我写了一个 grails 3.3 + mongo 4.0.4 应用程序,但在生产中,mongo 服务器只接受通过 SSL(自签名证书)的连接。我还没有在任何地方找到关于如何为 mongo 配置 GORM 的文档(http://gorm.grails.org/latest/mongodb/manual/)。有一个选项(sslEnabled,我想我应该使用 socketFactory)在 grails 中使用启用 SSL 的连接,但我不确定如何配置连接
最佳答案
我找到了一种无需 mongos 即可连接的方法。
您需要在grails-app/conf/runtime.groovy
中指定socketFactory
实例来验证服务器证书
import com.mongodb.ConnectionString
import grails.mongodb.MongoSSLContextBuilder
grails.mongodb = [
url : new ConnectionString("mongodb+srv://username:password@hostname/dbname?authSource=admin&tls=true"),
options: [
autoConnectRetry: true,
connectTimeout : 300,
sslEnabled : true,
socketFactory : new MongoSSLContextBuilder().getSSLContext("private/mongo/ca-certificate.crt").getSocketFactory()
]
]
MongoSSLContextBuilder
的实现
package grails.mongodb
import groovy.transform.CompileStatic
import groovy.util.logging.Slf4j
import org.grails.io.support.ClassPathResource
import javax.net.ssl.SSLContext
import javax.net.ssl.TrustManagerFactory
import java.security.KeyStore
import java.security.SecureRandom
import java.security.cert.CertificateFactory
import java.security.cert.X509Certificate
@CompileStatic
@Slf4j
class MongoSSLContextBuilder {
SSLContext getSSLContext(String pathToCert) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate caCert = (X509Certificate) cf.generateCertificate(getCert(pathToCert));
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
ks.setCertificateEntry("caCert", caCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), new SecureRandom());
return sslContext;
} catch (Exception e) {
log.error("Error during building mongo ssl context: ", e);
throw new RuntimeException(e);
}
}
private InputStream getCert(String pathToCert) throws IOException {
return new ClassPathResource(pathToCert).getInputStream();
}
}
把你的ca-certificate.crt
放在src/main/resources
目录下
如果您需要 mongodb+srv://
协议(protocol)工作,您需要更新 build.gradle
中的 org.mongodb:mongodb-driver
库code> 到版本至少 3.6.0
// https://mvnrepository.com/artifact/org.mongodb/mongodb-driver
compile 'org.mongodb:mongodb-driver:3.6.4'
compile('org.grails.plugins:mongodb:6.1.6') {
exclude group: 'org.mongodb', module: 'mongodb-driver'
}
关于mongodb - Grails:如何通过 SSL 访问 mongodb,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53298584/