Example 16 with SecurityContext
use of org.neo4j.internal.kernel.api.security.SecurityContext in project neo4j by neo4j.
the class AllStoreHolder method callFunction.
private AnyValue callFunction(int id, AnyValue[] input) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!globalProcedures.isBuiltInFunction(id) && !mode.allowsExecuteFunction(id)) {
String message = format("Executing a user defined function is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext securityContext = mode.shouldBoostFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
return globalProcedures.callFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id, input);
}
}
Also used :
KernelTransaction(org.neo4j.kernel.api.KernelTransaction)
OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)
RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode)
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
AdminAccessMode(org.neo4j.internal.kernel.api.security.AdminAccessMode)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode)
OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)
Example 17 with SecurityContext
use of org.neo4j.internal.kernel.api.security.SecurityContext in project neo4j by neo4j.
the class OperationsTest method runForSecurityLevel.
protected String runForSecurityLevel(Executable executable, AccessMode mode, boolean shoudldBeAuthorized) throws Exception {
SecurityContext securityContext = SecurityContext.authDisabled(mode, ClientConnectionInfo.EMBEDDED_CONNECTION, DB_NAME);
when(transaction.securityContext()).thenReturn(securityContext);
when(transaction.securityAuthorizationHandler()).thenReturn(new SecurityAuthorizationHandler(securityLog));
when(nodeCursor.next()).thenReturn(true);
when(nodeCursor.hasLabel(2)).thenReturn(false);
when(nodeCursor.hasLabel(3)).thenReturn(true);
when(tokenHolders.labelTokens().getTokenById(anyInt())).thenReturn(new NamedToken("Label", 2));
if (shoudldBeAuthorized) {
assertAuthorized(executable);
return null;
} else {
AuthorizationViolationException exception = assertThrows(AuthorizationViolationException.class, executable);
return exception.getMessage();
}
}
Also used :
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
NamedToken(org.neo4j.token.api.NamedToken)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
SecurityAuthorizationHandler(org.neo4j.internal.kernel.api.security.SecurityAuthorizationHandler)
Example 18 with SecurityContext
use of org.neo4j.internal.kernel.api.security.SecurityContext in project neo4j by neo4j.
the class KernelTransactionImplementation method overrideWith.
@Override
public Revertable overrideWith(SecurityContext context) {
SecurityContext oldContext = this.securityContext;
this.securityContext = context;
return () -> this.securityContext = oldContext;
}
Also used :
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
Example 19 with SecurityContext
use of org.neo4j.internal.kernel.api.security.SecurityContext in project neo4j by neo4j.
the class SecurityContextDescriptionTest method shouldMakeNiceDescriptionWithMode.
@Test
void shouldMakeNiceDescriptionWithMode() {
SecurityContext modified = context.withMode(AccessMode.Static.WRITE);
assertThat(modified.description()).isEqualTo("user 'johan' with WRITE");
}
Also used :
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
Test(org.junit.jupiter.api.Test)
Example 20 with SecurityContext
use of org.neo4j.internal.kernel.api.security.SecurityContext in project neo4j by neo4j.
the class SecurityContextDescriptionTest method shouldMakeNiceDescriptionRestricted.
@Test
void shouldMakeNiceDescriptionRestricted() {
SecurityContext restricted = context.withMode(new RestrictedAccessMode(context.mode(), AccessMode.Static.READ));
assertThat(restricted.description()).isEqualTo("user 'johan' with FULL restricted to READ");
}
Also used :
RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode)
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
Test(org.junit.jupiter.api.Test)
Aggregations
SecurityContext (org.neo4j.internal.kernel.api.security.SecurityContext)25
Test (org.junit.jupiter.api.Test)17
KernelTransaction (org.neo4j.kernel.api.KernelTransaction)15
TestAccessMode (org.neo4j.internal.kernel.api.security.TestAccessMode)7
RestrictedAccessMode (org.neo4j.kernel.impl.api.security.RestrictedAccessMode)5
AccessMode (org.neo4j.internal.kernel.api.security.AccessMode)4
OverriddenAccessMode (org.neo4j.kernel.impl.api.security.OverriddenAccessMode)3
InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)3
ArrayList (java.util.ArrayList)2
List (java.util.List)2
Map (java.util.Map)2
Consumer (java.util.function.Consumer)2
MutableObject (org.apache.commons.lang3.mutable.MutableObject)2
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)2
Assertions.assertThrows (org.junit.jupiter.api.Assertions.assertThrows)2
InOrder (org.mockito.InOrder)2
Mockito.mock (org.mockito.Mockito.mock)2
Mockito.when (org.mockito.Mockito.when)2
ReturnsDeepStubs (org.mockito.internal.stubbing.defaultanswers.ReturnsDeepStubs)2
DependencyResolver (org.neo4j.common.DependencyResolver)2
