Examples with AuthSubject org.neo4j.kernel.api.security.AuthSubject used on opensource projects

Example 1 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class TxStateTransactionDataViewTest method shouldAccessUsernameFromAuthSubject.

@Test
public void shouldAccessUsernameFromAuthSubject() {
    AuthSubject authSubject = mock(AuthSubject.class);
    when(authSubject.username()).thenReturn("Christof");
    when(transaction.securityContext()).thenReturn(new SecurityContext.Frozen(authSubject, AccessMode.Static.FULL));
    TxStateTransactionDataSnapshot transactionDataSnapshot = snapshot();
    assertEquals("Christof", transactionDataSnapshot.username());
}

Example 2 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class SecurityProceduresTest method setup.

@Before
public void setup() {
    AuthSubject subject = mock(AuthSubject.class);
    when(subject.username()).thenReturn("pearl");
    EnterpriseSecurityContext ctx = mock(EnterpriseSecurityContext.class);
    when(ctx.subject()).thenReturn(subject);
    when(ctx.roles()).thenReturn(Collections.singleton("jammer"));
    procedures = new SecurityProcedures();
    procedures.securityContext = ctx;
    procedures.userManager = mock(EnterpriseUserManager.class);
}

Example 3 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldAuthorizeWhenValidCredentialsSupplied.

@Test
public void shouldAuthorizeWhenValidCredentialsSupplied() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
    BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
    when(securityContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}

Example 4 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldNotAuthorizeWhenPasswordChangeRequired.

@Test
public void shouldNotAuthorizeWhenPasswordChangeRequired() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = new AuthorizationEnabledFilter(() -> authManager, logProvider);
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(StandardCharsets.UTF_8));
    BasicSecurityContext securityContext = mock(BasicSecurityContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getRequestURL()).thenReturn(new StringBuffer("http://bar.baz:7474/db/data/"));
    when(servletRequest.getRequestURI()).thenReturn("/db/data/");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(authToken("foo", "bar"))).thenReturn(securityContext);
    when(securityContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verifyNoMoreInteractions(filterChain);
    verify(servletResponse).setStatus(403);
    verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
    assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"password_change\" : \"http://bar.baz:7474/user/foo/password\""));
    assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"code\" : \"Neo.ClientError.Security.Forbidden\""));
    assertThat(outputStream.toString(StandardCharsets.UTF_8.name()), containsString("\"message\" : \"User is required to change their password.\""));
}

Example 5 with AuthSubject

use of org.neo4j.kernel.api.security.AuthSubject in project neo4j by neo4j.

the class MultiRealmAuthManagerTest method shouldReturnTooManyAttemptsWhenThatIsAppropriate.

@Test
public void shouldReturnTooManyAttemptsWhenThatIsAppropriate() throws Throwable {
    // Given
    users.create(newUser("jake", "abc123", true));
    manager.start();
    setMockAuthenticationStrategyResult("jake", "wrong password", AuthenticationResult.TOO_MANY_ATTEMPTS);
    // When
    AuthSubject authSubject = manager.login(authToken("jake", "wrong password")).subject();
    AuthenticationResult result = authSubject.getAuthenticationResult();
    // Then
    assertThat(result, equalTo(AuthenticationResult.TOO_MANY_ATTEMPTS));
    logProvider.assertExactly(error("[%s]: failed to log in: too many failed attempts", "jake"));
}