Search in sources :

Example 11 with EnterpriseSecurityContext

use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.

the class InternalFlatFileRealmTest method shouldNotCacheAuthorizationInfo.

@Test
public void shouldNotCacheAuthorizationInfo() throws InvalidAuthTokenException {
    // Given
    EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
    assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
    mike.mode().allowsReads();
    assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
    // When
    mike.mode().allowsWrites();
    // Then
    assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) Test(org.junit.Test)

Example 12 with EnterpriseSecurityContext

use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.

the class MultiRealmAuthManager method login.

@Override
public EnterpriseSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
    EnterpriseSecurityContext securityContext;
    ShiroAuthToken token = new ShiroAuthToken(authToken);
    assertValidScheme(token);
    try {
        securityContext = new StandardEnterpriseSecurityContext(this, (ShiroSubject) securityManager.login(null, token));
        if (logSuccessfulLogin) {
            securityLog.info(securityContext, "logged in");
        }
    } catch (UnsupportedTokenException e) {
        securityLog.error("Unknown user failed to log in: %s", e.getMessage());
        Throwable cause = e.getCause();
        if (cause != null && cause instanceof InvalidAuthTokenException) {
            throw new InvalidAuthTokenException(cause.getMessage() + ": " + token);
        }
        throw invalidToken(": " + token);
    } catch (ExcessiveAttemptsException e) {
        // NOTE: We only get this with single (internal) realm authentication
        securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
        securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.getPrincipal().toString()));
    } catch (AuthenticationException e) {
        if (e.getCause() != null && e.getCause() instanceof AuthProviderTimeoutException) {
            securityLog.error("[%s]: failed to log in: auth server timeout", escape(token.getPrincipal().toString()));
            throw new AuthProviderTimeoutException(e.getCause().getMessage(), e.getCause());
        }
        securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.FAILURE));
        securityLog.error("[%s]: failed to log in: invalid principal or credentials", escape(token.getPrincipal().toString()));
    }
    return securityContext;
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) AuthenticationException(org.apache.shiro.authc.AuthenticationException) ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException) AuthProviderTimeoutException(org.neo4j.graphdb.security.AuthProviderTimeoutException) UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException) InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)

Example 13 with EnterpriseSecurityContext

use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.

the class EmbeddedBuiltInProceduresInteractionTest method shouldNotKillQueryIfNotAuthenticated.

@Test
public void shouldNotKillQueryIfNotAuthenticated() throws Throwable {
    EnterpriseSecurityContext authy = createFakeAnonymousEnterpriseSecurityContext();
    GraphDatabaseFacade graph = neo.getLocalGraph();
    DoubleLatch latch = new DoubleLatch(2);
    ThreadedTransaction<EnterpriseSecurityContext> read = new ThreadedTransaction<>(neo, latch);
    String query = read.execute(threading, authy, "UNWIND [1,2,3] AS x RETURN x");
    latch.startAndWaitForAllToStart();
    String id = extractQueryId(query);
    try (InternalTransaction tx = graph.beginTransaction(KernelTransaction.Type.explicit, AnonymousContext.none())) {
        graph.execute(tx, "CALL dbms.killQuery('" + id + "')", Collections.emptyMap());
        throw new AssertionError("Expected exception to be thrown");
    } catch (QueryExecutionException e) {
        assertThat(e.getMessage(), containsString(PERMISSION_DENIED));
    }
    latch.finishAndWaitForAllToFinish();
    read.closeAndAssertSuccess();
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) QueryExecutionException(org.neo4j.graphdb.QueryExecutionException) DoubleLatch(org.neo4j.test.DoubleLatch) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) GraphDatabaseFacade(org.neo4j.kernel.impl.factory.GraphDatabaseFacade) InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction) Test(org.junit.Test)

Example 14 with EnterpriseSecurityContext

use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.

the class InternalFlatFileRealmTest method shouldNotCacheAuthenticationInfo.

@Test
public void shouldNotCacheAuthenticationInfo() throws InvalidAuthTokenException {
    // Given
    EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
    assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
    assertThat("Test realm did not receive a call", testRealm.takeAuthenticationFlag(), is(true));
    // When
    mike = authManager.login(authToken("mike", "123"));
    assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
    // Then
    assertThat("Test realm did not receive a call", testRealm.takeAuthenticationFlag(), is(true));
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) Test(org.junit.Test)

Example 15 with EnterpriseSecurityContext

use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.

the class LdapCachingTest method shouldCacheAuthorizationInfo.

@Test
public void shouldCacheAuthorizationInfo() throws InvalidAuthTokenException {
    // Given
    EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
    mike.mode().allowsReads();
    assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
    // When
    mike.mode().allowsWrites();
    // Then
    assertThat("Test realm received a call", testRealm.takeAuthorizationFlag(), is(false));
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) Test(org.junit.Test)

Aggregations

EnterpriseSecurityContext (org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)17 Test (org.junit.Test)14 Matchers.containsString (org.hamcrest.Matchers.containsString)3 InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)3 GraphDatabaseFacade (org.neo4j.kernel.impl.factory.GraphDatabaseFacade)3 Before (org.junit.Before)2 ResourceIterator (org.neo4j.graphdb.ResourceIterator)2 RestrictedAccessMode (org.neo4j.kernel.impl.api.security.RestrictedAccessMode)2 EmbeddedInteraction (org.neo4j.server.security.enterprise.auth.EmbeddedInteraction)2 AuthenticationException (org.apache.shiro.authc.AuthenticationException)1 ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)1 UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)1 QueryExecutionException (org.neo4j.graphdb.QueryExecutionException)1 Result (org.neo4j.graphdb.Result)1 AuthProviderTimeoutException (org.neo4j.graphdb.security.AuthProviderTimeoutException)1 AuthSubject (org.neo4j.kernel.api.security.AuthSubject)1 InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)1 EnterpriseAuthManager (org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager)1 OverriddenAccessMode (org.neo4j.kernel.impl.api.security.OverriddenAccessMode)1