protected String defaultString( String name ) { return String.format( "%s{ username=%s, accessMode=%s }", name, subject().username(), mode() ); }
@Override public String username() { return transaction.securityContext().subject().username(); }
final String username() { return transaction.securityContext().subject().username(); }
public String description() { return String.format( "user '%s' with %s", subject().username(), mode().name() ); }
@Description( "Show the current user." ) @Procedure( name = "dbms.showCurrentUser", mode = DBMS ) public Stream<UserResult> showCurrentUser() { return Stream.of( userResultForName( securityContext.subject().username() ) ); }
@Override public final Neo4jTransactionalContext newContext( ClientConnectionInfo clientConnection, InternalTransaction tx, String queryText, MapValue queryParameters ) { Statement initialStatement = statementSupplier.get(); ClientConnectionInfo connectionWithUserName = clientConnection.withUsername( tx.securityContext().subject().username() ); ExecutingQuery executingQuery = initialStatement.queryRegistration().startQueryExecution( connectionWithUserName, queryText, queryParameters ); return contextCreator.create( tx, initialStatement, executingQuery ); } }
@Test public void shouldAccessUsernameFromAuthSubject() { AuthSubject authSubject = mock( AuthSubject.class ); when( authSubject.username() ).thenReturn( "Christof" ); when( transaction.securityContext() ) .thenReturn( new SecurityContext( authSubject, AccessMode.Static.FULL ) ); TxStateTransactionDataSnapshot transactionDataSnapshot = snapshot(); assertEquals( "Christof", transactionDataSnapshot.username() ); }
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain ) throws IOException, ServletException { validateRequestType( servletRequest ); validateResponseType( servletResponse ); final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; try { LoginContext loginContext = getAuthDisabledLoginContext(); String userAgent = request.getHeader( HttpHeaders.USER_AGENT ); JettyHttpConnection.updateUserForCurrentConnection( loginContext.subject().username(), userAgent ); filterChain.doFilter( new AuthorizedRequestWrapper( BASIC_AUTH, "neo4j", request, loginContext ), servletResponse ); } catch ( AuthorizationViolationException e ) { unauthorizedAccess( e.getMessage() ).accept( response ); } }
@Test public void shouldGetSpecifiedUsernameAndMetaDataInTXData() { final AtomicReference<String> usernameRef = new AtomicReference<>(); final AtomicReference<Map<String,Object>> metaDataRef = new AtomicReference<>(); db.registerTransactionEventHandler( getBeforeCommitHandler( txData -> { usernameRef.set( txData.username() ); metaDataRef.set( txData.metaData() ); } ) ); AuthSubject subject = mock( AuthSubject.class ); when( subject.username() ).thenReturn( "Christof" ); LoginContext loginContext = new LoginContext() { @Override public AuthSubject subject() { return subject; } @Override public SecurityContext authorize( ToIntFunction<String> propertyIdLookup, String dbName ) { return new SecurityContext( subject, AccessMode.Static.WRITE ); } }; Map<String,Object> metadata = genericMap( "username", "joe" ); runTransaction( loginContext, metadata ); assertThat( "Should have specified username", usernameRef.get(), equalTo( "Christof" ) ); assertThat( "Should have metadata with specified username", metaDataRef.get(), equalTo( metadata ) ); }
@Test public void shouldNotDoAnythingOnSuccess() throws Exception { // When AuthenticationResult result = authentication.authenticate( map( "scheme", "basic", "principal", "mike", "credentials", UTF8.encode( "secret2" ) ) ); // Then assertThat( result.getLoginContext().subject().username(), equalTo( "mike" ) ); }
@Description( "Change the current user's password." ) @Procedure( name = "dbms.security.changePassword", mode = DBMS ) public void changePassword( @Name( "password" ) String password ) throws InvalidArgumentsException, IOException { // TODO: Deprecate this and create a new procedure that takes password as a byte[] if ( securityContext.subject() == AuthSubject.ANONYMOUS ) { throw new AuthorizationViolationException( "Anonymous cannot change password" ); } userManager.setUserPassword( securityContext.subject().username(), UTF8.encode( password ), false ); securityContext.subject().setPasswordChangeNoLongerRequired(); }
public static boolean processAuthentication( String userAgent, Map<String,Object> authToken, StateMachineContext context ) throws BoltConnectionFatality { try { BoltStateMachineSPI boltSpi = context.boltSpi(); AuthenticationResult authResult = boltSpi.authenticate( authToken ); String username = authResult.getLoginContext().subject().username(); context.authenticatedAsUser( username, userAgent ); StatementProcessor statementProcessor = new TransactionStateMachine( boltSpi.transactionSpi(), authResult, context.clock() ); context.connectionState().setStatementProcessor( statementProcessor ); if ( authResult.credentialsExpired() ) { context.connectionState().onMetadata( "credentials_expired", Values.TRUE ); } context.connectionState().onMetadata( "server", Values.stringValue( boltSpi.version() ) ); boltSpi.udcRegisterClient( userAgent ); return true; } catch ( Throwable t ) { context.handleFailure( t, true ); return false; } } }
protected String defaultString( String name ) { return String.format( "%s{ username=%s, accessMode=%s }", name, subject().username(), mode() ); }
@Override public String username() { return transaction.securityContext().subject().username(); }
final String username() { return transaction.securityContext().subject().username(); }
public String description() { return String.format( "user '%s' with %s", subject().username(), mode().name() ); }
@Description( "Show the current user." ) @Procedure( name = "dbms.showCurrentUser", mode = DBMS ) public Stream<UserResult> showCurrentUser() { return Stream.of( userResultForName( securityContext.subject().username() ) ); }
protected UserResult userResultForSubject() { String username = securityContext.subject().username(); User user = userManager.silentlyGetUser( username ); Iterable<String> flags = user == null ? emptyList() : user.getFlags(); return new UserResult( username, securityContext.roles(), flags ); }
@Description( "Change the current user's password." ) @Procedure( name = "dbms.security.changePassword", mode = DBMS ) public void changePassword( @Name( "password" ) String password, @Name( value = "requirePasswordChange", defaultValue = "false" ) boolean requirePasswordChange ) throws InvalidArgumentsException, IOException { setUserPassword( securityContext.subject().username(), password, requirePasswordChange ); }
@Description( "Change the current user's password." ) @Procedure( name = "dbms.security.changePassword", mode = DBMS ) public void changePassword( @Name( "password" ) String password ) throws InvalidArgumentsException, IOException { // TODO: Deprecate this and create a new procedure that takes password as a byte[] if ( securityContext.subject() == AuthSubject.ANONYMOUS ) { throw new AuthorizationViolationException( "Anonymous cannot change password" ); } userManager.setUserPassword( securityContext.subject().username(), UTF8.encode( password ), false ); securityContext.subject().setPasswordChangeNoLongerRequired(); }