Passwords in Samplestack

In the Java middle tier, runtime credentials for MarkLogic database connections are stored in appserver/java-spring/gradle.properties. You can change these values, but depending on when you change them and what changes you make, various things can go wrong. For the time being, better methods for securing the app are left as an exercise.

Samplestack uses the following four sets of username/password credentials. These are distinct from the end-user application accounts of joeUser and maryAdmin.

• marklogic.admin: If you start using Samplestack with a fresh, unsecured MarkLogic server, then Samplestack's build uses these credentials to CREATE the admin account. Thereafter, these credentials are only used when running ./gradlew dbinit and ./gradlew dbteardown. Before the first dbinit, you can change these credentials to secure the server with a different acccount. Also, if you're using a previously-secured server, these credentials must match the server's admin credentials.
  As part of the dbinit task, gradle crawls the files at database/security to create roles and users. The three accounts below are created by the dbinit task from those files. Therefore, the credentials in gradle.properties should match the passwords in those files, or whatever they have been changed to since.
• marklogic.rest.admin: This user has the rights to administer the database. It is used to run ./gradlew dbconfigure. This is one of the Samplestack application users created by the admin user as part of the dbinit task.
• marklogic.writer.user: This user has write access to the database. When somebody logs into Samplestack, the middle tier uses this account to do searches.
• marklogic.guest.user: This account has read-only access to a portion of the database. When an unauthenticated user is working with Samplestack, this account connects to MarkLogic to search the corpus.