- 浏览: 2550728 次
- 性别:
- 来自: 成都
文章分类
最新评论
-
nation:
你好,在部署Mesos+Spark的运行环境时,出现一个现象, ...
Spark(4)Deal with Mesos -
sillycat:
AMAZON Relatedhttps://www.godad ...
AMAZON API Gateway(2)Client Side SSL with NGINX -
sillycat:
sudo usermod -aG docker ec2-use ...
Docker and VirtualBox(1)Set up Shared Disk for Virtual Box -
sillycat:
Every Half an Hour30 * * * * /u ...
Build Home NAS(3)Data Redundancy -
sillycat:
3 List the Cron Job I Have>c ...
Build Home NAS(3)Data Redundancy
MongoDB 2019(3)Security and Auth
Started the mongo cluster first
Connect to it
> mongo -host rancher-worker2 -port 27017
> rs.slaveOk();
> db.users.find();
Check DB
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
Switch to use admin
> use admin
switched to db admin
check if there is any users in DB
> db.system.users.find();
sillycat:PRIMARY>
No users, so I add one user there
https://docs.mongodb.com/manual/tutorial/create-users/
> use admin
switched to db admin
> db.createUser({user: "carl",pwd: "password",roles:[{role: "userAdminAnyDatabase", db:"admin"}]})
Successfully added user: {
"user" : "carl",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
Verify my auth
> db.auth("carl","password")
1
Exit and change the configuration for mongodb
> vi conf/mongodb.conf
auth = true
Kill the mongo process and start them again one by one
> mongod -f conf/mongodb.conf
In theory, it should be good to go now.
Wrong password will fail
> mongo --host rancher-home --port 27017 -ucarl -padfasdf --authenticationDatabase admin
Good password will be good
> mongo --host rancher-home --port 27017 -ucarl -ppassword --authenticationDatabase admin
> rs.slaveOk();
sillycat:OTHER>
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
> use admin
Check Users
> db.system.users.find()
{ "_id" : "admin.carl", "userId" : UUID("73415070-d63d-4377-ac3f-a247521a9d43"), "user" : "carl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "pYlkO1HuxIyKAM9fmnWZvQ==", "storedKey" : "cDocJ/FMaE3+T/KA02kQ+z2tjas=", "serverKey" : "BZe3saf4s7eqzc+Ks6kmvuJRTLw=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "CfET/OxJEo2eRnJufeaVKSmEy+7U89m7XX7NKA==", "storedKey" : "pns2OxgR+zfvJJL07to6PSvhc83R8YfnbrRQXh9xSKo=", "serverKey" : "2DKiqzYZHGszCHsb75VJbjqOrP/LfaEQMkdORPejIPI=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
Check this
> db.createUser({ user: "mongoadmin" , pwd: "mongoadmin", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]})
Successfully added user: {
"user" : "mongoadmin",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
]
}
Check out these
> db.createUser( { user:"siteUserAdmin",pwd:"password",roles:["userAdminAnyDatabase"]})
Successfully added user: { "user" : "siteUserAdmin", "roles" : [ "userAdminAnyDatabase" ] }
> db.createUser( { user:"siteRootAdmin",pwd:"password", roles:["userAdminAnyDatabase","readWriteAnyDatabase","dbAdminAnyDatabase","clusterAdmin"]});
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
"userAdminAnyDatabase",
"readWriteAnyDatabase",
"dbAdminAnyDatabase",
"clusterAdmin"
]
}
It is said the MongoDB Replica set needs both user account and keyfile. Keyfile seems for authentication between servers in the replica set, not for login in.
All the configurations are listed here
https://docs.mongodb.com/manual/reference/configuration-options/
Try the settings as follow:
storage:
dbPath: "/data/db/mongodb"
directoryPerDB: true
journal:
enabled: true
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
timeStampFormat: iso8601-utc
replication:
oplogSizeMB: 10240
replSetName: "sillycat"
processManagement:
fork: true
net:
bindIp: 0.0.0.0
port: 27017
security:
keyFile: "/opt/mongodb/keyfile.key"
authorization: "enabled"
Check version
> mongod -version
db version v4.2.1
git version: edf6d45851c0b9ee15548f0f847df141764a317e
OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
allocator: tcmalloc
modules: none
build environment:
distmod: rhel70
distarch: x86_64
target_arch: x86_64
Create the keyfile, we usually generate the keyfile on one server, copy that to other servers.
> openssl rand -base64 90 -out ./keyfile.key
Change the permission
> chmod 600 ./keyfile.key
Copy the file to other machines, make sure all 3 nodes having the same keyfile
> sudo rm -fr /data/db/mongodb/*
Facing some failure, because of the previous database data directory is keeping some old configurations. Clear that directories, and restart, it works fine.
We can always check the logging here
> tail -f /var/log/mongodb/mongod.log
> mongod -f conf/mongodb.conf
The final configurations are as follow:
> cat conf/mongodb.conf
storage:
dbPath: /data/db/mongodb
directoryPerDB: true
journal:
enabled: true
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
logAppend: true
replication:
oplogSizeMB: 10240
replSetName: sillycat
processManagement:
fork: true
net:
bindIp: 0.0.0.0
port: 27017
security:
keyFile: /opt/mongodb/keyfile.key
authorization: enabled
Disable the security—>authorization and security—>keyFile ,restart the services again
Connect to the master server again
> mongo --host rancher-home --port 27017
> rs.status()
{
"operationTime" : Timestamp(0, 0),
"ok" : 0,
"errmsg" : "no replset config has been received",
"code" : 94,
"codeName" : "NotYetInitialized",
"$clusterTime" : {
"clusterTime" : Timestamp(0, 0),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
> rs.initiate()
sillycat:SECONDARY> rs.conf()
sillycat:PRIMARY> rs.add("rancher-worker1:27017")
sillycat:PRIMARY> rs.add("rancher-worker2:27017")
That will recreate the master and 2 replicas.
Create some important user
User root as root role
> db.createUser({user:"root",pwd:"123456",roles:[{role:"root",db:"admin"}] });
sillycat:PRIMARY> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
sillycat:PRIMARY> use admin
switched to db admin
User admin is admin of any database
> db.createUser({user:"admin", pwd:"admin", roles:[{role: "userAdminAnyDatabase", db:"admin" }]})
It works
> sillycat:PRIMARY> db.auth("admin","admin")
1
Create a new database
> sillycat:PRIMARY> use testdb1
switched to db testdb1
Create db owner
> sillycat:PRIMARY> db.createUser({user:"carl",pwd:"123456",roles:[{role:"dbOwner",db:"testdb1"}] })
It works well
sillycat:PRIMARY> db.auth("carl","123456")
1
Shutdown all the services
> mongo --host rancher-home --port 27017
> mongo --host rancher-worker1 --port 27017
> mongo --host rancher-worker2 --port 27017
> sillycat:PRIMARY> use admin
sillycat:PRIMARY> db.shutdownServer()
Need to use local to connect to shutdown the service
> mongo --host localhost --port 27017
Enable all the configurations
security:
keyFile: /opt/mongodb/keyfile.key
authorization: enabled
Start the service again
> mongod -f conf/mongodb.conf
Check admin first
> mongo --host rancher-home --port 27017 -uadmin -padmin --authenticationDatabase admin
Check other db
> mongo --host rancher-home --port 27017 -ucarl -p123456 --authenticationDatabase testdb1
sillycat:PRIMARY> use testdb1
sillycat:PRIMARY> db.users.insert({name:"Carl", age:31})
sillycat:PRIMARY> db.users.find();
{ "_id" : ObjectId("5dcf23e43a8ac5e8fb8bd004"), "name" : "Carl", "age" : 31 }
On slave
> mongo --host rancher-worker1 --port 27017 -ucarl -p123456 --authenticationDatabase testdb1
sillycat:SECONDARY> rs.slaveOk();
sillycat:SECONDARY> db.users.find();
{ "_id" : ObjectId("5dcf23e43a8ac5e8fb8bd004"), "name" : "Carl", "age" : 31 }
Some other command
sillycat:SECONDARY> use testdb1
switched to db testdb1
sillycat:SECONDARY> show dbs
testdb1 0.000GB
sillycat:SECONDARY> show collections
users
Check current db
> sillycat:SECONDARY> db
test
References:
https://docs.mongodb.com/manual/core/authentication/
https://stackoverflow.com/questions/20539376/a-mongodb-useradminanydatabase-user-cannot-admin-users-in-any-database-why
http://www.dba86.com/docs/mongo/2.4/tutorial/deploy-replica-set-with-auth.html
https://stackoverflow.com/questions/38524150/mongodb-replica-set-with-simple-password-authentication
https://docs.mongodb.com/manual/tutorial/deploy-replica-set-with-keyfile-access-control/
https://github.com/johnnian/Blog/issues/8
https://dba.stackexchange.com/questions/82591/sample-yaml-configuration-files-for-mongodb
https://nutao.github.io/2017/07/27/Mongodb-%E9%9B%86%E7%BE%A4%E8%AE%A4%E8%AF%81%EF%BC%88KeyFile%EF%BC%89/
https://www.cnblogs.com/cswuyg/p/5869256.html
Started the mongo cluster first
Connect to it
> mongo -host rancher-worker2 -port 27017
> rs.slaveOk();
> db.users.find();
Check DB
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
Switch to use admin
> use admin
switched to db admin
check if there is any users in DB
> db.system.users.find();
sillycat:PRIMARY>
No users, so I add one user there
https://docs.mongodb.com/manual/tutorial/create-users/
> use admin
switched to db admin
> db.createUser({user: "carl",pwd: "password",roles:[{role: "userAdminAnyDatabase", db:"admin"}]})
Successfully added user: {
"user" : "carl",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
Verify my auth
> db.auth("carl","password")
1
Exit and change the configuration for mongodb
> vi conf/mongodb.conf
auth = true
Kill the mongo process and start them again one by one
> mongod -f conf/mongodb.conf
In theory, it should be good to go now.
Wrong password will fail
> mongo --host rancher-home --port 27017 -ucarl -padfasdf --authenticationDatabase admin
Good password will be good
> mongo --host rancher-home --port 27017 -ucarl -ppassword --authenticationDatabase admin
> rs.slaveOk();
sillycat:OTHER>
> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
test 0.000GB
> use admin
Check Users
> db.system.users.find()
{ "_id" : "admin.carl", "userId" : UUID("73415070-d63d-4377-ac3f-a247521a9d43"), "user" : "carl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "pYlkO1HuxIyKAM9fmnWZvQ==", "storedKey" : "cDocJ/FMaE3+T/KA02kQ+z2tjas=", "serverKey" : "BZe3saf4s7eqzc+Ks6kmvuJRTLw=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "CfET/OxJEo2eRnJufeaVKSmEy+7U89m7XX7NKA==", "storedKey" : "pns2OxgR+zfvJJL07to6PSvhc83R8YfnbrRQXh9xSKo=", "serverKey" : "2DKiqzYZHGszCHsb75VJbjqOrP/LfaEQMkdORPejIPI=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
Check this
> db.createUser({ user: "mongoadmin" , pwd: "mongoadmin", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]})
Successfully added user: {
"user" : "mongoadmin",
"roles" : [
"userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"
]
}
Check out these
> db.createUser( { user:"siteUserAdmin",pwd:"password",roles:["userAdminAnyDatabase"]})
Successfully added user: { "user" : "siteUserAdmin", "roles" : [ "userAdminAnyDatabase" ] }
> db.createUser( { user:"siteRootAdmin",pwd:"password", roles:["userAdminAnyDatabase","readWriteAnyDatabase","dbAdminAnyDatabase","clusterAdmin"]});
Successfully added user: {
"user" : "siteRootAdmin",
"roles" : [
"userAdminAnyDatabase",
"readWriteAnyDatabase",
"dbAdminAnyDatabase",
"clusterAdmin"
]
}
It is said the MongoDB Replica set needs both user account and keyfile. Keyfile seems for authentication between servers in the replica set, not for login in.
All the configurations are listed here
https://docs.mongodb.com/manual/reference/configuration-options/
Try the settings as follow:
storage:
dbPath: "/data/db/mongodb"
directoryPerDB: true
journal:
enabled: true
systemLog:
destination: file
path: "/var/log/mongodb/mongod.log"
logAppend: true
timeStampFormat: iso8601-utc
replication:
oplogSizeMB: 10240
replSetName: "sillycat"
processManagement:
fork: true
net:
bindIp: 0.0.0.0
port: 27017
security:
keyFile: "/opt/mongodb/keyfile.key"
authorization: "enabled"
Check version
> mongod -version
db version v4.2.1
git version: edf6d45851c0b9ee15548f0f847df141764a317e
OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
allocator: tcmalloc
modules: none
build environment:
distmod: rhel70
distarch: x86_64
target_arch: x86_64
Create the keyfile, we usually generate the keyfile on one server, copy that to other servers.
> openssl rand -base64 90 -out ./keyfile.key
Change the permission
> chmod 600 ./keyfile.key
Copy the file to other machines, make sure all 3 nodes having the same keyfile
> sudo rm -fr /data/db/mongodb/*
Facing some failure, because of the previous database data directory is keeping some old configurations. Clear that directories, and restart, it works fine.
We can always check the logging here
> tail -f /var/log/mongodb/mongod.log
> mongod -f conf/mongodb.conf
The final configurations are as follow:
> cat conf/mongodb.conf
storage:
dbPath: /data/db/mongodb
directoryPerDB: true
journal:
enabled: true
systemLog:
destination: file
path: /var/log/mongodb/mongod.log
logAppend: true
replication:
oplogSizeMB: 10240
replSetName: sillycat
processManagement:
fork: true
net:
bindIp: 0.0.0.0
port: 27017
security:
keyFile: /opt/mongodb/keyfile.key
authorization: enabled
Disable the security—>authorization and security—>keyFile ,restart the services again
Connect to the master server again
> mongo --host rancher-home --port 27017
> rs.status()
{
"operationTime" : Timestamp(0, 0),
"ok" : 0,
"errmsg" : "no replset config has been received",
"code" : 94,
"codeName" : "NotYetInitialized",
"$clusterTime" : {
"clusterTime" : Timestamp(0, 0),
"signature" : {
"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
"keyId" : NumberLong(0)
}
}
}
> rs.initiate()
sillycat:SECONDARY> rs.conf()
sillycat:PRIMARY> rs.add("rancher-worker1:27017")
sillycat:PRIMARY> rs.add("rancher-worker2:27017")
That will recreate the master and 2 replicas.
Create some important user
User root as root role
> db.createUser({user:"root",pwd:"123456",roles:[{role:"root",db:"admin"}] });
sillycat:PRIMARY> show dbs
admin 0.000GB
config 0.000GB
local 0.000GB
sillycat:PRIMARY> use admin
switched to db admin
User admin is admin of any database
> db.createUser({user:"admin", pwd:"admin", roles:[{role: "userAdminAnyDatabase", db:"admin" }]})
It works
> sillycat:PRIMARY> db.auth("admin","admin")
1
Create a new database
> sillycat:PRIMARY> use testdb1
switched to db testdb1
Create db owner
> sillycat:PRIMARY> db.createUser({user:"carl",pwd:"123456",roles:[{role:"dbOwner",db:"testdb1"}] })
It works well
sillycat:PRIMARY> db.auth("carl","123456")
1
Shutdown all the services
> mongo --host rancher-home --port 27017
> mongo --host rancher-worker1 --port 27017
> mongo --host rancher-worker2 --port 27017
> sillycat:PRIMARY> use admin
sillycat:PRIMARY> db.shutdownServer()
Need to use local to connect to shutdown the service
> mongo --host localhost --port 27017
Enable all the configurations
security:
keyFile: /opt/mongodb/keyfile.key
authorization: enabled
Start the service again
> mongod -f conf/mongodb.conf
Check admin first
> mongo --host rancher-home --port 27017 -uadmin -padmin --authenticationDatabase admin
Check other db
> mongo --host rancher-home --port 27017 -ucarl -p123456 --authenticationDatabase testdb1
sillycat:PRIMARY> use testdb1
sillycat:PRIMARY> db.users.insert({name:"Carl", age:31})
sillycat:PRIMARY> db.users.find();
{ "_id" : ObjectId("5dcf23e43a8ac5e8fb8bd004"), "name" : "Carl", "age" : 31 }
On slave
> mongo --host rancher-worker1 --port 27017 -ucarl -p123456 --authenticationDatabase testdb1
sillycat:SECONDARY> rs.slaveOk();
sillycat:SECONDARY> db.users.find();
{ "_id" : ObjectId("5dcf23e43a8ac5e8fb8bd004"), "name" : "Carl", "age" : 31 }
Some other command
sillycat:SECONDARY> use testdb1
switched to db testdb1
sillycat:SECONDARY> show dbs
testdb1 0.000GB
sillycat:SECONDARY> show collections
users
Check current db
> sillycat:SECONDARY> db
test
References:
https://docs.mongodb.com/manual/core/authentication/
https://stackoverflow.com/questions/20539376/a-mongodb-useradminanydatabase-user-cannot-admin-users-in-any-database-why
http://www.dba86.com/docs/mongo/2.4/tutorial/deploy-replica-set-with-auth.html
https://stackoverflow.com/questions/38524150/mongodb-replica-set-with-simple-password-authentication
https://docs.mongodb.com/manual/tutorial/deploy-replica-set-with-keyfile-access-control/
https://github.com/johnnian/Blog/issues/8
https://dba.stackexchange.com/questions/82591/sample-yaml-configuration-files-for-mongodb
https://nutao.github.io/2017/07/27/Mongodb-%E9%9B%86%E7%BE%A4%E8%AE%A4%E8%AF%81%EF%BC%88KeyFile%EF%BC%89/
https://www.cnblogs.com/cswuyg/p/5869256.html
发表评论
-
Update Site will come soon
2021-06-02 04:10 1676I am still keep notes my tech n ... -
Stop Update Here
2020-04-28 09:00 314I will stop update here, and mo ... -
NodeJS12 and Zlib
2020-04-01 07:44 474NodeJS12 and Zlib It works as ... -
Docker Swarm 2020(2)Docker Swarm and Portainer
2020-03-31 23:18 367Docker Swarm 2020(2)Docker Swar ... -
Docker Swarm 2020(1)Simply Install and Use Swarm
2020-03-31 07:58 367Docker Swarm 2020(1)Simply Inst ... -
Traefik 2020(1)Introduction and Installation
2020-03-29 13:52 335Traefik 2020(1)Introduction and ... -
Portainer 2020(4)Deploy Nginx and Others
2020-03-20 12:06 429Portainer 2020(4)Deploy Nginx a ... -
Private Registry 2020(1)No auth in registry Nginx AUTH for UI
2020-03-18 00:56 434Private Registry 2020(1)No auth ... -
Docker Compose 2020(1)Installation and Basic
2020-03-15 08:10 373Docker Compose 2020(1)Installat ... -
VPN Server 2020(2)Docker on CentOS in Ubuntu
2020-03-02 08:04 453VPN Server 2020(2)Docker on Cen ... -
Buffer in NodeJS 12 and NodeJS 8
2020-02-25 06:43 384Buffer in NodeJS 12 and NodeJS ... -
NodeJS ENV Similar to JENV and PyENV
2020-02-25 05:14 475NodeJS ENV Similar to JENV and ... -
Prometheus HA 2020(3)AlertManager Cluster
2020-02-24 01:47 421Prometheus HA 2020(3)AlertManag ... -
Serverless with NodeJS and TencentCloud 2020(5)CRON and Settings
2020-02-24 01:46 336Serverless with NodeJS and Tenc ... -
GraphQL 2019(3)Connect to MySQL
2020-02-24 01:48 246GraphQL 2019(3)Connect to MySQL ... -
GraphQL 2019(2)GraphQL and Deploy to Tencent Cloud
2020-02-24 01:48 450GraphQL 2019(2)GraphQL and Depl ... -
GraphQL 2019(1)Apollo Basic
2020-02-19 01:36 325GraphQL 2019(1)Apollo Basic Cl ... -
Serverless with NodeJS and TencentCloud 2020(4)Multiple Handlers and Running wit
2020-02-19 01:19 312Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(3)Build Tree and Traverse Tree
2020-02-19 01:19 317Serverless with NodeJS and Tenc ... -
Serverless with NodeJS and TencentCloud 2020(2)Trigger SCF in SCF
2020-02-19 01:18 291Serverless with NodeJS and Tenc ...
相关推荐
然后,修改`/etc/mongod.conf`配置文件,添加`auth`参数并重启MongoDB: ```bash security: authorization: enabled ``` 重启MongoDB服务并用新创建的用户登录: ```bash sudo service mongod restart ...
5. **权限与安全**:为了保护数据库,你可以启用身份验证(`auth`),并配置`security.keyFile`来实现基于密钥的认证。 示例配置文件内容可能如下: ``` systemLog: destination: file path: /var/log/mongodb/...
本文将详细介绍如何在Spring Security中集成MongoDB实现认证功能。 首先,我们需要理解Spring Security的认证流程。Spring Security通过`UserDetailsService`接口来获取用户信息,这个接口的主要方法是`...
该资源内项目源码是个人的课程设计、毕业...3、如果基础还行,也可在此代码基础上进行修改,以实现其他功能,也可用于毕设、课设、作业等。 下载后请首先打开README.md文件(如有),仅供学习参考, 切勿用于商业用途。
3. **配置防火墙规则**:限制MongoDB监听端口仅允许特定IP或范围内的IP访问。例如,只允许本地访问: ```bash netstat -tuln | grep 27017 iptables -A INPUT -p tcp --dport 27017 -j DROP ``` 4. **禁用远程...
3. **启动MongoDB服务** 在Windows上,可以使用命令行工具(如cmd或PowerShell)进入MongoDB的`bin`目录,然后运行`mongod.exe --config <配置文件路径>`启动服务。如果需要后台运行,可以加上`--service`参数。 4...
在本文中,我们将深入探讨如何使用Spring Boot与Spring Security进行简单的安全配置,同时结合MongoDB作为数据存储。Spring Boot以其简化Spring应用开发的特性而受到广泛欢迎,而Spring Security则是Java安全领域的...
在 `mongod.conf` 文件中添加 `security` 和 `auth` 部分: ``` security: authorization: enabled net: bindIp: 127.0.0.1,::1 # 只允许本地连接 ``` 然后,首次启动时,你需要初始化一个管理员用户: 1. 运行...
2. 修改 MongoDB 配置文件:在 `mongod.cfg` 文件中启用授权,将 `security.authorization` 设置为 `enabled`。 3. 重启 MongoDB 服务:更新配置后,需要重启服务以应用更改。 4. 使用超级管理员账户连接数据库:...
Chapter 6: Security and Auth in Node.js Chapter 7: Boosting Node.js and MongoDB with Mongoose Chapter 8: Building Node.js REST API Servers with Express.js and Hapi Chapter 9: Real-Time Apps with ...
db.getSiblingDB("admin").auth("root", "root@want") ``` 或者,我们可以使用以下命令进行身份验证: ``` mongo -u "root" -p --authenticationDatabase "admin" ``` 8. 创建 Cluster 管理员用户(可选) 如果我们...
- `security`: 这里可以配置认证和授权选项,如启用权限控制 (`auth = true`) 和设置用户认证机制。 - `replication`: 如果需要配置复制集,可以在这里定义成员。 - `sharding`: 对于分片集群,这里可以设置分片配置...
我解释了如何选择OAuth 2.0和MongoDB来构建可在微服务体系结构中使用的Single Sign On Auth服务器。 1.第一步。 运行sso-auth-client应用程序。 并尝试访问 。 不传递任何标题就返回此 2.第二步。 运行sso-auth-...
要开启访问控制,需要编辑MongoDB配置文件(如`/etc/mongod.conf`),将`security.authorization`设置为`enabled`。确保键值之间有空格,然后重启服务。 5. **用户管理员身份验证** 连接到MongoDB时,需要使用`-u...
3. 在右侧键值列表中找到`ImagePath`,并在其值末尾添加空格后加上`-auth`,确保重启MongoDB服务以使更改生效。 一旦完成上述步骤,MongoDB将要求用户提供凭证才能访问。尝试不提供凭证时,系统会拒绝访问并抛出...
1. **修改MongoDB配置**:编辑MongoDB配置文件(通常是`/etc/mongod.conf`),在`security`部分添加`authorization: enabled`,确保`--auth`参数生效。 2. **重新启动MongoDB**:使用`sudo service mongod restart`...
3. **重启 MongoDB 服务**:配置 MongoDB 服务器以启用身份验证。在 MongoDB 的配置文件(如 `/etc/mongod.conf`)中添加 `auth` 参数: ```ini security: authorization: enabled ``` 4. **重新启动服务**:...
3. **Java Security Framework**:auth-server基于Java平台,利用Java的安全框架来实现复杂的认证和授权功能。Java提供了强大的安全API,如JASPI(Java Authentication and Authorization Service)和JAAS(Java ...