首先通过阿里官方文档开启MongoDB的SSL
参考文档:https://help.aliyun.com/document_detail/89245.html
然后下载证书
自己创建一个MongoTemplate 会覆盖Spring的MongoTemplate 在其他地方直接注入MongoTemplate 就可以用了
<dependency>
<groupId>org.mongodb</groupId>
<artifactId>mongo-java-driver</artifactId>
<version>3.8.0</version>
</dependency>
import com.mongodb.MongoClient;
import com.mongodb.MongoClientOptions;
import com.mongodb.MongoCredential;
import com.mongodb.ServerAddress;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.mongodb.core.MongoTemplate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
@Configuration
public class MongoConfig {
@Bean(name = "mongoTemplate")
public MongoTemplate mongodbClient() {
SSLSocketFactory trustStoreSSLSocketFactory = null;
try {
//TODO 数据库证书地址
trustStoreSSLSocketFactory = createTrustStoreSSLSocketFactory("ApsaraDB-CA-Chain.jks");
} catch (Exception e) {
e.printStackTrace();
}
List<ServerAddress> serverAddressList = new ArrayList<>();
//TODO 数据库连接 端口
ServerAddress serverAddress = new ServerAddress("host1", 端口);
ServerAddress serverAddress2 = new ServerAddress("host2", 端口);
serverAddressList.add(serverAddress);
serverAddressList.add(serverAddress2);
//TODO 账号 验证数据库 密码
MongoCredential mongoCredential = MongoCredential.createCredential("账号", "认证数据库", "密码".toCharArray());
MongoClientOptions options = MongoClientOptions.builder()
.socketFactory(trustStoreSSLSocketFactory)
.sslEnabled(true)
.sslInvalidHostNameAllowed(true)
.build();
MongoClient mongoClient = new MongoClient(serverAddressList, mongoCredential, options);
//TODO 使用的数据库
return new MongoTemplate(mongoClient, "使用的数据库");
}
private static SSLSocketFactory createTrustStoreSSLSocketFactory(String jksFile) throws Exception {
KeyStore trustStore = KeyStore.getInstance("jks");
InputStream inputStream = null;
try {
inputStream = new FileInputStream(jksFile);
trustStore.load(inputStream, null);
} finally {
inputStream.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
trustManagerFactory.init(trustStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagers, new SecureRandom());
sslContext.getSocketFactory();
return sslContext.getSocketFactory();
}
}