Search in sources :

Example 1 with AuthorizationPlugin

use of org.neo4j.server.security.enterprise.auth.plugin.spi.AuthorizationPlugin in project neo4j by neo4j.

the class EnterpriseSecurityModule method createPluginRealms.

private static List<PluginRealm> createPluginRealms(Config config, SecurityLog securityLog, SecureHasher secureHasher, SecurityConfig securityConfig) {
    List<PluginRealm> availablePluginRealms = new ArrayList<>();
    Set<Class> excludedClasses = new HashSet<>();
    if (securityConfig.pluginAuthentication && securityConfig.pluginAuthorization) {
        for (AuthPlugin plugin : Service.load(AuthPlugin.class)) {
            PluginRealm pluginRealm = new PluginRealm(plugin, config, securityLog, Clocks.systemClock(), secureHasher);
            availablePluginRealms.add(pluginRealm);
        }
    }
    if (securityConfig.pluginAuthentication) {
        for (AuthenticationPlugin plugin : Service.load(AuthenticationPlugin.class)) {
            PluginRealm pluginRealm;
            if (securityConfig.pluginAuthorization && plugin instanceof AuthorizationPlugin) {
                // This plugin implements both interfaces, create a combined plugin
                pluginRealm = new PluginRealm(plugin, (AuthorizationPlugin) plugin, config, securityLog, Clocks.systemClock(), secureHasher);
                // We need to make sure we do not add a duplicate when the AuthorizationPlugin service gets loaded
                // so we allow only one instance per combined plugin class
                excludedClasses.add(plugin.getClass());
            } else {
                pluginRealm = new PluginRealm(plugin, null, config, securityLog, Clocks.systemClock(), secureHasher);
            }
            availablePluginRealms.add(pluginRealm);
        }
    }
    if (securityConfig.pluginAuthorization) {
        for (AuthorizationPlugin plugin : Service.load(AuthorizationPlugin.class)) {
            if (!excludedClasses.contains(plugin.getClass())) {
                availablePluginRealms.add(new PluginRealm(null, plugin, config, securityLog, Clocks.systemClock(), secureHasher));
            }
        }
    }
    for (String pluginRealmName : securityConfig.pluginAuthProviders) {
        if (!availablePluginRealms.stream().anyMatch(r -> r.getName().equals(pluginRealmName))) {
            throw illegalConfiguration(format("Failed to load auth plugin '%s'.", pluginRealmName));
        }
    }
    List<PluginRealm> realms = availablePluginRealms.stream().filter(realm -> securityConfig.pluginAuthProviders.contains(realm.getName())).collect(Collectors.toList());
    boolean missingAuthenticatingRealm = securityConfig.onlyPluginAuthentication() && !realms.stream().anyMatch(PluginRealm::canAuthenticate);
    boolean missingAuthorizingRealm = securityConfig.onlyPluginAuthorization() && !realms.stream().anyMatch(PluginRealm::canAuthorize);
    if (missingAuthenticatingRealm || missingAuthorizingRealm) {
        String missingProvider = (missingAuthenticatingRealm && missingAuthorizingRealm) ? "authentication or authorization" : missingAuthenticatingRealm ? "authentication" : "authorization";
        throw illegalConfiguration(format("No plugin %s provider loaded even though required by configuration.", missingProvider));
    }
    return realms;
}
Also used : Service(org.neo4j.helpers.Service) Ticker(com.github.benmanes.caffeine.cache.Ticker) EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) DatabaseManagementSystemSettings(org.neo4j.dbms.DatabaseManagementSystemSettings) EnterpriseAuthManager(org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager) LogProvider(org.neo4j.logging.LogProvider) AuthenticationPlugin(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthenticationPlugin) JobScheduler(org.neo4j.kernel.impl.util.JobScheduler) LifeSupport(org.neo4j.kernel.lifecycle.LifeSupport) SecurityModule(org.neo4j.kernel.api.security.SecurityModule) ArrayList(java.util.ArrayList) HashSet(java.util.HashSet) SecuritySettings(org.neo4j.server.security.enterprise.configuration.SecuritySettings) Realm(org.apache.shiro.realm.Realm) SetDefaultAdminCommand(org.neo4j.commandline.admin.security.SetDefaultAdminCommand) SecurityContext(org.neo4j.kernel.api.security.SecurityContext) SecurityLog(org.neo4j.server.security.enterprise.log.SecurityLog) SECURITY_CONTEXT(org.neo4j.kernel.api.proc.Context.SECURITY_CONTEXT) EnterpriseEditionSettings(org.neo4j.kernel.impl.enterprise.configuration.EnterpriseEditionSettings) RateLimitedAuthenticationStrategy(org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy) Config(org.neo4j.kernel.configuration.Config) CommunitySecurityModule(org.neo4j.server.security.auth.CommunitySecurityModule) BasicPasswordPolicy(org.neo4j.server.security.auth.BasicPasswordPolicy) UserRepository(org.neo4j.server.security.auth.UserRepository) Set(java.util.Set) Collectors(java.util.stream.Collectors) File(java.io.File) KernelException(org.neo4j.kernel.api.exceptions.KernelException) String.format(java.lang.String.format) AuthorizationPlugin(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthorizationPlugin) CacheManager(org.apache.shiro.cache.CacheManager) List(java.util.List) Procedures(org.neo4j.kernel.impl.proc.Procedures) PluginRealm(org.neo4j.server.security.enterprise.auth.plugin.PluginRealm) GraphDatabaseFacade(org.neo4j.kernel.impl.factory.GraphDatabaseFacade) Optional(java.util.Optional) FileUserRepository(org.neo4j.server.security.auth.FileUserRepository) AuthPlugin(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin) Clocks(org.neo4j.time.Clocks) FileSystemAbstraction(org.neo4j.io.fs.FileSystemAbstraction) AuthPlugin(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin) PluginRealm(org.neo4j.server.security.enterprise.auth.plugin.PluginRealm) ArrayList(java.util.ArrayList) AuthenticationPlugin(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthenticationPlugin) AuthorizationPlugin(org.neo4j.server.security.enterprise.auth.plugin.spi.AuthorizationPlugin) HashSet(java.util.HashSet)

Aggregations

Ticker (com.github.benmanes.caffeine.cache.Ticker)1 File (java.io.File)1 String.format (java.lang.String.format)1 ArrayList (java.util.ArrayList)1 HashSet (java.util.HashSet)1 List (java.util.List)1 Optional (java.util.Optional)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1 CacheManager (org.apache.shiro.cache.CacheManager)1 Realm (org.apache.shiro.realm.Realm)1 SetDefaultAdminCommand (org.neo4j.commandline.admin.security.SetDefaultAdminCommand)1 DatabaseManagementSystemSettings (org.neo4j.dbms.DatabaseManagementSystemSettings)1 Service (org.neo4j.helpers.Service)1 FileSystemAbstraction (org.neo4j.io.fs.FileSystemAbstraction)1 KernelException (org.neo4j.kernel.api.exceptions.KernelException)1 SECURITY_CONTEXT (org.neo4j.kernel.api.proc.Context.SECURITY_CONTEXT)1 SecurityContext (org.neo4j.kernel.api.security.SecurityContext)1 SecurityModule (org.neo4j.kernel.api.security.SecurityModule)1 Config (org.neo4j.kernel.configuration.Config)1