JAVA-497: authenticate/getnonce commands always use ReadPreference.primaryPreferred, so that authentication doesn't fail if connected to a replica set with no primary available

jyemin · jyemin · commit 0cac416c2407 · 2012-08-03T14:56:11.000-04:00
diff --git a/src/main/com/mongodb/DB.java b/src/main/com/mongodb/DB.java
@@ -69,20 +69,33 @@ public DB( Mongo mongo , String name ){
      * @return true if the command is obedient
      * @see com.mongodb.ReadPreference
      */
-    boolean obeyReadPreference(DBObject command){
+    ReadPreference getCommandReadPreference(DBObject command, ReadPreference requestedPreference){
         String comString = command.keySet().iterator().next();
 
+        if (comString.equals("getnonce") || comString.equals("authenticate")) {
+            return ReadPreference.primaryPreferred();
+        }
+
+        boolean primaryRequired;
+
         // explicitly check mapreduce commands are inline
         if(comString.equals("mapreduce")) {
             Object out = command.get("out");
             if (out instanceof BSONObject ){
                 BSONObject outMap = (BSONObject) out;
-                return outMap.get("inline") != null;
+                primaryRequired = outMap.get("inline") == null;
             }
             else
-                return false;
+                primaryRequired = true;
+        } else {
+           primaryRequired =  !_obedientCommands.contains(comString);
+        }
+
+        if (primaryRequired) {
+            return ReadPreference.primary();
+        } else {
+            return requestedPreference;
         }
-        return (_obedientCommands.contains(comString));
     }
 
     /**
@@ -241,8 +254,7 @@ public CommandResult command( DBObject cmd , int options, ReadPreference readPre
      */
     public CommandResult command( DBObject cmd , int options, ReadPreference readPrefs, DBEncoder encoder ){
 
-        if ( !obeyReadPreference(cmd) )
-            readPrefs = ReadPreference.primary();
+        readPrefs = getCommandReadPreference(cmd, readPrefs);
         
         Iterator<DBObject> i =
                 getCollection("$cmd").__find(cmd, new BasicDBObject(), 0, -1, 0, options, readPrefs ,
@@ -535,7 +547,7 @@ public void dropDatabase(){
      * @dochub authenticate
      */
     public boolean isAuthenticated() {
-        return authorizationCredentialsReference.get() != null;
+        return authenticationCredentialsReference.get() != null;
     }
 
     /**
@@ -549,16 +561,16 @@ public boolean isAuthenticated() {
      */
     public boolean authenticate(String username, char[] password ){
 
-        if (authorizationCredentialsReference.get() != null) {
+        if (authenticationCredentialsReference.get() != null) {
             throw new IllegalStateException("can't authenticate twice on the same database");
         }
 
-        AuthorizationCredentials newCredentials = new AuthorizationCredentials(username, password);
-        CommandResult res = newCredentials.authorize();
+        AuthenticationCredentials newCredentials = new AuthenticationCredentials(username, password);
+        CommandResult res = newCredentials.authenticate();
         if (!res.ok())
             return false;
 
-        boolean wasNull = authorizationCredentialsReference.compareAndSet(null, newCredentials);
+        boolean wasNull = authenticationCredentialsReference.compareAndSet(null, newCredentials);
         if (!wasNull) {
             throw new IllegalStateException("can't authenticate twice on the same database");
         }
@@ -576,14 +588,14 @@ public boolean authenticate(String username, char[] password ){
      */
     public synchronized CommandResult authenticateCommand(String username, char[] password ){
 
-        if (authorizationCredentialsReference.get() != null) {
+        if (authenticationCredentialsReference.get() != null) {
             throw new IllegalStateException( "can't authenticate twice on the same database" );
         }
 
-        AuthorizationCredentials newCredentials = new AuthorizationCredentials(username, password);
-        CommandResult res = newCredentials.authorize();
+        AuthenticationCredentials newCredentials = new AuthenticationCredentials(username, password);
+        CommandResult res = newCredentials.authenticate();
         res.throwOnError();
-        boolean wasNull = authorizationCredentialsReference.compareAndSet(null, newCredentials);
+        boolean wasNull = authenticationCredentialsReference.compareAndSet(null, newCredentials);
         if (!wasNull) {
             throw new IllegalStateException("can't authenticate twice on the same database");
         }
@@ -745,8 +757,8 @@ public int getOptions(){
 
     public abstract void cleanCursors( boolean force );
 
-    AuthorizationCredentials getAuthorizationCredentials() {
-        return authorizationCredentialsReference.get();
+    AuthenticationCredentials getAuthenticationCredentials() {
+        return authenticationCredentialsReference.get();
     }
 
     final Mongo _mongo;
@@ -757,17 +769,17 @@ AuthorizationCredentials getAuthorizationCredentials() {
     private com.mongodb.ReadPreference _readPref;
     final Bytes.OptionHolder _options;
 
-    private AtomicReference<AuthorizationCredentials> authorizationCredentialsReference =
-            new AtomicReference<AuthorizationCredentials>();
+    private AtomicReference<AuthenticationCredentials> authenticationCredentialsReference =
+            new AtomicReference<AuthenticationCredentials>();
 
     /**
      * Encapsulate everything relating to authorization of a user on a database
      */
-    class AuthorizationCredentials {
+    class AuthenticationCredentials {
         private final String userName;
         private final byte[] authHash;
 
-        private AuthorizationCredentials(final String userName, final char[] password) {
+        private AuthenticationCredentials(final String userName, final char[] password) {
             if (userName == null) {
                 throw new IllegalArgumentException("userName can not be null");
             }
@@ -778,11 +790,16 @@ private AuthorizationCredentials(final String userName, final char[] password) {
             this.authHash = createHash(userName, password);
         }
 
-        CommandResult authorize() {
-            CommandResult res = command(getNonceCommand());
-            res.throwOnError();
+        CommandResult authenticate() {
+            requestStart();
+            try {
+               CommandResult res = command(getNonceCommand());
+               res.throwOnError();
 
-            return command(getAuthCommand(res.getString("nonce")));
+               return command(getAuthCommand(res.getString("nonce")));
+            } finally {
+                requestDone();
+            }
         }
 
         DBObject getAuthCommand( String nonce ){
diff --git a/src/main/com/mongodb/DBPort.java b/src/main/com/mongodb/DBPort.java
@@ -294,7 +294,7 @@ protected void close(){
     }
     
     void checkAuth( DB db ) throws IOException {
-        DB.AuthorizationCredentials credentials = db.getAuthorizationCredentials();
+        DB.AuthenticationCredentials credentials = db.getAuthenticationCredentials();
         if ( credentials == null ){
             if ( db._name.equals( "admin" ) )
                 return;
diff --git a/src/test/com/mongodb/DBTest.java b/src/test/com/mongodb/DBTest.java
@@ -92,13 +92,31 @@ public void testForCollectionExistence()
     @Test(groups = {"basic"})
     public void testReadPreferenceObedience() {
         DBObject obj = new BasicDBObject("mapreduce", 1).append("out", "myColl");
-        assertFalse(_db.obeyReadPreference(obj));
+        assertEquals(ReadPreference.primary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
 
         obj = new BasicDBObject("mapreduce", 1).append("out", new BasicDBObject("replace", "myColl"));
-        assertFalse(_db.obeyReadPreference(obj));
+        assertEquals(ReadPreference.primary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
 
         obj = new BasicDBObject("mapreduce", 1).append("out", new BasicDBObject("inline", 1));
-        assertTrue(_db.obeyReadPreference(obj));
+        assertEquals(ReadPreference.secondary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
+
+        obj = new BasicDBObject("mapreduce", 1).append("out", new BasicDBObject("inline", null));
+        assertEquals(ReadPreference.primary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
+
+        obj = new BasicDBObject("getnonce", 1);
+        assertEquals(ReadPreference.primaryPreferred(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
+
+        obj = new BasicDBObject("authenticate", 1);
+        assertEquals(ReadPreference.primaryPreferred(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
+
+        obj = new BasicDBObject("count", 1);
+        assertEquals(ReadPreference.secondary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
+
+        obj = new BasicDBObject("count", 1);
+        assertEquals(ReadPreference.secondary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
+
+        obj = new BasicDBObject("serverStatus", 1);
+        assertEquals(ReadPreference.primary(), _db.getCommandReadPreference(obj, ReadPreference.secondary()));
     }
 
     /*public static class Person extends DBObject {

Original file line number	Diff line number	Diff line change
`@@ -294,7 +294,7 @@ protected void close(){`
`294`	`294`	`}`
`295`	`295`
`296`	`296`	`void checkAuth( DB db ) throws IOException {`
`297`		`- DB.AuthorizationCredentials credentials = db.getAuthorizationCredentials();`
	`297`	`+ DB.AuthenticationCredentials credentials = db.getAuthenticationCredentials();`
`298`	`298`	`if ( credentials == null ){`
`299`	`299`	`if ( db._name.equals( "admin" ) )`
`300`	`300`	`return;`