use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class TransactionHandle method executeStatements.
private void executeStatements(StatementDeserializer statements, ExecutionResultSerializer output, List<Neo4jError> errors, HttpServletRequest request) {
try {
boolean hasPrevious = false;
while (statements.hasNext()) {
Statement statement = statements.next();
try {
boolean hasPeriodicCommit = engine.isPeriodicCommit(statement.statement());
if ((statements.hasNext() || hasPrevious) && hasPeriodicCommit) {
throw new QueryExecutionKernelException(new InvalidSemanticsException("Cannot execute another statement after executing " + "PERIODIC COMMIT statement in the same transaction"));
}
if (!hasPrevious && hasPeriodicCommit) {
context.closeTransactionForPeriodicCommit();
}
hasPrevious = true;
TransactionalContext tc = txManagerFacade.create(request, queryService, type, securityContext, statement.statement(), statement.parameters());
Result result = safelyExecute(statement, hasPeriodicCommit, tc);
output.statementResult(result, statement.includeStats(), statement.resultDataContents());
output.notifications(result.getNotifications());
} catch (KernelException | CypherException | AuthorizationViolationException | WriteOperationsNotAllowedException e) {
errors.add(new Neo4jError(e.status(), e));
break;
} catch (DeadlockDetectedException e) {
errors.add(new Neo4jError(Status.Transaction.DeadlockDetected, e));
} catch (IOException e) {
errors.add(new Neo4jError(Status.Network.CommunicationError, e));
break;
} catch (Exception e) {
Throwable cause = e.getCause();
if (cause instanceof Status.HasStatus) {
errors.add(new Neo4jError(((Status.HasStatus) cause).status(), cause));
} else {
errors.add(new Neo4jError(Status.Statement.ExecutionFailed, e));
}
break;
}
}
addToCollection(statements.errors(), errors);
} catch (Throwable e) {
errors.add(new Neo4jError(Status.General.UnknownError, e));
}
}
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class BasicAuthentication method update.
private AuthenticationResult update(Map<String, Object> authToken, boolean requiresPasswordChange) throws AuthenticationException {
try {
SecurityContext securityContext = authManager.login(authToken);
switch(securityContext.subject().getAuthenticationResult()) {
case SUCCESS:
case PASSWORD_CHANGE_REQUIRED:
String newPassword = AuthToken.safeCast(NEW_CREDENTIALS, authToken);
String username = AuthToken.safeCast(PRINCIPAL, authToken);
userManagerSupplier.getUserManager(securityContext).setUserPassword(username, newPassword, requiresPasswordChange);
securityContext.subject().setPasswordChangeNoLongerRequired();
break;
default:
throw new AuthenticationException(Status.Security.Unauthorized);
}
return new BasicAuthenticationResult(securityContext);
} catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e) {
throw new AuthenticationException(e.status(), e.getMessage(), e);
} catch (IOException e) {
throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
}
}
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class ProcedureRegistry method callProcedure.
public RawIterator<AnyValue[], ProcedureException> callProcedure(Context ctx, int id, AnyValue[] input, ResourceTracker resourceTracker) throws ProcedureException {
CallableProcedure proc;
try {
proc = procedures.get(id);
if (proc.signature().admin() && !ctx.securityContext().allowExecuteAdminProcedure(id)) {
String message = format("Executing admin procedure '%s' is not allowed for %s.", proc.signature().name(), ctx.securityContext().description());
ctx.dependencyResolver().resolveDependency(AbstractSecurityLog.class).error(ctx.securityContext(), message);
throw new AuthorizationViolationException(message);
}
} catch (IndexOutOfBoundsException e) {
throw noSuchProcedure(id);
}
return proc.apply(ctx, input, resourceTracker);
}
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class Invocation method executeStatements.
private void executeStatements() {
try {
while (outputError == null) {
memoryPool.reserveHeap(Statement.SHALLOW_SIZE);
try {
Statement statement = readStatement();
if (statement == null) {
return;
}
executeStatement(statement);
} finally {
memoryPool.releaseHeap(Statement.SHALLOW_SIZE);
}
}
} catch (InputFormatException e) {
handleNeo4jError(Status.Request.InvalidFormat, e);
} catch (KernelException | Neo4jException | AuthorizationViolationException | WriteOperationsNotAllowedException e) {
handleNeo4jError(e.status(), e);
} catch (DeadlockDetectedException e) {
handleNeo4jError(Status.Transaction.DeadlockDetected, e);
} catch (Exception e) {
Throwable cause = e.getCause();
if (cause instanceof Status.HasStatus) {
handleNeo4jError(((Status.HasStatus) cause).status(), cause);
} else {
handleNeo4jError(Status.Statement.ExecutionFailed, e);
}
}
}
use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.
the class AuthorizationDisabledFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
validateRequestType(servletRequest);
validateResponseType(servletResponse);
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
try {
ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
LoginContext loginContext = getAuthDisabledLoginContext(connectionInfo);
String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
JettyHttpConnection.updateUserForCurrentConnection(loginContext.subject().username(), userAgent);
filterChain.doFilter(new AuthorizedRequestWrapper(BASIC_AUTH, "neo4j", request, loginContext), servletResponse);
} catch (AuthorizationViolationException e) {
unauthorizedAccess(e.getMessage()).accept(response);
}
}
Aggregations