Navigation

JDBC Authentication Plugin

On this page

New in version 2.2.

The MongoDB Connector for BI provides a client-side MySQL authentication plugin for Java that integrates with MySQL’s Connector/J JDBC driver. The mongosql_auth plugin allows a client to authenticate with a BI Connector and MongoDB deployment running with authentication enabled using one of the following authentication mechanisms:

  • SCRAM-SHA-1
  • SCRAM-SHA-256
  • PLAIN (LDAP)
  • GSSAPI (Kerberos)

Note

  • The SCRAM-SHA-1 and SCRAM-SHA-256 mechanisms hash the passwords in the client plugin; however, all other data is in cleartext. If possible, use with encrypted connections.
  • The PLAIN mechanism sends the password in cleartext. Use encrypted connections with the PLAIN mechanism .

Important

The plugin is not compatible with MySQL Server or Connector/J driver version 8 and later.

Installing the Plugin

You can either download the plugin .jar file directly from the download site or use Maven.

To download the plugin directly:

  1. Select the .jar file from the download site.
  2. Save it to a local directory. Refer to the directory as needed.

To use Maven:

  1. Include the authentication plugin module library in the CLASSPATH. The Maven coordinates are:

    <dependency>
        <groupId>org.mongodb</groupId>
        <artifactId>mongosql-auth</artifactId>
        <version>1.0.0</version>
    </dependency>
    

    See also

    To learn more about Maven, refer to its documentation site.

  2. Include MySQL Connector/J in the CLASSPATH. Its Maven coordinates are:

    <dependency>
       <groupId>mysql</groupId>
       <artifactId>mysql-connector-java</artifactId>
       <version>5.1.42</version>
    </dependency>
    
  3. Add the authentication plugin in the MySQL connection string:

    jdbc:mysql://127.0.0.1:3307?useSSL=false&authenticationPlugins=org.mongodb.mongosql.auth.plugin.MongoSqlAuthenticationPlugin
    

    See also

    To learn about the authenticationPlugins query parameter, see the MySQL documentation.

    You may also specify the authentication mechanism and authentication source as a query parameter on the username.

    Parameter Default Value
    Authentication mechanism Username and Password (SCRAM-SHA-1).
    Authentication source
    • admin for Username and Password (SCRAM-SHA-1)
    • $external for LDAP (PLAIN)

    Example

    Specify an authentication mechanism:

    {username}?mechanism=PLAIN
    

    Specify an authentication source using default authentication mechanism:

    {username}?source={somedb}