Example 1 with AuthorizationViolationException
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class TransactionHandle method executeStatements.
private void executeStatements(StatementDeserializer statements, ExecutionResultSerializer output, List<Neo4jError> errors, HttpServletRequest request) {
try {
boolean hasPrevious = false;
while (statements.hasNext()) {
Statement statement = statements.next();
try {
boolean hasPeriodicCommit = engine.isPeriodicCommit(statement.statement());
if ((statements.hasNext() || hasPrevious) && hasPeriodicCommit) {
throw new QueryExecutionKernelException(new InvalidSemanticsException("Cannot execute another statement after executing " + "PERIODIC COMMIT statement in the same transaction"));
}
if (!hasPrevious && hasPeriodicCommit) {
context.closeTransactionForPeriodicCommit();
}
hasPrevious = true;
TransactionalContext tc = txManagerFacade.create(request, queryService, type, securityContext, statement.statement(), statement.parameters());
Result result = safelyExecute(statement, hasPeriodicCommit, tc);
output.statementResult(result, statement.includeStats(), statement.resultDataContents());
output.notifications(result.getNotifications());
} catch (KernelException | CypherException | AuthorizationViolationException | WriteOperationsNotAllowedException e) {
errors.add(new Neo4jError(e.status(), e));
break;
} catch (DeadlockDetectedException e) {
errors.add(new Neo4jError(Status.Transaction.DeadlockDetected, e));
} catch (IOException e) {
errors.add(new Neo4jError(Status.Network.CommunicationError, e));
break;
} catch (Exception e) {
Throwable cause = e.getCause();
if (cause instanceof Status.HasStatus) {
errors.add(new Neo4jError(((Status.HasStatus) cause).status(), cause));
} else {
errors.add(new Neo4jError(Status.Statement.ExecutionFailed, e));
}
break;
}
}
addToCollection(statements.errors(), errors);
} catch (Throwable e) {
errors.add(new Neo4jError(Status.General.UnknownError, e));
}
}
Also used :
InvalidSemanticsException(org.neo4j.cypher.InvalidSemanticsException)
Status(org.neo4j.kernel.api.exceptions.Status)
QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException)
DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException)
IOException(java.io.IOException)
QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException)
TransactionFailureException(org.neo4j.kernel.api.exceptions.TransactionFailureException)
CypherException(org.neo4j.cypher.CypherException)
DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException)
IOException(java.io.IOException)
KernelException(org.neo4j.kernel.api.exceptions.KernelException)
InvalidSemanticsException(org.neo4j.cypher.InvalidSemanticsException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
WriteOperationsNotAllowedException(org.neo4j.graphdb.security.WriteOperationsNotAllowedException)
Result(org.neo4j.graphdb.Result)
WriteOperationsNotAllowedException(org.neo4j.graphdb.security.WriteOperationsNotAllowedException)
Neo4jError(org.neo4j.server.rest.transactional.error.Neo4jError)
TransactionalContext(org.neo4j.kernel.impl.query.TransactionalContext)
CypherException(org.neo4j.cypher.CypherException)
QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException)
KernelException(org.neo4j.kernel.api.exceptions.KernelException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
Example 2 with AuthorizationViolationException
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class BasicAuthentication method update.
private AuthenticationResult update(Map<String, Object> authToken, boolean requiresPasswordChange) throws AuthenticationException {
try {
SecurityContext securityContext = authManager.login(authToken);
switch(securityContext.subject().getAuthenticationResult()) {
case SUCCESS:
case PASSWORD_CHANGE_REQUIRED:
String newPassword = AuthToken.safeCast(NEW_CREDENTIALS, authToken);
String username = AuthToken.safeCast(PRINCIPAL, authToken);
userManagerSupplier.getUserManager(securityContext).setUserPassword(username, newPassword, requiresPasswordChange);
securityContext.subject().setPasswordChangeNoLongerRequired();
break;
default:
throw new AuthenticationException(Status.Security.Unauthorized);
}
return new BasicAuthenticationResult(securityContext);
} catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e) {
throw new AuthenticationException(e.status(), e.getMessage(), e);
} catch (IOException e) {
throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
}
}
Also used :
SecurityContext(org.neo4j.kernel.api.security.SecurityContext)
IOException(java.io.IOException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)
Example 3 with AuthorizationViolationException
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class ProcedureRegistry method callProcedure.
public RawIterator<AnyValue[], ProcedureException> callProcedure(Context ctx, int id, AnyValue[] input, ResourceTracker resourceTracker) throws ProcedureException {
CallableProcedure proc;
try {
proc = procedures.get(id);
if (proc.signature().admin() && !ctx.securityContext().allowExecuteAdminProcedure(id)) {
String message = format("Executing admin procedure '%s' is not allowed for %s.", proc.signature().name(), ctx.securityContext().description());
ctx.dependencyResolver().resolveDependency(AbstractSecurityLog.class).error(ctx.securityContext(), message);
throw new AuthorizationViolationException(message);
}
} catch (IndexOutOfBoundsException e) {
throw noSuchProcedure(id);
}
return proc.apply(ctx, input, resourceTracker);
}
Also used :
CallableProcedure(org.neo4j.kernel.api.procedure.CallableProcedure)
AbstractSecurityLog(org.neo4j.internal.kernel.api.security.AbstractSecurityLog)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
Example 4 with AuthorizationViolationException
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class Invocation method executeStatements.
private void executeStatements() {
try {
while (outputError == null) {
memoryPool.reserveHeap(Statement.SHALLOW_SIZE);
try {
Statement statement = readStatement();
if (statement == null) {
return;
}
executeStatement(statement);
} finally {
memoryPool.releaseHeap(Statement.SHALLOW_SIZE);
}
}
} catch (InputFormatException e) {
handleNeo4jError(Status.Request.InvalidFormat, e);
} catch (KernelException | Neo4jException | AuthorizationViolationException | WriteOperationsNotAllowedException e) {
handleNeo4jError(e.status(), e);
} catch (DeadlockDetectedException e) {
handleNeo4jError(Status.Transaction.DeadlockDetected, e);
} catch (Exception e) {
Throwable cause = e.getCause();
if (cause instanceof Status.HasStatus) {
handleNeo4jError(((Status.HasStatus) cause).status(), cause);
} else {
handleNeo4jError(Status.Statement.ExecutionFailed, e);
}
}
}
Also used :
Status(org.neo4j.kernel.api.exceptions.Status)
Statement(org.neo4j.server.http.cypher.format.api.Statement)
DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException)
Neo4jException(org.neo4j.exceptions.Neo4jException)
InputFormatException(org.neo4j.server.http.cypher.format.api.InputFormatException)
QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException)
Neo4jException(org.neo4j.exceptions.Neo4jException)
WriteOperationsNotAllowedException(org.neo4j.graphdb.WriteOperationsNotAllowedException)
KernelException(org.neo4j.exceptions.KernelException)
InputFormatException(org.neo4j.server.http.cypher.format.api.InputFormatException)
ConnectionException(org.neo4j.server.http.cypher.format.api.ConnectionException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
InvalidSemanticsException(org.neo4j.exceptions.InvalidSemanticsException)
DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException)
OutputFormatException(org.neo4j.server.http.cypher.format.api.OutputFormatException)
WriteOperationsNotAllowedException(org.neo4j.graphdb.WriteOperationsNotAllowedException)
QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException)
KernelException(org.neo4j.exceptions.KernelException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
Example 5 with AuthorizationViolationException
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class AuthorizationDisabledFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
validateRequestType(servletRequest);
validateResponseType(servletResponse);
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
try {
ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
LoginContext loginContext = getAuthDisabledLoginContext(connectionInfo);
String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
JettyHttpConnection.updateUserForCurrentConnection(loginContext.subject().username(), userAgent);
filterChain.doFilter(new AuthorizedRequestWrapper(BASIC_AUTH, "neo4j", request, loginContext), servletResponse);
} catch (AuthorizationViolationException e) {
unauthorizedAccess(e.getMessage()).accept(response);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ClientConnectionInfo(org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo)
LoginContext(org.neo4j.internal.kernel.api.security.LoginContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
Aggregations
AuthorizationViolationException (org.neo4j.graphdb.security.AuthorizationViolationException)9
IOException (java.io.IOException)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
ClientConnectionInfo (org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo)2
LoginContext (org.neo4j.internal.kernel.api.security.LoginContext)2
DeadlockDetectedException (org.neo4j.kernel.DeadlockDetectedException)2
InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)2
Status (org.neo4j.kernel.api.exceptions.Status)2
InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)2
QueryExecutionKernelException (org.neo4j.kernel.impl.query.QueryExecutionKernelException)2
Statement (org.neo4j.server.http.cypher.format.api.Statement)2
Test (org.junit.jupiter.api.Test)1
InOrder (org.mockito.InOrder)1
CypherException (org.neo4j.cypher.CypherException)1
InvalidSemanticsException (org.neo4j.cypher.InvalidSemanticsException)1
InvalidSemanticsException (org.neo4j.exceptions.InvalidSemanticsException)1
KernelException (org.neo4j.exceptions.KernelException)1
Neo4jException (org.neo4j.exceptions.Neo4jException)1
Result (org.neo4j.graphdb.Result)1
