new IllegalStateException( "can't call authenticate twice on the same DBObject" );

This is fixed by never letting  _username changes

String hash = _hash( username , passwd );

CommandResult res = _doauth( username , hash.getBytes() );

if ( !res.ok())

    return false;

//_username = username;

_authhash = hash.getBytes();

return true;

For v2.12

Credentials are set in authenticate() of DBTCPConnector.java, hence just comment out one line as follows.

CommandResult result = port.authenticate(_mongo, credentials);

//_mongo.getAuthority().getCredentialsStore().add(credentials);

return result;

The trace history is:

DBTCPConnector.java: authenticate()

DBApiLayer.java: doAuthenticate()

DB.java: authenticateCommandHelper()