MongoDB Asynchronous Java Driver - MongoDB Asynchronous Java Driver: MongoDB Challenge/Response Users Guide

MongoDB Challenge/Response Authentication

Note: See Password Hashing Insecurity

MongoDB Challenge/Response uses a user name and password to authenticate to the server. The user name, password and static salt are hashed using MD5. The driver will issue a request for a one time nonce from the server. MD5 is then used to hash the nonce, username, and password hash. The final hash is then sent to the server to finally authenticate the user.

The user name and password are provided to the driver by creating a Credential and adding it to the configuration for the client.

MongoClientConfiguration config = new MongoClientConfiguration("mongodb://locahost:27017/");

char[] password = new char[] { 's', 'u', 'p', 'e', 'r', 's', 'e', 'c', 'r', 'e', 't' };
config.addCredential(
   Credential.builder()
             .userName("<user>")
             .password(password)
             .database("db")     // Optional - Defaults to "admin".
             .mongodbCR());      // Strictly not needed as MongoDB CR is the default.
Arrays.fill( password, ' ' );

As noted in the code above, the specification of a database is optional and will default to the admin database.

Configuring the Server

See the MongoDB Tutorial.

Options

The MongoDB Challenge/Response authenticator does not support any options.

mongodb-async-driver

Overview

Project Documentation

MongoDB Challenge/Response Authentication

Configuring the Server

Options