From 106d06f3c94db8daddeba7291ff196a18e3122bc Mon Sep 17 00:00:00 2001 From: Henrik Nyman Date: Mon, 23 May 2016 17:53:30 +0200 Subject: [PATCH] Change role store setting - Add a new directory setting dbms.directories.auth that takes precedence over the legacy unsupported.dbms.security.auth_store.location - Make the file names of the auth and roles files an internal thing - Use the directory of the legacy auth store location setting as a fallback --- .../factory/GraphDatabaseSettings.java | 5 ++-- .../auth/EnterpriseAuthManagerFactory.java | 24 +++++++++++++++++-- 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java b/community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java index 9678e9cb9257..fc7def93a2c5 100644 --- a/community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java +++ b/community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java @@ -498,9 +498,8 @@ private static String defaultPageCacheMemory() public static final Setting auth_store = pathSetting( "unsupported.dbms.security.auth_store.location", NO_DEFAULT ); - @Internal - public static final Setting role_store = // TODO: Move this to enterprise - pathSetting( "unsupported.dbms.security.role_store.location", NO_DEFAULT ); + @Description("Location of the directory where to store users and roles used for authentication and authorization.") + public static final Setting auth_store_dir = pathSetting( "dbms.directories.auth", NO_DEFAULT ); @Internal public static final Setting auth_manager = setting( "unsupported.dbms.security.auth_manager", STRING, "" ); diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java index 099e4c4af55a..9848e2f841e0 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java @@ -19,6 +19,8 @@ */ package org.neo4j.server.security.enterprise.auth; +import java.io.File; + import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.helpers.Service; import org.neo4j.kernel.api.security.AuthManager; @@ -37,6 +39,9 @@ @Service.Implementation( AuthManager.Factory.class ) public class EnterpriseAuthManagerFactory extends AuthManager.Factory { + private static final String USER_STORE_FILENAME = "auth"; + private static final String ROLE_STORE_FILENAME = "roles"; + public EnterpriseAuthManagerFactory() { super( "enterprise-auth-manager" ); @@ -45,11 +50,26 @@ public EnterpriseAuthManagerFactory() @Override public AuthManager newInstance( Config config, LogProvider logProvider ) { + // Resolve auth store file names + File authStoreDir = config.get( GraphDatabaseSettings.auth_store_dir ); + File userStoreFile; + if ( authStoreDir != null ) + { + userStoreFile = new File( authStoreDir, USER_STORE_FILENAME ); + } + else + { + // Fallback on the directory of the legacy setting + userStoreFile = config.get( GraphDatabaseSettings.auth_store ); + authStoreDir = userStoreFile.getParentFile(); + } + File roleStoreFile = new File( authStoreDir, ROLE_STORE_FILENAME ); + final UserRepository userRepository = - new FileUserRepository( config.get( GraphDatabaseSettings.auth_store ).toPath(), logProvider ); + new FileUserRepository( userStoreFile.toPath(), logProvider ); final RoleRepository roleRepository = - new FileRoleRepository( config.get( GraphDatabaseSettings.role_store ).toPath(), logProvider ); + new FileRoleRepository( roleStoreFile.toPath(), logProvider ); final PasswordPolicy passwordPolicy = new BasicPasswordPolicy();