JAVA-436: When a database and credentials are specified in the Mongo URI, automatically authenticate the database. This is done lazily on first use of the database by just setting the credentials on the DB instance. Care is taken to make sure that DB.authenticate and DB.authenticateCommand still work correctly even if credentials are on the URI, so long as the same credentials are used in all cases. Otherwise clients who were working around this by calling those methods explicitly would break.

Author: jyemin

src/main/com/mongodb/DB.java

@@ -25,6 +25,7 @@
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -40,7 +41,7 @@
 public abstract class DB {
 
     private static final Set<String> _obedientCommands = new HashSet<String>();
-    
+
     static {
         _obedientCommands.add("group");
         _obedientCommands.add("aggregate");
@@ -63,6 +64,17 @@ public DB( Mongo mongo , String name ){
         _options = new Bytes.OptionHolder( _mongo._netOptions );
     }
 
+    /**
+     * @param mongo the mongo instance
+     * @param name the database name
+     */
+    DB( Mongo mongo , String name, String username, char[] password ) {
+        _mongo = mongo;
+        _name = name;
+        _options = new Bytes.OptionHolder( _mongo._netOptions );
+        authenticationCredentialsReference.set(new AuthenticationCredentials(username, password));
+    }
+
     /**
      * Determines the read preference that should be used for the given command.
      * @param command the <code>DBObject</code> representing the command
@@ -558,53 +570,70 @@ public boolean isAuthenticated() {
     }
 
     /**
-     *  Authenticates to db with the given name and password
+     *  Authenticates to db with the given credentials.  If this method (or {@code authenticateCommand} has already been
+     *  called with the same credentials and the authentication test succeeded, this method will return true.  If this method
+     *  has already been called with different credentials and the authentication test succeeded,
+     *  this method will throw an {@code IllegalStateException}.  If this method has already been called with any credentials
+     *  and the authentication test failed, this method will re-try the authentication test with the
+     *  given credentials.
      *
      * @param username name of user for this database
      * @param password password of user for this database
      * @return true if authenticated, false otherwise
-     * @throws MongoException
+     * @throws MongoException if authentication failed due to invalid user/pass, or other exceptions like I/O
+     * @throws IllegalStateException if authentiation test has already succeeded with different credentials
+     * @see #authenticateCommand(String, char[])
      * @dochub authenticate
      */
     public boolean authenticate(String username, char[] password ){
-
-        if (authenticationCredentialsReference.get() != null) {
-            throw new IllegalStateException("can't authenticate twice on the same database");
-        }
-
-        AuthenticationCredentials newCredentials = new AuthenticationCredentials(username, password);
-        CommandResult res = newCredentials.authenticate();
-        if (!res.ok())
-            return false;
-
-        boolean wasNull = authenticationCredentialsReference.compareAndSet(null, newCredentials);
-        if (!wasNull) {
-            throw new IllegalStateException("can't authenticate twice on the same database");
-        }
-        return true;
+        return authenticateCommandHelper(username, password).ok();
     }
 
     /**
-     *  Authenticates to db with the given name and password
+     *  Authenticates to db with the given credentials.  If this method (or {@code authenticate} has already been
+     *  called with the same credentials and the authentication test succeeded, this method will return true.  If this method
+     *  has already been called with different credentials and the authentication test succeeded,
+     *  this method will throw an {@code IllegalStateException}.  If this method has already been called with any credentials
+     *  and the authentication test failed, this method will re-try the authentication test with the
+     *  given credentials.
+     *
      *
      * @param username name of user for this database
      * @param password password of user for this database
      * @return the CommandResult from authenticate command
      * @throws MongoException if authentication failed due to invalid user/pass, or other exceptions like I/O
+     * @throws IllegalStateException if authentiation test has already succeeded with different credentials
+     * @see #authenticate(String, char[])
      * @dochub authenticate
      */
     public synchronized CommandResult authenticateCommand(String username, char[] password ){
+        CommandResult res = authenticateCommandHelper(username, password);
+        res.throwOnError();
+        return res;
+    }
 
-        if (authenticationCredentialsReference.get() != null) {
-            throw new IllegalStateException( "can't authenticate twice on the same database" );
+    private CommandResult authenticateCommandHelper(String username, char[] password) {
+        AuthenticationCredentials currentCredentials = authenticationCredentialsReference.get();
+        AuthenticationCredentials newCredentials = new AuthenticationCredentials(username, password);
+
+        if (currentCredentials != null) {
+            if (currentCredentials.equals(newCredentials)) {
+                if (credentialsAlreadySuccessfullyTested) {
+                    return authenticationTestCommandResult;
+                }
+            } else {
+                throw new IllegalStateException("can't authenticate twice on the same database");
+            }
         }
 
-        AuthenticationCredentials newCredentials = new AuthenticationCredentials(username, password);
         CommandResult res = newCredentials.authenticate();
-        res.throwOnError();
-        boolean wasNull = authenticationCredentialsReference.compareAndSet(null, newCredentials);
-        if (!wasNull) {
-            throw new IllegalStateException("can't authenticate twice on the same database");
+        if (res.ok()) {
+            boolean wasNull = authenticationCredentialsReference.compareAndSet(null, newCredentials);
+            if (!wasNull && credentialsAlreadySuccessfullyTested) {
+                throw new IllegalStateException("can't authenticate twice on the same database");
+            }
+            credentialsAlreadySuccessfullyTested = true;
+            authenticationTestCommandResult = res;
         }
         return res;
     }
@@ -776,8 +805,14 @@ AuthenticationCredentials getAuthenticationCredentials() {
     private com.mongodb.ReadPreference _readPref;
     final Bytes.OptionHolder _options;
 
+    // the credentials, possibly set in the constructor, in which case they have not been tested yet.
     private AtomicReference<AuthenticationCredentials> authenticationCredentialsReference =
             new AtomicReference<AuthenticationCredentials>();
+    // this can be false with credentials set if the credentials were passed in to the constructor
+    private volatile boolean credentialsAlreadySuccessfullyTested = false;
+    // cached authentication command result, to return in case of multiple calls to authenticateCommand with the
+    // same credentials
+    private volatile CommandResult authenticationTestCommandResult;
 
     /**
      * Encapsulate everything relating to authorization of a user on a database
@@ -797,6 +832,26 @@ private AuthenticationCredentials(final String userName, final char[] password)
             this.authHash = createHash(userName, password);
         }
 
+        @Override
+        public boolean equals(final Object o) {
+            if (this == o) return true;
+            if (o == null || getClass() != o.getClass()) return false;
+
+            final AuthenticationCredentials that = (AuthenticationCredentials) o;
+
+            if (!Arrays.equals(authHash, that.authHash)) return false;
+            if (!userName.equals(that.userName)) return false;
+
+            return true;
+        }
+
+        @Override
+        public int hashCode() {
+            int result = userName.hashCode();
+            result = 31 * result + Arrays.hashCode(authHash);
+            return result;
+        }
+
         CommandResult authenticate() {
             requestStart();
             try {

src/main/com/mongodb/DBApiLayer.java

@@ -99,6 +99,26 @@ protected DBApiLayer( Mongo mongo, String name , DBConnector connector ){
         _connector = connector;
     }
 
+    /**
+     *
+     * @param mongo the Mongo instance
+     * @param name the database name
+     * @param connector the connector
+     * @param username username to authenticate database against
+     * @param password password to authenticate database against
+     */
+    protected DBApiLayer(final Mongo mongo, final String name, final DBTCPConnector connector, final String username, final char[] password) {
+        super(mongo, name, username, password);
+
+        if ( connector == null )
+            throw new IllegalArgumentException( "need a connector: " + name );
+
+        _root = name;
+        _rootPlusDot = _root + ".";
+
+        _connector = connector;
+    }
+
     public void requestStart(){
         _connector.requestStart();
     }

src/main/com/mongodb/Mongo.java

@@ -295,6 +295,8 @@ public Mongo( List<ServerAddress> seeds , MongoOptions options ) {
     /**
      * Creates a Mongo described by a URI.
      * If only one address is used it will only connect to that node, otherwise it will discover all nodes.
+     * If the URI contains database credentials, the database will be authenticated lazily on first use
+     * with those credentials.
      * @param uri
      * @see MongoURI
      * <p>examples:
@@ -326,6 +328,11 @@ public Mongo( MongoURI uri )
             _connector = new DBTCPConnector( this , replicaSetSeeds );
         }
 
+        if (uri.getDatabase() != null && uri.getUsername() != null) {
+            DB db = new DBApiLayer(this, uri.getDatabase() , _connector, uri.getUsername(), uri.getPassword());
+            _dbs.put(db.getName(), db);
+        }
+
         _connector.start();
         if (_options.cursorFinalizerEnabled) {
             _cleaner = new CursorCleanerThread();

src/main/com/mongodb/MongoURI.java

@@ -192,7 +192,8 @@ public MongoOptions getOptions(){
 
     /**
      * creates a Mongo instance based on the URI
-     * @return
+     * @return a new Mongo instance.  There is no caching, so each call will create a new instance, each of which
+     * must be closed manually.
      * @throws MongoException
      * @throws UnknownHostException
      */
@@ -205,29 +206,27 @@ public Mongo connect()
 
     /**
      * returns the DB object from a newly created Mongo instance based on this URI
-     * @return
+     * @return the database specified in the URI.  This will implicitly create a new Mongo instance,
+     * which must be closed manually.
      * @throws MongoException
      * @throws UnknownHostException
      */
-    public DB connectDB()
-            throws UnknownHostException {
-        // TODO auth
-        return connect().getDB( getDatabase() );
+    public DB connectDB() throws UnknownHostException {
+        return connect().getDB(getDatabase());
     }
 
     /**
      * returns the URI's DB object from a given Mongo instance
-     * @param m
-     * @return
+     * @param mongo the Mongo instance to get the database from.
+     * @return the database specified in this URI
      */
-    public DB connectDB( Mongo m ){
-        // TODO auth
-        return m.getDB( getDatabase() );
+    public DB connectDB( Mongo mongo ){
+        return mongo.getDB( getDatabase() );
     }
 
     /**
      * returns the URI's Collection from a given DB object
-     * @param db
+     * @param db the database to get the collection from
      * @return
      */
     public DBCollection connectCollection( DB db ){
@@ -236,11 +235,11 @@ public DBCollection connectCollection( DB db ){
 
     /**
      * returns the URI's Collection from a given Mongo instance
-     * @param m
-     * @return
+     * @param mongo the mongo instance to get the collection from
+     * @return the collection specified in this URI
      */
-    public DBCollection connectCollection( Mongo m ){
-        return connectDB( m ).getCollection( getCollection() );
+    public DBCollection connectCollection( Mongo mongo ){
+        return connectDB( mongo ).getCollection( getCollection() );
     }
 
     // ---------------------------------