Search in sources :

Example 6 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldAuthorizeWhenPasswordChangeRequired.

@Test
void shouldAuthorizeWhenPasswordChangeRequired() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getRequestURL()).thenReturn(new StringBuffer("http://bar.baz:7474/db/data/"));
    when(servletRequest.getRequestURI()).thenReturn("/db/data/");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Example 7 with AuthSubject

use of org.neo4j.internal.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class StubKernelTransaction method subjectOrAnonymous.

@Override
public AuthSubject subjectOrAnonymous() {
    AuthSubject subject = mock(AuthSubject.class);
    when(subject.username()).thenReturn("testUser");
    return subject;
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject)

Aggregations

AuthSubject (org.neo4j.internal.kernel.api.security.AuthSubject)7 Test (org.junit.jupiter.api.Test)6 BasicLoginContext (org.neo4j.server.security.auth.BasicLoginContext)4 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 List (java.util.List)1 Map (java.util.Map)1 ExecutorService (java.util.concurrent.ExecutorService)1 Executors (java.util.concurrent.Executors)1 Future (java.util.concurrent.Future)1 ThreadLocalRandom (java.util.concurrent.ThreadLocalRandom)1 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1 AtomicReference (java.util.concurrent.atomic.AtomicReference)1 Consumer (java.util.function.Consumer)1 ExceptionUtils.getRootCause (org.apache.commons.lang3.exception.ExceptionUtils.getRootCause)1 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)1 Assertions.assertEquals (org.junit.jupiter.api.Assertions.assertEquals)1 Assertions.assertThrows (org.junit.jupiter.api.Assertions.assertThrows)1 Assertions.assertTrue (org.junit.jupiter.api.Assertions.assertTrue)1 ExtendWith (org.junit.jupiter.api.extension.ExtendWith)1