Example 1 with InvalidArgumentsException
use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.
the class BasicAuthentication method update.
private AuthenticationResult update(Map<String, Object> authToken, boolean requiresPasswordChange) throws AuthenticationException {
try {
SecurityContext securityContext = authManager.login(authToken);
switch(securityContext.subject().getAuthenticationResult()) {
case SUCCESS:
case PASSWORD_CHANGE_REQUIRED:
String newPassword = AuthToken.safeCast(NEW_CREDENTIALS, authToken);
String username = AuthToken.safeCast(PRINCIPAL, authToken);
userManagerSupplier.getUserManager(securityContext).setUserPassword(username, newPassword, requiresPasswordChange);
securityContext.subject().setPasswordChangeNoLongerRequired();
break;
default:
throw new AuthenticationException(Status.Security.Unauthorized);
}
return new BasicAuthenticationResult(securityContext);
} catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e) {
throw new AuthenticationException(e.status(), e.getMessage(), e);
} catch (IOException e) {
throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
}
}
Also used :
SecurityContext(org.neo4j.kernel.api.security.SecurityContext)
IOException(java.io.IOException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)
Example 2 with InvalidArgumentsException
use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.
the class BasicAuthManager method setUserPassword.
@Override
public void setUserPassword(String username, String password, boolean requirePasswordChange) throws IOException, InvalidArgumentsException {
User existingUser = getUser(username);
passwordPolicy.validatePassword(password);
if (existingUser.credentials().matchesPassword(password)) {
throw new InvalidArgumentsException("Old password and new password cannot be the same.");
}
try {
User updatedUser = existingUser.augment().withCredentials(Credential.forPassword(password)).withRequiredPasswordChange(requirePasswordChange).build();
userRepository.update(existingUser, updatedUser);
} catch (ConcurrentModificationException e) {
// try again
setUserPassword(username, password, requirePasswordChange);
}
}
Also used :
ConcurrentModificationException(org.neo4j.server.security.auth.exception.ConcurrentModificationException)
User(org.neo4j.kernel.impl.security.User)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
Example 3 with InvalidArgumentsException
use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.
the class UserService method getUser.
@GET
@Path("/{username}")
public Response getUser(@PathParam("username") String username, @Context HttpServletRequest req) {
Principal principal = req.getUserPrincipal();
if (principal == null || !principal.getName().equals(username)) {
return output.notFound();
}
SecurityContext securityContext = getSecurityContextFromUserPrincipal(principal);
UserManager userManager = userManagerSupplier.getUserManager(securityContext);
try {
User user = userManager.getUser(username);
return output.ok(new AuthorizationRepresentation(user));
} catch (InvalidArgumentsException e) {
return output.notFound();
}
}
Also used :
User(org.neo4j.kernel.impl.security.User)
UserManager(org.neo4j.kernel.api.security.UserManager)
SecurityContext(org.neo4j.kernel.api.security.SecurityContext)
AuthorizationRepresentation(org.neo4j.server.rest.repr.AuthorizationRepresentation)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal(org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal)
Principal(java.security.Principal)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 4 with InvalidArgumentsException
use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.
the class PersonalUserManager method newUser.
@Override
public User newUser(String username, String initialPassword, boolean requirePasswordChange) throws IOException, InvalidArgumentsException, AuthorizationViolationException {
try {
assertAdmin();
User user = userManager.newUser(username, initialPassword, requirePasswordChange);
securityLog.info(securityContext, "created user `%s`%s", username, requirePasswordChange ? ", with password change required" : "");
return user;
} catch (AuthorizationViolationException | IOException | InvalidArgumentsException e) {
securityLog.error(securityContext, "tried to create user `%s`: %s", username, e.getMessage());
throw e;
}
}
Also used :
User(org.neo4j.kernel.impl.security.User)
IOException(java.io.IOException)
AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
Example 5 with InvalidArgumentsException
use of org.neo4j.kernel.api.exceptions.InvalidArgumentsException in project neo4j by neo4j.
the class InternalFlatFileRealm method setUserPassword.
@Override
public void setUserPassword(String username, String password, boolean requirePasswordChange) throws IOException, InvalidArgumentsException {
User existingUser = getUser(username);
passwordPolicy.validatePassword(password);
if (existingUser.credentials().matchesPassword(password)) {
throw new InvalidArgumentsException("Old password and new password cannot be the same.");
}
try {
User updatedUser = existingUser.augment().withCredentials(Credential.forPassword(password)).withRequiredPasswordChange(requirePasswordChange).build();
synchronized (this) {
userRepository.update(existingUser, updatedUser);
}
} catch (ConcurrentModificationException e) {
// try again
setUserPassword(username, password, requirePasswordChange);
}
clearCacheForUser(username);
}
Also used :
ConcurrentModificationException(org.neo4j.server.security.auth.exception.ConcurrentModificationException)
User(org.neo4j.kernel.impl.security.User)
InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException)
Aggregations
InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)8
User (org.neo4j.kernel.impl.security.User)5
IOException (java.io.IOException)3
SecurityContext (org.neo4j.kernel.api.security.SecurityContext)3
Principal (java.security.Principal)2
Path (javax.ws.rs.Path)2
AuthorizationViolationException (org.neo4j.graphdb.security.AuthorizationViolationException)2
UserManager (org.neo4j.kernel.api.security.UserManager)2
AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal (org.neo4j.server.rest.dbms.AuthorizedRequestWrapper.getSecurityContextFromUserPrincipal)2
ConcurrentModificationException (org.neo4j.server.security.auth.exception.ConcurrentModificationException)2
GET (javax.ws.rs.GET)1
POST (javax.ws.rs.POST)1
Test (org.junit.Test)1
InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)1
AuthorizationRepresentation (org.neo4j.server.rest.repr.AuthorizationRepresentation)1
BadInputException (org.neo4j.server.rest.repr.BadInputException)1
ExceptionRepresentation (org.neo4j.server.rest.repr.ExceptionRepresentation)1
Neo4jError (org.neo4j.server.rest.transactional.error.Neo4jError)1
BasicPasswordPolicy (org.neo4j.server.security.auth.BasicPasswordPolicy)1
InMemoryUserRepository (org.neo4j.server.security.auth.InMemoryUserRepository)1
