[JAVA-2162] DefaultServerMonitor loses security context on creating directly new thread Created: 01/Apr/16  Updated: 01/Apr/16  Resolved: 01/Apr/16

Status: Closed
Project: Java Driver
Component/s: Authentication
Affects Version/s: 3.0.0
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Dzmitry Stsiapanau Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: Text File fastest_fix.txt     Text File stacktrace.txt    
Issue Links:
Related
related to JAVA-2163 MongoClient user should have ability ... Closed

 Description   

When using Kerberos authentication and credentials are stored in Subject.
Monitor thread is not able to authenticate as while creating
Thread monitorThread = new Thread( monitor, "cluster-" + serverId.getClusterId() + "-" + serverId.getAddress() );
Old AccessControlContext (which contains Kerberos credentials) is not inherited.

So the only workaround is to set javax.security.auth.useSubjectCredsOnly=false and use system ticket (But this is not working in case of using different clusters with different principals at the same time).

The simplest fix is just wrap ServerMonitorRunnable() with AccessController.doPrivileged().



 Comments   
Comment by Jeffrey Yemin [ 01/Apr/16 ]

We don't have a release date fixed yet, but please watch for announcements in the mongodb-announce Google group. I expect the release some time in May.

Comment by Dzmitry Stsiapanau [ 01/Apr/16 ]

Yes, thank you.
JAVA-2106 fix suits and works for our situation.
When 3.3.0 GA will be available.

Comment by Ross Lawley [ 01/Apr/16 ]

Hi stepanovdg@gmail.com,

Thanks for the ticket. Quick question before I investigate further, do the forthcoming changes in JAVA-2106 fix this issue for you? It seems to cover the same issue, albeit with a different proposed solution.

Currently, 3.3.0 has not been released but a snapshot is available from Sontatype: https://oss.sonatype.org/content/repositories/snapshots/org/mongodb/mongo-java-driver/3.3.0-SNAPSHOT/

Regards,

Ross

Generated at Thu Feb 08 08:56:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.