<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:53:58 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-1181] Authentication is not done for DBCollection.createIndex() </title>
                <link>https://jira.mongodb.org/browse/JAVA-1181</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;Scenario: Run the server with auth enabled and some user created for a &quot;foo&quot; db. Create a MongoClient with a list of MongoCredentials (including the valid credentials for the user on &quot;foo&quot; db).&lt;/p&gt;

&lt;p&gt;Expected behavior: All connections to that db are authenticated using the credentials (as claimed by the MongoClient constructor javadoc).&lt;/p&gt;

&lt;p&gt;Actual behavior: While authentication is indeed done behind the scenes for most calls (like a find()), this is not true for all calls. For example, when doing the following right after creating the MongoClient, the driver does not make any authorization attempt and the client experiences an exception that the user is not authenticated to the db:&lt;br/&gt;
mongoClient.getDB(&quot;foo&quot;).getCollection(&quot;bar&quot;).createIndex(new BasicDBObject(&quot;baz&quot;, 1));&lt;/p&gt;

&lt;p&gt;This looks like a bug to me - or is it intentional? The workaround would be to authenticate using one of the deprecated driver or to run some other command immediately after creating the client. Both are not nice.&lt;/p&gt;

&lt;p&gt;Looking into the code, this happens because (for example, for createIndex()) there is a path down to DBPort.call() that hasn&apos;t visited DBPort.checkAuth() before.&lt;/p&gt;</description>
                <environment>Server: MongoDB 2.6.0</environment>
        <key id="133321">JAVA-1181</key>
            <summary>Authentication is not done for DBCollection.createIndex() </summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="jeff.yemin@mongodb.com">Jeffrey Yemin</assignee>
                                    <reporter username="patrick.peschlow@codecentric.de">Patrick Peschlow</reporter>
                        <labels>
                            <label>regression</label>
                    </labels>
                <created>Fri, 25 Apr 2014 13:39:47 +0000</created>
                <updated>Fri, 1 Apr 2016 21:16:54 +0000</updated>
                            <resolved>Mon, 28 Apr 2014 13:26:09 +0000</resolved>
                                    <version>2.12.0</version>
                                    <fixVersion>2.12.1</fixVersion>
                                    <component>Authentication</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="678681" author="xgen-internal-githook" created="Fri, 1 Aug 2014 14:36:31 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;jyemin&apos;, u&apos;name&apos;: u&apos;Jeff Yemin&apos;, u&apos;email&apos;: u&apos;jeff.yemin@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-1181&quot; title=&quot;Authentication is not done for DBCollection.createIndex() &quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-1181&quot;&gt;&lt;del&gt;JAVA-1181&lt;/del&gt;&lt;/a&gt;: Calls to new createIndexes command now go through DBTCPConnector, ensuring that auth is checked first.&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/c900d68b931570f8d5140e635d1f3360c883058e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/c900d68b931570f8d5140e635d1f3360c883058e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="566797" author="jeff.yemin" created="Tue, 29 Apr 2014 13:16:15 +0000"  >&lt;p&gt;Closing for 2.12.1 release.&lt;/p&gt;</comment>
                            <comment id="565230" author="xgen-internal-githook" created="Mon, 28 Apr 2014 13:24:53 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;username&apos;: u&apos;jyemin&apos;, u&apos;name&apos;: u&apos;Jeff Yemin&apos;, u&apos;email&apos;: u&apos;jeff.yemin@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-1181&quot; title=&quot;Authentication is not done for DBCollection.createIndex() &quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-1181&quot;&gt;&lt;del&gt;JAVA-1181&lt;/del&gt;&lt;/a&gt;: Calls to new createIndexes command now go through DBTCPConnector, ensuring that auth is checked first.&lt;br/&gt;
Branch: 2.12.x&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/mongo-java-driver/commit/c900d68b931570f8d5140e635d1f3360c883058e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/mongo-java-driver/commit/c900d68b931570f8d5140e635d1f3360c883058e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="562836" author="jeff.yemin" created="Fri, 25 Apr 2014 14:00:04 +0000"  >&lt;p&gt;Thanks for the report.  It&apos;s a bug.  The fix is easy and it will be in 2.12.1.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrycev:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>114558</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>