Create all security in security module

community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthManager.java

@@ -19,33 +19,16 @@
  */
 package org.neo4j.kernel.api.security;
 
-import org.neo4j.helpers.Service;
-import org.neo4j.io.fs.FileSystemAbstraction;
+import java.util.Map;
+
 import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
-import org.neo4j.kernel.configuration.Config;
-import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.kernel.lifecycle.Lifecycle;
-import org.neo4j.logging.Log;
-import org.neo4j.logging.LogProvider;
-
-import java.util.Map;
 
 /**
  * An AuthManager is used to do basic authentication and user management.
  */
 public interface AuthManager extends Lifecycle
 {
-    abstract class Factory extends Service
-    {
-        public Factory( String key, String... altKeys )
-        {
-            super( key, altKeys );
-        }
-
-        public abstract AuthManager newInstance( Config config, LogProvider logProvider, Log log,
-                FileSystemAbstraction fileSystem, JobScheduler jobScheduler );
-    }
-
     /**
      * Log in using the provided authentication token
      * @param authToken The authentication token to login with. Typically contains principals and credentials.

community/security/src/main/java/org/neo4j/server/security/auth/AuthProceduresProvider.java → community/kernel/src/main/java/org/neo4j/kernel/api/security/SecurityModule.java

@@ -17,24 +17,21 @@
  * You should have received a copy of the GNU General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
-package org.neo4j.server.security.auth;
+package org.neo4j.kernel.api.security;
 
 import org.neo4j.helpers.Service;
 import org.neo4j.kernel.api.exceptions.KernelException;
-import org.neo4j.kernel.impl.factory.ProceduresProvider;
+import org.neo4j.kernel.impl.factory.PlatformModule;
 import org.neo4j.kernel.impl.proc.Procedures;
 
-@Service.Implementation( ProceduresProvider.class )
-public class AuthProceduresProvider extends ProceduresProvider
+public abstract class SecurityModule extends Service
 {
-    public AuthProceduresProvider()
+    public SecurityModule( String key, String... altKeys )
     {
-        super( "auth-procedures-provider" );
+        super( key, altKeys );
     }
 
-    @Override
-    public void registerProcedures( Procedures procedures ) throws KernelException
-    {
-        procedures.registerProcedure( AuthProcedures.class );
-    }
+    public abstract void setup( PlatformModule platformModule, Procedures procedures ) throws KernelException;
+
+    public abstract void setupAuthDisabled( PlatformModule platformModule, Procedures procedures ) throws KernelException;
 }

community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java

@@ -105,11 +105,6 @@ public CommunityEditionModule( PlatformModule platformModule )
         dependencies.satisfyDependency(
                 createKernelData( fileSystem, pageCache, storeDir, config, graphDatabaseFacade, life ) );
 
-        createAuthManagerLog( config, logging, platformModule.fileSystem, platformModule.jobScheduler );
-
-        life.add( dependencies.satisfyDependency( createAuthManager( config, logging,
-                platformModule.fileSystem, platformModule.jobScheduler ) ) );
-
         commitProcessFactory = new CommunityCommitProcessFactory();
 
         headerInformationFactory = createHeaderInformationFactory();
@@ -133,12 +128,6 @@ public CommunityEditionModule( PlatformModule platformModule )
         dependencies.satisfyDependency( createSessionTracker() );
     }
 
-    protected void createAuthManagerLog( Config config, LogService logging, FileSystemAbstraction fileSystem, JobScheduler
-            jobScheduler )
-    {
-        // no auth manager log in community
-    }
-
     protected IdTypeConfigurationProvider createIdTypeConfigurationProvider( Config config )
     {
         return new CommunityIdTypeConfigurationProvider();
@@ -271,4 +260,10 @@ protected void doAfterRecoveryAndStartup( DatabaseInfo databaseInfo, DependencyR
         new RemoveOrphanConstraintIndexesOnStartup( dependencyResolver.resolveDependency( NeoStoreDataSource.class )
                 .getKernel(), dependencyResolver.resolveDependency( LogService.class ).getInternalLogProvider() ).perform();
     }
+
+    @Override
+    public void setupSecurityModule( PlatformModule platformModule, Procedures procedures )
+    {
+        setupSecurityModule( platformModule, procedures, "community-security-module" );
+    }
 }

community/kernel/src/main/java/org/neo4j/kernel/impl/factory/DataSourceModule.java

@@ -174,6 +174,8 @@ public DataSourceModule( final PlatformModule platformModule, EditionModule edit
 
         deps.satisfyDependency( new NonTransactionalDbmsOperations( procedures ) );
 
+        editionModule.setupSecurityModule( platformModule, procedures );
+
         NonTransactionalTokenNameLookup tokenNameLookup = new NonTransactionalTokenNameLookup(
                 editionModule.labelTokenHolder,
                 editionModule.relationshipTypeTokenHolder,

community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java

@@ -19,21 +19,14 @@
  */
 package org.neo4j.kernel.impl.factory;
 
-import java.util.List;
-import java.util.ArrayList;
-import java.util.stream.StreamSupport;
-
 import org.neo4j.graphdb.DependencyResolver;
 import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.helpers.Service;
-import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.io.pagecache.IOLimiter;
 import org.neo4j.kernel.NeoStoreDataSource;
 import org.neo4j.kernel.api.bolt.BoltConnectionTracker;
 import org.neo4j.kernel.api.exceptions.KernelException;
-import org.neo4j.kernel.api.exceptions.ProcedureException;
-import org.neo4j.kernel.api.exceptions.Status;
-import org.neo4j.kernel.api.security.AuthManager;
+import org.neo4j.kernel.api.security.SecurityModule;
 import org.neo4j.kernel.configuration.Config;
 import org.neo4j.kernel.impl.api.CommitProcessFactory;
 import org.neo4j.kernel.impl.api.SchemaWriteGuard;
@@ -45,17 +38,13 @@
 import org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.Configuration;
 import org.neo4j.kernel.impl.locking.Locks;
 import org.neo4j.kernel.impl.locking.StatementLocksFactory;
-import org.neo4j.kernel.impl.logging.LogService;
 import org.neo4j.kernel.impl.proc.Procedures;
 import org.neo4j.kernel.impl.store.id.IdGeneratorFactory;
 import org.neo4j.kernel.impl.store.id.IdReuseEligibility;
 import org.neo4j.kernel.impl.store.id.configuration.IdTypeConfigurationProvider;
 import org.neo4j.kernel.impl.transaction.TransactionHeaderInformationFactory;
-import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.kernel.info.DiagnosticsManager;
 import org.neo4j.kernel.internal.KernelDiagnostics;
-import org.neo4j.logging.Log;
-import org.neo4j.logging.NullLog;
 import org.neo4j.udc.UsageData;
 import org.neo4j.udc.UsageDataKeys;
 
@@ -69,22 +58,13 @@ public abstract class EditionModule
 {
     public void registerProcedures( Procedures procedures ) throws KernelException
     {
-        // hack to force IBM JDK 8 to load all classes before reflective procedure compilation
-        Service.load( ProceduresProvider.class );
-
         procedures.registerProcedure( org.neo4j.kernel.builtinprocs.BuiltInProcedures.class );
-        registerProceduresFromProvider( "auth-procedures-provider", procedures );
 
         registerEditionSpecificProcedures( procedures );
     }
 
     protected abstract void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException;
 
-    protected Log authManagerLog()
-    {
-        return NullLog.getInstance();
-    }
-
     public IdGeneratorFactory idGeneratorFactory;
     public IdTypeConfigurationProvider idTypeConfigurationProvider;
 
@@ -134,87 +114,36 @@ protected void publishEditionInfo( UsageData sysInfo, DatabaseInfo databaseInfo,
         config.augment( singletonMap( Configuration.editionName.name(), databaseInfo.edition.toString() ) );
     }
 
-    public AuthManager createAuthManager( Config config, LogService logging,
-            FileSystemAbstraction fileSystem, JobScheduler jobScheduler )
-    {
-        boolean authEnabled = config.get( GraphDatabaseSettings.auth_enabled );
-        if ( !authEnabled )
-        {
-            return getAuthDisabledAuthManager();
-        }
-
-        String configuredKey = config.get( GraphDatabaseSettings.auth_manager );
-        List<AuthManager.Factory> wantedAuthManagerFactories = new ArrayList<>();
-        List<AuthManager.Factory> backupAuthManagerFactories = new ArrayList<>();
-
-        for ( AuthManager.Factory candidate : Service.load( AuthManager.Factory.class ) )
-        {
-            if ( StreamSupport.stream( candidate.getKeys().spliterator(), false ).anyMatch( configuredKey::equals ) )
-            {
-                wantedAuthManagerFactories.add( candidate );
-            }
-            else
-            {
-                backupAuthManagerFactories.add( candidate );
-            }
-        }
-
-        AuthManager authManager = tryMakeInOrder( config, logging, fileSystem, jobScheduler, wantedAuthManagerFactories );
-
-        if ( authManager == null )
-        {
-            authManager = tryMakeInOrder( config, logging, fileSystem, jobScheduler, backupAuthManagerFactories );
-        }
-
-        if ( authManager == null )
-        {
-            logging.getUserLog( GraphDatabaseFacadeFactory.class )
-                    .error( "No auth manager implementation specified and no default could be loaded. " +
-                            "It is an illegal product configuration to have auth enabled and not provide an " +
-                            "auth manager service." );
-            throw new IllegalArgumentException(
-                    "Auth enabled but no auth manager found. This is an illegal product configuration." );
-        }
-
-        return authManager;
-    }
-
-    protected AuthManager getAuthDisabledAuthManager()
-    {
-        return AuthManager.NO_AUTH;
-    }
+    public abstract void setupSecurityModule( PlatformModule platformModule, Procedures procedures );
 
-    private AuthManager tryMakeInOrder( Config config, LogService logging, FileSystemAbstraction fileSystem,
-            JobScheduler jobScheduler, List<AuthManager.Factory> authManagerFactories  )
+    protected void setupSecurityModule( PlatformModule platformModule, Procedures procedures, String key )
     {
-        for ( AuthManager.Factory x : authManagerFactories )
-        {
-            try
-            {
-                return x.newInstance( config, logging.getUserLogProvider(), authManagerLog(),
-                        fileSystem, jobScheduler );
-            }
-            catch ( Exception e )
-            {
-                logging.getInternalLog( GraphDatabaseFacadeFactory.class )
-                        .warn( "Attempted to load configured auth manager with keys '%s', but failed",
-                                String.join( ", ", x.getKeys() ), e );
-            }
-        }
-        return null;
-    }
+        boolean authEnabled = platformModule.config.get( GraphDatabaseSettings.auth_enabled );
 
-    protected void registerProceduresFromProvider( String key, Procedures procedures ) throws KernelException
-    {
-        for ( ProceduresProvider candidate : Service.load( ProceduresProvider.class ) )
+        for ( SecurityModule candidate : Service.load( SecurityModule.class ) )
         {
             if ( candidate.matches( key ) )
             {
-                candidate.registerProcedures( procedures );
-                return;
+                try
+                {
+                    if ( !authEnabled )
+                    {
+                        candidate.setupAuthDisabled( platformModule, procedures );
+                        return;
+                    }
+                    else
+                    {
+                        candidate.setup( platformModule, procedures );
+                        return;
+                    }
+                }
+                catch ( KernelException e )
+                {
+                    throw new RuntimeException( "Failed to load security module.", e );
+                }
             }
         }
-        throw new ProcedureException( Status.Procedure.ProcedureRegistrationFailed, "No procedure provider found with the key '" + key + "'." );
+        throw new RuntimeException( "Failed to load security module with key '" + key + "'." );
     }
 
     protected BoltConnectionTracker createSessionTracker()

community/kernel/src/test/java/org/neo4j/kernel/impl/api/integrationtest/KernelIntegrationTest.java

@@ -142,10 +142,15 @@ protected void startDb()
 
     protected GraphDatabaseService createGraphDatabase( EphemeralFileSystemAbstraction fs )
     {
-        TestGraphDatabaseBuilder graphDatabaseFactory = (TestGraphDatabaseBuilder) new TestGraphDatabaseFactory()
+        TestGraphDatabaseBuilder graphDatabaseBuilder = (TestGraphDatabaseBuilder) new TestGraphDatabaseFactory()
                 .setFileSystem( fs )
                 .newImpermanentDatabaseBuilder();
-        return graphDatabaseFactory.newGraphDatabase();
+        return configure( graphDatabaseBuilder ).newGraphDatabase();
+    }
+
+    protected TestGraphDatabaseBuilder configure( TestGraphDatabaseBuilder graphDatabaseBuilder )
+    {
+        return graphDatabaseBuilder;
     }
 
     protected void dbWithNoCache() throws TransactionFailureException