DATAMONGO-764 - Added SSL support to Mongo configuration options.

Added support for allowing Mongo clients to use secure SSL connections by introducing the "ssl" property in MongoOptionsFactoryBean that will enable the use of the configured SSLSocketFactory to create SSLSockets. If no custom SSLSocketFactory is configured SSLSocketFactory#getDefault() will be used. We introduce this configuration in a new version of spring-mongo-1.4.xsd.

Applied Mike Saavedra's pull request (spring-projects#75) with the above mentioned extensions.

Original pull request: spring-projects#83.

Author: misaaved

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/config/MongoParsingUtils.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2012 the original author or authors.
+ * Copyright 2011-2013 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -33,6 +33,7 @@
  * 
  * @author Mark Pollack
  * @author Oliver Gierke
+ * @author Thomas Darimont
  */
 abstract class MongoParsingUtils {
 
@@ -79,6 +80,8 @@ static boolean parseMongoOptions(Element element, BeanDefinitionBuilder mongoBui
 		setPropertyValue(optionsDefBuilder, optionsElement, "write-timeout", "writeTimeout");
 		setPropertyValue(optionsDefBuilder, optionsElement, "write-fsync", "writeFsync");
 		setPropertyValue(optionsDefBuilder, optionsElement, "slave-ok", "slaveOk");
+		setPropertyValue(optionsDefBuilder, optionsElement, "ssl", "ssl");
+		setPropertyReference(optionsDefBuilder, optionsElement, "ssl-socket-factory-ref", "sslSocketFactory");
 
 		mongoBuilder.addPropertyValue("mongoOptions", optionsDefBuilder.getBeanDefinition());
 		return true;

spring-data-mongodb/src/main/java/org/springframework/data/mongodb/core/MongoOptionsFactoryBean.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2010-2011 the original author or authors.
+ * Copyright 2010-2013 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,129 +15,146 @@
  */
 package org.springframework.data.mongodb.core;
 
-import com.mongodb.MongoOptions;
+import javax.net.ssl.SSLSocketFactory;
 
 import org.springframework.beans.factory.FactoryBean;
 import org.springframework.beans.factory.InitializingBean;
 
+import com.mongodb.MongoOptions;
+
 /**
- * A factory bean for construction of a MongoOptions instance
+ * A factory bean for construction of a {@link MongoOptions} instance.
  * 
  * @author Graeme Rocher
- * @Author Mark Pollack
+ * @author Mark Pollack
+ * @author Mike Saavedra
+ * @author Thomas Darimont
  */
 public class MongoOptionsFactoryBean implements FactoryBean<MongoOptions>, InitializingBean {
 
-	private static final MongoOptions MONGO_OPTIONS = new MongoOptions();
+	private final MongoOptions MONGO_OPTIONS = new MongoOptions();
+
 	/**
-	 * number of connections allowed per host will block if run out
+	 * The number of connections allowed per host will block if run out.
 	 */
 	private int connectionsPerHost = MONGO_OPTIONS.connectionsPerHost;
 
 	/**
-	 * multiplier for connectionsPerHost for # of threads that can block if connectionsPerHost is 10, and
-	 * threadsAllowedToBlockForConnectionMultiplier is 5, then 50 threads can block more than that and an exception will
-	 * be throw
+	 * A multiplier for connectionsPerHost for # of threads that can block a connection.
+	 * <p>
+	 * If connectionsPerHost is {@literal 10}, and threadsAllowedToBlockForConnectionMultiplier is {@literal 5}, then
+	 * {@literal 50} threads can block. If more threads try to block an exception will be thrown.
 	 */
 	private int threadsAllowedToBlockForConnectionMultiplier = MONGO_OPTIONS.threadsAllowedToBlockForConnectionMultiplier;
 
 	/**
-	 * max wait time of a blocking thread for a connection
+	 * Max wait time of a blocking thread for a connection.
 	 */
 	private int maxWaitTime = MONGO_OPTIONS.maxWaitTime;
 
 	/**
-	 * connect timeout in milliseconds. 0 is default and infinite
+	 * Connect timeout in milliseconds. {@literal 0} is default and means infinite time.
 	 */
 	private int connectTimeout = MONGO_OPTIONS.connectTimeout;
 
 	/**
-	 * socket timeout. 0 is default and infinite
+	 * The socket timeout. {@literal 0} is default and means infinite time.
 	 */
 	private int socketTimeout = MONGO_OPTIONS.socketTimeout;
 
 	/**
-	 * This controls whether or not to have socket keep alive turned on (SO_KEEPALIVE).
-	 * 
-	 * defaults to false
+	 * This controls whether or not to have socket keep alive turned on (SO_KEEPALIVE). This defaults to {@literal false}.
 	 */
 	public boolean socketKeepAlive = MONGO_OPTIONS.socketKeepAlive;
 
 	/**
-	 * this controls whether or not on a connect, the system retries automatically
+	 * This controls whether or not the system retries automatically on a failed connect. This defaults to
+	 * {@literal false}.
 	 */
 	private boolean autoConnectRetry = MONGO_OPTIONS.autoConnectRetry;
 
 	private long maxAutoConnectRetryTime = MONGO_OPTIONS.maxAutoConnectRetryTime;
 
 	/**
-	 * This specifies the number of servers to wait for on the write operation, and exception raising behavior.
-	 * 
-	 * Defaults to 0.
+	 * This specifies the number of servers to wait for on the write operation, and exception raising behavior. This
+	 * defaults to {@literal 0}.
 	 */
 	private int writeNumber;
 
 	/**
-	 * This controls timeout for write operations in milliseconds.
-	 * 
-	 * Defaults to 0 (indefinite). Greater than zero is number of milliseconds to wait.
+	 * This controls timeout for write operations in milliseconds. This defaults to {@literal 0} (indefinite). Greater
+	 * than zero is number of milliseconds to wait.
 	 */
 	private int writeTimeout;
 
 	/**
-	 * This controls whether or not to fsync.
-	 * 
-	 * Defaults to false.
+	 * This controls whether or not to fsync. This defaults to {@literal false}.
 	 */
 	private boolean writeFsync;
 
 	/**
-	 * Specifies if the driver is allowed to read from secondaries or slaves.
-	 * 
-	 * Defaults to false
+	 * Specifies if the driver is allowed to read from secondaries or slaves. This defaults to {@literal false}.
 	 */
-	@SuppressWarnings("deprecation")
-	private boolean slaveOk = MONGO_OPTIONS.slaveOk;
+	@SuppressWarnings("deprecation") private boolean slaveOk = MONGO_OPTIONS.slaveOk;
 
 	/**
-	 * number of connections allowed per host will block if run out
+	 * This controls SSL support via SSLSocketFactory. This defaults to {@literal false}.
+	 */
+	private boolean ssl;
+
+	/**
+	 * Specifies the {@link SSLSocketFactory} to use. This defaults to {@link SSLSocketFactory#getDefault()}
+	 */
+	private SSLSocketFactory sslSocketFactory;
+
+	/**
+	 * The maximum number of connections allowed per host until we will block.
+	 * 
+	 * @param connectionsPerHost
 	 */
 	public void setConnectionsPerHost(int connectionsPerHost) {
 		this.connectionsPerHost = connectionsPerHost;
 	}
 
 	/**
-	 * multiplier for connectionsPerHost for # of threads that can block if connectionsPerHost is 10, and
-	 * threadsAllowedToBlockForConnectionMultiplier is 5, then 50 threads can block more than that and an exception will
-	 * be throw
+	 * A multiplier for connectionsPerHost for # of threads that can block a connection.
+	 * 
+	 * @see #threadsAllowedToBlockForConnectionMultiplier
+	 * @param threadsAllowedToBlockForConnectionMultiplier
 	 */
 	public void setThreadsAllowedToBlockForConnectionMultiplier(int threadsAllowedToBlockForConnectionMultiplier) {
 		this.threadsAllowedToBlockForConnectionMultiplier = threadsAllowedToBlockForConnectionMultiplier;
 	}
 
 	/**
-	 * max wait time of a blocking thread for a connection
+	 * Max wait time of a blocking thread for a connection.
+	 * 
+	 * @param maxWaitTime
 	 */
 	public void setMaxWaitTime(int maxWaitTime) {
 		this.maxWaitTime = maxWaitTime;
 	}
 
 	/**
-	 * connect timeout in milliseconds. 0 is default and infinite
+	 * The connect timeout in milliseconds. {@literal 0} is default and infinite
+	 * 
+	 * @param connectTimeout
 	 */
 	public void setConnectTimeout(int connectTimeout) {
 		this.connectTimeout = connectTimeout;
 	}
 
 	/**
-	 * socket timeout. 0 is default and infinite
+	 * The socket timeout. {@literal 0} is default and infinite.
+	 * 
+	 * @param socketTimeout
 	 */
 	public void setSocketTimeout(int socketTimeout) {
 		this.socketTimeout = socketTimeout;
 	}
 
 	/**
-	 * This controls whether or not to have socket keep alive
+	 * This controls whether or not to have socket keep alive.
 	 * 
 	 * @param socketKeepAlive
 	 */
@@ -147,12 +164,12 @@ public void setSocketKeepAlive(boolean socketKeepAlive) {
 
 	/**
 	 * This specifies the number of servers to wait for on the write operation, and exception raising behavior. The 'w'
-	 * option to the getlasterror command. Defaults to 0.
+	 * option to the getlasterror command. Defaults to {@literal 0}.
 	 * <ul>
-	 * <li>-1 = don't even report network errors</li>
-	 * <li>0 = default, don't call getLastError by default</li>
-	 * <li>1 = basic, call getLastError, but don't wait for slaves</li>
-	 * <li>2+= wait for slaves</li>
+	 * <li>{@literal -1} = don't even report network errors</li>
+	 * <li>{@literal 0} = default, don't call getLastError by default</li>
+	 * <li>{@literal 1} = basic, call getLastError, but don't wait for slaves</li>
+	 * <li>{@literal 2} += wait for slaves</li>
 	 * </ul>
 	 * 
 	 * @param writeNumber the number of servers to wait for on the write operation, and exception raising behavior.
@@ -164,31 +181,33 @@ public void setWriteNumber(int writeNumber) {
 	/**
 	 * This controls timeout for write operations in milliseconds. The 'wtimeout' option to the getlasterror command.
 	 * 
-	 * @param writeTimeout Defaults to 0 (indefinite). Greater than zero is number of milliseconds to wait.
+	 * @param writeTimeout Defaults to {@literal 0} (indefinite). Greater than zero is number of milliseconds to wait.
 	 */
 	public void setWriteTimeout(int writeTimeout) {
 		this.writeTimeout = writeTimeout;
 	}
 
 	/**
-	 * This controls whether or not to fsync. The 'fsync' option to the getlasterror command. Defaults to false.
+	 * This controls whether or not to fsync. The 'fsync' option to the getlasterror command. Defaults to {@literal false}
 	 * 
-	 * @param writeFsync to fsync on write (true), otherwise false.
+	 * @param writeFsync to fsync on <code>write (true)<code>, otherwise {@literal false}.
 	 */
 	public void setWriteFsync(boolean writeFsync) {
 		this.writeFsync = writeFsync;
 	}
 
 	/**
-	 * this controls whether or not on a connect, the system retries automatically
+	 * Controls whether or not the system retries automatically, on a failed connect.
+	 * 
+	 * @param autoConnectRetry
 	 */
 	public void setAutoConnectRetry(boolean autoConnectRetry) {
 		this.autoConnectRetry = autoConnectRetry;
 	}
 
 	/**
-	 * The maximum amount of time in millisecons to spend retrying to open connection to the same server. Default is 0,
-	 * which means to use the default 15s if autoConnectRetry is on.
+	 * The maximum amount of time in millisecons to spend retrying to open connection to the same server. This defaults to
+	 * {@literal 0}, which means to use the default {@literal 15s} if {@link #autoConnectRetry} is on.
 	 * 
 	 * @param maxAutoConnectRetryTime the maxAutoConnectRetryTime to set
 	 */
@@ -197,16 +216,37 @@ public void setMaxAutoConnectRetryTime(long maxAutoConnectRetryTime) {
 	}
 
 	/**
-	 * Specifies if the driver is allowed to read from secondaries or slaves. Defaults to false.
+	 * Specifies if the driver is allowed to read from secondaries or slaves. This defaults to {@literal false}.
 	 * 
 	 * @param slaveOk true if the driver should read from secondaries or slaves.
 	 */
 	public void setSlaveOk(boolean slaveOk) {
 		this.slaveOk = slaveOk;
 	}
 
+	/**
+	 * Specifies if the driver should use an SSL connection to Mongo. This defaults to {@literal false}.
+	 * 
+	 * @param ssl true if the driver should use an SSL connection.
+	 */
+	public void setSsl(boolean ssl) {
+		this.ssl = ssl;
+	}
+
+	/**
+	 * Specifies the SSLSocketFactory to use for creating SSL connections to Mongo.
+	 * 
+	 * @param sslSocketFactory the sslSocketFactory to use.
+	 */
+	public void setSslSocketFactory(SSLSocketFactory sslSocketFactory) {
+
+		setSsl(sslSocketFactory != null);
+		this.sslSocketFactory = sslSocketFactory;
+	}
+
 	@SuppressWarnings("deprecation")
 	public void afterPropertiesSet() {
+
 		MONGO_OPTIONS.connectionsPerHost = connectionsPerHost;
 		MONGO_OPTIONS.threadsAllowedToBlockForConnectionMultiplier = threadsAllowedToBlockForConnectionMultiplier;
 		MONGO_OPTIONS.maxWaitTime = maxWaitTime;
@@ -219,6 +259,9 @@ public void afterPropertiesSet() {
 		MONGO_OPTIONS.w = writeNumber;
 		MONGO_OPTIONS.wtimeout = writeTimeout;
 		MONGO_OPTIONS.fsync = writeFsync;
+		if (ssl) {
+			MONGO_OPTIONS.setSocketFactory(sslSocketFactory != null ? sslSocketFactory : SSLSocketFactory.getDefault());
+		}
 	}
 
 	public MongoOptions getObject() {
@@ -232,5 +275,4 @@ public Class<?> getObjectType() {
 	public boolean isSingleton() {
 		return true;
 	}
-
 }

spring-data-mongodb/src/main/resources/META-INF/spring.schemas

@@ -2,4 +2,5 @@ http\://www.springframework.org/schema/data/mongo/spring-mongo-1.0.xsd=org/sprin
 http\://www.springframework.org/schema/data/mongo/spring-mongo-1.1.xsd=org/springframework/data/mongodb/config/spring-mongo-1.1.xsd
 http\://www.springframework.org/schema/data/mongo/spring-mongo-1.2.xsd=org/springframework/data/mongodb/config/spring-mongo-1.2.xsd
 http\://www.springframework.org/schema/data/mongo/spring-mongo-1.3.xsd=org/springframework/data/mongodb/config/spring-mongo-1.3.xsd
-http\://www.springframework.org/schema/data/mongo/spring-mongo.xsd=org/springframework/data/mongodb/config/spring-mongo-1.3.xsd
+http\://www.springframework.org/schema/data/mongo/spring-mongo-1.4.xsd=org/springframework/data/mongodb/config/spring-mongo-1.4.xsd
+http\://www.springframework.org/schema/data/mongo/spring-mongo.xsd=org/springframework/data/mongodb/config/spring-mongo-1.4.xsd