[JAVA-1461] Support authentication mechanism negotiation Created: 19/Sep/14  Updated: 27/May/22  Resolved: 29/Sep/14

Status: Closed
Project: Java Driver
Component/s: Authentication
Affects Version/s: None
Fix Version/s: 2.13.0, 3.0.0

Type: New Feature Priority: Major - P3
Reporter: Jeffrey Yemin Assignee: Jeffrey Yemin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-7596 Support SCRAM-SHA-1 SASL Mechanism Closed
is depended on by DRIVERS-166 Implement the SCRAM-SHA-1 SASL Mechanism Closed
Server Compat: 2.7

 Description   

To support authentication upgrades from older versions of MongoDB to 2.8 the driver will use the following algorithm:

  • If the application specifies a particular authMechanism (e.g. MONGODB-CR) the driver will continue to honor it.
  • If the application provides a user and password but provides no explicit authMechanism, or calls the DB.authenticate method, the following applies:
    • If connecting to a server whose version is >= 2.8, the driver will use SCRAM-SHA-1 (i.e. the driver's default mechanism is SCRAM-SHA-1)
    • Otherwise the driver will use MONGODB-CR (i.e. the driver's default mechanism remains MONGODB-CR)

MongoDB 2.8 will always support SCRAM-SHA-1 if at least MONGODB-CR was specified in --authenticationMechanisms, so drivers do not have to "try and fall back". If SCRAM credentials don't yet exist for a user they will be created on-the-fly when the driver uses SCRAM-SHA-1 for mechanism.



 Comments   
Comment by Githook User [ 30/Jan/15 ]

Author:

{u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}

Message: Support authentication mechanism negotiation. If the authentication mechanism is unspecified,
the driver will use the most secure mechanism based on the server version. Currently this is
SCRAM-SHA-1 for server version >= 2.8, and MONGODB_CR for earlier server versions.

JAVA-1461
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/526da31420cee58bcc71d6f18244ca043749fede

Comment by Githook User [ 29/Sep/14 ]

Author:

{u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}

Message: Support authentication mechanism negotiation. If the authentication mechanism is unspecified,
the driver will use the most secure mechanism based on the server version. Currently this is
SCRAM-SHA-1 for server version >= 2.8, and MONGODB_CR for earlier server versions.

JAVA-1461
Branch: 3.0.x
https://github.com/mongodb/mongo-java-driver/commit/526da31420cee58bcc71d6f18244ca043749fede

Comment by Githook User [ 29/Sep/14 ]

Author:

{u'username': u'jyemin', u'name': u'Jeff Yemin', u'email': u'jeff.yemin@10gen.com'}

Message: Support authentication mechanism negotiation. If the authentication mechanism is unspecified, the driver will use the most secure mechanism based on the server version.
Currently this is SCRAM-SHA-1 for server version >= 2.8, and MONGODB_CR for earlier server versions.

JAVA-1461
Branch: master
https://github.com/mongodb/mongo-java-driver/commit/7521bd65f9dd58f1d05a171eddc4281eb84aedd5

Generated at Thu Feb 08 08:54:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.