Search in sources :

Example 1 with EnterpriseAuthManager

use of org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager in project neo4j by neo4j.

the class QueryLoggerIT method shouldNotLogPassword.

@Test
public void shouldNotLogPassword() throws Exception {
    GraphDatabaseFacade database = (GraphDatabaseFacade) databaseBuilder.setConfig(GraphDatabaseSettings.log_queries, Settings.TRUE).setConfig(GraphDatabaseSettings.logs_directory, logsDirectory.getPath()).setConfig(GraphDatabaseSettings.auth_enabled, Settings.TRUE).newGraphDatabase();
    EnterpriseAuthManager authManager = database.getDependencyResolver().resolveDependency(EnterpriseAuthManager.class);
    EnterpriseSecurityContext neo = authManager.login(AuthToken.newBasicAuthToken("neo4j", "neo4j"));
    String query = "CALL dbms.security.changePassword('abc123')";
    try (InternalTransaction tx = database.beginTransaction(KernelTransaction.Type.explicit, neo)) {
        Result res = database.execute(tx, query, Collections.emptyMap());
        res.close();
        tx.success();
    } finally {
        database.shutdown();
    }
    List<String> logLines = readAllLines(logFilename);
    assertEquals(1, logLines.size());
    assertThat(logLines.get(0), containsString("CALL dbms.security.changePassword(******)"));
    assertThat(logLines.get(0), not(containsString("abc123")));
    assertThat(logLines.get(0), containsString(neo.subject().username()));
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) EnterpriseAuthManager(org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager) Matchers.containsString(org.hamcrest.Matchers.containsString) GraphDatabaseFacade(org.neo4j.kernel.impl.factory.GraphDatabaseFacade) InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction) Result(org.neo4j.graphdb.Result) Test(org.junit.Test)

Aggregations

Matchers.containsString (org.hamcrest.Matchers.containsString)1 Test (org.junit.Test)1 Result (org.neo4j.graphdb.Result)1 EnterpriseAuthManager (org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager)1 EnterpriseSecurityContext (org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)1 InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)1 GraphDatabaseFacade (org.neo4j.kernel.impl.factory.GraphDatabaseFacade)1