Examples with SecurityContext - org.neo4j.kernel.api.security.SecurityContext

Example 1 with SecurityContext

use of org.neo4j.kernel.api.security.SecurityContext in project neo4j by neo4j.

the class KernelTransactions method newInstance.

public KernelTransaction newInstance(KernelTransaction.Type type, SecurityContext securityContext, long timeout) {
    assertCurrentThreadIsNotBlockingNewTransactions();
    SecurityContext frozenSecurityContext = securityContext.freeze();
    try {
        while (!newTransactionsLock.readLock().tryLock(1, TimeUnit.SECONDS)) {
            assertRunning();
        }
        try {
            assertRunning();
            TransactionId lastCommittedTransaction = transactionIdStore.getLastCommittedTransaction();
            KernelTransactionImplementation tx = localTxPool.acquire();
            StatementLocks statementLocks = statementLocksFactory.newInstance();
            tx.initialize(lastCommittedTransaction.transactionId(), lastCommittedTransaction.commitTimestamp(), statementLocks, type, frozenSecurityContext, timeout);
            return tx;
        } finally {
            newTransactionsLock.readLock().unlock();
        }
    } catch (InterruptedException ie) {
        Thread.interrupted();
        throw new TransactionFailureException("Fail to start new transaction.", ie);
    }
}

Also used : TransactionFailureException(org.neo4j.graphdb.TransactionFailureException) StatementLocks(org.neo4j.kernel.impl.locking.StatementLocks) SecurityContext(org.neo4j.kernel.api.security.SecurityContext) TransactionId(org.neo4j.kernel.impl.store.TransactionId)

Example 2 with SecurityContext

use of org.neo4j.kernel.api.security.SecurityContext in project neo4j by neo4j.

the class ProcedureGDSFactory method apply.

@Override
public GraphDatabaseService apply(Context context) throws ProcedureException {
    SecurityContext securityContext = context.getOrElse(Context.SECURITY_CONTEXT, SecurityContext.AUTH_DISABLED);
    GraphDatabaseFacade facade = new GraphDatabaseFacade();
    facade.init(new ProcedureGDBFacadeSPI(platform, dataSource, resolver, availability, urlValidator, securityContext), dataSource.guard, dataSource.threadToTransactionBridge, platform.config);
    return facade;
}

Also used : SecurityContext(org.neo4j.kernel.api.security.SecurityContext) GraphDatabaseFacade(org.neo4j.kernel.impl.factory.GraphDatabaseFacade)

Example 3 with SecurityContext

use of org.neo4j.kernel.api.security.SecurityContext in project neo4j by neo4j.

the class Neo4jTransactionalContextTest method neverStopsExecutingQueryDuringCommitAndRestartTx.

@SuppressWarnings("ConstantConditions")
@Test
public void neverStopsExecutingQueryDuringCommitAndRestartTx() {
    // Given
    KernelTransaction initialKTX = mock(KernelTransaction.class);
    InternalTransaction initialTransaction = mock(InternalTransaction.class, new ReturnsDeepStubs());
    KernelTransaction.Type transactionType = KernelTransaction.Type.implicit;
    SecurityContext securityContext = SecurityContext.AUTH_DISABLED;
    when(initialTransaction.transactionType()).thenReturn(transactionType);
    when(initialTransaction.securityContext()).thenReturn(securityContext);
    QueryRegistryOperations initialQueryRegistry = mock(QueryRegistryOperations.class);
    ExecutingQuery executingQuery = mock(ExecutingQuery.class);
    PropertyContainerLocker locker = null;
    ThreadToStatementContextBridge txBridge = mock(ThreadToStatementContextBridge.class);
    KernelTransaction secondKTX = mock(KernelTransaction.class);
    InternalTransaction secondTransaction = mock(InternalTransaction.class);
    Statement secondStatement = mock(Statement.class);
    QueryRegistryOperations secondQueryRegistry = mock(QueryRegistryOperations.class);
    when(executingQuery.queryText()).thenReturn("X");
    when(executingQuery.queryParameters()).thenReturn(Collections.emptyMap());
    when(initialStatement.queryRegistration()).thenReturn(initialQueryRegistry);
    when(queryService.beginTransaction(transactionType, securityContext)).thenReturn(secondTransaction);
    when(txBridge.getKernelTransactionBoundToThisThread(true)).thenReturn(initialKTX, secondKTX);
    when(txBridge.get()).thenReturn(secondStatement);
    when(secondStatement.queryRegistration()).thenReturn(secondQueryRegistry);
    Neo4jTransactionalContext context = new Neo4jTransactionalContext(queryService, null, guard, txBridge, locker, initialTransaction, initialStatement, executingQuery);
    // When
    context.commitAndRestartTx();
    // Then
    Object[] mocks = { txBridge, initialTransaction, initialQueryRegistry, initialKTX, secondQueryRegistry, secondKTX };
    InOrder order = Mockito.inOrder(mocks);
    // (0) Constructor
    order.verify(initialTransaction).transactionType();
    order.verify(initialTransaction).securityContext();
    // (1) Unbind old
    order.verify(txBridge).getKernelTransactionBoundToThisThread(true);
    order.verify(txBridge).unbindTransactionFromCurrentThread();
    // (2) Register and unbind new
    order.verify(txBridge).get();
    order.verify(secondQueryRegistry).registerExecutingQuery(executingQuery);
    order.verify(txBridge).getKernelTransactionBoundToThisThread(true);
    order.verify(txBridge).unbindTransactionFromCurrentThread();
    // (3) Rebind, unregister, and close old
    order.verify(txBridge).bindTransactionToCurrentThread(initialKTX);
    order.verify(initialQueryRegistry).unregisterExecutingQuery(executingQuery);
    order.verify(initialTransaction).success();
    order.verify(initialTransaction).close();
    order.verify(txBridge).unbindTransactionFromCurrentThread();
    // (4) Rebind new
    order.verify(txBridge).bindTransactionToCurrentThread(secondKTX);
    verifyNoMoreInteractions(mocks);
}

Also used : KernelTransaction(org.neo4j.kernel.api.KernelTransaction) InOrder(org.mockito.InOrder) Statement(org.neo4j.kernel.api.Statement) KernelStatement(org.neo4j.kernel.impl.api.KernelStatement) QueryRegistryOperations(org.neo4j.kernel.api.QueryRegistryOperations) ThreadToStatementContextBridge(org.neo4j.kernel.impl.core.ThreadToStatementContextBridge) InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction) ExecutingQuery(org.neo4j.kernel.api.query.ExecutingQuery) PropertyContainerLocker(org.neo4j.kernel.impl.coreapi.PropertyContainerLocker) SecurityContext(org.neo4j.kernel.api.security.SecurityContext) ReturnsDeepStubs(org.mockito.internal.stubbing.defaultanswers.ReturnsDeepStubs) Test(org.junit.Test)

Example 4 with SecurityContext

use of org.neo4j.kernel.api.security.SecurityContext in project neo4j by neo4j.

the class Neo4jTransactionalContextTest method rollsBackNewlyCreatedTransactionIfTerminationDetectedOnCloseDuringPeriodicCommit.

@SuppressWarnings("ConstantConditions")
@Test
public void rollsBackNewlyCreatedTransactionIfTerminationDetectedOnCloseDuringPeriodicCommit() {
    // Given
    InternalTransaction initialTransaction = mock(InternalTransaction.class, new ReturnsDeepStubs());
    KernelTransaction.Type transactionType = KernelTransaction.Type.implicit;
    SecurityContext securityContext = SecurityContext.AUTH_DISABLED;
    when(initialTransaction.transactionType()).thenReturn(transactionType);
    when(initialTransaction.securityContext()).thenReturn(securityContext);
    GraphDatabaseQueryService queryService = mock(GraphDatabaseQueryService.class);
    KernelTransaction initialKTX = mock(KernelTransaction.class);
    Statement initialStatement = mock(Statement.class);
    QueryRegistryOperations initialQueryRegistry = mock(QueryRegistryOperations.class);
    ExecutingQuery executingQuery = mock(ExecutingQuery.class);
    PropertyContainerLocker locker = new PropertyContainerLocker();
    ThreadToStatementContextBridge txBridge = mock(ThreadToStatementContextBridge.class);
    KernelTransaction secondKTX = mock(KernelTransaction.class);
    InternalTransaction secondTransaction = mock(InternalTransaction.class);
    Statement secondStatement = mock(Statement.class);
    QueryRegistryOperations secondQueryRegistry = mock(QueryRegistryOperations.class);
    when(executingQuery.queryText()).thenReturn("X");
    when(executingQuery.queryParameters()).thenReturn(Collections.emptyMap());
    Mockito.doThrow(RuntimeException.class).when(initialTransaction).close();
    when(initialStatement.queryRegistration()).thenReturn(initialQueryRegistry);
    when(queryService.beginTransaction(transactionType, securityContext)).thenReturn(secondTransaction);
    when(txBridge.getKernelTransactionBoundToThisThread(true)).thenReturn(initialKTX, secondKTX);
    when(txBridge.get()).thenReturn(secondStatement);
    when(secondStatement.queryRegistration()).thenReturn(secondQueryRegistry);
    Neo4jTransactionalContext context = new Neo4jTransactionalContext(queryService, null, guard, txBridge, locker, initialTransaction, initialStatement, executingQuery);
    // When
    try {
        context.commitAndRestartTx();
        throw new AssertionError("Expected RuntimeException to be thrown");
    } catch (RuntimeException e) {
        // Then
        Object[] mocks = { txBridge, initialTransaction, initialQueryRegistry, initialKTX, secondQueryRegistry, secondKTX, secondTransaction };
        InOrder order = Mockito.inOrder(mocks);
        // (0) Constructor
        order.verify(initialTransaction).transactionType();
        order.verify(initialTransaction).securityContext();
        // (1) Unbind old
        order.verify(txBridge).getKernelTransactionBoundToThisThread(true);
        order.verify(txBridge).unbindTransactionFromCurrentThread();
        // (2) Register and unbind new
        order.verify(txBridge).get();
        order.verify(secondQueryRegistry).registerExecutingQuery(executingQuery);
        order.verify(txBridge).getKernelTransactionBoundToThisThread(true);
        order.verify(txBridge).unbindTransactionFromCurrentThread();
        // (3) Rebind, unregister, and close old
        order.verify(txBridge).bindTransactionToCurrentThread(initialKTX);
        order.verify(initialQueryRegistry).unregisterExecutingQuery(executingQuery);
        order.verify(initialTransaction).success();
        order.verify(initialTransaction).close();
        order.verify(txBridge).bindTransactionToCurrentThread(secondKTX);
        order.verify(secondTransaction).failure();
        order.verify(secondTransaction).close();
        order.verify(txBridge).unbindTransactionFromCurrentThread();
        verifyNoMoreInteractions(mocks);
    }
}

Also used : KernelTransaction(org.neo4j.kernel.api.KernelTransaction) InOrder(org.mockito.InOrder) GraphDatabaseQueryService(org.neo4j.kernel.GraphDatabaseQueryService) Statement(org.neo4j.kernel.api.Statement) KernelStatement(org.neo4j.kernel.impl.api.KernelStatement) QueryRegistryOperations(org.neo4j.kernel.api.QueryRegistryOperations) ThreadToStatementContextBridge(org.neo4j.kernel.impl.core.ThreadToStatementContextBridge) InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction) ExecutingQuery(org.neo4j.kernel.api.query.ExecutingQuery) PropertyContainerLocker(org.neo4j.kernel.impl.coreapi.PropertyContainerLocker) SecurityContext(org.neo4j.kernel.api.security.SecurityContext) ReturnsDeepStubs(org.mockito.internal.stubbing.defaultanswers.ReturnsDeepStubs) Test(org.junit.Test)

Example 5 with SecurityContext

use of org.neo4j.kernel.api.security.SecurityContext in project neo4j by neo4j.

the class BasicAuthentication method update.

private AuthenticationResult update(Map<String, Object> authToken, boolean requiresPasswordChange) throws AuthenticationException {
    try {
        SecurityContext securityContext = authManager.login(authToken);
        switch(securityContext.subject().getAuthenticationResult()) {
            case SUCCESS:
            case PASSWORD_CHANGE_REQUIRED:
                String newPassword = AuthToken.safeCast(NEW_CREDENTIALS, authToken);
                String username = AuthToken.safeCast(PRINCIPAL, authToken);
                userManagerSupplier.getUserManager(securityContext).setUserPassword(username, newPassword, requiresPasswordChange);
                securityContext.subject().setPasswordChangeNoLongerRequired();
                break;
            default:
                throw new AuthenticationException(Status.Security.Unauthorized);
        }
        return new BasicAuthenticationResult(securityContext);
    } catch (AuthorizationViolationException | InvalidArgumentsException | InvalidAuthTokenException e) {
        throw new AuthenticationException(e.status(), e.getMessage(), e);
    } catch (IOException e) {
        throw new AuthenticationException(Status.Security.Unauthorized, e.getMessage(), e);
    }
}

Also used : SecurityContext(org.neo4j.kernel.api.security.SecurityContext) IOException(java.io.IOException) AuthorizationViolationException(org.neo4j.graphdb.security.AuthorizationViolationException) InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Aggregations

SecurityContext (org.neo4j.kernel.api.security.SecurityContext)33 Test (org.junit.Test)20 KernelTransaction (org.neo4j.kernel.api.KernelTransaction)6 ThreadToStatementContextBridge (org.neo4j.kernel.impl.core.ThreadToStatementContextBridge)4 POST (javax.ws.rs.POST)3 Path (javax.ws.rs.Path)3 IOException (java.io.IOException)2 Principal (java.security.Principal)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Consumes (javax.ws.rs.Consumes)2 Produces (javax.ws.rs.Produces)2 InOrder (org.mockito.InOrder)2 ReturnsDeepStubs (org.mockito.internal.stubbing.defaultanswers.ReturnsDeepStubs)2 Transaction (org.neo4j.graphdb.Transaction)2 QueryRegistryOperations (org.neo4j.kernel.api.QueryRegistryOperations)2 Statement (org.neo4j.kernel.api.Statement)2 InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)2 ExecutingQuery (org.neo4j.kernel.api.query.ExecutingQuery)2 KernelStatement (org.neo4j.kernel.impl.api.KernelStatement)2 InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)2