diff --git a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AccessMode.java b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AccessMode.java index ac8ee09dc050..26df98e1c2ad 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AccessMode.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AccessMode.java @@ -53,12 +53,6 @@ public boolean overrideOriginalMode() { return false; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** No reading or writing allowed because of expired credentials. */ @@ -132,12 +126,6 @@ public boolean overrideOriginalMode() { return false; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** Allows writing data */ @@ -166,12 +154,6 @@ public boolean overrideOriginalMode() { return false; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** Allows reading and writing data, but not schema. */ @@ -200,12 +182,6 @@ public boolean overrideOriginalMode() { return false; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** Allows all operations. */ @@ -234,12 +210,6 @@ public boolean overrideOriginalMode() { return false; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** Allows reading data and schema, but not writing. @@ -272,12 +242,6 @@ public boolean overrideOriginalMode() { return true; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** @@ -311,12 +275,6 @@ public boolean overrideOriginalMode() { return true; } - - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } }, /** @@ -350,15 +308,20 @@ public boolean overrideOriginalMode() { return true; } + }; - @Override - public AuthorizationViolationException onViolation( String msg ) - { - return new AuthorizationViolationException( msg ); - } - }, + @Override + public AuthorizationViolationException onViolation( String msg ) + { + return new AuthorizationViolationException( msg ); + } + @Override + public AccessMode getSnapshot() + { + return this; } + } boolean allowsReads(); boolean allowsWrites(); @@ -376,4 +339,6 @@ default AccessMode getOriginalAccessMode() { return this; } + + AccessMode getSnapshot(); } diff --git a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthSubject.java b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthSubject.java index f631601fe582..347857b08641 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthSubject.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthSubject.java @@ -23,6 +23,7 @@ import org.neo4j.graphdb.security.AuthorizationViolationException; import org.neo4j.kernel.api.exceptions.InvalidArgumentsException; +import org.neo4j.kernel.impl.api.security.AccessModeSnapshot; public interface AuthSubject extends AccessMode { @@ -54,12 +55,6 @@ public interface AuthSubject extends AccessMode */ boolean allowsProcedureWith( String[] roleNames ) throws InvalidArgumentsException; - /** - * @return A string representing the primary principal of this subject - */ - @Override - String username(); - /** * @param username a username * @return true if the provided username is the underlying user name of this subject @@ -76,11 +71,17 @@ default void ensureUserExistsWithName( String username ) throws InvalidArguments throw new InvalidArgumentsException( "User '" + username + "' does not exit." ); } - abstract class AccessModeAdapter implements AuthSubject + @Override + default AccessMode getSnapshot() + { + return AccessModeSnapshot.createAccessModeSnapshot( this ); + } + + abstract class StaticAccessModeAdapter implements AuthSubject { private final AccessMode accessMode; - public AccessModeAdapter( AccessMode accessMode ) + public StaticAccessModeAdapter( AccessMode.Static accessMode ) { this.accessMode = accessMode; } @@ -125,7 +126,7 @@ public String name() /** * Implementation to use when authentication has not yet been performed. Allows nothing. */ - AuthSubject ANONYMOUS = new AuthSubject.AccessModeAdapter( Static.NONE ) + AuthSubject ANONYMOUS = new StaticAccessModeAdapter( Static.NONE ) { @Override public void logout() @@ -167,18 +168,12 @@ public String name() { return ""; } - - @Override - public String username() - { - return ""; // Should never clash with a valid username - } }; /** * Implementation to use when authentication is disabled. Allows everything. */ - AuthSubject AUTH_DISABLED = new AuthSubject.AccessModeAdapter( Static.FULL ) + AuthSubject AUTH_DISABLED = new StaticAccessModeAdapter( Static.FULL ) { @Override public String name() @@ -186,12 +181,6 @@ public String name() return ""; } - @Override - public String username() - { - return ""; // Should never clash with a valid username - } - @Override public void logout() { diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/api/KernelTransactionImplementation.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/api/KernelTransactionImplementation.java index 9c626a13e325..a4d70e086609 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/api/KernelTransactionImplementation.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/api/KernelTransactionImplementation.java @@ -231,7 +231,7 @@ public KernelTransactionImplementation initialize( this.lastTransactionTimestampWhenStarted = lastTimeStamp; this.transactionEvent = tracer.beginTransaction(); assert transactionEvent != null : "transactionEvent was null!"; - this.accessMode = AccessModeSnapshot.createAccessModeSnapshot( accessMode ); + this.accessMode = accessMode.getSnapshot(); this.transactionId = NOT_COMMITTED_TRANSACTION_ID; this.commitTime = NOT_COMMITTED_TRANSACTION_COMMIT_TIME; this.currentTransactionOperations = timeoutMillis > 0 ? operationContainer.guardedParts() : operationContainer.nonGuarderParts(); diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/AccessModeSnapshot.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/AccessModeSnapshot.java index 137ad10480fe..a4aa892fb534 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/AccessModeSnapshot.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/AccessModeSnapshot.java @@ -102,4 +102,10 @@ public AccessMode getOriginalAccessMode() { return originalMode.getOriginalAccessMode(); } + + @Override + public AccessMode getSnapshot() + { + return this; + } } diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/OverriddenAccessMode.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/OverriddenAccessMode.java index 6633e04b3db7..546c141328a1 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/OverriddenAccessMode.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/api/security/OverriddenAccessMode.java @@ -91,4 +91,9 @@ public AccessMode getOriginalAccessMode() return originalMode.getOriginalAccessMode(); } + @Override + public AccessMode getSnapshot() + { + return AccessModeSnapshot.createAccessModeSnapshot( this ); + } }