Search in sources :

Example 6 with ClientConnectionInfo

use of org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo in project neo4j by neo4j.

the class ClientConnectionInfoTest method connectionDetailsForBoltQuerySource.

@Test
void connectionDetailsForBoltQuerySource() {
    // given
    ClientConnectionInfo clientConnection = new BoltConnectionInfo("bolt-42", "neo4j-java-bolt-driver", new InetSocketAddress("127.0.0.1", 56789), new InetSocketAddress("127.0.0.1", 7687));
    // when
    String connectionDetails = clientConnection.asConnectionDetails();
    // then
    assertEquals("bolt-session\tbolt\tneo4j-java-bolt-driver\t\tclient/127.0.0.1:56789\t" + "server/127.0.0.1:7687>", connectionDetails);
}
Also used : ClientConnectionInfo(org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo) BoltConnectionInfo(org.neo4j.kernel.impl.query.clientconnection.BoltConnectionInfo) InetSocketAddress(java.net.InetSocketAddress) Test(org.junit.jupiter.api.Test)

Example 7 with ClientConnectionInfo

use of org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo in project neo4j by neo4j.

the class AuthorizationEnabledFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    validateRequestType(servletRequest);
    validateResponseType(servletResponse);
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;
    String userAgent = request.getHeader(HttpHeaders.USER_AGENT);
    // username is only known after authentication, make connection aware of the user-agent
    JettyHttpConnection.updateUserForCurrentConnection(null, userAgent);
    final String path = request.getContextPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());
    if (request.getMethod().equals("OPTIONS") || whitelisted(path)) {
        // NOTE: If starting transactions with access mode on whitelisted uris should be possible we need to
        // wrap servletRequest in an AuthorizedRequestWrapper here
        filterChain.doFilter(servletRequest, servletResponse);
        return;
    }
    final String header = request.getHeader(HttpHeaders.AUTHORIZATION);
    if (header == null) {
        requestAuthentication(request, noHeader).accept(response);
        return;
    }
    final String[] usernameAndPassword = extractCredential(header);
    if (usernameAndPassword == null) {
        badHeader.accept(response);
        return;
    }
    final String username = usernameAndPassword[0];
    final String password = usernameAndPassword[1];
    try {
        ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
        LoginContext securityContext = authenticate(username, password, connectionInfo);
        // username is now known, make connection aware of both username and user-agent
        JettyHttpConnection.updateUserForCurrentConnection(username, userAgent);
        switch(securityContext.subject().getAuthenticationResult()) {
            case PASSWORD_CHANGE_REQUIRED:
            // from the server side if you try to do anything else than changing you own password.
            case SUCCESS:
                try {
                    filterChain.doFilter(new AuthorizedRequestWrapper(BASIC_AUTH, username, request, securityContext), servletResponse);
                } catch (AuthorizationViolationException e) {
                    unauthorizedAccess(e.getMessage()).accept(response);
                }
                return;
            case TOO_MANY_ATTEMPTS:
                tooManyAttempts.accept(response);
                return;
            default:
                log.warn("Failed authentication attempt for '%s' from %s", username, request.getRemoteAddr());
                requestAuthentication(request, invalidCredential).accept(response);
        }
    } catch (InvalidAuthTokenException e) {
        requestAuthentication(request, invalidAuthToken(e.getMessage())).accept(response);
    } catch (AuthProviderTimeoutException e) {
        authProviderTimeout.accept(response);
    } catch (AuthProviderFailedException e) {
        authProviderFailed.accept(response);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ClientConnectionInfo(org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo) LoginContext(org.neo4j.internal.kernel.api.security.LoginContext) AuthProviderFailedException(org.neo4j.graphdb.security.AuthProviderFailedException) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthProviderTimeoutException(org.neo4j.graphdb.security.AuthProviderTimeoutException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Example 8 with ClientConnectionInfo

use of org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo in project neo4j by neo4j.

the class AuthorizedRequestWrapper method getLoginContextFromHttpServletRequest.

public static LoginContext getLoginContextFromHttpServletRequest(HttpServletRequest request) {
    Principal principal = request.getUserPrincipal();
    ClientConnectionInfo connectionInfo = HttpConnectionInfoFactory.create(request);
    return getLoginContextFromUserPrincipal(principal, connectionInfo);
}
Also used : ClientConnectionInfo(org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo) Principal(java.security.Principal)

Aggregations

ClientConnectionInfo (org.neo4j.internal.kernel.api.connectioninfo.ClientConnectionInfo)8 Test (org.junit.jupiter.api.Test)5 InetSocketAddress (java.net.InetSocketAddress)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 MutableObject (org.apache.commons.lang3.mutable.MutableObject)2 InOrder (org.mockito.InOrder)2 ReturnsDeepStubs (org.mockito.internal.stubbing.defaultanswers.ReturnsDeepStubs)2 AuthorizationViolationException (org.neo4j.graphdb.security.AuthorizationViolationException)2 LoginContext (org.neo4j.internal.kernel.api.security.LoginContext)2 SecurityContext (org.neo4j.internal.kernel.api.security.SecurityContext)2 KernelTransaction (org.neo4j.kernel.api.KernelTransaction)2 QueryRegistry (org.neo4j.kernel.api.QueryRegistry)2 ExecutingQuery (org.neo4j.kernel.api.query.ExecutingQuery)2 KernelStatement (org.neo4j.kernel.impl.api.KernelStatement)2 InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)2 EmbeddedChannel (io.netty.channel.embedded.EmbeddedChannel)1 Principal (java.security.Principal)1 AuthProviderFailedException (org.neo4j.graphdb.security.AuthProviderFailedException)1 AuthProviderTimeoutException (org.neo4j.graphdb.security.AuthProviderTimeoutException)1