-
Type: Bug
-
Resolution: Done
-
Priority: Major - P3
-
Affects Version/s: 2.12.0
-
Component/s: Authentication
-
Environment:Server: MongoDB 2.6.0
Scenario: Run the server with auth enabled and some user created for a "foo" db. Create a MongoClient with a list of MongoCredentials (including the valid credentials for the user on "foo" db).
Expected behavior: All connections to that db are authenticated using the credentials (as claimed by the MongoClient constructor javadoc).
Actual behavior: While authentication is indeed done behind the scenes for most calls (like a find()), this is not true for all calls. For example, when doing the following right after creating the MongoClient, the driver does not make any authorization attempt and the client experiences an exception that the user is not authenticated to the db:
mongoClient.getDB("foo").getCollection("bar").createIndex(new BasicDBObject("baz", 1));
This looks like a bug to me - or is it intentional? The workaround would be to authenticate using one of the deprecated driver or to run some other command immediately after creating the client. Both are not nice.
Looking into the code, this happens because (for example, for createIndex()) there is a path down to DBPort.call() that hasn't visited DBPort.checkAuth() before.