use of org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo in project neo4j by neo4j.
the class ClientConnectionInfoTest method connectionDetailsForBoltQuerySource.
@Test
void connectionDetailsForBoltQuerySource() {
// given
ClientConnectionInfo clientConnection = new BoltConnectionInfo("bolt-42", "neo4j-java-bolt-driver", new InetSocketAddress("127.0.0.1", 56789), new InetSocketAddress("127.0.0.1", 7687));
// when
String connectionDetails = clientConnection.asConnectionDetails();
// then
assertEquals("bolt-session\tbolt\tneo4j-java-bolt-driver\t\tclient/127.0.0.1:56789\t" + "server/127.0.0.1:7687>", connectionDetails);
}
use of org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo in project neo4j by neo4j.
the class AuthorizationEnabledFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
validateRequestType(servletRequest);
validateResponseType(servletResponse);
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
// username is only known after authentication, make connection aware of the user-agent
JettyHttpConnection.updateUserForCurrentConnection(null, userAgent);
final String path = request.getContextPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
if (request.getMethod().equals("OPTIONS") || whitelisted(path)) {
// NOTE: If starting transactions with access mode on whitelisted uris should be possible we need to
// wrap servletRequest in an AuthorizedRequestWrapper here
filterChain.doFilter(servletRequest, servletResponse);
return;
}
final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
if (header == null) {
requestAuthentication(request, noHeader).accept(response);
return;
}
final String[] usernameAndPassword = extractCredential(header);
if (usernameAndPassword == null) {
badHeader.accept(response);
return;
}
final String username = usernameAndPassword[0];
final String password = usernameAndPassword[1];
try {
ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
LoginContext securityContext = authenticate(username, password, connectionInfo);
// username is now known, make connection aware of both username and user-agent
JettyHttpConnection.updateUserForCurrentConnection(username, userAgent);
switch(securityContext.subject().getAuthenticationResult()) {
case PASSWORD_CHANGE_REQUIRED:
// from the server side if you try to do anything else than changing you own password.
case SUCCESS:
try {
filterChain.doFilter(new AuthorizedRequestWrapper(BASIC_AUTH, username, request, securityContext), servletResponse);
} catch (AuthorizationViolationException e) {
unauthorizedAccess(e.getMessage()).accept(response);
}
return;
case TOO_MANY_ATTEMPTS:
tooManyAttempts.accept(response);
return;
default:
log.warn("Failed authentication attempt for '%s' from %s", username, request.getRemoteAddr());
requestAuthentication(request, invalidCredential).accept(response);
}
} catch (InvalidAuthTokenException e) {
requestAuthentication(request, invalidAuthToken(e.getMessage())).accept(response);
} catch (AuthProviderTimeoutException e) {
authProviderTimeout.accept(response);
} catch (AuthProviderFailedException e) {
authProviderFailed.accept(response);
}
}
use of org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo in project neo4j by neo4j.
the class AuthorizedRequestWrapper method getLoginContextFromHttpServletRequest.
public static LoginContext getLoginContextFromHttpServletRequest(HttpServletRequest request) {
Principal principal = request.getUserPrincipal();
ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
return getLoginContextFromUserPrincipal(principal, connectionInfo);
}
Aggregations