Add SSL service connection support for MongoDB

See gh-41137

Author: mhalbritter

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/data/mongo/MongoDataAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -18,6 +18,7 @@
 
 import com.mongodb.client.MongoClient;
 
+import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.boot.autoconfigure.AutoConfiguration;
 import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
@@ -27,6 +28,7 @@
 import org.springframework.boot.autoconfigure.mongo.MongoProperties;
 import org.springframework.boot.autoconfigure.mongo.PropertiesMongoConnectionDetails;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.ssl.SslBundles;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.data.mongodb.core.MongoTemplate;
@@ -59,8 +61,9 @@ public class MongoDataAutoConfiguration {
 
 	@Bean
 	@ConditionalOnMissingBean(MongoConnectionDetails.class)
-	PropertiesMongoConnectionDetails mongoConnectionDetails(MongoProperties properties) {
-		return new PropertiesMongoConnectionDetails(properties);
+	PropertiesMongoConnectionDetails mongoConnectionDetails(MongoProperties properties,
+			ObjectProvider<SslBundles> sslBundles) {
+		return new PropertiesMongoConnectionDetails(properties, sslBundles.getIfAvailable());
 	}
 
 }

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,8 +48,9 @@ public class MongoAutoConfiguration {
 
 	@Bean
 	@ConditionalOnMissingBean(MongoConnectionDetails.class)
-	PropertiesMongoConnectionDetails mongoConnectionDetails(MongoProperties properties) {
-		return new PropertiesMongoConnectionDetails(properties);
+	PropertiesMongoConnectionDetails mongoConnectionDetails(MongoProperties properties,
+			ObjectProvider<SslBundles> sslBundles) {
+		return new PropertiesMongoConnectionDetails(properties, sslBundles.getIfAvailable());
 	}
 
 	@Bean
@@ -70,9 +71,9 @@ MongoClientSettings mongoClientSettings() {
 
 		@Bean
 		StandardMongoClientSettingsBuilderCustomizer standardMongoSettingsCustomizer(MongoProperties properties,
-				MongoConnectionDetails connectionDetails, ObjectProvider<SslBundles> sslBundles) {
-			return new StandardMongoClientSettingsBuilderCustomizer(connectionDetails.getConnectionString(),
-					properties.getUuidRepresentation(), properties.getSsl(), sslBundles.getIfAvailable());
+				MongoConnectionDetails connectionDetails) {
+			return new StandardMongoClientSettingsBuilderCustomizer(connectionDetails,
+					properties.getUuidRepresentation());
 		}
 
 	}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoConnectionDetails.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,6 +19,7 @@
 import com.mongodb.ConnectionString;
 
 import org.springframework.boot.autoconfigure.service.connection.ConnectionDetails;
+import org.springframework.boot.ssl.SslBundle;
 
 /**
  * Details required to establish a connection to a MongoDB service.
@@ -36,6 +37,15 @@ public interface MongoConnectionDetails extends ConnectionDetails {
 	 */
 	ConnectionString getConnectionString();
 
+	/**
+	 * SSL bundle to use.
+	 * @return the SSL bundle to use
+	 * @since 3.5.0
+	 */
+	default SslBundle getSslBundle() {
+		return null;
+	}
+
 	/**
 	 * GridFS configuration.
 	 * @return the GridFS configuration or {@code null}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/MongoReactiveAutoConfiguration.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,8 +53,9 @@ public class MongoReactiveAutoConfiguration {
 
 	@Bean
 	@ConditionalOnMissingBean(MongoConnectionDetails.class)
-	PropertiesMongoConnectionDetails mongoConnectionDetails(MongoProperties properties) {
-		return new PropertiesMongoConnectionDetails(properties);
+	PropertiesMongoConnectionDetails mongoConnectionDetails(MongoProperties properties,
+			ObjectProvider<SslBundles> sslBundles) {
+		return new PropertiesMongoConnectionDetails(properties, sslBundles.getIfAvailable());
 	}
 
 	@Bean
@@ -77,9 +78,9 @@ MongoClientSettings mongoClientSettings() {
 
 		@Bean
 		StandardMongoClientSettingsBuilderCustomizer standardMongoSettingsCustomizer(MongoProperties properties,
-				MongoConnectionDetails connectionDetails, ObjectProvider<SslBundles> sslBundles) {
-			return new StandardMongoClientSettingsBuilderCustomizer(connectionDetails.getConnectionString(),
-					properties.getUuidRepresentation(), properties.getSsl(), sslBundles.getIfAvailable());
+				MongoConnectionDetails connectionDetails) {
+			return new StandardMongoClientSettingsBuilderCustomizer(connectionDetails,
+					properties.getUuidRepresentation());
 		}
 
 	}

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/PropertiesMongoConnectionDetails.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,6 +23,10 @@
 
 import com.mongodb.ConnectionString;
 
+import org.springframework.boot.autoconfigure.mongo.MongoProperties.Ssl;
+import org.springframework.boot.ssl.SslBundle;
+import org.springframework.boot.ssl.SslBundles;
+import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
 /**
@@ -38,8 +42,11 @@ public class PropertiesMongoConnectionDetails implements MongoConnectionDetails
 
 	private final MongoProperties properties;
 
-	public PropertiesMongoConnectionDetails(MongoProperties properties) {
+	private final SslBundles sslBundles;
+
+	public PropertiesMongoConnectionDetails(MongoProperties properties, SslBundles sslBundles) {
 		this.properties = properties;
+		this.sslBundles = sslBundles;
 	}
 
 	@Override
@@ -90,6 +97,19 @@ public GridFs getGridFs() {
 				PropertiesMongoConnectionDetails.this.properties.getGridfs().getBucket());
 	}
 
+	@Override
+	public SslBundle getSslBundle() {
+		Ssl ssl = this.properties.getSsl();
+		if (!ssl.isEnabled()) {
+			return null;
+		}
+		if (StringUtils.hasLength(ssl.getBundle())) {
+			Assert.notNull(this.sslBundles, "SSL bundle name has been set but no SSL bundles found in context");
+			return this.sslBundles.getBundle(ssl.getBundle());
+		}
+		return SslBundle.systemDefault();
+	}
+
 	private List<String> getOptions() {
 		List<String> options = new ArrayList<>();
 		if (StringUtils.hasText(this.properties.getReplicaSetName())) {

spring-boot-project/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/mongo/StandardMongoClientSettingsBuilderCustomizer.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2023 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -41,26 +41,55 @@ public class StandardMongoClientSettingsBuilderCustomizer implements MongoClient
 
 	private final UuidRepresentation uuidRepresentation;
 
+	private final MongoConnectionDetails connectionDetails;
+
 	private final MongoProperties.Ssl ssl;
 
 	private final SslBundles sslBundles;
 
 	private int order = 0;
 
+	/**
+	 * Create a new instance.
+	 * @param connectionString the connection string
+	 * @param uuidRepresentation the uuid representation
+	 * @param ssl the ssl properties
+	 * @param sslBundles the ssl bundles
+	 * @deprecated since 3.5.0 for removal in 3.7.0 in favor of
+	 * {@link #StandardMongoClientSettingsBuilderCustomizer(MongoConnectionDetails, UuidRepresentation)}
+	 */
+	@Deprecated(forRemoval = true, since = "3.5.0")
 	public StandardMongoClientSettingsBuilderCustomizer(ConnectionString connectionString,
 			UuidRepresentation uuidRepresentation, MongoProperties.Ssl ssl, SslBundles sslBundles) {
+		this.connectionDetails = null;
 		this.connectionString = connectionString;
 		this.uuidRepresentation = uuidRepresentation;
 		this.ssl = ssl;
 		this.sslBundles = sslBundles;
 	}
 
+	public StandardMongoClientSettingsBuilderCustomizer(MongoConnectionDetails connectionDetails,
+			UuidRepresentation uuidRepresentation) {
+		this.connectionString = null;
+		this.ssl = null;
+		this.sslBundles = null;
+		this.connectionDetails = connectionDetails;
+		this.uuidRepresentation = uuidRepresentation;
+	}
+
 	@Override
 	public void customize(MongoClientSettings.Builder settingsBuilder) {
 		settingsBuilder.uuidRepresentation(this.uuidRepresentation);
-		settingsBuilder.applyConnectionString(this.connectionString);
-		if (this.ssl.isEnabled()) {
-			settingsBuilder.applyToSslSettings(this::configureSsl);
+		if (this.connectionDetails != null) {
+			settingsBuilder.applyConnectionString(this.connectionDetails.getConnectionString());
+			settingsBuilder.applyToSslSettings(this::configureSslIfNeeded);
+		}
+		else {
+			settingsBuilder.uuidRepresentation(this.uuidRepresentation);
+			settingsBuilder.applyConnectionString(this.connectionString);
+			if (this.ssl.isEnabled()) {
+				settingsBuilder.applyToSslSettings(this::configureSsl);
+			}
 		}
 	}
 
@@ -73,6 +102,15 @@ private void configureSsl(SslSettings.Builder settings) {
 		}
 	}
 
+	private void configureSslIfNeeded(SslSettings.Builder settings) {
+		SslBundle sslBundle = this.connectionDetails.getSslBundle();
+		if (sslBundle != null) {
+			settings.enabled(true);
+			Assert.state(!sslBundle.getOptions().isSpecified(), "SSL options cannot be specified with MongoDB");
+			settings.context(sslBundle.createSslContext());
+		}
+	}
+
 	@Override
 	public int getOrder() {
 		return this.order;

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mongo/MongoAutoConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -80,7 +80,7 @@ void configuresSslWhenEnabled() {
 		this.contextRunner.withPropertyValues("spring.data.mongodb.ssl.enabled=true").run((context) -> {
 			SslSettings sslSettings = getSettings(context).getSslSettings();
 			assertThat(sslSettings.isEnabled()).isTrue();
-			assertThat(sslSettings.getContext()).isNull();
+			assertThat(sslSettings.getContext()).isNotNull();
 		});
 	}
 

spring-boot-project/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/mongo/MongoReactiveAutoConfigurationTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2024 the original author or authors.
+ * Copyright 2012-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -88,7 +88,7 @@ void configuresSslWhenEnabled() {
 		this.contextRunner.withPropertyValues("spring.data.mongodb.ssl.enabled=true").run((context) -> {
 			SslSettings sslSettings = getSettings(context).getSslSettings();
 			assertThat(sslSettings.isEnabled()).isTrue();
-			assertThat(sslSettings.getContext()).isNull();
+			assertThat(sslSettings.getContext()).isNotNull();
 		});
 	}