mongo 自定义角色问题
Opened this issue · 0 comments
heidsoft commented
package com.mongo.demo;
import com.mongodb.BasicDBObject;
import com.mongodb.MongoClientSettings;
import com.mongodb.ServerAddress;
import com.mongodb.client.MongoClient;
import com.mongodb.client.MongoClients;
import com.mongodb.client.MongoDatabase;
import java.util.*;
/**
* @author jake.liu
* @date 2020-12-01
*/
public class MonoDemo {
public static void main(String[] args) {
MongoClient mongoClient = MongoClients.create(
MongoClientSettings.builder()
.applyToClusterSettings(builder ->
builder.hosts(Arrays.asList(new ServerAddress("192.168.21.128", 27017))))
.build());
System.out.println("test mongo 角色 创建与更新");
/*
BasicDBObject createUserCmd = new BasicDBObject("createUser", "Yeshua") // (3)
.append("pwd", "mypassword")
.append("roles",
Collections.singletonList(
new BasicDBObject(
"role", "readWrite").append("db", "test")
));
db.runCommand(createUserCmd); // (5)
System.out.println("test......end");
*/
/*
db.updateRole(
"myChangeStream",
{
privileges: [
{ resource: { cluster: true }, actions: [ "addShard" ] },
{ resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
{ resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
{ resource: { db: "", collection: "" }, actions: [ "find","changeStream","update" ] }
],
roles: [
{ role: "read", db: "admin" }
]
},
{ w: "majority" , wtimeout: 5000 }
)
* */
// 更新角色权限信息
MongoDatabase db = mongoClient.getDatabase("admin");
List<String> actions = new ArrayList<>();
actions.add("changeStream");
actions.add("find");
actions.add("insert");
BasicDBObject updateRole = new BasicDBObject("updateRole", "myChangeStream")
.append("privileges",
Collections.singletonList(
new BasicDBObject("resource", new BasicDBObject("db", "").append("collection", ""))
.append("actions",actions)
));
db.runCommand(updateRole);
System.out.println("test...updateRole...end");
//创建自定义角色
BasicDBObject createRole = new BasicDBObject("createRole", "myBase_Role")
.append("privileges",
Collections.singletonList(
new BasicDBObject("resource", new BasicDBObject("db", "").append("collection", ""))
.append("actions",actions)
)).append("roles",Collections.singletonList(new BasicDBObject("role","read").append("db","admin")));
db.runCommand(createRole);
System.out.println("test..createRole....end");
/*
查询显示角色,包含系统内置操作
db.getRole( "myChangeStream", { showPrivileges: true } )
{
"role" : "myChangeStream",
"db" : "admin",
"isBuiltin" : false,
"roles" : [
{
"role" : "read",
"db" : "admin"
}
],
"inheritedRoles" : [
{
"role" : "read",
"db" : "admin"
}
],
"privileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeStream",
"find",
"insert"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeStream",
"find",
"insert"
]
},
{
"resource" : {
"db" : "admin",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
}
]
}
*/
}
}
"roles" : [
{ "role" : "assetsReader",
"db" : "assets"
}
]
use admin
db.createUser(
{
user: "user_admin",
pwd: "admin",
roles: [{ role: "userAdminAnyDatabase", db: "admin" }]
}
)
db.createRole(
{
role: "myChangeStream",
privileges: [
{ resource: { cluster: true }, actions: [ "addShard" ] },
{ resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
{ resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
{ resource: { db: "", collection: "" }, actions: [ "find","changeStream" ] }
],
roles: [
{ role: "read", db: "admin" }
]
},
{ w: "majority" , wtimeout: 5000 }
)
db.updateRole(
"myChangeStream",
{
privileges: [
{ resource: { cluster: true }, actions: [ "addShard" ] },
{ resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
{ resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
{ resource: { db: "", collection: "" }, actions: [ "find","changeStream","update" ] }
],
roles: [
{ role: "read", db: "admin" }
]
},
{ w: "majority" , wtimeout: 5000 }
)
db.grantRolesToUser(
"Yeshua",
[ "readWrite" , { role: "changeStream", db: "test" } ],
{ w: "majority" , wtimeout: 4000 }
)
changeStream
> db.getRole( "myChangeStream", { showPrivileges: true } )
{
"role" : "myChangeStream",
"db" : "admin",
"isBuiltin" : false,
"roles" : [
{
"role" : "read",
"db" : "admin"
}
],
"inheritedRoles" : [
{
"role" : "read",
"db" : "admin"
}
],
"privileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeStream",
"find",
"insert"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeStream",
"find",
"insert"
]
},
{
"resource" : {
"db" : "admin",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "admin",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
}
]
}
>
db.updateRole
view-a-role-s-privileges
query-and-write-actions
用户权限管理
java-mongodb-authentication-example
java-mongodb
getting-started-with-mongodb-and-java-part-i
mongo-java-driver-4.1