Change role store setting

- Add a new directory setting dbms.directories.auth that takes precedence over the legacy unsupported.dbms.security.auth_store.location - Make the file names of the auth and roles files an internal thing - Use the directory of the legacy auth store location setting as a fallback
neo4j · May 25, 2016 · 106d06f · 106d06f
1 parent da4ac2b
commit 106d06f
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 5 deletions.
diff --git a/community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java b/community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java
@@ -498,9 +498,8 @@ private static String defaultPageCacheMemory()
     public static final Setting<File> auth_store =
             pathSetting( "unsupported.dbms.security.auth_store.location", NO_DEFAULT );
 
-    @Internal
-    public static final Setting<File> role_store = // TODO: Move this to enterprise
-            pathSetting( "unsupported.dbms.security.role_store.location", NO_DEFAULT );
+    @Description("Location of the directory where to store users and roles used for authentication and authorization.")
+    public static final Setting<File> auth_store_dir = pathSetting( "dbms.directories.auth", NO_DEFAULT );
 
     @Internal
     public static final Setting<String> auth_manager = setting( "unsupported.dbms.security.auth_manager", STRING, "" );

diff --git a/...src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java b/...src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java
@@ -19,6 +19,8 @@
  */
 package org.neo4j.server.security.enterprise.auth;
 
+import java.io.File;
+
 import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.helpers.Service;
 import org.neo4j.kernel.api.security.AuthManager;
@@ -37,6 +39,9 @@
 @Service.Implementation( AuthManager.Factory.class )
 public class EnterpriseAuthManagerFactory extends AuthManager.Factory
 {
+    private static final String USER_STORE_FILENAME = "auth";
+    private static final String ROLE_STORE_FILENAME = "roles";
+
     public EnterpriseAuthManagerFactory()
     {
         super( "enterprise-auth-manager" );
@@ -45,11 +50,26 @@ public EnterpriseAuthManagerFactory()
     @Override
     public AuthManager newInstance( Config config, LogProvider logProvider )
     {
+        // Resolve auth store file names
+        File authStoreDir = config.get( GraphDatabaseSettings.auth_store_dir );
+        File userStoreFile;
+        if ( authStoreDir != null )
+        {
+            userStoreFile = new File( authStoreDir, USER_STORE_FILENAME );
+        }
+        else
+        {
+            // Fallback on the directory of the legacy setting
+            userStoreFile = config.get( GraphDatabaseSettings.auth_store );
+            authStoreDir = userStoreFile.getParentFile();
+        }
+        File roleStoreFile = new File( authStoreDir, ROLE_STORE_FILENAME );
+
         final UserRepository userRepository =
-                new FileUserRepository( config.get( GraphDatabaseSettings.auth_store ).toPath(), logProvider );
+                new FileUserRepository( userStoreFile.toPath(), logProvider );
 
         final RoleRepository roleRepository =
-                new FileRoleRepository( config.get( GraphDatabaseSettings.role_store ).toPath(), logProvider );
+                new FileRoleRepository( roleStoreFile.toPath(), logProvider );
 
         final PasswordPolicy passwordPolicy = new BasicPasswordPolicy();