我对 MOngoDB + Java 配置非常陌生。我正在尝试从 Java 应用程序实现来自远程 mongodb 服务器的连接。我想使用 GSSAPI 机制与 mongotemplate 连接。以下代码已成功执行。以下代码来 self 的配置文件。
List<ServerAddress> serverAddresses = new ArrayList<ServerAddress>();
ServerAddress address = new ServerAddress(host, port);
serverAddresses.add(address);
List<MongoCredential> credentials = new ArrayList<MongoCredential>();
MongoCredential credential = MongoCredential.createGSSAPICredential(userName);
credential.withMechanismProperty("SERVICE_NAME", gssapiServiceName);
credential.withMechanismProperty("CANONICALIZE_HOST_NAME", true);
credentials.add(credential);
return new MongoClient(serverAddresses, credentials);
但是当我尝试执行下面的代码时出现异常
DB db = mongoTemplate.getDb();
Set<String> dbCollections1 = db.getCollectionNames();
异常(exception):
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122) at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193) at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427) at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62) at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154) at com.mongodb.DBPort$GSSAPIAuthenticator.getGSSCredential(DBPort.java:622) at com.mongodb.DBPort$GSSAPIAuthenticator.createSaslClient(DBPort.java:593) at com.mongodb.DBPort$SaslAuthenticator.authenticate(DBPort.java:895) at com.mongodb.DBPort.authenticate(DBPort.java:432) at com.mongodb.DBPort.checkAuth(DBPort.java:443) at com.mongodb.DBTCPConnector.innerCall(DBTCPConnector.java:289) at com.mongodb.DBTCPConnector.call(DBTCPConnector.java:269) at com.mongodb.DBCollectionImpl.find(DBCollectionImpl.java:84) at com.mongodb.DB.command(DB.java:320) at com.mongodb.DB.command(DB.java:299) at com.mongodb.DB.command(DB.java:388) at com.mongodb.DBApiLayer.getCollectionNames(DBApiLayer.java:152)
最佳答案
非常感谢所有回复并查看我的问题的人。
添加一些系统属性和一个新的 conf 文件后,我终于可以连接到 MongoDB 服务器了。特此更新代码 -
try {
System.setProperty("java.security.krb5.conf","C:/mongodb/UnixKeytab/krb5.conf");
System.setProperty("java.security.krb5.realm","EXAMPLE.COM");
System.setProperty("java.security.krb5.kdc","example.com");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
System.setProperty("java.security.auth.login.config","C:/mongodb/UnixKeytab/gss-jaas.conf");
List<ServerAddress> serverAddresses = new ArrayList<ServerAddress>();
ServerAddress address = new ServerAddress(host, port);
serverAddresses.add(address);
List<MongoCredential> credentials = new ArrayList<MongoCredential>();
MongoCredential credential = MongoCredential.createGSSAPICredential(username);
credentials.add(credential);
MongoClient mongoClient1 = new MongoClient(serverAddresses, credentials);
DB db = mongoClient1.getDB(database);
} catch (UnknownHostException e) {
e.printStackTrace();
}
我的 krb5.conf 文件如下所示 -
[libdefaults]
default_realm = EXAMPLE.COM
default_tkt_enctypes = des-cbc-md5 rc4-hmac
default_tgs_enctypes = des-cbc-md5 rc4-hmac
default_keytab_name = <keytab file path>
[realms]
EXAMPLE.COM = {
kdc = example.com
master_kdc = example.com
default_domain = EXAMPLE.COM
}
INTRANET = {
kdc = example.com
master_kdc = example.com
default_domain = example.com
}
我的 gss-jaas.conf 如下所示 -
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=false
principal="my-account@MY_REALM"
doNotPrompt=true
keyTab="path-to-my-keytab-file"
debug=true;};
我发布的代码对我有用。希望这对其他人有用。
关于java - GSS 异常 : No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/33829017/