[JAVA-2162] DefaultServerMonitor loses security context on creating directly new thread Created: 01/Apr/16 Updated: 01/Apr/16 Resolved: 01/Apr/16 |
|
| Status: | Closed |
| Project: | Java Driver |
| Component/s: | Authentication |
| Affects Version/s: | 3.0.0 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Dzmitry Stsiapanau | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||||||
| Issue Links: |
|
||||||||
| Description |
|
When using Kerberos authentication and credentials are stored in Subject. So the only workaround is to set javax.security.auth.useSubjectCredsOnly=false and use system ticket (But this is not working in case of using different clusters with different principals at the same time). The simplest fix is just wrap ServerMonitorRunnable() with AccessController.doPrivileged(). |
| Comments |
| Comment by Jeffrey Yemin [ 01/Apr/16 ] |
|
We don't have a release date fixed yet, but please watch for announcements in the mongodb-announce Google group. I expect the release some time in May. |
| Comment by Dzmitry Stsiapanau [ 01/Apr/16 ] |
|
Yes, thank you. |
| Comment by Ross Lawley [ 01/Apr/16 ] |
|
Thanks for the ticket. Quick question before I investigate further, do the forthcoming changes in Currently, 3.3.0 has not been released but a snapshot is available from Sontatype: https://oss.sonatype.org/content/repositories/snapshots/org/mongodb/mongo-java-driver/3.3.0-SNAPSHOT/ Regards, Ross |