-
Notifications
You must be signed in to change notification settings - Fork 2.3k
/
EnterpriseSecurityContext.java
98 lines (85 loc) · 2.83 KB
/
EnterpriseSecurityContext.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
/*
* Copyright (c) 2002-2018 "Neo Technology,"
* Network Engine for Objects in Lund AB [http://neotechnology.com]
*
* This file is part of Neo4j.
*
* Neo4j is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.neo4j.kernel.enterprise.api.security;
import java.util.Collections;
import java.util.Set;
import java.util.function.Function;
import org.neo4j.internal.kernel.api.security.AccessMode;
import org.neo4j.internal.kernel.api.security.AuthSubject;
import org.neo4j.internal.kernel.api.security.SecurityContext;
/**
* A logged in and authorized user.
*/
public class EnterpriseSecurityContext extends SecurityContext
{
private final Set<String> roles;
private final boolean isAdmin;
public EnterpriseSecurityContext( AuthSubject subject, AccessMode mode, Set<String> roles, boolean isAdmin )
{
super( subject, mode );
this.roles = roles;
this.isAdmin = isAdmin;
}
@Override
public boolean isAdmin()
{
return isAdmin;
}
@Override
public EnterpriseSecurityContext authorize( Function<String, Integer> propertyIdLookup )
{
return this;
}
@Override
public EnterpriseSecurityContext withMode( AccessMode mode )
{
return new EnterpriseSecurityContext( subject, mode, roles, isAdmin );
}
/**
* Get the roles of the authenticated user.
*/
public Set<String> roles()
{
return roles;
}
/** Allows all operations. */
public static final EnterpriseSecurityContext AUTH_DISABLED = authDisabled( AccessMode.Static.FULL );
private static EnterpriseSecurityContext authDisabled( AccessMode mode )
{
return new EnterpriseSecurityContext( AuthSubject.AUTH_DISABLED, mode, Collections.emptySet(), true )
{
@Override
public EnterpriseSecurityContext withMode( AccessMode mode )
{
return authDisabled( mode );
}
@Override
public String description()
{
return "AUTH_DISABLED with " + mode().name();
}
@Override
public String toString()
{
return defaultString( "enterprise-auth-disabled" );
}
};
}
}