Uploaded image for project: 'Java Driver'
  1. Java Driver
  2. JAVA-3836

Support a Kerberos ticket cache

    • Type: Icon: New Feature New Feature
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.2.0
    • Affects Version/s: None
    • Component/s: Authentication, Performance
    • None

      Summary

      Cache Kerberos tickets so that they can be re-used for multiple authentication requests. This cache will take two forms:

      • By default, the cache will be per-MongoClient, such that all authentication requests for a single MongoClient will share a ticket cache
      • With additional configuration, the cache can span MongoClient instances, so that multiple MongoClient instances will share a single ticket cache

      User-Facing Syntax

      For per-MongoClient ticket caching, no additional configuration is required.

      For per-process ticket caching using the default login context:

      MongoCredential.createGSSAPICredential(<user name>)
                         .withMechanismProperty(JAVA_SUBJECT_PROVIDER,
                                       new KerberosSubjectProvider())
      

      Note that the KerberosSubjectProvider class will be provided by the driver.  If the KerberosSubjectProvider instance is shared with only a single MongoClient, this is effectively the same as the new default ticket caching behavior.  Using the same instance with multiple MongoClients allows caching that spans the entire process. 

      For ticket caching using a different login context, simply pass the login context name to the KerberosSubjectProvider constructor:

      MongoCredential.createGSSAPICredential(<user name>)
                         .withMechanismProperty(JAVA_SUBJECT_PROVIDER,
                                        new KerberosSubjectProvider("MyContext"))
      

            Assignee:
            jeff.yemin@mongodb.com Jeffrey Yemin
            Reporter:
            esha.bhargava@mongodb.com Esha Bhargava
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: