mongodb 连接
<p>1、docker mongo</p><p>1.1、docker pull mongo<br>1.2、docker run --namemongo-p 27017:27017-d mongo --auth<br>1.3、进入bash:docker exec -it mongo bin/bash<br>1.4、mongo目录:/usr/bin/程序名:./mongo</p>
<p>2、创建帐户</p>
<div class="_2Uzcx_">
<pre class="line-numberslanguage-css"><code class="language-css"><span class="token selector">mongo --port 27017
use admin
db.createUser(
<span class="token punctuation">{
<span class="token selector">user: "root",
pwd: "123456",
roles: [ <span class="token punctuation">{ <span class="token property">role<span class="token punctuation">: <span class="token string">"userAdminAnyDatabase"<span class="token punctuation">, <span class="token property">db<span class="token punctuation">: <span class="token string">"admin" <span class="token punctuation">} ]
<span class="token punctuation">}
<span class="token punctuation">)
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<p>管理员创建成功,现在拥有了用户管理员<br>用户名:root<br>密码:123456</p>
<p>数据库:admin</p>
<p> </p>
<p> </p>
<p> </p>
<p>3、配置springboot</p>
<pre> data:<br> mongodb:<br># uri: mongodb://foo:123456@192.168.56.101:27017/foo<br> uri: mongodb://192.168.56.101:27017/admin<br> username: root<br> password: 123456<br><br><br><br></pre>
<p> </p>
<div>
<div>
<h2>1. 禁止公网访问 Mongodb 端口</h2>
<h3>1.1 网络配置</h3>
<p>由于网络配置因人而异,需要根据自己实际环境进行配置,不作冗述。大致可以从以下方面禁止。</p>
<ul>
<li>在路由器中关闭端口转发</li>
<li>防火墙 iptables 禁止访问</li>
</ul>
<h3>1.2 验证端口能否访问方式</h3>
<p>在外网机器命令行中运行</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-css"><code class="language-css">telnet your.machine.open.ip 27017
</code></pre>
</div>
<h2>2. 启用验证</h2>
<h3>2.1 创建用户管理员账户</h3>
<p>新建MongoDB服务:</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-kotlin"><code class="language-kotlin">mongod <span class="token operator">--port <span class="token number">27017 <span class="token operator">--dbpath <span class="token operator">/<span class="token keyword">data<span class="token operator">/db1
</span></span></span></span></span></span></code></pre>
</div>
<p>开启mongodb客户端shell:</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-css"><code class="language-css"><span class="token selector">mongo --port 27017
use admin
db.createUser(
<span class="token punctuation">{
<span class="token selector">user: "adminUser",
pwd: "adminPass",
roles: [ <span class="token punctuation">{ <span class="token property">role<span class="token punctuation">: <span class="token string">"userAdminAnyDatabase"<span class="token punctuation">, <span class="token property">db<span class="token punctuation">: <span class="token string">"admin" <span class="token punctuation">} ]
<span class="token punctuation">}
<span class="token punctuation">)
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<p>管理员创建成功,现在拥有了用户管理员<br>
用户名:adminUser<br>
密码:adminPass<br>
然后,断开 mongodb 连接, 关闭数据库</p>
<h3>2.2 Mongodb 用户验证登陆</h3>
<p>启动带访问控制的 Mongodb</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-kotlin"><code class="language-kotlin">mongod <span class="token operator">--auth <span class="token operator">--port <span class="token number">27017 <span class="token operator">--dbpath <span class="token operator">/<span class="token keyword">data<span class="token operator">/db1
</span></span></span></span></span></span></span></code></pre>
</div>
<p>现在有两种方式进行用户身份的验证</p>
<ul>
<li>第一种 (类似 MySql)<br>
客户端连接时,指定用户名,密码,db名称</li>
</ul>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-bash"><code class="language-bash">mongo --port 27017 -u "adminUser" -p "adminPass" --authenticationDatabase "admin"
</code></pre>
</div>
<ul>
<li>第二种<br>
客户端连接后,再进行验证</li>
</ul>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-rust"><code class="language-rust">mongo <span class="token operator">-<span class="token operator">-port <span class="token number">27017
<span class="token keyword">use admin
db<span class="token punctuation">.<span class="token function">auth<span class="token punctuation">(<span class="token string">"adminUser"<span class="token punctuation">, <span class="token string">"adminPass"<span class="token punctuation">)
<span class="token comment">// 输出 1 表示验证成功
</span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<h3>2.3 创建普通用户</h3>
<p>过程类似创建管理员账户,只是 role 有所不同</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-css"><code class="language-css"><span class="token selector">use foo
db.createUser(
<span class="token punctuation">{
<span class="token selector">user: "simpleUser",
pwd: "simplePass",
roles: [ <span class="token punctuation">{ <span class="token property">role<span class="token punctuation">: <span class="token string">"readWrite"<span class="token punctuation">, <span class="token property">db<span class="token punctuation">: <span class="token string">"foo" <span class="token punctuation">}<span class="token selector">,
<span class="token punctuation">{ <span class="token property">role<span class="token punctuation">: <span class="token string">"read"<span class="token punctuation">, <span class="token property">db<span class="token punctuation">: <span class="token string">"bar" <span class="token punctuation">} ]
<span class="token punctuation">}
<span class="token punctuation">)
</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code></pre>
</div>
<p>现在我们有了一个普通用户<br>
用户名:simpleUser<br>
密码:simplePass<br>
权限:读写数据库 foo, 只读数据库 bar。</p>
<p><strong>注意</strong><br>
<code>use foo</code>表示用户在 foo 库中创建,就一定要 foo 库验证身份,即用户的信息跟随随数据库。比如上述 simpleUser 虽然有 bar 库的读取权限,但是一定要先在 foo 库进行身份验证,直接访问会提示验证失败。</p>
<div class="_2Uzcx_"><button class="VJbwyy" type="button"></button>
<pre class="line-numberslanguage-rust"><code class="language-rust"><span class="token keyword">use foo
db<span class="token punctuation">.<span class="token function">auth<span class="token punctuation">(<span class="token string">"simpleUser"<span class="token punctuation">, <span class="token string">"simplePass"<span class="token punctuation">)
<span class="token keyword">use bar
show collections
</span></span></span></span></span></span></span></span></span></code></pre>
</div>
<h3>2.4 内建角色</h3>
<ul>
<li>Read:允许用户读取指定数据库</li>
<li>readWrite:允许用户读写指定数据库</li>
<li>dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile</li>
<li>userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户</li>
<li>clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。</li>
<li>readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限</li>
<li>readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限</li>
<li>userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限</li>
<li>dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。</li>
<li>root:只在admin数据库中可用。超级账号,超级权限</li>
</ul>
</div>
<br>3、</div>
<div> </div><br><br>
来源:https://www.cnblogs.com/weizhxa/p/12063367.html
頁:
[1]