diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java index 0962fa474cd1e..863c4bbbeb8b6 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/AuthProcedures.java @@ -46,12 +46,8 @@ public void createUser( @Name( "username" ) String username, @Name( "password" ) @Name( "requirePasswordChange" ) boolean requirePasswordChange ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - shiroSubject.getUserManager().newUser( username, password, requirePasswordChange ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + adminSubject.getUserManager().newUser( username, password, requirePasswordChange ); } @PerformsDBMS @@ -59,18 +55,18 @@ public void createUser( @Name( "username" ) String username, @Name( "password" ) public void changeUserPassword( @Name( "username" ) String username, @Name( "newPassword" ) String newPassword ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( shiroSubject.doesUsernameMatch( username ) ) + EnterpriseAuthSubject enterpriseSubject = EnterpriseAuthSubject.castOrFail( authSubject ); + if ( enterpriseSubject.doesUsernameMatch( username ) ) { - shiroSubject.getUserManager().setPassword( shiroSubject, username, newPassword ); + enterpriseSubject.getUserManager().setPassword( enterpriseSubject, username, newPassword ); } - else if ( !shiroSubject.isAdmin() ) + else if ( !enterpriseSubject.isAdmin() ) { throw new AuthorizationViolationException( PERMISSION_DENIED ); } else { - shiroSubject.getUserManager().setUserPassword( username, newPassword ); + enterpriseSubject.getUserManager().setUserPassword( username, newPassword ); } } @@ -78,12 +74,8 @@ else if ( !shiroSubject.isAdmin() ) @Procedure( "dbms.addUserToRole" ) public void addUserToRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName ) throws IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - shiroSubject.getUserManager().addUserToRole( username, roleName ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + adminSubject.getUserManager().addUserToRole( username, roleName ); } @PerformsDBMS @@ -91,48 +83,32 @@ public void addUserToRole( @Name( "username" ) String username, @Name( "roleName public void removeUserFromRole( @Name( "username" ) String username, @Name( "roleName" ) String roleName ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - shiroSubject.getUserManager().removeUserFromRole( username, roleName ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + adminSubject.getUserManager().removeUserFromRole( username, roleName ); } @PerformsDBMS @Procedure( "dbms.deleteUser" ) public void deleteUser( @Name( "username" ) String username ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - shiroSubject.getUserManager().deleteUser( username ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + adminSubject.getUserManager().deleteUser( username ); } @PerformsDBMS @Procedure( "dbms.suspendUser" ) public void suspendUser( @Name( "username" ) String username ) throws IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - shiroSubject.getUserManager().suspendUser( username ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + adminSubject.getUserManager().suspendUser( username ); } @PerformsDBMS @Procedure( "dbms.activateUser" ) public void activateUser( @Name( "username" ) String username ) throws IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - shiroSubject.getUserManager().activateUser( username ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + adminSubject.getUserManager().activateUser( username ); } @PerformsDBMS @@ -140,21 +116,18 @@ public void activateUser( @Name( "username" ) String username ) throws IOExcepti public Stream showCurrentUser( ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - EnterpriseUserManager userManager = shiroSubject.getUserManager(); - return Stream.of( new UserResult( shiroSubject.name(), userManager.getRoleNamesForUser( shiroSubject.name() ) ) ); + EnterpriseAuthSubject enterpriseSubject = EnterpriseAuthSubject.castOrFail( authSubject ); + EnterpriseUserManager userManager = enterpriseSubject.getUserManager(); + return Stream.of( new UserResult( enterpriseSubject.name(), + userManager.getRoleNamesForUser( enterpriseSubject.name() ) ) ); } @PerformsDBMS @Procedure( "dbms.listUsers" ) public Stream listUsers() throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - EnterpriseUserManager userManager = shiroSubject.getUserManager(); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + EnterpriseUserManager userManager = adminSubject.getUserManager(); return userManager.getAllUsernames().stream() .map( u -> new UserResult( u, userManager.getRoleNamesForUser( u ) ) ); } @@ -163,12 +136,8 @@ public Stream listUsers() throws IllegalCredentialsException, IOExce @Procedure( "dbms.listRoles" ) public Stream listRoles() throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - EnterpriseUserManager userManager = shiroSubject.getUserManager(); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + EnterpriseUserManager userManager = adminSubject.getUserManager(); return userManager.getAllRoleNames().stream() .map( r -> new RoleResult( r, userManager.getUsernamesForRole( r ) ) ); } @@ -178,12 +147,8 @@ public Stream listRoles() throws IllegalCredentialsException, IOExce public Stream listRolesForUser( @Name( "username" ) String username ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - return shiroSubject.getUserManager().getRoleNamesForUser( username ).stream().map( StringResult::new ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + return adminSubject.getUserManager().getRoleNamesForUser( username ).stream().map( StringResult::new ); } @PerformsDBMS @@ -191,12 +156,18 @@ public Stream listRolesForUser( @Name( "username" ) String usernam public Stream listUsersForRole( @Name( "roleName" ) String roleName ) throws IllegalCredentialsException, IOException { - ShiroAuthSubject shiroSubject = ShiroAuthSubject.castOrFail( authSubject ); - if ( !shiroSubject.isAdmin() ) - { - throw new AuthorizationViolationException( PERMISSION_DENIED ); - } - return shiroSubject.getUserManager().getUsernamesForRole( roleName ).stream().map( StringResult::new ); + EnterpriseAuthSubject adminSubject = ensureAdminAuthSubject(); + return adminSubject.getUserManager().getUsernamesForRole( roleName ).stream().map( StringResult::new ); + } + + private EnterpriseAuthSubject ensureAdminAuthSubject() + { + EnterpriseAuthSubject enterpriseAuthSubject = EnterpriseAuthSubject.castOrFail( authSubject ); + if ( !enterpriseAuthSubject.isAdmin() ) + { + throw new AuthorizationViolationException( PERMISSION_DENIED ); + } + return enterpriseAuthSubject; } public class StringResult { diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthSubject.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthSubject.java similarity index 74% rename from enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthSubject.java rename to enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthSubject.java index 7e48668454731..1a46dda782b6d 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthSubject.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthSubject.java @@ -19,8 +19,6 @@ */ package org.neo4j.server.security.enterprise.auth; -import org.apache.shiro.subject.Subject; - import java.io.IOException; import org.neo4j.kernel.api.security.AccessMode; @@ -28,46 +26,46 @@ import org.neo4j.kernel.api.security.AuthenticationResult; import org.neo4j.kernel.api.security.exception.IllegalCredentialsException; -public class ShiroAuthSubject implements AuthSubject +public class EnterpriseAuthSubject implements AuthSubject { static final String SCHEMA_READ_WRITE = "schema:read,write"; static final String READ_WRITE = "data:read,write"; static final String READ = "data:read"; private final EnterpriseAuthManager authManager; - private final ShiroSubject subject; + private final ShiroSubject shiroSubject; - public static ShiroAuthSubject castOrFail( AuthSubject authSubject ) + public static EnterpriseAuthSubject castOrFail( AuthSubject authSubject ) { - if ( !(authSubject instanceof ShiroAuthSubject) ) + if ( !(authSubject instanceof EnterpriseAuthSubject) ) { throw new IllegalArgumentException( "Incorrect AuthSubject type " + authSubject.getClass().getTypeName() ); } - return (ShiroAuthSubject) authSubject; + return (EnterpriseAuthSubject) authSubject; } - public ShiroAuthSubject( EnterpriseAuthManager authManager, ShiroSubject subject ) + public EnterpriseAuthSubject( EnterpriseAuthManager authManager, ShiroSubject shiroSubject ) { this.authManager = authManager; - this.subject = subject; + this.shiroSubject = shiroSubject; } @Override public void logout() { - subject.logout(); + shiroSubject.logout(); } @Override public AuthenticationResult getAuthenticationResult() { - return subject.getAuthenticationResult(); + return shiroSubject.getAuthenticationResult(); } @Override public void setPassword( String password ) throws IOException, IllegalCredentialsException { - authManager.getUserManager().setPassword( this, (String) subject.getPrincipal(), password ); + authManager.getUserManager().setPassword( this, (String) shiroSubject.getPrincipal(), password ); } public EnterpriseUserManager getUserManager() @@ -77,12 +75,12 @@ public EnterpriseUserManager getUserManager() public boolean isAdmin() { - return subject.isPermitted( "*" ); + return shiroSubject.isPermitted( "*" ); } public boolean doesUsernameMatch( String username ) { - Object principal = subject.getPrincipal(); + Object principal = shiroSubject.getPrincipal(); return principal != null && username.equals( principal ); } @@ -107,27 +105,27 @@ public boolean allowsSchemaWrites() @Override public String name() { - return subject.getPrincipal().toString(); + return shiroSubject.getPrincipal().toString(); } - Subject getSubject() + ShiroSubject getShiroSubject() { - return subject; + return shiroSubject; } private AccessMode.Static getAccessMode() { - if ( subject.isAuthenticated() ) + if ( shiroSubject.isAuthenticated() ) { - if ( subject.isPermitted( SCHEMA_READ_WRITE ) ) + if ( shiroSubject.isPermitted( SCHEMA_READ_WRITE ) ) { return AccessMode.Static.FULL; } - else if ( subject.isPermitted( READ_WRITE ) ) + else if ( shiroSubject.isPermitted( READ_WRITE ) ) { return AccessMode.Static.WRITE; } - else if ( subject.isPermitted( READ ) ) + else if ( shiroSubject.isPermitted( READ ) ) { return AccessMode.Static.READ; } diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java index 517e6b5373288..72274e7ad702f 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java @@ -257,9 +257,9 @@ int numberOfRoles() public void setPassword( AuthSubject authSubject, String username, String password ) throws IOException, IllegalCredentialsException { - ShiroAuthSubject shiroAuthSubject = ShiroAuthSubject.castOrFail( authSubject ); + EnterpriseAuthSubject enterpriseAuthSubject = EnterpriseAuthSubject.castOrFail( authSubject ); - if ( !shiroAuthSubject.doesUsernameMatch( username ) ) + if ( !enterpriseAuthSubject.doesUsernameMatch( username ) ) { throw new AuthorizationViolationException( "Invalid attempt to change the password for user " + username ); } diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java index f948d9d5c3cc0..25caa2e1b3d94 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java @@ -84,7 +84,7 @@ public AuthSubject login( Map authToken ) throws InvalidAuthToken subject = new ShiroSubject( securityManager, AuthenticationResult.FAILURE ); } - return new ShiroAuthSubject( this, subject ); + return new EnterpriseAuthSubject( this, subject ); } @Override diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java index d06720edee2e2..f91fc942137b3 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthManager.java @@ -149,7 +149,7 @@ public RoleRecord newRole( String roleName, String... users ) throws IOException } @Override - public ShiroAuthSubject login( Map authToken ) throws InvalidAuthTokenException + public EnterpriseAuthSubject login( Map authToken ) throws InvalidAuthTokenException { assertAuthEnabled(); @@ -190,7 +190,7 @@ public ShiroAuthSubject login( Map authToken ) throws InvalidAuth } authStrategy.updateWithAuthenticationResult( result, username ); } - return new ShiroAuthSubject( this, subject ); + return new EnterpriseAuthSubject( this, subject ); } @Override diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java index db13afe243ec1..1349985b22abc 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProcedureTestBase.java @@ -58,12 +58,12 @@ public class AuthProcedureTestBase { - protected ShiroAuthSubject adminSubject; - protected ShiroAuthSubject schemaSubject; - protected ShiroAuthSubject writeSubject; - protected ShiroAuthSubject readSubject; - protected ShiroAuthSubject pwdSubject; - protected ShiroAuthSubject noneSubject; + protected EnterpriseAuthSubject adminSubject; + protected EnterpriseAuthSubject schemaSubject; + protected EnterpriseAuthSubject writeSubject; + protected EnterpriseAuthSubject readSubject; + protected EnterpriseAuthSubject pwdSubject; + protected EnterpriseAuthSubject noneSubject; protected String[] initialUsers = { "adminSubject", "readSubject", "schemaSubject", "readWriteSubject", "pwdSubject", "noneSubject", "neo4j" }; @@ -294,13 +294,13 @@ protected void testCallFail( AuthSubject subject, String call, } } - protected void testUnAunthenticated( ShiroAuthSubject subject ) + protected void testUnAunthenticated( EnterpriseAuthSubject subject ) { //TODO: improve me to be less gullible! - assertFalse( subject.getSubject().isAuthenticated() ); + assertFalse( subject.getShiroSubject().isAuthenticated() ); } - protected void testUnAunthenticated( ShiroAuthSubject subject, String call ) + protected void testUnAunthenticated( EnterpriseAuthSubject subject, String call ) { //TODO: OMG improve thrown exception try diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java index 5471950053aec..09ebc926089aa 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresTest.java @@ -52,7 +52,7 @@ public void shouldChangeOwnPassword() throws Exception testCallEmpty( readSubject, "CALL dbms.changePassword( '321' )" ); testUnAunthenticated( readSubject ); - ShiroAuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); + EnterpriseAuthSubject subject = manager.login( authToken( "readSubject", "321" ) ); assertEquals( AuthenticationResult.SUCCESS, subject.getAuthenticationResult() ); } @@ -336,17 +336,17 @@ public void shouldFailToActivateYourself() throws Exception @Test public void shouldAddUserToRole() throws Exception { - assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role publisher", readSubject.getShiroSubject().hasRole( PUBLISHER ) ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); - assertTrue( "Should have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + assertTrue( "Should have role publisher", readSubject.getShiroSubject().hasRole( PUBLISHER ) ); } @Test public void shouldAddRetainUserInRole() throws Exception { - assertTrue( "Should have role reader", readSubject.getSubject().hasRole( READER ) ); + assertTrue( "Should have role reader", readSubject.getShiroSubject().hasRole( READER ) ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + READER + "')" ); - assertTrue( "Should have still have role reader", readSubject.getSubject().hasRole( READER ) ); + assertTrue( "Should have still have role reader", readSubject.getShiroSubject().hasRole( READER ) ); } @Test @@ -390,15 +390,15 @@ public void shouldFailToAddUserToRoleIfNotAdmin() throws Exception public void shouldRemoveUserFromRole() throws Exception { testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + READER + "')" ); - assertFalse( "Should not have role reader", readSubject.getSubject().hasRole( READER ) ); + assertFalse( "Should not have role reader", readSubject.getShiroSubject().hasRole( READER ) ); } @Test public void shouldKeepUserOutOfRole() throws Exception { - assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role publisher", readSubject.getShiroSubject().hasRole( PUBLISHER ) ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); - assertFalse( "Should not have role publisher", readSubject.getSubject().hasRole( PUBLISHER ) ); + assertFalse( "Should not have role publisher", readSubject.getShiroSubject().hasRole( PUBLISHER ) ); } @Test @@ -452,22 +452,22 @@ public void shouldFailToRemoveYourselfFromAdminRole() throws Exception public void shouldAllowAddingAndRemovingUserFromMultipleRoles() throws Exception { assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + EnterpriseAuthSubject.castOrFail( readSubject ).getShiroSubject().hasRole( PUBLISHER ) ); assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + EnterpriseAuthSubject.castOrFail( readSubject ).getShiroSubject().hasRole( ARCHITECT ) ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + PUBLISHER + "')" ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('readSubject', '" + ARCHITECT + "')" ); assertTrue( "Should have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + EnterpriseAuthSubject.castOrFail( readSubject ).getShiroSubject().hasRole( PUBLISHER ) ); assertTrue( "Should have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + EnterpriseAuthSubject.castOrFail( readSubject ).getShiroSubject().hasRole( ARCHITECT ) ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + PUBLISHER + "')" ); testCallEmpty( adminSubject, "CALL dbms.removeUserFromRole('readSubject', '" + ARCHITECT + "')" ); assertFalse( "Should not have role publisher", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( PUBLISHER ) ); + EnterpriseAuthSubject.castOrFail( readSubject ).getShiroSubject().hasRole( PUBLISHER ) ); assertFalse( "Should not have role architect", - ShiroAuthSubject.castOrFail( readSubject ).getSubject().hasRole( ARCHITECT ) ); + EnterpriseAuthSubject.castOrFail( readSubject ).getShiroSubject().hasRole( ARCHITECT ) ); } //---------- list users ----------- @@ -661,7 +661,7 @@ public void shouldSetCorrectPasswordChangeRequiredPermissions() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Henrik', 'bar', true)" ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Henrik', '" + ARCHITECT + "')" ); - ShiroAuthSubject henrik = manager.login( authToken( "Henrik", "bar" ) ); + EnterpriseAuthSubject henrik = manager.login( authToken( "Henrik", "bar" ) ); assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, henrik.getAuthenticationResult() ); testFailRead( henrik, 3 ); testFailWrite( henrik ); @@ -670,7 +670,7 @@ public void shouldSetCorrectPasswordChangeRequiredPermissions() throws Exception testCallEmpty( adminSubject, "CALL dbms.createUser('Olivia', 'bar', true)" ); testCallEmpty( adminSubject, "CALL dbms.addUserToRole('Olivia', '" + ADMIN + "')" ); - ShiroAuthSubject olivia = manager.login( authToken( "Olivia", "bar" ) ); + EnterpriseAuthSubject olivia = manager.login( authToken( "Olivia", "bar" ) ); assertEquals( AuthenticationResult.PASSWORD_CHANGE_REQUIRED, olivia.getAuthenticationResult() ); testFailRead( olivia, 3 ); testFailWrite( olivia );