Hibernate OGM Upgrade causing Mongo authentication issue

Question

I am trying to upgrade my application with the following :

Mongo db 2.6.5 to 3.4.2
Hibernate OGM from 4.2.0.Final to 5.1.0.Final

I am getting Authentication failure with OGM 5.1 , however it works fine with OGM 4.2

Exception stack -

com.mongodb.MongoSecurityException: Exception authenticating MongoCredential{mechanism=null, userName='prodhub', source='admin', password=, mechanismProperties={}} at com.mongodb.connection.SaslAuthenticator.wrapInMongoSecurityException(SaslAuthenticator.java:157) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator.access$200(SaslAuthenticator.java:37) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:66) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:44) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator.doAsSubject(SaslAuthenticator.java:162) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator.authenticate(SaslAuthenticator.java:44) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.DefaultAuthenticator.authenticate(DefaultAuthenticator.java:32) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.InternalStreamConnectionInitializer.authenticateAll(InternalStreamConnectionInitializer.java:109) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.InternalStreamConnectionInitializer.initialize(InternalStreamConnectionInitializer.java:46) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.InternalStreamConnection.open(InternalStreamConnection.java:116) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.DefaultServerMonitor$ServerMonitorRunnable.run(DefaultServerMonitor.java:113) ~[mongo-java-driver-3.4.2.jar:na] at java.lang.Thread.run(Thread.java:745) [na:1.8.0_72] Caused by: com.mongodb.MongoCommandException: Command failed with error 18: 'Authentication failed.' on server localhost:27017. The full response is { "ok" : 0.0, "errmsg" : "Authentication failed.", "code" : 18, "codeName" : "AuthenticationFailed" } at com.mongodb.connection.CommandHelper.createCommandFailureException(CommandHelper.java:170) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.CommandHelper.receiveCommandResult(CommandHelper.java:123) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.CommandHelper.executeCommand(CommandHelper.java:32) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator.sendSaslStart(SaslAuthenticator.java:117) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator.access$000(SaslAuthenticator.java:37) ~[mongo-java-driver-3.4.2.jar:na] at com.mongodb.connection.SaslAuthenticator$1.run(SaslAuthenticator.java:50) ~[mongo-java-driver-3.4.2.jar:na] ... 9 common frames omitted

I came across this jira - https://hibernate.atlassian.net/browse/OGM-791 , which suggests that I might have to do a mongo authentication scheme migration.

My persistence xml is like this --

<persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
  <persistence-unit name="productHub">
    <provider>org.hibernate.ogm.jpa.HibernateOgmPersistence</provider>
    <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode>

        <properties>

            <property name="hibernate.ogm.datastore.provider" value="mongodb" /> 

            <property name="hibernate.ogm.datastore.database" value="test" /> 
            <!-- property name="hibernate.ogm.datastore.host" value="localhost" / --> 
            <!-- property name="hibernate.ogm.datastore.port" value="27017" / -->
            <property name="hibernate.ogm.datastore.username" value="prodhub" /> 
            <property name="hibernate.ogm.datastore.password" value="xxxxxxxxx" />
            <property name="hibernate.ogm.mongodb.connection_timeout" value="6000" />

            <!-- property name="hibernate.ogm.mongodb.authentication_mechanism" value="MONGODB_CR" / -->

            <property name="hibernate.cache.use_second_level_cache" value="false" />

            <!--
            <property name="hibernate.search.default.directory_provider" value="filesystem" />
            <property name="hibernate.search.default.indexBase" value="D:\\Projects\\prodhub\\lucene" />


            <property name="jboss.as.jpa.managed" value="false" />
            -->

        </properties>

  </persistence-unit>
</persistence>

And the mongo log shows -

2017-03-19T01:37:37.352+0530 I NETWORK [thread1] connection accepted from 127.0.0.1:62379 #640 (2 connections now open) 2017-03-19T01:37:37.353+0530 I NETWORK [conn640] received client metadata from 127.0.0.1:62379 conn640: { driver: { name: "mongo-java-driver", version: "3.4.2" }, os: { type: "Windows", name: "Windows 7", architecture: "amd64", version: "6.1" }, platform: "Java/Oracle Corporation/1.8.0_72-b15" } 2017-03-19T01:37:37.355+0530 I ACCESS [conn640] SCRAM-SHA-1 authentication failed for prodhub on admin from client 127.0.0.1:62379 ; UserNotFound: Could not find user prodhub@admin 2017-03-19T01:37:37.356+0530 I - [conn640] end connection 127.0.0.1:62379 (2 connections now open)

If I change the authentication mechanism to MONGODB_CR, I get the following log messages -

[conn667] received client metadata from 127.0.0.1:64331 conn667: { driver: { name: "mongo-java-driver", version: "3.4.2" }, os: { type: "Windows", name: "Windows 7", architecture: "amd64", version: "6.1" }, platform: "Java/Oracle Corporation/1.8.0_72-b15" } 2017-03-19T15:10:33.346+0530 I ACCESS [conn667] authenticate db: admin { authenticate: 1, user: "prodhub", nonce: "xxx", key: "xxx" } 2017-03-19T15:10:33.347+0530 I ACCESS [conn667] Failed to authenticate prodhub@admin with mechanism MONGODB-CR: AuthenticationFailed: UserNotFound: Could not find user prodhub@admin 2017-03-19T15:10:33.349+0530 I - [conn667] end connection 127.0.0.1:64331 (2 connections now open)

From the error stack & log messages, is it confirmed that I need to go through the auth migration process mentioned here - https://docs.mongodb.com/manual/release-notes/3.0-scram/

Or should I look for some more diagnostics information before doing the upgrage ?

Even the upgrade didn't help ! > db.adminCommand({authSchemaUpgrade: 1}); { "done" : true, "ok" : 1 } .. still getting the same error — Rajesh
I don't know if MongoDB returns a generic error for security exceptions but it looks like you have a UserNotFound error. Are you sure the user exists in the database you're trying to access? — Guillaume Smet
That's correct. The user was not present in the authentication db, which caused the error. — Rajesh

Rajesh Rajesh · Accepted Answer · 2017-03-20T16:55:26

I found the solution. Taking clue from this thread - MongoDb authentication using Hibernate OGM , I created the user in "admin" db , which seems to be the default authentication db in mongo 3.x . Earlier , the user resided in my "test" db.

I guess, setting the property "hibernate.ogm.mongodb.authentication_database" to "test" might have also worked but I haven't tried it yet.

Hibernate OGM Upgrade causing Mongo authentication issue

1 Answers