Examples with BasicLoginContext org.neo4j.server.security.auth.BasicLoginContext used on opensource projects

Search in sources :

Example 1 with BasicLoginContext

use of org.neo4j.server.security.auth.BasicLoginContext in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldAuthorizeWhenValidCredentialsSupplied.

@Test
void shouldAuthorizeWhenValidCredentialsSupplied() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.SUCCESS);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Example 2 with BasicLoginContext

use of org.neo4j.server.security.auth.BasicLoginContext in project neo4j by neo4j.

the class BasicSystemGraphRealm method login.

@Override
public LoginContext login(Map<String, Object> authToken, ClientConnectionInfo connectionInfo) throws InvalidAuthTokenException {
    try {
        assertValidScheme(authToken);
        String username = AuthToken.safeCast(AuthToken.PRINCIPAL, authToken);
        byte[] password = AuthToken.safeCastCredentials(AuthToken.CREDENTIALS, authToken);
        try {
            User user = systemGraphRealmHelper.getUser(username);
            AuthenticationResult result = authenticationStrategy.authenticate(user, password);
            if (result == AuthenticationResult.SUCCESS && user.passwordChangeRequired()) {
                result = AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
            }
            return new BasicLoginContext(user, result, connectionInfo);
        } catch (InvalidArgumentsException | FormatException e) {
            return new BasicLoginContext(null, AuthenticationResult.FAILURE, connectionInfo);
        }
    } finally {
        AuthToken.clearCredentials(authToken);
    }
}
Also used : User(org.neo4j.kernel.impl.security.User) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) InvalidArgumentsException(org.neo4j.kernel.api.exceptions.InvalidArgumentsException) FormatException(org.neo4j.cypher.internal.security.FormatException) AuthenticationResult(org.neo4j.internal.kernel.api.security.AuthenticationResult)

Example 3 with BasicLoginContext

use of org.neo4j.server.security.auth.BasicLoginContext in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldNotAuthorizeWhenTooManyAttemptsMade.

@Test
void shouldNotAuthorizeWhenTooManyAttemptsMade() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.TOO_MANY_ATTEMPTS);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verifyNoMoreInteractions(filterChain);
    verify(servletResponse).setStatus(429);
    verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"code\" : \"Neo.ClientError.Security.AuthenticationRateLimit\"");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"message\" : \"Too many failed authentication requests. " + "Please wait 5 seconds and try again.\"");
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Example 4 with BasicLoginContext

use of org.neo4j.server.security.auth.BasicLoginContext in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldNotAuthorizeInvalidCredentials.

@Test
void shouldNotAuthorizeInvalidCredentials() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(servletRequest.getRemoteAddr()).thenReturn("remote_ip_address");
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.FAILURE);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verifyNoMoreInteractions(filterChain);
    assertThat(logProvider).forClass(AuthorizationEnabledFilter.class).forLevel(WARN).containsMessages("Failed authentication attempt for '%s' from %s", "foo", "remote_ip_address");
    verify(servletResponse).setStatus(401);
    verify(servletResponse).addHeader(HttpHeaders.CONTENT_TYPE, "application/json; charset=UTF-8");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"code\" : \"Neo.ClientError.Security.Unauthorized\"");
    assertThat(outputStream.toString(UTF_8.name())).contains("\"message\" : \"Invalid username or password.\"");
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Example 5 with BasicLoginContext

use of org.neo4j.server.security.auth.BasicLoginContext in project neo4j by neo4j.

the class AuthorizationFilterTest method shouldAuthorizeWhenPasswordChangeRequired.

@Test
void shouldAuthorizeWhenPasswordChangeRequired() throws Exception {
    // Given
    final AuthorizationEnabledFilter filter = newFilter();
    String credentials = Base64.encodeBase64String("foo:bar".getBytes(UTF_8));
    BasicLoginContext loginContext = mock(BasicLoginContext.class);
    AuthSubject authSubject = mock(AuthSubject.class);
    when(servletRequest.getRemoteAddr()).thenReturn("client");
    when(servletRequest.getRemotePort()).thenReturn(1337);
    when(servletRequest.getServerName()).thenReturn("server");
    when(servletRequest.getServerPort()).thenReturn(42);
    when(servletRequest.getMethod()).thenReturn("GET");
    when(servletRequest.getContextPath()).thenReturn("/db/data");
    when(servletRequest.getRequestURL()).thenReturn(new StringBuffer("http://bar.baz:7474/db/data/"));
    when(servletRequest.getRequestURI()).thenReturn("/db/data/");
    when(servletRequest.getHeader(HttpHeaders.AUTHORIZATION)).thenReturn("BASIC " + credentials);
    when(authManager.login(argThat(new AuthTokenMatcher(authToken("foo", "bar"))), any())).thenReturn(loginContext);
    when(loginContext.subject()).thenReturn(authSubject);
    when(authSubject.getAuthenticationResult()).thenReturn(AuthenticationResult.PASSWORD_CHANGE_REQUIRED);
    // When
    filter.doFilter(servletRequest, servletResponse, filterChain);
    // Then
    verify(filterChain).doFilter(eq(new AuthorizedRequestWrapper(BASIC_AUTH, "foo", servletRequest, AUTH_DISABLED)), same(servletResponse));
}
Also used : AuthSubject(org.neo4j.internal.kernel.api.security.AuthSubject) BasicLoginContext(org.neo4j.server.security.auth.BasicLoginContext) Test(org.junit.jupiter.api.Test)

Aggregations

BasicLoginContext (org.neo4j.server.security.auth.BasicLoginContext)5 Test (org.junit.jupiter.api.Test)4 AuthSubject (org.neo4j.internal.kernel.api.security.AuthSubject)4 FormatException (org.neo4j.cypher.internal.security.FormatException)1 AuthenticationResult (org.neo4j.internal.kernel.api.security.AuthenticationResult)1 InvalidArgumentsException (org.neo4j.kernel.api.exceptions.InvalidArgumentsException)1 User (org.neo4j.kernel.impl.security.User)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial