@Override public boolean credentialsExpired() { return loginContext.subject().getAuthenticationResult() == org.neo4j.internal.kernel.api.security.AuthenticationResult.PASSWORD_CHANGE_REQUIRED; } }
@GET @Path( "/{username}" ) public Response getUser( @PathParam( "username" ) String username, @Context HttpServletRequest req ) { Principal principal = req.getUserPrincipal(); if ( principal == null || !principal.getName().equals( username ) ) { return output.notFound(); } LoginContext loginContext = getLoginContextFromUserPrincipal( principal ); UserManager userManager = userManagerSupplier.getUserManager( loginContext.subject(), false ); try { User user = userManager.getUser( username ); return output.ok( new AuthorizationRepresentation( user ) ); } catch ( InvalidArgumentsException e ) { return output.notFound(); } }
switch ( loginContext.subject().getAuthenticationResult() ) userManagerSupplier.getUserManager( loginContext.subject(), false ) .setUserPassword( username, newPassword, false ); // NOTE: This will overwrite newPassword with zeroes loginContext.subject().setPasswordChangeNoLongerRequired(); break; default:
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain ) throws IOException, ServletException { validateRequestType( servletRequest ); validateResponseType( servletResponse ); final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; try { LoginContext loginContext = getAuthDisabledLoginContext(); String userAgent = request.getHeader( HttpHeaders.USER_AGENT ); JettyHttpConnection.updateUserForCurrentConnection( loginContext.subject().username(), userAgent ); filterChain.doFilter( new AuthorizedRequestWrapper( BASIC_AUTH, "neo4j", request, loginContext ), servletResponse ); } catch ( AuthorizationViolationException e ) { unauthorizedAccess( e.getMessage() ).accept( response ); } }
private void assertLoginGivesResult( String username, String password, AuthenticationResult expectedResult ) throws InvalidAuthTokenException { LoginContext securityContext = manager.login( authToken( username, password ) ); assertThat( securityContext.subject().getAuthenticationResult(), equalTo( expectedResult ) ); }
@Test public void shouldNotDoAnythingOnSuccess() throws Exception { // When AuthenticationResult result = authentication.authenticate( map( "scheme", "basic", "principal", "mike", "credentials", UTF8.encode( "secret2" ) ) ); // Then assertThat( result.getLoginContext().subject().username(), equalTo( "mike" ) ); }
private AuthenticationResult doAuthenticate( Map<String,Object> authToken ) throws AuthenticationException { try { LoginContext loginContext = authManager.login( authToken ); switch ( loginContext.subject().getAuthenticationResult() ) { case SUCCESS: case PASSWORD_CHANGE_REQUIRED: break; case TOO_MANY_ATTEMPTS: throw new AuthenticationException( Status.Security.AuthenticationRateLimit ); default: throw new AuthenticationException( Status.Security.Unauthorized ); } return new BasicAuthenticationResult( loginContext ); } catch ( InvalidAuthTokenException e ) { throw new AuthenticationException( e.status(), e.getMessage() ); } }
switch ( securityContext.subject().getAuthenticationResult() )
UserManager userManager = userManagerSupplier.getUserManager( loginContext.subject(), false ); userManager.setUserPassword( username, UTF8.encode( newPassword ), false );
@Before public void setup() throws InvalidAuthTokenException, IOException { fs = new EphemeralFileSystemAbstraction(); db = (GraphDatabaseAPI) createGraphDatabase( fs ); authManager = db.getDependencyResolver().resolveDependency( BasicAuthManager.class ); admin = login( "neo4j", "neo4j" ); admin.subject().setPasswordChangeNoLongerRequired(); }
public static boolean processAuthentication( String userAgent, Map<String,Object> authToken, StateMachineContext context ) throws BoltConnectionFatality { try { BoltStateMachineSPI boltSpi = context.boltSpi(); AuthenticationResult authResult = boltSpi.authenticate( authToken ); String username = authResult.getLoginContext().subject().username(); context.authenticatedAsUser( username, userAgent ); StatementProcessor statementProcessor = new TransactionStateMachine( boltSpi.transactionSpi(), authResult, context.clock() ); context.connectionState().setStatementProcessor( statementProcessor ); if ( authResult.credentialsExpired() ) { context.connectionState().onMetadata( "credentials_expired", Values.TRUE ); } context.connectionState().onMetadata( "server", Values.stringValue( boltSpi.version() ) ); boltSpi.udcRegisterClient( userAgent ); return true; } catch ( Throwable t ) { context.handleFailure( t, true ); return false; } } }
@Override public boolean credentialsExpired() { return loginContext.subject().getAuthenticationResult() == org.neo4j.internal.kernel.api.security.AuthenticationResult.PASSWORD_CHANGE_REQUIRED; } }
@GET @Path( "/{username}" ) public Response getUser( @PathParam( "username" ) String username, @Context HttpServletRequest req ) { Principal principal = req.getUserPrincipal(); if ( principal == null || !principal.getName().equals( username ) ) { return output.notFound(); } LoginContext loginContext = getLoginContextFromUserPrincipal( principal ); UserManager userManager = userManagerSupplier.getUserManager( loginContext.subject(), false ); try { User user = userManager.getUser( username ); return output.ok( new AuthorizationRepresentation( user ) ); } catch ( InvalidArgumentsException e ) { return output.notFound(); } }
switch ( loginContext.subject().getAuthenticationResult() ) userManagerSupplier.getUserManager( loginContext.subject(), false ) .setUserPassword( username, newPassword, false ); // NOTE: This will overwrite newPassword with zeroes loginContext.subject().setPasswordChangeNoLongerRequired(); break; default:
@Override public void doFilter( ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain ) throws IOException, ServletException { validateRequestType( servletRequest ); validateResponseType( servletResponse ); final HttpServletRequest request = (HttpServletRequest) servletRequest; final HttpServletResponse response = (HttpServletResponse) servletResponse; try { LoginContext loginContext = getAuthDisabledLoginContext(); String userAgent = request.getHeader( HttpHeaders.USER_AGENT ); JettyHttpConnection.updateUserForCurrentConnection( loginContext.subject().username(), userAgent ); filterChain.doFilter( new AuthorizedRequestWrapper( BASIC_AUTH, "neo4j", request, loginContext ), servletResponse ); } catch ( AuthorizationViolationException e ) { unauthorizedAccess( e.getMessage() ).accept( response ); } }
switch ( securityContext.subject().getAuthenticationResult() )
UserManager userManager = userManagerSupplier.getUserManager( loginContext.subject(), false ); userManager.setUserPassword( username, UTF8.encode( newPassword ), false );
private AuthenticationResult doAuthenticate( Map<String,Object> authToken ) throws AuthenticationException { try { LoginContext loginContext = authManager.login( authToken ); switch ( loginContext.subject().getAuthenticationResult() ) { case SUCCESS: case PASSWORD_CHANGE_REQUIRED: break; case TOO_MANY_ATTEMPTS: throw new AuthenticationException( Status.Security.AuthenticationRateLimit ); default: throw new AuthenticationException( Status.Security.Unauthorized ); } return new BasicAuthenticationResult( loginContext ); } catch ( InvalidAuthTokenException e ) { throw new AuthenticationException( e.status(), e.getMessage() ); } }
public static boolean processAuthentication( String userAgent, Map<String,Object> authToken, StateMachineContext context ) throws BoltConnectionFatality { try { BoltStateMachineSPI boltSpi = context.boltSpi(); AuthenticationResult authResult = boltSpi.authenticate( authToken ); String username = authResult.getLoginContext().subject().username(); context.authenticatedAsUser( username, userAgent ); StatementProcessor statementProcessor = new TransactionStateMachine( boltSpi.transactionSpi(), authResult, context.clock() ); context.connectionState().setStatementProcessor( statementProcessor ); if ( authResult.credentialsExpired() ) { context.connectionState().onMetadata( "credentials_expired", Values.TRUE ); } context.connectionState().onMetadata( "server", Values.stringValue( boltSpi.version() ) ); boltSpi.udcRegisterClient( userAgent ); return true; } catch ( Throwable t ) { context.handleFailure( t, true ); return false; } } }