Skip to content

Commit

Permalink
Rename ShiroAuthSubject to EnterpriseAuthSubject
Browse files Browse the repository at this point in the history 
Fix code duplication in AuthProcedures
  • Loading branch information
@henriknyman
henriknyman committed Jun 27, 2016
1 parent 39168ff commit 71feefd
Show file tree
Hide file tree
Showing 7 changed files with 88 additions and 119 deletions.
107 changes: 39 additions & 68 deletions ...rise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java
View file
Expand Up @@ -46,115 +46,88 @@ public void createUser( @Name( "username" ) String username, @Name( "password" )
@Name( "requirePasswordChange" ) boolean requirePasswordChange )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getUserManager().newUser( username, password, requirePasswordChange );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
adminSubject.getUserManager().newUser( username, password, requirePasswordChange );
}

@PerformsDBMS
@Procedure( "dbms.changeUserPassword" )
public void changeUserPassword( @Name( "username" ) String username, @Name( "newPassword" ) String newPassword )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( shiroSubject.doesUsernameMatch( username ) )
EnterpriseAuthSubject enterpriseSubject = EnterpriseAuthSubject.castOrFail( authSubject );
if ( enterpriseSubject.doesUsernameMatch( username ) )
{
shiroSubject.getUserManager().setPassword( shiroSubject, username, newPassword );
enterpriseSubject.getUserManager().setPassword( enterpriseSubject, username, newPassword );
}
else if ( !shiroSubject.isAdmin() )
else if ( !enterpriseSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
else
{
shiroSubject.getUserManager().setUserPassword( username, newPassword );
enterpriseSubject.getUserManager().setUserPassword( username, newPassword );
}
}

@PerformsDBMS
@Procedure( "dbms.addUserToRole" )
public void addUserToRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName ) throws IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getUserManager().addUserToRole( username, roleName );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
adminSubject.getUserManager().addUserToRole( username, roleName );
}

@PerformsDBMS
@Procedure( "dbms.removeUserFromRole" )
public void removeUserFromRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getUserManager().removeUserFromRole( username, roleName );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
adminSubject.getUserManager().removeUserFromRole( username, roleName );
}

@PerformsDBMS
@Procedure( "dbms.deleteUser" )
public void deleteUser( @Name( "username" ) String username ) throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getUserManager().deleteUser( username );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
adminSubject.getUserManager().deleteUser( username );
}

@PerformsDBMS
@Procedure( "dbms.suspendUser" )
public void suspendUser( @Name( "username" ) String username ) throws IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getUserManager().suspendUser( username );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
adminSubject.getUserManager().suspendUser( username );
}

@PerformsDBMS
@Procedure( "dbms.activateUser" )
public void activateUser( @Name( "username" ) String username ) throws IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
shiroSubject.getUserManager().activateUser( username );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
adminSubject.getUserManager().activateUser( username );
}

@PerformsDBMS
@Procedure( "dbms.showCurrentUser" )
public Stream<UserResult> showCurrentUser( )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
EnterpriseUserManager userManager = shiroSubject.getUserManager();
return Stream.of( new UserResult( shiroSubject.name(), userManager.getRoleNamesForUser( shiroSubject.name() ) ) );
EnterpriseAuthSubject enterpriseSubject = EnterpriseAuthSubject.castOrFail( authSubject );
EnterpriseUserManager userManager = enterpriseSubject.getUserManager();
return Stream.of( new UserResult( enterpriseSubject.name(),
userManager.getRoleNamesForUser( enterpriseSubject.name() ) ) );
}

@PerformsDBMS
@Procedure( "dbms.listUsers" )
public Stream<UserResult> listUsers() throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
EnterpriseUserManager userManager = shiroSubject.getUserManager();
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
EnterpriseUserManager userManager = adminSubject.getUserManager();
return userManager.getAllUsernames().stream()
.map( u -> new UserResult( u, userManager.getRoleNamesForUser( u ) ) );
}
Expand All @@ -163,12 +136,8 @@ public Stream<UserResult> listUsers() throws IllegalCredentialsException, IOExce
@Procedure( "dbms.listRoles" )
public Stream<RoleResult> listRoles() throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
EnterpriseUserManager userManager = shiroSubject.getUserManager();
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
EnterpriseUserManager userManager = adminSubject.getUserManager();
return userManager.getAllRoleNames().stream()
.map( r -> new RoleResult( r, userManager.getUsernamesForRole( r ) ) );
}
Expand All @@ -178,25 +147,27 @@ public Stream<RoleResult> listRoles() throws IllegalCredentialsException, IOExce
public Stream<StringResult> listRolesForUser( @Name( "username" ) String username )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
return shiroSubject.getUserManager().getRoleNamesForUser( username ).stream().map( StringResult::new );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
return adminSubject.getUserManager().getRoleNamesForUser( username ).stream().map( StringResult::new );
}

@PerformsDBMS
@Procedure( "dbms.listUsersForRole" )
public Stream<StringResult> listUsersForRole( @Name( "roleName" ) String roleName )
throws IllegalCredentialsException, IOException
{
ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject );
if ( !shiroSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
return shiroSubject.getUserManager().getUsernamesForRole( roleName ).stream().map( StringResult::new );
EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject();
return adminSubject.getUserManager().getUsernamesForRole( roleName ).stream().map( StringResult::new );
}

private EnterpriseAuthSubject ensureAdminAuthSubject()
{
EnterpriseAuthSubject enterpriseAuthSubject = EnterpriseAuthSubject.castOrFail( authSubject );
if ( !enterpriseAuthSubject.isAdmin() )
{
throw new AuthorizationViolationException( PERMISSION_DENIED );
}
return enterpriseAuthSubject;
}

public class StringResult {
Expand Down
40 changes: 19 additions & 21 deletions ...ity/enterprise/auth/ShiroAuthSubject.java → ...nterprise/auth/EnterpriseAuthSubject.java
View file
Expand Up @@ -19,55 +19,53 @@
*/
package org.neo4j.server.security.enterprise.auth;

import org.apache.shiro.subject.Subject;

import java.io.IOException;

import org.neo4j.kernel.api.security.AccessMode;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;

public class ShiroAuthSubject implements AuthSubject
public class EnterpriseAuthSubject implements AuthSubject
{
static final String SCHEMA_READ_WRITE = "schema:read,write";
static final String READ_WRITE = "data:read,write";
static final String READ = "data:read";

private final EnterpriseAuthManager authManager;
private final ShiroSubject subject;
private final ShiroSubject shiroSubject;

public static ShiroAuthSubject castOrFail( AuthSubject authSubject )
public static EnterpriseAuthSubject castOrFail( AuthSubject authSubject )
{
if ( !(authSubject instanceof ShiroAuthSubject) )
if ( !(authSubject instanceof EnterpriseAuthSubject) )
{
throw new IllegalArgumentException( "Incorrect AuthSubject type " + authSubject.getClass().getTypeName() );
}
return (ShiroAuthSubject) authSubject;
return (EnterpriseAuthSubject) authSubject;
}

public ShiroAuthSubject( EnterpriseAuthManager authManager, ShiroSubject subject )
public EnterpriseAuthSubject( EnterpriseAuthManager authManager, ShiroSubject shiroSubject )
{
this.authManager = authManager;
this.subject = subject;
this.shiroSubject = shiroSubject;
}

@Override
public void logout()
{
subject.logout();
shiroSubject.logout();
}

@Override
public AuthenticationResult getAuthenticationResult()
{
return subject.getAuthenticationResult();
return shiroSubject.getAuthenticationResult();
}

@Override
public void setPassword( String password ) throws IOException, IllegalCredentialsException
{
authManager.getUserManager().setPassword( this, (String) subject.getPrincipal(), password );
authManager.getUserManager().setPassword( this, (String) shiroSubject.getPrincipal(), password );
}

public EnterpriseUserManager getUserManager()
Expand All @@ -77,12 +75,12 @@ public EnterpriseUserManager getUserManager()

public boolean isAdmin()
{
return subject.isPermitted( "*" );
return shiroSubject.isPermitted( "*" );
}

public boolean doesUsernameMatch( String username )
{
Object principal = subject.getPrincipal();
Object principal = shiroSubject.getPrincipal();
return principal != null && username.equals( principal );
}

Expand All @@ -107,27 +105,27 @@ public boolean allowsSchemaWrites()
@Override
public String name()
{
return subject.getPrincipal().toString();
return shiroSubject.getPrincipal().toString();
}

Subject getSubject()
ShiroSubject getShiroSubject()
{
return subject;
return shiroSubject;
}

private AccessMode.Static getAccessMode()
{
if ( subject.isAuthenticated() )
if ( shiroSubject.isAuthenticated() )
{
if ( subject.isPermitted( SCHEMA_READ_WRITE ) )
if ( shiroSubject.isPermitted( SCHEMA_READ_WRITE ) )
{
return AccessMode.Static.FULL;
}
else if ( subject.isPermitted( READ_WRITE ) )
else if ( shiroSubject.isPermitted( READ_WRITE ) )
{
return AccessMode.Static.WRITE;
}
else if ( subject.isPermitted( READ ) )
else if ( shiroSubject.isPermitted( READ ) )
{
return AccessMode.Static.READ;
}
Expand Down
4 changes: 2 additions & 2 deletions ...curity/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java
View file
Expand Up @@ -257,9 +257,9 @@ int numberOfRoles()
public void setPassword( AuthSubject authSubject, String username, String password ) throws IOException,
IllegalCredentialsException
{
ShiroAuthSubject shiroAuthSubject = ShiroAuthSubject.castOrFail( authSubject );
EnterpriseAuthSubject enterpriseAuthSubject = EnterpriseAuthSubject.castOrFail( authSubject );

if ( !shiroAuthSubject.doesUsernameMatch( username ) )
if ( !enterpriseAuthSubject.doesUsernameMatch( username ) )
{
throw new AuthorizationViolationException( "Invalid attempt to change the password for user " + username );
}
Expand Down
2 changes: 1 addition & 1 deletion ...curity/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java
View file
Expand Up @@ -84,7 +84,7 @@ public AuthSubject login( Map<String,Object> authToken ) throws InvalidAuthToken
subject = new ShiroSubject( securityManager, AuthenticationResult.FAILURE );
}

return new ShiroAuthSubject( this, subject );
return new EnterpriseAuthSubject( this, subject );
}

@Override
Expand Down
4 changes: 2 additions & 2 deletions ...se/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java
View file
Expand Up @@ -149,7 +149,7 @@ public RoleRecord newRole( String roleName, String... users ) throws IOException
}

@Override
public ShiroAuthSubject login( Map<String,Object> authToken ) throws InvalidAuthTokenException
public EnterpriseAuthSubject login( Map<String,Object> authToken ) throws InvalidAuthTokenException
{
assertAuthEnabled();

Expand Down Expand Up @@ -190,7 +190,7 @@ public ShiroAuthSubject login( Map<String,Object> authToken ) throws InvalidAuth
}
authStrategy.updateWithAuthenticationResult( result, username );
}
return new ShiroAuthSubject( this, subject );
return new EnterpriseAuthSubject( this, subject );
}

@Override
Expand Down
18 changes: 9 additions & 9 deletions ...curity/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java
View file
Expand Up @@ -58,12 +58,12 @@

public class AuthProcedureTestBase
{
protected ShiroAuthSubject adminSubject;
protected ShiroAuthSubject schemaSubject;
protected ShiroAuthSubject writeSubject;
protected ShiroAuthSubject readSubject;
protected ShiroAuthSubject pwdSubject;
protected ShiroAuthSubject noneSubject;
protected EnterpriseAuthSubject adminSubject;
protected EnterpriseAuthSubject schemaSubject;
protected EnterpriseAuthSubject writeSubject;
protected EnterpriseAuthSubject readSubject;
protected EnterpriseAuthSubject pwdSubject;
protected EnterpriseAuthSubject noneSubject;

protected String[] initialUsers = { "adminSubject", "readSubject", "schemaSubject",
"readWriteSubject", "pwdSubject", "noneSubject", "neo4j" };
Expand Down Expand Up @@ -294,13 +294,13 @@ protected void testCallFail( AuthSubject subject, String call,
}
}

protected void testUnAunthenticated( ShiroAuthSubject subject )
protected void testUnAunthenticated( EnterpriseAuthSubject subject )
{
//TODO: improve me to be less gullible!
assertFalse( subject.getSubject().isAuthenticated() );
assertFalse( subject.getShiroSubject().isAuthenticated() );
}

protected void testUnAunthenticated( ShiroAuthSubject subject, String call )
protected void testUnAunthenticated( EnterpriseAuthSubject subject, String call )
{
//TODO: OMG improve thrown exception
try
Expand Down

0 comments on commit 71feefd

Please sign in to comment.