Create a new Commercial Security Module.

Skeleton class for a new auth provider called NativeGraphRealm. CommercialSecurityModuleTest based on EnterpriseSecurityModuleTest but with native_graph_enabled and without property level security test.
neo4j · Aug 14, 2018 · 0af2a0c · 0af2a0c
1 parent 4fca903
commit 0af2a0c
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 4 deletions.
diff --git a/...ity/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModule.java b/...ity/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModule.java
@@ -82,6 +82,11 @@ public EnterpriseSecurityModule()
         super( EnterpriseEditionSettings.ENTERPRISE_SECURITY_MODULE_ID );
     }
 
+    public EnterpriseSecurityModule( String securityModuleId )
+    {
+        super( securityModuleId );
+    }
+
     @Override
     public void setup( Dependencies dependencies ) throws KernelException
     {
@@ -161,11 +166,15 @@ public EnterpriseAuthAndUserManager newAuthManager( Config config, LogProvider l
         List<Realm> realms = new ArrayList<>( securityConfig.authProviders.size() + 1 );
         SecureHasher secureHasher = new SecureHasher();
 
-        InternalFlatFileRealm internalRealm = null;
+        EnterpriseUserManager internalRealm = null;
         if ( securityConfig.hasNativeProvider )
         {
             internalRealm = createInternalRealm( config, logProvider, fileSystem, jobScheduler );
-            realms.add( internalRealm );
+            realms.add( (Realm) internalRealm );
+        }
+        else if ( config.get( SecuritySettings.native_graph_enabled ) )
+        {
+            throw illegalConfiguration("Native graph enabled but native auth provider is not configured."  );
         }
 
         if ( securityConfig.hasLdapProvider )
@@ -208,7 +217,13 @@ private static List<Realm> selectOrderedActiveRealms( List<String> configuredRea
         return orderedActiveRealms;
     }
 
-    public static InternalFlatFileRealm createInternalRealm( Config config, LogProvider logProvider,
+    protected EnterpriseUserManager createInternalRealm( Config config, LogProvider logProvider,
+            FileSystemAbstraction fileSystem, JobScheduler jobScheduler )
+    {
+        return createInternalFlatFileRealm( config, logProvider, fileSystem, jobScheduler );
+    }
+
+    protected static InternalFlatFileRealm createInternalFlatFileRealm( Config config, LogProvider logProvider,
             FileSystemAbstraction fileSystem, JobScheduler jobScheduler )
     {
         return new InternalFlatFileRealm(
@@ -224,7 +239,7 @@ public static InternalFlatFileRealm createInternalRealm( Config config, LogProvi
             );
     }
 
-    private static AuthenticationStrategy createAuthenticationStrategy( Config config )
+    protected static AuthenticationStrategy createAuthenticationStrategy( Config config )
     {
         return new RateLimitedAuthenticationStrategy( Clocks.systemClock(), config );
     }

diff --git a/...ty/src/main/java/org/neo4j/server/security/enterprise/configuration/SecuritySettings.java b/...ty/src/main/java/org/neo4j/server/security/enterprise/configuration/SecuritySettings.java
@@ -117,6 +117,14 @@ public class SecuritySettings implements LoadableConfig
                     providers -> providers.stream().anyMatch( r -> r.startsWith( PLUGIN_REALM_NAME_PREFIX ) ),
                     BOOLEAN );
 
+    //=========================================================================
+    // Native graph settings
+    //=========================================================================
+    @Description( "Use NativeGraphRealm for native security." )
+    @Internal
+    public static final Setting<Boolean> native_graph_enabled =
+            setting( "dbms.security.native.graph_enabled", BOOLEAN, "false" );
+
     //=========================================================================
     // LDAP settings
     //=========================================================================

diff --git a/...src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModuleTest.java b/...src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModuleTest.java
@@ -225,6 +225,7 @@ public void setup()
         when( mockLogProvider.getLog( anyString() ) ).thenReturn( mockLog );
         when( mockLog.isDebugEnabled() ).thenReturn( true );
         when( config.get( SecuritySettings.property_level_authorization_enabled ) ).thenReturn( false );
+        when( config.get( SecuritySettings.native_graph_enabled ) ).thenReturn( false );
         when( config.get( SecuritySettings.auth_cache_ttl ) ).thenReturn( Duration.ZERO );
         when( config.get( SecuritySettings.auth_cache_max_capacity ) ).thenReturn( 10 );
         when( config.get( SecuritySettings.auth_cache_use_ttl ) ).thenReturn( true );