The Java SDK supports signing in as a root, namespace, database, or record-level user. After signing in, the connection is authenticated for all subsequent operations until the session is invalidated or the connection is closed.
You can configure authentication in your SurrealDB database using the DEFINE USER or DEFINE ACCESS statements.
API References
Method | Description |
|---|---|
db.signin(credential) | Authenticates with the provided credentials |
db.signup(credential) | Signs up a new record user |
db.authenticate(token) | Authenticates with a JWT token |
db.invalidate() | Invalidates the current authentication |
Signing in as a system user
System users are defined with the DEFINE USER statement and have access at the root, namespace, or database level. Use the corresponding credential class to sign in.
import com.surrealdb.signin.RootCredential;
import com.surrealdb.signin.NamespaceCredential;
import com.surrealdb.signin.DatabaseCredential;
try (Surreal db = new Surreal()) {
db.connect("ws://localhost:8000");
db.useNs("surrealdb").useDb("docs");
// Root user — full access to the entire instance
db.signin(new RootCredential("root", "root"));
// Namespace user — access to all databases in the namespace
db.signin(new NamespaceCredential("tobie", "123456", "surrealdb"));
// Database user — access to a single database
db.signin(new DatabaseCredential("tobie", "123456", "surrealdb", "docs"));
}Signing in as a record user
Record users authenticate against a DEFINE ACCESS method defined on a database. Use RecordCredential with the access method name and any parameters required by the access definition.
import com.surrealdb.signin.RecordCredential;
Map<String, Object> params = Map.of(
"email", "info@surrealdb.com",
"password", "123456"
);
Token token = db.signin(new RecordCredential(
"surrealdb", "docs", "account", params
));Signing up a record user
The .signup() method registers a new record user through a record access method and returns a Token. Signup is only available for record-level access.
import com.surrealdb.signin.RecordCredential;
Map<String, Object> params = Map.of(
"email", "newuser@surrealdb.com",
"password", "s3cureP@ss"
);
Token token = db.signup(new RecordCredential(
"surrealdb", "docs", "account", params
));Using authentication tokens
The .signin() and .signup() methods return a Token object. Use .getAccess() to retrieve the JWT access token and .getRefresh() to retrieve the optional refresh token. You can store these tokens and use them later to re-authenticate without credentials.
Token token = db.signin(new RootCredential("root", "root"));
String accessToken = token.getAccess();
String refreshToken = token.getRefresh();
// Later, re-authenticate with the stored token
db.authenticate(accessToken);Authenticating with a bearer token
If you have a bearer key — for example, one defined with a bearer access method — use BearerCredential to authenticate.
import com.surrealdb.signin.BearerCredential;
db.signin(new BearerCredential("eyJhbGciOiJIUzI1NiIs..."));Invalidating authentication
The .invalidate() method clears the authentication state for the current connection. After invalidation, subsequent operations execute as an unauthenticated user.
db.invalidate();Learn more
Surreal API reference for method signatures
Java Types reference for credential class details
Connecting to SurrealDB for connection setup
DEFINE USER for configuring system users
DEFINE ACCESS for configuring record access
Security best practices for token management
SurrealDB authentication overview for system users, record users, and token concepts