Authenticating against Couchbase Server

    +

    Unresolved include directive in modules/howtos/pages/sdk-authentication.adoc - include::partial$attributes.adoc[]

    As well as Role-Based Access Control (RBAC), Couchbase offers connection with Certificate Authentication, and works transparently with LDAP.

    Our Getting Started guide covered the basics for authorizing against a Couchbase cluster, but you may need to use alternative authentication methods such as Certification.

    RBAC

    Our Getting Started guide introduced basic authentication against a Couchbase cluster:

    Cluster.connect("10.112.180.101", "username", "password") match {
      case Success(cluster) => // Use the cluster
      case Failure(err) => println(s"Failed to open cluster: $err")
    }

    Unresolved directive in sdk-authentication.adoc - include::{version-server}@sdk:shared:partial$auth-overview.adoc[tag=rbac]

    Unresolved directive in sdk-authentication.adoc - include::{version-server}@sdk:shared:partial$auth-overview.adoc[tag=cert-auth]

    Authenticating a Scala Client by Certificate

    For sample procedures whereby certificates can be generated and deployed, see Manage Certificates. The rest of this document assumes that the processes there, or something similar, have been followed. That is, a cluster certificate has been created and installed on the server, a client certificate has been created, and it is stored in a JVM keystore along with the cluster’s certificate.

    // Open the keystore using standard JVM classes
    val keystorePassword = new String("storepass").toCharArray
    val keystoreFilename = "my.keystore"
    
    // The format to use here depends on the format of the keystore.
    // "PKCS12" is what JDK 9+ creates by default.
    // "JKS" was the default for JDK 8 and below.
    val keystore = KeyStore.getInstance("PKCS12")
    val keystoreStream =
      getClass.getClassLoader.getResourceAsStream(keystoreFilename)
    keystore.load(keystoreStream, keystorePassword)
    keystoreStream.close()
    
    val kmf =
      KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm)
    kmf.init(keystore, keystorePassword)
    
    val trustMan =
      TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm)
    trustMan.init(keystore)
    
    // Create a Couchbase CertificateAuthenticate that will use that keystore
    val auth =
      CertificateAuthenticator.fromKeyManagerFactory(() => kmf)
    
    // Create a Couchbase ClusterEnvironment to enable TLS (required)
    val cluster = ClusterEnvironment.builder
      .securityConfig(
        SecurityConfig().enableTls(true).trustManagerFactory(trustMan)
      )
      .build
      .flatMap(
        env => Cluster.connect(hostname, ClusterOptions(auth).environment(env))
      )

    Unresolved directive in sdk-authentication.adoc - include::{version-server}@sdk:shared:partial$auth-overview.adoc[tag=ldap]