<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 09:00:59 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[JAVA-4002] &amp;authMechanismProperties=JAVA_SUBJECT:mongodb</title>
                <link>https://jira.mongodb.org/browse/JAVA-4002</link>
                <project id="10006" key="JAVA">Java Driver</project>
                    <description>&lt;p&gt;Both explicit calls via MongoCredential and the URI support overriding the JAVA_SUBJECT_KEY to use a defined section of the jaas-config instead of &quot;com.sun.security.jgss.krb5.initiate&quot;.&#160;&lt;/p&gt;

&lt;p&gt;However, the underlying code appears to use the literal-String value instead of getting the Subject() from the running-kerberos jaas config which then errors out. I&apos;d expect the running jaas-config to be consulted for the named-subject and then the appropriate method calls invoked.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Without this fix, I&apos;m forced to run the app with&#160;javax.security.auth.useSubjectCredsOnly=false which defeats some of the isolation that the Nifi product was looking to achieve.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</description>
                <environment>Linux/Nifi/Kerberos GSSAPI</environment>
        <key id="1614777">JAVA-4002</key>
            <summary>&amp;authMechanismProperties=JAVA_SUBJECT:mongodb</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13202">Works as Designed</resolution>
                                        <assignee username="jeff.yemin@mongodb.com">Jeffrey Yemin</assignee>
                                    <reporter username="nick.lange@morganstanley.com">Nick Lange</reporter>
                        <labels>
                    </labels>
                <created>Sat, 6 Feb 2021 06:35:48 +0000</created>
                <updated>Fri, 27 Oct 2023 13:20:57 +0000</updated>
                            <resolved>Tue, 9 Feb 2021 12:40:59 +0000</resolved>
                                    <version>3.12.7</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="3606422" author="jeff.yemin" created="Tue, 9 Feb 2021 12:40:43 +0000"  >&lt;p&gt;I opened JAVA-4004 to track improvements to the reference documentation.&lt;/p&gt;

&lt;p&gt;If you have time, can you tell us a little about how you&apos;re using Apache NiFi with MongoDB?  It&apos;s not been on our radar until now.&lt;/p&gt;

&lt;p&gt;Thank you for bringing this to our attention!&lt;/p&gt;

&lt;p&gt;Regards,&lt;br/&gt;
Jeff&lt;/p&gt;</comment>
                            <comment id="3603731" author="JIRAUSER1258600" created="Mon, 8 Feb 2021 06:16:10 +0000"  >&lt;p&gt;Thanks for taking the time to research and get back to me Jeffrey. I agree moving to 4.2.0 and its simplified structure is best outcome. I&apos;ve filed a wish list Jira for the NIFI team to evaluate the impact of the migration in a separate JIRA.&#160; I also agree with the sample code as a workaround - that&apos;s what I eventually settled on while I wait for NIFI to move to the new driver code.&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;error&quot;&gt;&amp;#91;https://issues.apache.org/jira/browse/NIFI-8208|NIFI-8208&amp;#93;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&quot;There is no way that I can see to set the&#160;&lt;tt&gt;Subject&lt;/tt&gt;&#160;via connection string, &quot;&lt;/p&gt;

&lt;p&gt;I think this is the main point of me reaching out. The docs are not clear that you cannot:&lt;/p&gt;

&lt;p&gt;&lt;a href=&quot;http://example.com&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://mongodb.github.io/mongo-java-driver/3.12/driver/tutorials/authentication/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;https://jira.mongodb.org/secure/attachment/299013/299013_image-2021-02-08-01-13-08-831.png&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;At any rate, I&apos;ve settled on the workaround. I&apos;ll leave it to the team&apos;s discretion with how to treat this JIRA.&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;</comment>
                            <comment id="3603169" author="jeff.yemin" created="Sat, 6 Feb 2021 16:55:38 +0000"  >&lt;p&gt;Here&apos;s some sample code for how to associate a &lt;tt&gt;Subject&lt;/tt&gt; with the credential:&lt;/p&gt;

&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;        LoginContext loginContext = &lt;/span&gt;&lt;span style=&quot;color: #006699; font-weight: bold; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;new&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; LoginContext(&lt;/span&gt;&lt;span style=&quot;color: blue; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;&quot;something.from.jaas.config&quot;&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;        loginContext.login();&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;        Subject subject = loginContext.getSubject();&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;        MongoCredential credential = MongoCredential.createGSSAPICredential(&lt;/span&gt;&lt;span style=&quot;color: blue; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;&quot;userName&quot;&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;                .withMechanismProperty(MongoCredential.JAVA_SUBJECT_KEY, subject);&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;        &lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;        MongoClient client = &lt;/span&gt;&lt;span style=&quot;color: #006699; font-weight: bold; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;new&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; MongoClient(&lt;/span&gt;&lt;span style=&quot;color: #006699; font-weight: bold; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;new&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; ServerAddress(), credential, MongoClientOptions.builder().build());&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;        

&lt;p&gt;Also, you might be interested in &lt;a href=&quot;https://jira.mongodb.org/browse/JAVA-3836&quot; title=&quot;Support a Kerberos ticket cache&quot; class=&quot;issue-link&quot; data-issue-key=&quot;JAVA-3836&quot;&gt;&lt;del&gt;JAVA-3836&lt;/del&gt;&lt;/a&gt;, recently released in 4.2.0.&lt;/p&gt;
</comment>
                            <comment id="3603141" author="jeff.yemin" created="Sat, 6 Feb 2021 15:29:01 +0000"  >&lt;p&gt;Please also share the code you use to create the &lt;tt&gt;MongoClient&lt;/tt&gt;, whether via MongoClientOptions/Settings or via the connection string.  There is no way that I can see to set the &lt;tt&gt;Subject&lt;/tt&gt; via connection string, so looking at your initialization code might clarify matters.  Please also share any other configuration, including jaaa-config and any Kerberos-related system properties that are set.&lt;/p&gt;</comment>
                            <comment id="3603136" author="jeff.yemin" created="Sat, 6 Feb 2021 15:03:06 +0000"  >&lt;p&gt;I had a quick look at &lt;tt&gt;com.mongodb.internal.connection.SaslAuthenticator&lt;/tt&gt; and don&apos;t see anything immediately that matches your description.  It seems rather that the code gets the &lt;tt&gt;Subject&lt;/tt&gt; from the &lt;tt&gt;MongoCredential&lt;/tt&gt; and if it&apos;s non-null, it executes the authentication conversation in the context of &lt;tt&gt;Subject.doAs&lt;/tt&gt;.  There is no reference to the literal string value &lt;tt&gt;&quot;com.sun.security.jgss.krb5.initiate&quot;&lt;/tt&gt; anywhere in the driver code.  &lt;/p&gt;
</comment>
                            <comment id="3603134" author="jeff.yemin" created="Sat, 6 Feb 2021 14:54:56 +0000"  >&lt;p&gt;Hi there, thank you for reaching out.  Would you mind also opening an issue in our MongoDB support portal, located at &lt;a href=&quot;https://support.mongodb.com/welcome&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;support.mongodb.com&lt;/a&gt;?  That way we can provide you the most comprehensive support.&lt;/p&gt;

&lt;p&gt;If you have already opened a support case, please let me know and I can get in touch directly with the support engineer handling the case.&lt;/p&gt;

&lt;p&gt;Thank you!&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                                                <inwardlinks description="is documented by">
                                                        </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                            <attachment id="299013" name="image-2021-02-08-01-13-08-831.png" size="39159" author="nick.lange@morganstanley.com" created="Mon, 8 Feb 2021 06:13:10 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10257" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Documentation Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10250"><![CDATA[Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hyf7iv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>