Example 11 with EnterpriseSecurityContext
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class InternalFlatFileRealmTest method shouldNotCacheAuthorizationInfo.
@Test
public void shouldNotCacheAuthorizationInfo() throws InvalidAuthTokenException {
// Given
EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
mike.mode().allowsReads();
assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
// When
mike.mode().allowsWrites();
// Then
assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
}
Also used :
EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)
Test(org.junit.Test)
Example 12 with EnterpriseSecurityContext
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class MultiRealmAuthManager method login.
@Override
public EnterpriseSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
EnterpriseSecurityContext securityContext;
ShiroAuthToken token = new ShiroAuthToken(authToken);
assertValidScheme(token);
try {
securityContext = new StandardEnterpriseSecurityContext(this, (ShiroSubject) securityManager.login(null, token));
if (logSuccessfulLogin) {
securityLog.info(securityContext, "logged in");
}
} catch (UnsupportedTokenException e) {
securityLog.error("Unknown user failed to log in: %s", e.getMessage());
Throwable cause = e.getCause();
if (cause != null && cause instanceof InvalidAuthTokenException) {
throw new InvalidAuthTokenException(cause.getMessage() + ": " + token);
}
throw invalidToken(": " + token);
} catch (ExcessiveAttemptsException e) {
// NOTE: We only get this with single (internal) realm authentication
securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.getPrincipal().toString()));
} catch (AuthenticationException e) {
if (e.getCause() != null && e.getCause() instanceof AuthProviderTimeoutException) {
securityLog.error("[%s]: failed to log in: auth server timeout", escape(token.getPrincipal().toString()));
throw new AuthProviderTimeoutException(e.getCause().getMessage(), e.getCause());
}
securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.FAILURE));
securityLog.error("[%s]: failed to log in: invalid principal or credentials", escape(token.getPrincipal().toString()));
}
return securityContext;
}
Also used :
EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)
AuthenticationException(org.apache.shiro.authc.AuthenticationException)
ExcessiveAttemptsException(org.apache.shiro.authc.ExcessiveAttemptsException)
AuthProviderTimeoutException(org.neo4j.graphdb.security.AuthProviderTimeoutException)
UnsupportedTokenException(org.apache.shiro.authc.pam.UnsupportedTokenException)
InvalidAuthTokenException(org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)
Example 13 with EnterpriseSecurityContext
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class EmbeddedBuiltInProceduresInteractionTest method shouldNotKillQueryIfNotAuthenticated.
@Test
public void shouldNotKillQueryIfNotAuthenticated() throws Throwable {
EnterpriseSecurityContext authy = createFakeAnonymousEnterpriseSecurityContext();
GraphDatabaseFacade graph = neo.getLocalGraph();
DoubleLatch latch = new DoubleLatch(2);
ThreadedTransaction<EnterpriseSecurityContext> read = new ThreadedTransaction<>(neo, latch);
String query = read.execute(threading, authy, "UNWIND [1,2,3] AS x RETURN x");
latch.startAndWaitForAllToStart();
String id = extractQueryId(query);
try (InternalTransaction tx = graph.beginTransaction(KernelTransaction.Type.explicit, AnonymousContext.none())) {
graph.execute(tx, "CALL dbms.killQuery('" + id + "')", Collections.emptyMap());
throw new AssertionError("Expected exception to be thrown");
} catch (QueryExecutionException e) {
assertThat(e.getMessage(), containsString(PERMISSION_DENIED));
}
latch.finishAndWaitForAllToFinish();
read.closeAndAssertSuccess();
}
Also used :
EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)
QueryExecutionException(org.neo4j.graphdb.QueryExecutionException)
DoubleLatch(org.neo4j.test.DoubleLatch)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
GraphDatabaseFacade(org.neo4j.kernel.impl.factory.GraphDatabaseFacade)
InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction)
Test(org.junit.Test)
Example 14 with EnterpriseSecurityContext
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class InternalFlatFileRealmTest method shouldNotCacheAuthenticationInfo.
@Test
public void shouldNotCacheAuthenticationInfo() throws InvalidAuthTokenException {
// Given
EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
assertThat("Test realm did not receive a call", testRealm.takeAuthenticationFlag(), is(true));
// When
mike = authManager.login(authToken("mike", "123"));
assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
// Then
assertThat("Test realm did not receive a call", testRealm.takeAuthenticationFlag(), is(true));
}
Also used :
EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)
Test(org.junit.Test)
Example 15 with EnterpriseSecurityContext
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class LdapCachingTest method shouldCacheAuthorizationInfo.
@Test
public void shouldCacheAuthorizationInfo() throws InvalidAuthTokenException {
// Given
EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
mike.mode().allowsReads();
assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
// When
mike.mode().allowsWrites();
// Then
assertThat("Test realm received a call", testRealm.takeAuthorizationFlag(), is(false));
}
Also used :
EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)
Test(org.junit.Test)
Aggregations
EnterpriseSecurityContext (org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)17
Test (org.junit.Test)14
Matchers.containsString (org.hamcrest.Matchers.containsString)3
InternalTransaction (org.neo4j.kernel.impl.coreapi.InternalTransaction)3
GraphDatabaseFacade (org.neo4j.kernel.impl.factory.GraphDatabaseFacade)3
Before (org.junit.Before)2
ResourceIterator (org.neo4j.graphdb.ResourceIterator)2
RestrictedAccessMode (org.neo4j.kernel.impl.api.security.RestrictedAccessMode)2
EmbeddedInteraction (org.neo4j.server.security.enterprise.auth.EmbeddedInteraction)2
AuthenticationException (org.apache.shiro.authc.AuthenticationException)1
ExcessiveAttemptsException (org.apache.shiro.authc.ExcessiveAttemptsException)1
UnsupportedTokenException (org.apache.shiro.authc.pam.UnsupportedTokenException)1
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)1
QueryExecutionException (org.neo4j.graphdb.QueryExecutionException)1
Result (org.neo4j.graphdb.Result)1
AuthProviderTimeoutException (org.neo4j.graphdb.security.AuthProviderTimeoutException)1
AuthSubject (org.neo4j.kernel.api.security.AuthSubject)1
InvalidAuthTokenException (org.neo4j.kernel.api.security.exception.InvalidAuthTokenException)1
EnterpriseAuthManager (org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager)1
OverriddenAccessMode (org.neo4j.kernel.impl.api.security.OverriddenAccessMode)1
