Tweak and correct documentation related to username/password URI-encoding.

[garretwilson]

The Spring Boot Data MongoDB documentation says:

Username and password credentials used in XML-based configuration must be URL-encoded when these contain reserved characters, such as :, %, @, or ,. The following example shows encoded credentials: m0ng0@dmin:mo_res:bw6},Qsdxx@admin@database → m0ng0%40dmin:mo_res%3Abw6%7D%2CQsdxx%40admin@database See section 2.2 of RFC 3986 for further details.

However § 2.2 is referring to general delimiters as well as "sub-delimiters" that may or may not be restricted based upon individual URI-components. In RFC 3986 § 3.2.1. User Information you can see that username/password data isn't so limited, and can actually contain: sub-delims from § 2.2.

userinfo = *( unreserved / pct-encoded / sub-delims / ":" )

Thus it would seem that of the reserved characters only gen-delims are excluded:

gen-delims = ":" / "/" / "?" / "#" / "[" / "]" / "@"

Therefore only the following delimiters must be URI-encoded in the username or password components: %, :, /, ?, #, [, ], @.

Nowhere in RFC 3986 can I find any indication that characters such as comma , are restricted in the username or password components. Let me know if I missed that.

[christophstrobl]

Thanks for pointing this out. I need to revisit the XML config section to see if changes done to the ConnectionStringPropertyEditor need to be reflected there. The MongoDB connection string only mostly follows RFC 3986 and eg. allows to list multiple domain names separated by a comma.