Search in sources :

Example 1 with AuthorizationViolationException

use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.

the class TransactionHandle method executeStatements.

private void executeStatements(StatementDeserializer statements, ExecutionResultSerializer output, List<Neo4jError> errors, HttpServletRequest request) {
    try {
        boolean hasPrevious = false;
        while (statements.hasNext()) {
            Statement statement = statements.next();
            try {
                boolean hasPeriodicCommit = engine.isPeriodicCommit(statement.statement());
                if ((statements.hasNext() || hasPrevious) && hasPeriodicCommit) {
                    throw new QueryExecutionKernelException(new InvalidSemanticsException("Cannot execute another statement after executing " + "PERIODIC COMMIT statement in the same transaction"));
                }
                if (!hasPrevious && hasPeriodicCommit) {
                    context.closeTransactionForPeriodicCommit();
                }
                hasPrevious = true;
                TransactionalContext tc = txManagerFacade.create(request, queryService, type, securityContext, statement.statement(), statement.parameters());
                Result result = safelyExecute(statement, hasPeriodicCommit, tc);
                output.statementResult(result, statement.includeStats(), statement.resultDataContents());
                output.notifications(result.getNotifications());
            } catch (KernelException | CypherException | AuthorizationViolationException | WriteOperationsNotAllowedException e) {
                errors.add(new Neo4jError(e.status(), e));
                break;
            } catch (DeadlockDetectedException e) {
                errors.add(new Neo4jError(Status.Transaction.DeadlockDetected, e));
            } catch (IOException e) {
                errors.add(new Neo4jError(Status.Network.CommunicationError, e));
                break;
            } catch (Exception e) {
                Throwable cause = e.getCause();
                if (cause instanceof Status.HasStatus) {
                    errors.add(new Neo4jError(((Status.HasStatus) cause).status(), cause));
                } else {
                    errors.add(new Neo4jError(Status.Statement.ExecutionFailed, e));
                }
                break;
            }
        }
        addToCollection(statements.errors(), errors);
    } catch (Throwable e) {
        errors.add(new Neo4jError(Status.General.UnknownError, e));
    }
}
Also used : InvalidSemanticsException(org.neo4j.cypher.InvalidSemanticsException) Status(org.neo4j.kernel.api.exceptions.Status) QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException) DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException) IOException(java.io.IOException) QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException) TransactionFailureException(org.neo4j.kernel.api.exceptions.TransactionFailureException) CypherException(org.neo4j.cypher.CypherException) DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException) IOException(java.io.IOException) KernelException(org.neo4j.kernel.api.exceptions.KernelException) InvalidSemanticsException(org.neo4j.cypher.InvalidSemanticsException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException) WriteOperationsNotAllowedException(org.neo4j.graphdb.security.WriteOperationsNotAllowedException) Result(org.neo4j.graphdb.Result) WriteOperationsNotAllowedException(org.neo4j.graphdb.security.WriteOperationsNotAllowedException) Neo4jError(org.neo4j.server.rest.transactional.error.Neo4jError) TransactionalContext(org.neo4j.kernel.impl.query.TransactionalContext) CypherException(org.neo4j.cypher.CypherException) QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException) KernelException(org.neo4j.kernel.api.exceptions.KernelException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)

Example 2 with AuthorizationViolationException

use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.

the class BasicAuthentication method update.

private AuthenticationResult update(Map<String, Object> authToken, boolean requiresPasswordChange) throws AuthenticationException {
    try {
        SecurityContext securityContext = authManager.login(authToken);
        switch(securityContext.subject().getAuthenticationResult()) {
            case SUCCESS:
            case PASSWORD_CHANGE_REQUIRED:
                String newPassword = AuthToken.safeCast(NEW_CREDENTIALS, authToken);
                String username = AuthToken.safeCast(PRINCIPAL, authToken);
                userManagerSupplier.getUserManager(securityContext).setUserPassword(username, newPassword, requiresPasswordChange);
                securityContext.subject().setPasswordChangeNoLongerRequired();
                break;
            default:
                throw new AuthenticationException(Status.Security.Unauthorized);
        }
        return new BasicAuthenticationResult(securityContext);
    } catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e) {
        throw new AuthenticationException(e.status(), e.getMessage(), e);
    } catch (IOException e) {
        throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
    }
}
Also used : SecurityContext(org.neo4j.kernel.api.security.SecurityContext) IOException(java.io.IOException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException) InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Example 3 with AuthorizationViolationException

use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.

the class ProcedureRegistry method callProcedure.

public RawIterator<AnyValue[], ProcedureException> callProcedure(Context ctx, int id, AnyValue[] input, ResourceTracker resourceTracker) throws ProcedureException {
    CallableProcedure proc;
    try {
        proc = procedures.get(id);
        if (proc.signature().admin() && !ctx.securityContext().allowExecuteAdminProcedure(id)) {
            String message = format("Executing admin procedure '%s' is not allowed for %s.", proc.signature().name(), ctx.securityContext().description());
            ctx.dependencyResolver().resolveDependency(AbstractSecurityLog.class).error(ctx.securityContext(), message);
            throw new AuthorizationViolationException(message);
        }
    } catch (IndexOutOfBoundsException e) {
        throw noSuchProcedure(id);
    }
    return proc.apply(ctx, input, resourceTracker);
}
Also used : CallableProcedure(org.neo4j.kernel.api.procedure.CallableProcedure) AbstractSecurityLog(org.neo4j.internal.kernel.api.security.AbstractSecurityLog) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)

Example 4 with AuthorizationViolationException

use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.

the class Invocation method executeStatements.

private void executeStatements() {
    try {
        while (outputError == null) {
            memoryPool.reserveHeap(Statement.SHALLOW_SIZE);
            try {
                Statement statement = readStatement();
                if (statement == null) {
                    return;
                }
                executeStatement(statement);
            } finally {
                memoryPool.releaseHeap(Statement.SHALLOW_SIZE);
            }
        }
    } catch (InputFormatException e) {
        handleNeo4jError(Status.Request.InvalidFormat, e);
    } catch (KernelException | Neo4jException | AuthorizationViolationException | WriteOperationsNotAllowedException e) {
        handleNeo4jError(e.status(), e);
    } catch (DeadlockDetectedException e) {
        handleNeo4jError(Status.Transaction.DeadlockDetected, e);
    } catch (Exception e) {
        Throwable cause = e.getCause();
        if (cause instanceof Status.HasStatus) {
            handleNeo4jError(((Status.HasStatus) cause).status(), cause);
        } else {
            handleNeo4jError(Status.Statement.ExecutionFailed, e);
        }
    }
}
Also used : Status(org.neo4j.kernel.api.exceptions.Status) Statement(org.neo4j.server.http.cypher.format.api.Statement) DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException) Neo4jException(org.neo4j.exceptions.Neo4jException) InputFormatException(org.neo4j.server.http.cypher.format.api.InputFormatException) QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException) Neo4jException(org.neo4j.exceptions.Neo4jException) WriteOperationsNotAllowedException(org.neo4j.graphdb.WriteOperationsNotAllowedException) KernelException(org.neo4j.exceptions.KernelException) InputFormatException(org.neo4j.server.http.cypher.format.api.InputFormatException) ConnectionException(org.neo4j.server.http.cypher.format.api.ConnectionException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException) InvalidSemanticsException(org.neo4j.exceptions.InvalidSemanticsException) DeadlockDetectedException(org.neo4j.kernel.DeadlockDetectedException) OutputFormatException(org.neo4j.server.http.cypher.format.api.OutputFormatException) WriteOperationsNotAllowedException(org.neo4j.graphdb.WriteOperationsNotAllowedException) QueryExecutionKernelException(org.neo4j.kernel.impl.query.QueryExecutionKernelException) KernelException(org.neo4j.exceptions.KernelException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)

Example 5 with AuthorizationViolationException

use of org.neo4j.graphdb.security.AuthorizationViolationException in project neo4j by neo4j.

the class AuthorizationDisabledFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    validateRequestType(servletRequest);
    validateResponseType(servletResponse);
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;
    try {
        ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
        LoginContext loginContext = getAuthDisabledLoginContext(connectionInfo);
        String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
        JettyHttpConnection.updateUserForCurrentConnection(loginContext.subject().username(), userAgent);
        filterChain.doFilter(new AuthorizedRequestWrapper(BASIC_AUTH, "neo4j", request, loginContext), servletResponse);
    } catch (AuthorizationViolationException e) {
        unauthorizedAccess(e.getMessage()).accept(response);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ClientConnectionInfo(org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo) LoginContext(org.neo4j.internal.kernel.api.security.LoginContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)

Aggregations

AuthorizationViolationException (org.neo4j.graphdb.security.AuthorizationViolationException)9 IOException (java.io.IOException)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 ClientConnectionInfo (org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo)2 LoginContext (org.neo4j.internal.kernel.api.security.LoginContext)2 DeadlockDetectedException (org.neo4j.kernel.DeadlockDetectedException)2 InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)2 Status (org.neo4j.kernel.api.exceptions.Status)2 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)2 QueryExecutionKernelException (org.neo4j.kernel.impl.query.QueryExecutionKernelException)2 Statement (org.neo4j.server.http.cypher.format.api.Statement)2 Test (org.junit.jupiter.api.Test)1 InOrder (org.mockito.InOrder)1 CypherException (org.neo4j.cypher.CypherException)1 InvalidSemanticsException (org.neo4j.cypher.InvalidSemanticsException)1 InvalidSemanticsException (org.neo4j.exceptions.InvalidSemanticsException)1 KernelException (org.neo4j.exceptions.KernelException)1 Neo4jException (org.neo4j.exceptions.Neo4jException)1 Result (org.neo4j.graphdb.Result)1