use of org.neo4j.helpers.Service in project neo4j by neo4j.
the class EnterpriseSecurityModule method createPluginRealms.
private static List<PluginRealm> createPluginRealms(Config config, SecurityLog securityLog, SecureHasher secureHasher, SecurityConfig securityConfig) {
List<PluginRealm> availablePluginRealms = new ArrayList<>();
Set<Class> excludedClasses = new HashSet<>();
if (securityConfig.pluginAuthentication && securityConfig.pluginAuthorization) {
for (AuthPlugin plugin : Service.load(AuthPlugin.class)) {
PluginRealm pluginRealm = new PluginRealm(plugin, config, securityLog, Clocks.systemClock(), secureHasher);
availablePluginRealms.add(pluginRealm);
}
}
if (securityConfig.pluginAuthentication) {
for (AuthenticationPlugin plugin : Service.load(AuthenticationPlugin.class)) {
PluginRealm pluginRealm;
if (securityConfig.pluginAuthorization && plugin instanceof AuthorizationPlugin) {
// This plugin implements both interfaces, create a combined plugin
pluginRealm = new PluginRealm(plugin, (AuthorizationPlugin) plugin, config, securityLog, Clocks.systemClock(), secureHasher);
// We need to make sure we do not add a duplicate when the AuthorizationPlugin service gets loaded
// so we allow only one instance per combined plugin class
excludedClasses.add(plugin.getClass());
} else {
pluginRealm = new PluginRealm(plugin, null, config, securityLog, Clocks.systemClock(), secureHasher);
}
availablePluginRealms.add(pluginRealm);
}
}
if (securityConfig.pluginAuthorization) {
for (AuthorizationPlugin plugin : Service.load(AuthorizationPlugin.class)) {
if (!excludedClasses.contains(plugin.getClass())) {
availablePluginRealms.add(new PluginRealm(null, plugin, config, securityLog, Clocks.systemClock(), secureHasher));
}
}
}
for (String pluginRealmName : securityConfig.pluginAuthProviders) {
if (!availablePluginRealms.stream().anyMatch(r -> r.getName().equals(pluginRealmName))) {
throw illegalConfiguration(format("Failed to load auth plugin '%s'.", pluginRealmName));
}
}
List<PluginRealm> realms = availablePluginRealms.stream().filter(realm -> securityConfig.pluginAuthProviders.contains(realm.getName())).collect(Collectors.toList());
boolean missingAuthenticatingRealm = securityConfig.onlyPluginAuthentication() && !realms.stream().anyMatch(PluginRealm::canAuthenticate);
boolean missingAuthorizingRealm = securityConfig.onlyPluginAuthorization() && !realms.stream().anyMatch(PluginRealm::canAuthorize);
if (missingAuthenticatingRealm || missingAuthorizingRealm) {
String missingProvider = (missingAuthenticatingRealm && missingAuthorizingRealm) ? "authentication or authorization" : missingAuthenticatingRealm ? "authentication" : "authorization";
throw illegalConfiguration(format("No plugin %s provider loaded even though required by configuration.", missingProvider));
}
return realms;
}
Aggregations