use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class QueryLoggerIT method shouldLogTXMetaDataInQueryLog.
@Test
public void shouldLogTXMetaDataInQueryLog() throws Throwable {
// turn on query logging
databaseBuilder.setConfig(GraphDatabaseSettings.logs_directory, logsDirectory.getPath());
databaseBuilder.setConfig(GraphDatabaseSettings.log_queries, Settings.TRUE);
EmbeddedInteraction db = new EmbeddedInteraction(databaseBuilder, Collections.emptyMap());
GraphDatabaseFacade graph = db.getLocalGraph();
db.getLocalUserManager().setUserPassword("neo4j", "123", false);
EnterpriseSecurityContext subject = db.login("neo4j", "123");
db.executeQuery(subject, "UNWIND range(0, 10) AS i CREATE (:Foo {p: i})", Collections.emptyMap(), ResourceIterator::close);
// Set meta data and execute query in transaction
try (InternalTransaction tx = db.beginLocalTransactionAsUser(subject, KernelTransaction.Type.explicit)) {
graph.execute("CALL dbms.setTXMetaData( { User: 'Johan' } )", Collections.emptyMap());
graph.execute("CALL dbms.procedures() YIELD name RETURN name", Collections.emptyMap()).close();
graph.execute("MATCH (n) RETURN n", Collections.emptyMap()).close();
graph.execute(QUERY, Collections.emptyMap());
tx.success();
}
// Ensure that old meta data is not retained
try (InternalTransaction tx = db.beginLocalTransactionAsUser(subject, KernelTransaction.Type.explicit)) {
graph.execute("CALL dbms.setTXMetaData( { Location: 'Sweden' } )", Collections.emptyMap());
graph.execute("MATCH ()-[r]-() RETURN count(r)", Collections.emptyMap()).close();
tx.success();
}
db.tearDown();
// THEN
List<String> logLines = readAllLines(logFilename);
assertThat(logLines, hasSize(7));
assertThat(logLines.get(0), not(containsString("User: 'Johan'")));
// we don't care if setTXMetaData contains the meta data
//assertThat( logLines.get( 1 ), containsString( "User: Johan" ) );
assertThat(logLines.get(2), containsString("User: 'Johan'"));
assertThat(logLines.get(3), containsString("User: 'Johan'"));
assertThat(logLines.get(4), containsString("User: 'Johan'"));
// we want to make sure that the new transaction does not carry old meta data
assertThat(logLines.get(5), not(containsString("User: 'Johan'")));
assertThat(logLines.get(6), containsString("Location: 'Sweden'"));
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class QueryLoggerIT method shouldNotLogPassword.
@Test
public void shouldNotLogPassword() throws Exception {
GraphDatabaseFacade database = (GraphDatabaseFacade) databaseBuilder.setConfig(GraphDatabaseSettings.log_queries, Settings.TRUE).setConfig(GraphDatabaseSettings.logs_directory, logsDirectory.getPath()).setConfig(GraphDatabaseSettings.auth_enabled, Settings.TRUE).newGraphDatabase();
EnterpriseAuthManager authManager = database.getDependencyResolver().resolveDependency(EnterpriseAuthManager.class);
EnterpriseSecurityContext neo = authManager.login(AuthToken.newBasicAuthToken("neo4j", "neo4j"));
String query = "CALL dbms.security.changePassword('abc123')";
try (InternalTransaction tx = database.beginTransaction(KernelTransaction.Type.explicit, neo)) {
Result res = database.execute(tx, query, Collections.emptyMap());
res.close();
tx.success();
} finally {
database.shutdown();
}
List<String> logLines = readAllLines(logFilename);
assertEquals(1, logLines.size());
assertThat(logLines.get(0), containsString("CALL dbms.security.changePassword(******)"));
assertThat(logLines.get(0), not(containsString("abc123")));
assertThat(logLines.get(0), containsString(neo.subject().username()));
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class QueryLoggerIT method shouldLogCustomUserName.
@Test
public void shouldLogCustomUserName() throws Throwable {
// turn on query logging
final Map<String, String> config = stringMap(GraphDatabaseSettings.logs_directory.name(), logsDirectory.getPath(), GraphDatabaseSettings.log_queries.name(), Settings.TRUE);
EmbeddedInteraction db = new EmbeddedInteraction(databaseBuilder, config);
// create users
db.getLocalUserManager().newUser("mats", "neo4j", false);
db.getLocalUserManager().newUser("andres", "neo4j", false);
db.getLocalUserManager().addRoleToUser("architect", "mats");
db.getLocalUserManager().addRoleToUser("reader", "andres");
EnterpriseSecurityContext mats = db.login("mats", "neo4j");
// run query
db.executeQuery(mats, "UNWIND range(0, 10) AS i CREATE (:Foo {p: i})", Collections.emptyMap(), ResourceIterator::close);
db.executeQuery(mats, "CREATE (:Label)", Collections.emptyMap(), ResourceIterator::close);
// switch user, run query
EnterpriseSecurityContext andres = db.login("andres", "neo4j");
db.executeQuery(andres, "MATCH (n:Label) RETURN n", Collections.emptyMap(), ResourceIterator::close);
db.tearDown();
// THEN
List<String> logLines = readAllLines(logFilename);
assertThat(logLines, hasSize(3));
assertThat(logLines.get(0), containsString("mats"));
assertThat(logLines.get(1), containsString("mats"));
assertThat(logLines.get(2), containsString("andres"));
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class SecurityProceduresTest method setup.
@Before
public void setup() {
AuthSubject subject = mock(AuthSubject.class);
when(subject.username()).thenReturn("pearl");
EnterpriseSecurityContext ctx = mock(EnterpriseSecurityContext.class);
when(ctx.subject()).thenReturn(subject);
when(ctx.roles()).thenReturn(Collections.singleton("jammer"));
procedures = new SecurityProcedures();
procedures.securityContext = ctx;
procedures.userManager = mock(EnterpriseUserManager.class);
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class EnterpriseSecurityContextDescriptionTest method shouldMakeNiceDescriptionAuthDisabledAndRestricted.
@Test
public void shouldMakeNiceDescriptionAuthDisabledAndRestricted() throws Throwable {
EnterpriseSecurityContext disabled = EnterpriseSecurityContext.AUTH_DISABLED;
EnterpriseSecurityContext restricted = disabled.withMode(new RestrictedAccessMode(disabled.mode(), AccessMode.Static.READ));
assertThat(restricted.description(), equalTo("AUTH_DISABLED with FULL restricted to READ"));
}
Aggregations