MongoDB does not turn on authentication by default, so long as the client program can access the MongoDB server, it can connect to it.
<span style= "FONT-SIZE:18PX;" >mongoclient mongoclient = new Mongoclient ("182.92.229.156", 27017); You do not need a user password to connect. </span>
However, in the production environment, it is generally necessary to turn on authorization authentication, only authorized users can connect to MongoDB, to allow access to the relevant resources, namely: User-Role-resources ~ This mode and other relational database permissions mode basically consistent, here do not do too much explanation.
To turn on authentication mode, first modify the MongoDB configuration file:/etc/mongod.conf (the path may be different from me ~)
To modify the configuration:
# Turn on/off security. OFF is currently the default
#noauth =true
auth=true #这个就是开启认证的配置
Restart MongoDB after opening to take effect:
sudo service mongod restart
It is important to note that before enabling authentication mode, you need to create an administrator user in MongoDB that does not provide the default user.
The following describes how to create an administrator user:
1, first switch to the admin database, the role of this library is used to store all the authorized users in MongoDB, the default this library does not exist, we first switch over, in use when it will be automatically created.
Use admin;
Successful switchover will show switched to DB admin
2, create the user, the following code load in the execution.
Db.createuser ({
"user": "Dbadmin",
"pwd": "123456",
"roles": [
{role: "Useradminanydatabase", DB: " Admin "},
{role:" Readwriteanydatabase ", DB:" admin "}
]},
{w:" Majority ", wtimeout:5000}
);
There are many characters built into MongoDB that we can use directly.
Roles can have multiple settings:
"Roles": [
{role: "Useradminanydatabase", DB: "Admin"},
{role: "Readwriteanydatabase", DB: "admin"}
]},
Role: Represents the roles, DB: Indicates which database the current role is valid for. For example, set the admin so that the user's permission range is only valid in the admin database.
For example I set role: "ReadWrite", DB: "MyDB" then this user can only be in MyDB this database has read and write permissions.
But MongoDB provides several global database roles, such as the above
Useradminanydatabase, Readwriteanydatabase
Note that after the anddatabase, if this role is set, it means that the role is valid for all databases, although it sets the db: "admin".
After the system administrator user is set up, we can open the authentication mode in MongoDB, and then enter the MongoDB client in the mode of opening:
[Root@iz25ce2pyrlz ~]# MONGO
MongoDB shell version:3.0.6
connecting to:test
>
The first step is to switch to the admin database:
Use admin;
Switched to DB admin
The second step is identity authentication:
Db.auth ("Dbadmin", "123456");
The authentication successfully returns 1, and if the authentication fails, the related error message is raised.
We can take a look at the system users:
<span style= "FONT-SIZE:18PX;" >db.system.users.find () </span>
{"_id": "Admin.dbadmin", "User": "Dbadmin", "db": "admin", "credentials": {"Scram-sha-1": {"IterationCount": 1000 0, "salt": "nuymhdgcmc4kxcghsaahbw==", "Storedkey": "widdwwncu5a88r5osix4bhdml0w=", "Serverkey": " 0jppriqexmndh3ij8rwygyj5rgq= "}}," Roles ": [{" Role ":" Useradminanydatabase "," db ":" Admin "}, {" Role ":" Readwritea Nydatabase "," db ":" Admin "}]}
Then we can set up the authorized users in the specific data.
Db.createuser ({
"user": "MyDB",
"pwd": "MyDB",
"roles": [
{role: "ReadWrite", DB: "MyDB"}
]},
{w: "Majority", wtimeout:5000}
);
We set up read-write permissions to the MyDB database user.
Mongoclienturi connectionString = new Mongoclienturi ("mongodb://mydb:mydb@ your ip/?authsource=mydb&authmechanism= Scram-sha-1 ");
Mongoclient mongoclient = new Mongoclient (connectionString);
The URL above configures the user name and password and the database to which you want to connect.