How to authenticate a user via Spring Security and MarkLogic's Java Client API?

Question

What is best practice to validate if a user can be authenticated against a MarkLogic server (version 7.0.4) by using the Java Client API (2.0.4) for a login dialog securing a Spring web application?

With my current approach (see source code in gist) I am implementing a AbstractUserDetailsAuthenticationProvider from Spring Security ("classical" approach with HTTP sessions) where I do create a MarkLogic DatabaseClient instance, after which a simple query (testQuery, L. 46 in MarkLogicConnections) gets executed to see wether a result can be retrieved. From this result is is decided wether the login is granted or not.

I am wondering if there does exist a more elegant solution, but couldn't find anything in the MarkLogic documentation.

Answer 1

You could use that opportunity to retrieve any user-specific data you're storing in the database.

If that isn't desirable, maybe there's no need to verify the user credentials at all? You could let that happen lazily on the first necessary query. And you should be prepared to handle database errors everywhere, in any case.

If you do need a non-lazy verification and don't want any data, that call to suggest() might be more expensive than you'd like. If so you might consider other options. A call to getErrorFormat ought to be fairly cheap. Opening a transaction and then rolling it back should be cheap too, but it requires the rest-writer or rest-admin role. If nothing else works you could write an extension that implements a noop XQuery, probably just ().