search

SoftInstigate / restheart

Rapid API Development with MongoDB
https://restheart.org
GNU Affero General Public License v3.0
805 stars 171 forks source link

RESTHeart assumes CR authentication #22

Closed slankas closed 9 years ago

slankas commented 9 years ago

In MongoDBClientSingleton on line 103, the MongoDB credentials are created with

credentials.add(MongoCredential.createMongoCRCredential((String) mongoUser, (String) mongoAuthDb, ((String) mongoPwd).toCharArray()));

The CR authentication mechanism was the default prior to MongoDB 3.0. Under MongoDB 3.0, the default becomes SCRAM-SHA-1 SASL.

Suggest changing "createMongoCRCredential" to "createCredential".
http://api.mongodb.org/java/3.0/com/mongodb/MongoCredential.html#createCredential-java.lang.String-java.lang.String-char:A-

This will select between SCRAM-SHA-1 SASL and CR based upon the MongoDB version.

Another possibility would be to specify the authentication mechanism in the configuration file.

ujibang commented 9 years ago

fixed as you suggested in development branch

many thanks