Class MongoCredential
- Since:
- 2.11
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic interface
The OIDC Identity Provider's configuration that can be used to acquire an Access Token.static interface
This callback is invoked when the OIDC-based authenticator requests tokens from the identity provider.static interface
The context for theOIDC request callback
.static final class
The OIDC credential information. -
Field Summary
Modifier and TypeFieldDescriptionstatic final String
Mechanism property key for a list of allowed hostnames or ip-addresses for MongoDB connections.static final String
Mechanism property key for specifying a provider for an AWS credential, useful for refreshing a credential that could expire during the lifetime of theMongoClient
with which it is associated.static final String
Mechanism property key for specifying the AWS session token.static final String
Mechanism property key for specifying whether to canonicalize the host name for GSSAPI authentication.The list of allowed hosts that will be used if noALLOWED_HOSTS_KEY
value is supplied.static final String
Mechanism property key for specifying the environment for OIDC, which is the name of a built-in OIDC application environment integration to use to obtain credentials.static final String
The GSSAPI mechanism.static final String
Mechanism property key for overriding the SaslClient properties for GSSAPI authentication.static final String
Mechanism property key for overriding theSubject
under which GSSAPI authentication executes.static final String
Mechanism property key for controlling theSubject
under which GSSAPI authentication executes.static final String
The MongoDB X.509static final String
Mechanism property key for the OIDC callback.static final String
Mechanism property key for the OIDC human callback.static final String
The PLAIN mechanism.static final String
The SCRAM-SHA-1 Mechanism.static final String
The SCRAM-SHA-256 Mechanism.static final String
Mechanism property key for overriding the service name for GSSAPI authentication.static final String
Mechanism property key for specifying he URI of the target resource (sometimes called the audience), used in some OIDC environments. -
Method Summary
Modifier and TypeMethodDescriptionstatic MongoCredential
createAwsCredential
(String userName, char[] password) Creates a MongoCredential instance for the MONGODB-AWS mechanism.static MongoCredential
createCredential
(String userName, String database, char[] password) Creates a MongoCredential instance with an unspecified mechanism.static MongoCredential
createGSSAPICredential
(String userName) Creates a MongoCredential instance for the GSSAPI SASL mechanism.static MongoCredential
Creates a MongoCredential instance for the MongoDB X.509 protocol where the distinguished subject name of the client certificate acts as the userName.static MongoCredential
createMongoX509Credential
(String userName) Creates a MongoCredential instance for the MongoDB X.509 protocol.static MongoCredential
createOidcCredential
(String userName) Creates a MongoCredential instance for the MONGODB-OIDC mechanism.static MongoCredential
createPlainCredential
(String userName, String source, char[] password) Creates a MongoCredential instance for the PLAIN SASL mechanism.static MongoCredential
createScramSha1Credential
(String userName, String source, char[] password) Creates a MongoCredential instance for the SCRAM-SHA-1 SASL mechanism.static MongoCredential
createScramSha256Credential
(String userName, String source, char[] password) Creates a MongoCredential instance for the SCRAM-SHA-256 SASL mechanism.boolean
Gets the mechanismGets the mechanism<T> T
getMechanismProperty
(String key, T defaultValue) Get the value of the given key to a mechanism property, or defaultValue if there is no mapping.char[]
Gets the password.Gets the source of the user name, typically the name of the database where the user is defined.Gets the user nameint
hashCode()
toString()
withMechanism
(AuthenticationMechanism mechanism) Creates a new MongoCredential with the set mechanism.<T> MongoCredential
withMechanismProperty
(String key, T value) Creates a new MongoCredential as a copy of this instance, with the specified mechanism property added.
-
Field Details
-
GSSAPI_MECHANISM
The GSSAPI mechanism. See the RFC.- MongoDB documentation
- GSSAPI
-
PLAIN_MECHANISM
The PLAIN mechanism. See the RFC.- Since:
- 2.12
- MongoDB documentation
- PLAIN
-
MONGODB_X509_MECHANISM
The MongoDB X.509- Since:
- 2.12
- MongoDB documentation
- X-509
-
SCRAM_SHA_1_MECHANISM
The SCRAM-SHA-1 Mechanism.- Since:
- 2.13
- MongoDB documentation
- SCRAM-SHA-1
- Since server release
- 3.0
-
SCRAM_SHA_256_MECHANISM
The SCRAM-SHA-256 Mechanism.- Since:
- 3.8
- MongoDB documentation
- SCRAM-SHA-256
- Since server release
- 4.0
-
SERVICE_NAME_KEY
Mechanism property key for overriding the service name for GSSAPI authentication.- Since:
- 3.3
- See Also:
-
CANONICALIZE_HOST_NAME_KEY
Mechanism property key for specifying whether to canonicalize the host name for GSSAPI authentication.- Since:
- 3.3
- See Also:
-
JAVA_SASL_CLIENT_PROPERTIES_KEY
Mechanism property key for overriding the SaslClient properties for GSSAPI authentication.The value of this property must be a
Map<String, Object>
. In most cases there is no need to set this mechanism property. But if an application does:- Generally it must set the
Sasl.CREDENTIALS
property to an instance ofGSSCredential
. - It's recommended that it set the
Sasl.MAX_BUFFER
property to "0" to ensure compatibility with all versions of MongoDB.
- Generally it must set the
-
JAVA_SUBJECT_PROVIDER_KEY
Mechanism property key for controlling theSubject
under which GSSAPI authentication executes.See the
SubjectProvider
documentation for a description of how this mechanism property is used.This property is ignored if the
JAVA_SUBJECT_KEY
property is set. -
JAVA_SUBJECT_KEY
Mechanism property key for overriding theSubject
under which GSSAPI authentication executes.- Since:
- 3.3
- See Also:
-
AWS_SESSION_TOKEN_KEY
Mechanism property key for specifying the AWS session token. The type of the value must beString
.- Since:
- 4.4
- See Also:
-
AWS_CREDENTIAL_PROVIDER_KEY
Mechanism property key for specifying a provider for an AWS credential, useful for refreshing a credential that could expire during the lifetime of theMongoClient
with which it is associated. The type of the value must be ajava.util.function.Supplier<com.mongodb.AwsCredential>
If this key is added to an AWS MongoCredential, the userName (i.e. accessKeyId), password (i.e. secretAccessKey), and
AWS_SESSION_TOKEN_KEY
value must all be null.- Since:
- 4.4
- See Also:
-
ENVIRONMENT_KEY
Mechanism property key for specifying the environment for OIDC, which is the name of a built-in OIDC application environment integration to use to obtain credentials. The value must be either "gcp" or "azure". This is an alternative to supplying a callback.The "gcp" and "azure" environments require
TOKEN_RESOURCE_KEY
to be specified.If this is provided,
OIDC_CALLBACK_KEY
andOIDC_HUMAN_CALLBACK_KEY
must not be provided.- Since:
- 5.1
- See Also:
-
OIDC_CALLBACK_KEY
Mechanism property key for the OIDC callback. This callback is invoked when the OIDC-based authenticator requests a token. The type of the value must beMongoCredential.OidcCallback
.MongoCredential.IdpInfo
will not be supplied to the callback, and a refresh token must not be returned by the callback.If this is provided,
ENVIRONMENT_KEY
andOIDC_HUMAN_CALLBACK_KEY
must not be provided.- Since:
- 5.1
- See Also:
-
OIDC_HUMAN_CALLBACK_KEY
Mechanism property key for the OIDC human callback. This callback is invoked when the OIDC-based authenticator requests a token from the identity provider (IDP) using the IDP information from the MongoDB server. The type of the value must beMongoCredential.OidcCallback
.If this is provided,
ENVIRONMENT_KEY
andOIDC_CALLBACK_KEY
must not be provided.- Since:
- 5.1
- See Also:
-
ALLOWED_HOSTS_KEY
Mechanism property key for a list of allowed hostnames or ip-addresses for MongoDB connections. Ports must be excluded. The hostnames may include a leading "*." wildcard, which allows for matching (potentially nested) subdomains. When MONGODB-OIDC authentication is attempted against a hostname that does not match any of list of allowed hosts the driver will raise an error. The type of the value must beList<String>
.- Since:
- 5.1
- See Also:
-
DEFAULT_ALLOWED_HOSTS
The list of allowed hosts that will be used if noALLOWED_HOSTS_KEY
value is supplied. The default allowed hosts are:"*.mongodb.net", "*.mongodb-qa.net", "*.mongodb-dev.net", "*.mongodbgov.net", "localhost", "127.0.0.1", "::1"
- Since:
- 5.1
- See Also:
-
TOKEN_RESOURCE_KEY
Mechanism property key for specifying he URI of the target resource (sometimes called the audience), used in some OIDC environments.A TOKEN_RESOURCE with a comma character must be given as a `MongoClient` configuration and not as part of the connection string. The TOKEN_RESOURCE value can contain a colon character.
- Since:
- 5.1
- See Also:
-
-
Method Details
-
createCredential
Creates a MongoCredential instance with an unspecified mechanism. The client will negotiate the best mechanism based on the version of the server that the client is authenticating to.If the server version is 4.0 or higher, the driver will negotiate with the server preferring the SCRAM-SHA-256 mechanism. 3.x servers will authenticate using SCRAM-SHA-1, older servers will authenticate using the MONGODB_CR mechanism.
- Parameters:
userName
- the user namedatabase
- the database where the user is definedpassword
- the user's password- Returns:
- the credential
- Since:
- 2.13
- MongoDB documentation
- SCRAM-SHA-256
- SCRAM-SHA-1
- MONGODB-CR
-
createScramSha1Credential
public static MongoCredential createScramSha1Credential(String userName, String source, char[] password) Creates a MongoCredential instance for the SCRAM-SHA-1 SASL mechanism. Use this method only if you want to ensure that the driver uses the SCRAM-SHA-1 mechanism regardless of whether the server you are connecting to supports the authentication mechanism. Otherwise use thecreateCredential(String, String, char[])
method to allow the driver to negotiate the best mechanism based on the server version.- Parameters:
userName
- the non-null user namesource
- the source where the user is defined.password
- the non-null user password- Returns:
- the credential
- Since:
- 2.13
- See Also:
- MongoDB documentation
- SCRAM-SHA-1
- Since server release
- 3.0
-
createScramSha256Credential
public static MongoCredential createScramSha256Credential(String userName, String source, char[] password) Creates a MongoCredential instance for the SCRAM-SHA-256 SASL mechanism.- Parameters:
userName
- the non-null user namesource
- the source where the user is defined.password
- the non-null user password- Returns:
- the credential
- Since:
- 3.8
- See Also:
- MongoDB documentation
- SCRAM-SHA-256
- Since server release
- 4.0
-
createMongoX509Credential
Creates a MongoCredential instance for the MongoDB X.509 protocol.- Parameters:
userName
- the user name- Returns:
- the credential
- Since:
- 2.12
- MongoDB documentation
- X-509
-
createMongoX509Credential
Creates a MongoCredential instance for the MongoDB X.509 protocol where the distinguished subject name of the client certificate acts as the userName.Available on MongoDB server versions >= 3.4.
-
createPlainCredential
public static MongoCredential createPlainCredential(String userName, String source, char[] password) Creates a MongoCredential instance for the PLAIN SASL mechanism.- Parameters:
userName
- the non-null user namesource
- the source where the user is defined. This can be either"$external"
or the name of a database.password
- the non-null user password- Returns:
- the credential
- Since:
- 2.12
- MongoDB documentation
- PLAIN
-
createGSSAPICredential
Creates a MongoCredential instance for the GSSAPI SASL mechanism.To override the default service name of
"mongodb"
, add a mechanism property with the name"SERVICE_NAME"
.To force canonicalization of the host name prior to authentication, add a mechanism property with the name
"CANONICALIZE_HOST_NAME"
with the valuetrue
.To override the
Subject
with which the authentication executes, add a mechanism property with the name"JAVA_SUBJECT"
with the value of aSubject
instance.To override the properties of the
SaslClient
with which the authentication executes, add a mechanism property with the name"JAVA_SASL_CLIENT_PROPERTIES"
with the value of aMap<String, Object>
instance containing the necessary properties. This can be useful if the application is customizing the defaultSaslClientFactory
.- Parameters:
userName
- the non-null user name- Returns:
- the credential
- See Also:
-
createAwsCredential
public static MongoCredential createAwsCredential(@Nullable String userName, @Nullable char[] password) Creates a MongoCredential instance for the MONGODB-AWS mechanism.- Parameters:
userName
- the user name, which may be null. This maps to the AWS accessKeyIdpassword
- the user password, which may be null if the userName is also null. This maps to the AWS secretAccessKey.- Returns:
- the credential
- Since:
- 4.1
- See Also:
- Since server release
- 4.4
-
createOidcCredential
Creates a MongoCredential instance for the MONGODB-OIDC mechanism.- Parameters:
userName
- the user name, which may be null. This is the OIDC principal name.- Returns:
- the credential
- Since:
- 5.1
- See Also:
- Since server release
- 7.0
-
withMechanismProperty
Creates a new MongoCredential as a copy of this instance, with the specified mechanism property added.- Type Parameters:
T
- the property type- Parameters:
key
- the key to the property, which is treated as case-insensitivevalue
- the value of the property- Returns:
- the credential
- Since:
- 2.12
-
withMechanism
Creates a new MongoCredential with the set mechanism. The existing mechanism must be null.- Parameters:
mechanism
- the mechanism to set- Returns:
- the credential
- Since:
- 3.8
-
getMechanism
Gets the mechanism- Returns:
- the mechanism.
-
getAuthenticationMechanism
Gets the mechanism- Returns:
- the mechanism.
- Since:
- 3.0
-
getUserName
Gets the user name- Returns:
- the user name.
-
getSource
Gets the source of the user name, typically the name of the database where the user is defined.- Returns:
- the source of the user name. Can never be null.
-
getPassword
Gets the password.- Returns:
- the password. Can be null for some mechanisms.
-
getMechanismProperty
Get the value of the given key to a mechanism property, or defaultValue if there is no mapping.- Type Parameters:
T
- the value type- Parameters:
key
- the mechanism property key, which is treated as case-insensitivedefaultValue
- the default value, if no mapping exists- Returns:
- the mechanism property value
- Since:
- 2.12
-
equals
-
hashCode
public int hashCode() -
toString
-