use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class InternalFlatFileRealmTest method shouldNotCacheAuthorizationInfo.
@Test
public void shouldNotCacheAuthorizationInfo() throws InvalidAuthTokenException {
// Given
EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
mike.mode().allowsReads();
assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
// When
mike.mode().allowsWrites();
// Then
assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class MultiRealmAuthManager method login.
@Override
public EnterpriseSecurityContext login(Map<String, Object> authToken) throws InvalidAuthTokenException {
EnterpriseSecurityContext securityContext;
ShiroAuthToken token = new ShiroAuthToken(authToken);
assertValidScheme(token);
try {
securityContext = new StandardEnterpriseSecurityContext(this, (ShiroSubject) securityManager.login(null, token));
if (logSuccessfulLogin) {
securityLog.info(securityContext, "logged in");
}
} catch (UnsupportedTokenException e) {
securityLog.error("Unknown user failed to log in: %s", e.getMessage());
Throwable cause = e.getCause();
if (cause != null && cause instanceof InvalidAuthTokenException) {
throw new InvalidAuthTokenException(cause.getMessage() + ": " + token);
}
throw invalidToken(": " + token);
} catch (ExcessiveAttemptsException e) {
// NOTE: We only get this with single (internal) realm authentication
securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.TOO_MANY_ATTEMPTS));
securityLog.error("[%s]: failed to log in: too many failed attempts", escape(token.getPrincipal().toString()));
} catch (AuthenticationException e) {
if (e.getCause() != null && e.getCause() instanceof AuthProviderTimeoutException) {
securityLog.error("[%s]: failed to log in: auth server timeout", escape(token.getPrincipal().toString()));
throw new AuthProviderTimeoutException(e.getCause().getMessage(), e.getCause());
}
securityContext = new StandardEnterpriseSecurityContext(this, new ShiroSubject(securityManager, AuthenticationResult.FAILURE));
securityLog.error("[%s]: failed to log in: invalid principal or credentials", escape(token.getPrincipal().toString()));
}
return securityContext;
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class EmbeddedBuiltInProceduresInteractionTest method shouldNotKillQueryIfNotAuthenticated.
@Test
public void shouldNotKillQueryIfNotAuthenticated() throws Throwable {
EnterpriseSecurityContext authy = createFakeAnonymousEnterpriseSecurityContext();
GraphDatabaseFacade graph = neo.getLocalGraph();
DoubleLatch latch = new DoubleLatch(2);
ThreadedTransaction<EnterpriseSecurityContext> read = new ThreadedTransaction<>(neo, latch);
String query = read.execute(threading, authy, "UNWIND [1,2,3] AS x RETURN x");
latch.startAndWaitForAllToStart();
String id = extractQueryId(query);
try (InternalTransaction tx = graph.beginTransaction(KernelTransaction.Type.explicit, AnonymousContext.none())) {
graph.execute(tx, "CALL dbms.killQuery('" + id + "')", Collections.emptyMap());
throw new AssertionError("Expected exception to be thrown");
} catch (QueryExecutionException e) {
assertThat(e.getMessage(), containsString(PERMISSION_DENIED));
}
latch.finishAndWaitForAllToFinish();
read.closeAndAssertSuccess();
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class InternalFlatFileRealmTest method shouldNotCacheAuthenticationInfo.
@Test
public void shouldNotCacheAuthenticationInfo() throws InvalidAuthTokenException {
// Given
EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
assertThat("Test realm did not receive a call", testRealm.takeAuthenticationFlag(), is(true));
// When
mike = authManager.login(authToken("mike", "123"));
assertThat(mike.subject().getAuthenticationResult(), equalTo(AuthenticationResult.SUCCESS));
// Then
assertThat("Test realm did not receive a call", testRealm.takeAuthenticationFlag(), is(true));
}
use of org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext in project neo4j by neo4j.
the class LdapCachingTest method shouldCacheAuthorizationInfo.
@Test
public void shouldCacheAuthorizationInfo() throws InvalidAuthTokenException {
// Given
EnterpriseSecurityContext mike = authManager.login(authToken("mike", "123"));
mike.mode().allowsReads();
assertThat("Test realm did not receive a call", testRealm.takeAuthorizationFlag(), is(true));
// When
mike.mode().allowsWrites();
// Then
assertThat("Test realm received a call", testRealm.takeAuthorizationFlag(), is(false));
}
Aggregations