Passwords in Samplestack

In the Java middle tier, runtime credentials for MarkLogic database connections are stored in appserver/java-spring/gradle.properties. You can change these values, but depending on when you change them and what changes you make, various things can go wrong. For the time being, better methods for securing the app are left as an exercise.

Samplestack uses the configurable username/password credentials described in this topic. These are distinct from the end-user application accounts of joeUser and maryAdmin.

• marklogic.admin: If you start using Samplestack with a fresh, unsecured MarkLogic server, then Samplestack's build uses these credentials to CREATE the admin account. Thereafter, these credentials are only used when running ./gradlew dbinit and ./gradlew dbteardown. Before the first dbinit, you can change these credentials to secure the server with a different acccount. If you're using a previously-secured server, these credentials must match the server's admin credentials.

Note that the admin credentials are in two places: In gradle.properties and also in the configuration files under /database/security/users/. If you've changed the credentials in gradle.properties, you may also want to edit the passwords in /database/security/samplestack-admin.json ,/database/security/samplestack-contributor.json, and /database/security/samplestack-guest.json to match.

• marklogic.rest.admin: This user has the rights to administer the database. It is used to run ./gradlew dbconfigure. This is one of the Samplestack application users created by the admin user as part of the dbinit task.
• marklogic.writer.user: This user has write access to the database. When somebody logs into Samplestack, the middle tier uses this account to do searches.
• marklogic.guest.user: This account has read-only access to a portion of the database. When an unauthenticated user is working with Samplestack, this account connects to MarkLogic to search the corpus.