From bdce2b94989f131dd4f1f00947b8379bffcc91cd Mon Sep 17 00:00:00 2001 From: Olivia Ytterbrink Date: Thu, 29 Sep 2016 15:40:14 +0200 Subject: [PATCH] Create all security in security module --- .../kernel/api/security/AuthManager.java | 21 +--- .../kernel/api/security/SecurityModule.java} | 19 ++- .../impl/factory/CommunityEditionModule.java | 17 +-- .../kernel/impl/factory/DataSourceModule.java | 2 + .../kernel/impl/factory/EditionModule.java | 117 ++++-------------- .../impl/factory/ProceduresProvider.java | 42 ------- .../KernelIntegrationTest.java | 9 +- .../impl/factory/EditionModuleTest.java | 52 ++++---- .../admin/security/UsersCommand.java | 4 +- .../server/security/auth/AuthProcedures.java | 6 +- .../security/auth/BasicAuthManager.java | 6 + ...tory.java => CommunitySecurityModule.java} | 74 +++++------ .../security/auth/UserManagerSupplier.java | 4 + ...4j.kernel.api.security.AuthManager$Factory | 1 - ...g.neo4j.kernel.api.security.SecurityModule | 1 + ...o4j.kernel.impl.factory.ProceduresProvider | 1 - .../security/SetPasswordCommandTest.java | 4 +- .../security/auth/AuthProceduresTest.java | 70 ++++++----- .../security/auth/BasicAuthManagerTest.java | 10 +- .../core/EnterpriseCoreEditionModule.java | 27 +--- .../edge/EnterpriseEdgeEditionModule.java | 28 +---- .../factory/HighlyAvailableEditionModule.java | 26 +--- .../enterprise/EnterpriseEditionModule.java | 25 +--- .../auth/EnterpriseAuthAndUserManager.java | 4 + .../EnterpriseAuthProceduresProvider.java | 40 ------ ...ory.java => EnterpriseSecurityModule.java} | 76 ++++++++---- .../auth/MultiRealmAuthManager.java | 7 ++ ...4j.kernel.api.security.AuthManager$Factory | 1 - ...g.neo4j.kernel.api.security.SecurityModule | 1 + ...o4j.kernel.impl.factory.ProceduresProvider | 1 - ...java => EnterpriseSecurityModuleTest.java} | 8 +- .../auth/InternalFlatFileRealmIT.java | 4 +- .../auth/MultiRealmAuthManagerTest.java | 12 +- 33 files changed, 254 insertions(+), 466 deletions(-) rename community/{security/src/main/java/org/neo4j/server/security/auth/AuthProceduresProvider.java => kernel/src/main/java/org/neo4j/kernel/api/security/SecurityModule.java} (66%) delete mode 100644 community/kernel/src/main/java/org/neo4j/kernel/impl/factory/ProceduresProvider.java rename community/security/src/main/java/org/neo4j/server/security/auth/{BasicAuthManagerFactory.java => CommunitySecurityModule.java} (70%) delete mode 100644 community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory create mode 100644 community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule delete mode 100644 community/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider delete mode 100644 enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthProceduresProvider.java rename enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/{EnterpriseAuthManagerFactory.java => EnterpriseSecurityModule.java} (75%) delete mode 100644 enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory create mode 100644 enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule delete mode 100644 enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider rename enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/{EnterpriseAuthManagerFactoryTest.java => EnterpriseSecurityModuleTest.java} (92%) diff --git a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthManager.java b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthManager.java index 449c7201a1c8..d3b71e351a3d 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthManager.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthManager.java @@ -19,33 +19,16 @@ */ package org.neo4j.kernel.api.security; -import org.neo4j.helpers.Service; -import org.neo4j.io.fs.FileSystemAbstraction; +import java.util.Map; + import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException; -import org.neo4j.kernel.configuration.Config; -import org.neo4j.kernel.impl.util.JobScheduler; import org.neo4j.kernel.lifecycle.Lifecycle; -import org.neo4j.logging.Log; -import org.neo4j.logging.LogProvider; - -import java.util.Map; /** * An AuthManager is used to do basic authentication and user management. */ public interface AuthManager extends Lifecycle { - abstract class Factory extends Service - { - public Factory( String key, String... altKeys ) - { - super( key, altKeys ); - } - - public abstract AuthManager newInstance( Config config, LogProvider logProvider, Log log, - FileSystemAbstraction fileSystem, JobScheduler jobScheduler ); - } - /** * Log in using the provided authentication token * @param authToken The authentication token to login with. Typically contains principals and credentials. diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/AuthProceduresProvider.java b/community/kernel/src/main/java/org/neo4j/kernel/api/security/SecurityModule.java similarity index 66% rename from community/security/src/main/java/org/neo4j/server/security/auth/AuthProceduresProvider.java rename to community/kernel/src/main/java/org/neo4j/kernel/api/security/SecurityModule.java index 38abfcba6afd..754e48c0cd37 100644 --- a/community/security/src/main/java/org/neo4j/server/security/auth/AuthProceduresProvider.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/api/security/SecurityModule.java @@ -17,24 +17,21 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ -package org.neo4j.server.security.auth; +package org.neo4j.kernel.api.security; import org.neo4j.helpers.Service; import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.impl.factory.ProceduresProvider; +import org.neo4j.kernel.impl.factory.PlatformModule; import org.neo4j.kernel.impl.proc.Procedures; -@Service.Implementation( ProceduresProvider.class ) -public class AuthProceduresProvider extends ProceduresProvider +public abstract class SecurityModule extends Service { - public AuthProceduresProvider() + public SecurityModule( String key, String... altKeys ) { - super( "auth-procedures-provider" ); + super( key, altKeys ); } - @Override - public void registerProcedures( Procedures procedures ) throws KernelException - { - procedures.registerProcedure( AuthProcedures.class ); - } + public abstract void setup( PlatformModule platformModule, Procedures procedures ) throws KernelException; + + public abstract void setupAuthDisabled( PlatformModule platformModule, Procedures procedures ) throws KernelException; } diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java index 9b8feadcb9aa..ca93559d22ca 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java @@ -105,11 +105,6 @@ public CommunityEditionModule( PlatformModule platformModule ) dependencies.satisfyDependency( createKernelData( fileSystem, pageCache, storeDir, config, graphDatabaseFacade, life ) ); - createAuthManagerLog( config, logging, platformModule.fileSystem, platformModule.jobScheduler ); - - life.add( dependencies.satisfyDependency( createAuthManager( config, logging, - platformModule.fileSystem, platformModule.jobScheduler ) ) ); - commitProcessFactory = new CommunityCommitProcessFactory(); headerInformationFactory = createHeaderInformationFactory(); @@ -133,12 +128,6 @@ public CommunityEditionModule( PlatformModule platformModule ) dependencies.satisfyDependency( createSessionTracker() ); } - protected void createAuthManagerLog( Config config, LogService logging, FileSystemAbstraction fileSystem, JobScheduler - jobScheduler ) - { - // no auth manager log in community - } - protected IdTypeConfigurationProvider createIdTypeConfigurationProvider( Config config ) { return new CommunityIdTypeConfigurationProvider(); @@ -271,4 +260,10 @@ protected void doAfterRecoveryAndStartup( DatabaseInfo databaseInfo, DependencyR new RemoveOrphanConstraintIndexesOnStartup( dependencyResolver.resolveDependency( NeoStoreDataSource.class ) .getKernel(), dependencyResolver.resolveDependency( LogService.class ).getInternalLogProvider() ).perform(); } + + @Override + public void setupSecurityModule( PlatformModule platformModule, Procedures procedures ) + { + setupSecurityModule( platformModule, procedures, "community-security-module" ); + } } diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/DataSourceModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/DataSourceModule.java index 746a87ae125a..cd5477d30aa6 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/DataSourceModule.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/DataSourceModule.java @@ -174,6 +174,8 @@ public DataSourceModule( final PlatformModule platformModule, EditionModule edit deps.satisfyDependency( new NonTransactionalDbmsOperations( procedures ) ); + editionModule.setupSecurityModule( platformModule, procedures ); + NonTransactionalTokenNameLookup tokenNameLookup = new NonTransactionalTokenNameLookup( editionModule.labelTokenHolder, editionModule.relationshipTypeTokenHolder, diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java index ba0faf0af590..ac52e6e631ee 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java @@ -19,21 +19,14 @@ */ package org.neo4j.kernel.impl.factory; -import java.util.List; -import java.util.ArrayList; -import java.util.stream.StreamSupport; - import org.neo4j.graphdb.DependencyResolver; import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.helpers.Service; -import org.neo4j.io.fs.FileSystemAbstraction; import org.neo4j.io.pagecache.IOLimiter; import org.neo4j.kernel.NeoStoreDataSource; import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.api.exceptions.ProcedureException; -import org.neo4j.kernel.api.exceptions.Status; -import org.neo4j.kernel.api.security.AuthManager; +import org.neo4j.kernel.api.security.SecurityModule; import org.neo4j.kernel.configuration.Config; import org.neo4j.kernel.impl.api.CommitProcessFactory; import org.neo4j.kernel.impl.api.SchemaWriteGuard; @@ -45,17 +38,13 @@ import org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.Configuration; import org.neo4j.kernel.impl.locking.Locks; import org.neo4j.kernel.impl.locking.StatementLocksFactory; -import org.neo4j.kernel.impl.logging.LogService; import org.neo4j.kernel.impl.proc.Procedures; import org.neo4j.kernel.impl.store.id.IdGeneratorFactory; import org.neo4j.kernel.impl.store.id.IdReuseEligibility; import org.neo4j.kernel.impl.store.id.configuration.IdTypeConfigurationProvider; import org.neo4j.kernel.impl.transaction.TransactionHeaderInformationFactory; -import org.neo4j.kernel.impl.util.JobScheduler; import org.neo4j.kernel.info.DiagnosticsManager; import org.neo4j.kernel.internal.KernelDiagnostics; -import org.neo4j.logging.Log; -import org.neo4j.logging.NullLog; import org.neo4j.udc.UsageData; import org.neo4j.udc.UsageDataKeys; @@ -69,22 +58,13 @@ public abstract class EditionModule { public void registerProcedures( Procedures procedures ) throws KernelException { - // hack to force IBM JDK 8 to load all classes before reflective procedure compilation - Service.load( ProceduresProvider.class ); - procedures.registerProcedure( org.neo4j.kernel.builtinprocs.BuiltInProcedures.class ); - registerProceduresFromProvider( "auth-procedures-provider", procedures ); registerEditionSpecificProcedures( procedures ); } protected abstract void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException; - protected Log authManagerLog() - { - return NullLog.getInstance(); - } - public IdGeneratorFactory idGeneratorFactory; public IdTypeConfigurationProvider idTypeConfigurationProvider; @@ -134,87 +114,36 @@ protected void publishEditionInfo( UsageData sysInfo, DatabaseInfo databaseInfo, config.augment( singletonMap( Configuration.editionName.name(), databaseInfo.edition.toString() ) ); } - public AuthManager createAuthManager( Config config, LogService logging, - FileSystemAbstraction fileSystem, JobScheduler jobScheduler ) - { - boolean authEnabled = config.get( GraphDatabaseSettings.auth_enabled ); - if ( !authEnabled ) - { - return getAuthDisabledAuthManager(); - } - - String configuredKey = config.get( GraphDatabaseSettings.auth_manager ); - List wantedAuthManagerFactories = new ArrayList<>(); - List backupAuthManagerFactories = new ArrayList<>(); - - for ( AuthManager.Factory candidate : Service.load( AuthManager.Factory.class ) ) - { - if ( StreamSupport.stream( candidate.getKeys().spliterator(), false ).anyMatch( configuredKey::equals ) ) - { - wantedAuthManagerFactories.add( candidate ); - } - else - { - backupAuthManagerFactories.add( candidate ); - } - } - - AuthManager authManager = tryMakeInOrder( config, logging, fileSystem, jobScheduler, wantedAuthManagerFactories ); - - if ( authManager == null ) - { - authManager = tryMakeInOrder( config, logging, fileSystem, jobScheduler, backupAuthManagerFactories ); - } - - if ( authManager == null ) - { - logging.getUserLog( GraphDatabaseFacadeFactory.class ) - .error( "No auth manager implementation specified and no default could be loaded. " + - "It is an illegal product configuration to have auth enabled and not provide an " + - "auth manager service." ); - throw new IllegalArgumentException( - "Auth enabled but no auth manager found. This is an illegal product configuration." ); - } - - return authManager; - } - - protected AuthManager getAuthDisabledAuthManager() - { - return AuthManager.NO_AUTH; - } + public abstract void setupSecurityModule( PlatformModule platformModule, Procedures procedures ); - private AuthManager tryMakeInOrder( Config config, LogService logging, FileSystemAbstraction fileSystem, - JobScheduler jobScheduler, List authManagerFactories ) + protected void setupSecurityModule( PlatformModule platformModule, Procedures procedures, String key ) { - for ( AuthManager.Factory x : authManagerFactories ) - { - try - { - return x.newInstance( config, logging.getUserLogProvider(), authManagerLog(), - fileSystem, jobScheduler ); - } - catch ( Exception e ) - { - logging.getInternalLog( GraphDatabaseFacadeFactory.class ) - .warn( "Attempted to load configured auth manager with keys '%s', but failed", - String.join( ", ", x.getKeys() ), e ); - } - } - return null; - } + boolean authEnabled = platformModule.config.get( GraphDatabaseSettings.auth_enabled ); - protected void registerProceduresFromProvider( String key, Procedures procedures ) throws KernelException - { - for ( ProceduresProvider candidate : Service.load( ProceduresProvider.class ) ) + for ( SecurityModule candidate : Service.load( SecurityModule.class ) ) { if ( candidate.matches( key ) ) { - candidate.registerProcedures( procedures ); - return; + try + { + if ( !authEnabled ) + { + candidate.setupAuthDisabled( platformModule, procedures ); + return; + } + else + { + candidate.setup( platformModule, procedures ); + return; + } + } + catch ( KernelException e ) + { + throw new RuntimeException( "Failed to load security module.", e ); + } } } - throw new ProcedureException( Status.Procedure.ProcedureRegistrationFailed, "No procedure provider found with the key '" + key + "'." ); + throw new RuntimeException( "Failed to load security module with key '" + key + "'." ); } protected BoltConnectionTracker createSessionTracker() diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/ProceduresProvider.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/ProceduresProvider.java deleted file mode 100644 index 626e8d1b23c7..000000000000 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/ProceduresProvider.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (c) 2002-2016 "Neo Technology," - * Network Engine for Objects in Lund AB [http://neotechnology.com] - * - * This file is part of Neo4j. - * - * Neo4j is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - */ -package org.neo4j.kernel.impl.factory; - -import org.neo4j.helpers.Service; -import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.impl.proc.Procedures; - - -public abstract class ProceduresProvider extends Service -{ - /** - * Create a new instance of a service implementation identified with the - * specified key(s). - * - * @param key the main key for identifying this service implementation - * @param altKeys alternative spellings of the identifier of this service - */ - protected ProceduresProvider( String key, String... altKeys ) - { - super( key, altKeys ); - } - - public abstract void registerProcedures( Procedures procedures ) throws KernelException; -} diff --git a/community/kernel/src/test/java/org/neo4j/kernel/impl/api/integrationtest/KernelIntegrationTest.java b/community/kernel/src/test/java/org/neo4j/kernel/impl/api/integrationtest/KernelIntegrationTest.java index 7ab4b8dbfdf5..fcf80d3b553f 100644 --- a/community/kernel/src/test/java/org/neo4j/kernel/impl/api/integrationtest/KernelIntegrationTest.java +++ b/community/kernel/src/test/java/org/neo4j/kernel/impl/api/integrationtest/KernelIntegrationTest.java @@ -142,10 +142,15 @@ protected void startDb() protected GraphDatabaseService createGraphDatabase( EphemeralFileSystemAbstraction fs ) { - TestGraphDatabaseBuilder graphDatabaseFactory = (TestGraphDatabaseBuilder) new TestGraphDatabaseFactory() + TestGraphDatabaseBuilder graphDatabaseBuilder = (TestGraphDatabaseBuilder) new TestGraphDatabaseFactory() .setFileSystem( fs ) .newImpermanentDatabaseBuilder(); - return graphDatabaseFactory.newGraphDatabase(); + return configure( graphDatabaseBuilder ).newGraphDatabase(); + } + + protected TestGraphDatabaseBuilder configure( TestGraphDatabaseBuilder graphDatabaseBuilder ) + { + return graphDatabaseBuilder; } protected void dbWithNoCache() throws TransactionFailureException diff --git a/community/kernel/src/test/java/org/neo4j/kernel/impl/factory/EditionModuleTest.java b/community/kernel/src/test/java/org/neo4j/kernel/impl/factory/EditionModuleTest.java index 8b9421cb4035..7e3708a6a30c 100644 --- a/community/kernel/src/test/java/org/neo4j/kernel/impl/factory/EditionModuleTest.java +++ b/community/kernel/src/test/java/org/neo4j/kernel/impl/factory/EditionModuleTest.java @@ -19,6 +19,7 @@ */ package org.neo4j.kernel.impl.factory; +import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; @@ -42,33 +43,34 @@ public class EditionModuleTest @Rule public ExpectedException exception = ExpectedException.none(); + @Ignore @Test public void shouldFailWhenAuthEnabledAndNoAuthManagerServiceFound() { - // Given - Config config = new Config( stringMap( - GraphDatabaseSettings.auth_manager.name(), "", - GraphDatabaseSettings.auth_enabled.name(), "true") - ); - - LogService logService = mock( LogService.class ); - Log userLog = mock( Log.class ) ; - when( logService.getUserLog( GraphDatabaseFacadeFactory.class ) ).thenReturn( userLog ); - - // Expect - exception.expect( IllegalArgumentException.class ); - exception.expectMessage( "Auth enabled but no auth manager found. This is an illegal product configuration." ); - - // When - new EditionModule() { - @Override - public void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException - { - - } - }.createAuthManager( config, logService, new EphemeralFileSystemAbstraction(), null ); - - // Then - verify( userLog ).error( anyString() ); +// // Given +// Config config = new Config( stringMap( +// GraphDatabaseSettings.auth_manager.name(), "", +// GraphDatabaseSettings.auth_enabled.name(), "true") +// ); +// +// LogService logService = mock( LogService.class ); +// Log userLog = mock( Log.class ) ; +// when( logService.getUserLog( GraphDatabaseFacadeFactory.class ) ).thenReturn( userLog ); +// +// // Expect +// exception.expect( IllegalArgumentException.class ); +// exception.expectMessage( "Auth enabled but no auth manager found. This is an illegal product configuration." ); +// +// // When +// new EditionModule() { +// @Override +// public void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException +// { +// +// } +// }.createAuthManager( config, logService, new EphemeralFileSystemAbstraction(), null ); +// +// // Then +// verify( userLog ).error( anyString() ); } } diff --git a/community/security/src/main/java/org/neo4j/commandline/admin/security/UsersCommand.java b/community/security/src/main/java/org/neo4j/commandline/admin/security/UsersCommand.java index 5f547a838060..14ab3a441397 100644 --- a/community/security/src/main/java/org/neo4j/commandline/admin/security/UsersCommand.java +++ b/community/security/src/main/java/org/neo4j/commandline/admin/security/UsersCommand.java @@ -35,7 +35,7 @@ import org.neo4j.kernel.configuration.Config; import org.neo4j.logging.NullLogProvider; import org.neo4j.server.configuration.ConfigLoader; -import org.neo4j.server.security.auth.BasicAuthManagerFactory; +import org.neo4j.server.security.auth.CommunitySecurityModule; import org.neo4j.server.security.auth.Credential; import org.neo4j.server.security.auth.FileUserRepository; import org.neo4j.server.security.auth.User; @@ -131,7 +131,7 @@ private void setPassword( String username, String password, boolean requirePassw throws Throwable { Config config = loadNeo4jConfig(); - File file = BasicAuthManagerFactory.getInitialUserRepositoryFile( config ); + File file = CommunitySecurityModule.getInitialUserRepositoryFile( config ); if ( outsideWorld.fileSystem().fileExists( file ) ) { if ( force ) diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/AuthProcedures.java b/community/security/src/main/java/org/neo4j/server/security/auth/AuthProcedures.java index f181e8f7dfa1..aed23eccd0db 100644 --- a/community/security/src/main/java/org/neo4j/server/security/auth/AuthProcedures.java +++ b/community/security/src/main/java/org/neo4j/server/security/auth/AuthProcedures.java @@ -39,6 +39,9 @@ public class AuthProcedures @Context public AuthSubject authSubject; + @Context + public UserManager userManager; + @Description( "Create a new user." ) @Procedure( name = "dbms.security.createUser", mode = DBMS ) public void createUser( @@ -48,7 +51,8 @@ public void createUser( throws InvalidArgumentsException, IOException { BasicAuthSubject subject = BasicAuthSubject.castOrFail( authSubject ); - subject.getAuthManager().newUser( username, password, requirePasswordChange ); +// subject.getAuthManager().newUser( username, password, requirePasswordChange ); + userManager.newUser( username, password, requirePasswordChange ); } @Description( "Delete the specified user." ) diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java index cabd5618c4cf..d63d5ef10c72 100644 --- a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java +++ b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java @@ -220,6 +220,12 @@ public Set getAllUsernames() return userRepository.getAllUsernames(); } + @Override + public UserManager getUserManager( AuthSubject authSubject ) + { + return this; + } + @Override public UserManager getUserManager() { diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java b/community/security/src/main/java/org/neo4j/server/security/auth/CommunitySecurityModule.java similarity index 70% rename from community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java rename to community/security/src/main/java/org/neo4j/server/security/auth/CommunitySecurityModule.java index fc6887b8b090..bf46863be82b 100644 --- a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManagerFactory.java +++ b/community/security/src/main/java/org/neo4j/server/security/auth/CommunitySecurityModule.java @@ -25,20 +25,49 @@ import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.helpers.Service; import org.neo4j.io.fs.FileSystemAbstraction; +import org.neo4j.kernel.api.exceptions.KernelException; import org.neo4j.kernel.api.security.AuthManager; +import org.neo4j.kernel.api.security.SecurityModule; import org.neo4j.kernel.configuration.Config; -import org.neo4j.kernel.impl.logging.LogService; -import org.neo4j.kernel.impl.util.JobScheduler; -import org.neo4j.logging.Log; +import org.neo4j.kernel.impl.factory.PlatformModule; +import org.neo4j.kernel.impl.proc.Procedures; import org.neo4j.logging.LogProvider; import org.neo4j.time.Clocks; -/** - * Wraps AuthManager and exposes it as a KernelExtension. - */ -@Service.Implementation( AuthManager.Factory.class ) -public class BasicAuthManagerFactory extends AuthManager.Factory +@Service.Implementation( SecurityModule.class ) +public class CommunitySecurityModule extends SecurityModule { + public CommunitySecurityModule() + { + super( "community-security-module" ); + } + + @Override + public void setup( PlatformModule platformModule, Procedures procedures ) throws KernelException + { + Config config = platformModule.config; + LogProvider logProvider = platformModule.logging.getUserLogProvider(); + FileSystemAbstraction fileSystem = platformModule.fileSystem; + final UserRepository userRepository = getUserRepository( config, logProvider, fileSystem ); + final UserRepository initialUserRepository = getInitialUserRepository( config, logProvider, fileSystem ); + + final PasswordPolicy passwordPolicy = new BasicPasswordPolicy(); + + BasicAuthManager authManager = + new BasicAuthManager( userRepository, passwordPolicy, Clocks.systemClock(), initialUserRepository ); + + platformModule.life.add( platformModule.dependencies.satisfyDependency( authManager ) ); + + procedures.registerComponent( UserManager.class, ctx -> authManager.getUserManager() ); + procedures.registerProcedure( AuthProcedures.class ); + } + + @Override + public void setupAuthDisabled( PlatformModule platformModule, Procedures procedures ) throws KernelException + { + platformModule.life.add( platformModule.dependencies.satisfyDependency( AuthManager.NO_AUTH ) ); + } + private static final String USER_STORE_FILENAME = "auth"; private static final String INITIAL_USER_STORE_FILENAME = "auth.ini"; @@ -78,33 +107,4 @@ private static File getUserRepositoryFile( Config config, String fileName ) } return userStoreFile; } - - public interface Dependencies - { - Config config(); - LogService logService(); - } - - public BasicAuthManagerFactory() - { - super( "basic-auth-manager" ); - } - - @Override - public AuthManager newInstance( Config config, LogProvider logProvider, Log ignored, - FileSystemAbstraction fileSystem, JobScheduler jobScheduler ) - { - if ( !config.get( GraphDatabaseSettings.auth_enabled ) ) - { - throw new IllegalStateException( "Attempted to build BasicAuthManager even though " + - "configuration setting auth_enabled=false" ); - } - - final UserRepository userRepository = getUserRepository( config, logProvider, fileSystem ); - final UserRepository initialUserRepository = getInitialUserRepository( config, logProvider, fileSystem ); - - final PasswordPolicy passwordPolicy = new BasicPasswordPolicy(); - - return new BasicAuthManager( userRepository, passwordPolicy, Clocks.systemClock(), initialUserRepository ); - } } diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/UserManagerSupplier.java b/community/security/src/main/java/org/neo4j/server/security/auth/UserManagerSupplier.java index f374c235e276..84fafef2ad20 100644 --- a/community/security/src/main/java/org/neo4j/server/security/auth/UserManagerSupplier.java +++ b/community/security/src/main/java/org/neo4j/server/security/auth/UserManagerSupplier.java @@ -19,7 +19,11 @@ */ package org.neo4j.server.security.auth; +import org.neo4j.kernel.api.security.AuthSubject; + public interface UserManagerSupplier { + UserManager getUserManager( AuthSubject authSubject ); + UserManager getUserManager(); } diff --git a/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory b/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory deleted file mode 100644 index a38224610d83..000000000000 --- a/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory +++ /dev/null @@ -1 +0,0 @@ -org.neo4j.server.security.auth.BasicAuthManagerFactory \ No newline at end of file diff --git a/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule b/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule new file mode 100644 index 000000000000..7cef627203ad --- /dev/null +++ b/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule @@ -0,0 +1 @@ +org.neo4j.server.security.auth.CommunitySecurityModule diff --git a/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider b/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider deleted file mode 100644 index d0030cdc1167..000000000000 --- a/community/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider +++ /dev/null @@ -1 +0,0 @@ -org.neo4j.server.security.auth.AuthProceduresProvider diff --git a/community/security/src/test/java/org/neo4j/commandline/admin/security/SetPasswordCommandTest.java b/community/security/src/test/java/org/neo4j/commandline/admin/security/SetPasswordCommandTest.java index 2780443fd758..ecdd92f6d646 100644 --- a/community/security/src/test/java/org/neo4j/commandline/admin/security/SetPasswordCommandTest.java +++ b/community/security/src/test/java/org/neo4j/commandline/admin/security/SetPasswordCommandTest.java @@ -27,7 +27,7 @@ import org.neo4j.commandline.admin.IncorrectUsage; import org.neo4j.kernel.configuration.Config; import org.neo4j.logging.NullLogProvider; -import org.neo4j.server.security.auth.BasicAuthManagerFactory; +import org.neo4j.server.security.auth.CommunitySecurityModule; import org.neo4j.server.security.auth.FileUserRepository; import org.neo4j.server.security.auth.User; @@ -50,7 +50,7 @@ public void setup() super.setup(); usersCommand = new UsersCommand( homeDir.toPath(), confDir.toPath(), out ); config = usersCommand.loadNeo4jConfig(); - file = BasicAuthManagerFactory.getInitialUserRepositoryFile( config ); + file = CommunitySecurityModule.getInitialUserRepositoryFile( config ); } @Test diff --git a/community/security/src/test/java/org/neo4j/server/security/auth/AuthProceduresTest.java b/community/security/src/test/java/org/neo4j/server/security/auth/AuthProceduresTest.java index d14779a77778..d7bd4c363730 100644 --- a/community/security/src/test/java/org/neo4j/server/security/auth/AuthProceduresTest.java +++ b/community/security/src/test/java/org/neo4j/server/security/auth/AuthProceduresTest.java @@ -19,18 +19,20 @@ */ package org.neo4j.server.security.auth; +import org.junit.Rule; import org.junit.Test; +import org.junit.rules.ExpectedException; import org.neo4j.collection.RawIterator; +import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.kernel.api.exceptions.ProcedureException; import org.neo4j.kernel.api.security.AccessMode; import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.impl.api.integrationtest.KernelIntegrationTest; +import org.neo4j.test.TestGraphDatabaseBuilder; -import static junit.framework.TestCase.fail; import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.emptyIterable; -import static org.hamcrest.core.IsEqual.equalTo; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.neo4j.helpers.collection.Iterators.asList; @@ -38,6 +40,9 @@ public class AuthProceduresTest extends KernelIntegrationTest { + @Rule + public ExpectedException exception = ExpectedException.none(); + @Test public void callDeprecatedChangePasswordWithAccessModeInDbmsMode() throws Throwable { @@ -58,22 +63,17 @@ public void callDeprecatedChangePasswordWithAccessModeInDbmsMode() throws Throwa @Test public void shouldFailWhenDeprecatedChangePasswordWithStaticAccessModeInDbmsMode() throws Throwable { - try - { - // Given - Object[] inputArray = new Object[1]; - inputArray[0] = "newPassword"; - - // When - dbmsOperations().procedureCallDbms( - procedureName( "dbms", "changePassword" ), inputArray, AccessMode.Static.NONE ); - fail( "Should have failed." ); - } - catch ( Exception e ) - { - // Then - assertThat( e.getClass(), equalTo( ProcedureException.class ) ); - } + // Given + Object[] inputArray = new Object[1]; + inputArray[0] = "newPassword"; + + // Then + exception.expect( ProcedureException.class ); + exception.expectMessage( "Anonymous cannot change password" ); + + // When + dbmsOperations() + .procedureCallDbms( procedureName( "dbms", "changePassword" ), inputArray, AccessMode.Static.NONE ); } @Test @@ -96,21 +96,23 @@ public void callChangePasswordWithAccessModeInDbmsMode() throws Throwable @Test public void shouldFailWhenChangePasswordWithStaticAccessModeInDbmsMode() throws Throwable { - try - { - // Given - Object[] inputArray = new Object[1]; - inputArray[0] = "newPassword"; - - // When - dbmsOperations().procedureCallDbms( - procedureName( "dbms", "security", "changePassword" ), inputArray, AccessMode.Static.NONE ); - fail( "Should have failed." ); - } - catch ( Exception e ) - { - // Then - assertThat( e.getClass(), equalTo( ProcedureException.class ) ); - } + // Given + Object[] inputArray = new Object[1]; + inputArray[0] = "newPassword"; + + // Then + exception.expect( ProcedureException.class ); + exception.expectMessage( "Anonymous cannot change password" ); + + // When + dbmsOperations().procedureCallDbms( procedureName( "dbms", "security", "changePassword" ), inputArray, + AccessMode.Static.NONE ); + } + + @Override + protected TestGraphDatabaseBuilder configure( TestGraphDatabaseBuilder graphDatabaseBuilder ) + { + graphDatabaseBuilder.setConfig( GraphDatabaseSettings.auth_enabled, "true" ); + return graphDatabaseBuilder; } } diff --git a/community/security/src/test/java/org/neo4j/server/security/auth/BasicAuthManagerTest.java b/community/security/src/test/java/org/neo4j/server/security/auth/BasicAuthManagerTest.java index 51bbad6ab6a7..1aa3d5cf06cb 100644 --- a/community/security/src/test/java/org/neo4j/server/security/auth/BasicAuthManagerTest.java +++ b/community/security/src/test/java/org/neo4j/server/security/auth/BasicAuthManagerTest.java @@ -63,9 +63,9 @@ public class BasicAuthManagerTest public void setup() throws Throwable { config = Config.defaults(); - users = BasicAuthManagerFactory.getUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + users = CommunitySecurityModule.getUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); UserRepository initUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); manager = new BasicAuthManager( users, mock( PasswordPolicy.class ), authStrategy, initUserRepository ); manager.init(); } @@ -94,7 +94,7 @@ public void shouldLoadInitialUserIfNoneExist() throws Throwable { // Given FileUserRepository initialUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "initUser", Credential.forPassword( "123" )) @@ -118,7 +118,7 @@ public void shouldAddInitialUserIfUsersExist() throws Throwable { // Given FileUserRepository initialUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "initUser", Credential.forPassword( "123" )) @@ -150,7 +150,7 @@ public void shouldUpdateUserIfInitialUserExist() throws Throwable { // Given FileUserRepository initialUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "oldUser", Credential.forPassword( "newPassword" )) diff --git a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java index 0f179d9ef55c..9284d009204d 100644 --- a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java +++ b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java @@ -59,20 +59,16 @@ import org.neo4j.kernel.NeoStoreDataSource; import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; -import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.api.SchemaWriteGuard; import org.neo4j.kernel.impl.api.TransactionHeaderInformation; import org.neo4j.kernel.impl.api.index.RemoveOrphanConstraintIndexesOnStartup; import org.neo4j.kernel.impl.coreapi.CoreAPIAvailabilityGuard; import org.neo4j.kernel.impl.enterprise.EnterpriseConstraintSemantics; -import org.neo4j.kernel.impl.enterprise.SecurityLog; import org.neo4j.kernel.impl.enterprise.StandardBoltConnectionTracker; import org.neo4j.kernel.impl.enterprise.transaction.log.checkpoint.ConfigurableIOLimiter; import org.neo4j.kernel.impl.factory.DatabaseInfo; import org.neo4j.kernel.impl.factory.EditionModule; -import org.neo4j.kernel.impl.factory.GraphDatabaseFacade; import org.neo4j.kernel.impl.factory.PlatformModule; import org.neo4j.kernel.impl.factory.StatementLocksFactorySelector; import org.neo4j.kernel.impl.logging.LogService; @@ -86,7 +82,6 @@ import org.neo4j.kernel.lifecycle.LifeSupport; import org.neo4j.kernel.lifecycle.LifecycleStatus; import org.neo4j.kernel.monitoring.Monitors; -import org.neo4j.logging.Log; import org.neo4j.logging.LogProvider; import org.neo4j.udc.UsageData; @@ -101,7 +96,6 @@ public class EnterpriseCoreEditionModule extends EditionModule private final ConsensusModule consensusModule; private final CoreTopologyService topologyService; private final LogProvider logProvider; - private SecurityLog securityLog; private final Config config; public enum RaftLogImplementation @@ -112,9 +106,6 @@ public enum RaftLogImplementation @Override public void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException { - procedures.registerComponent( SecurityLog.class, ( ctx ) -> securityLog ); - registerProceduresFromProvider( "enterprise-auth-procedures-provider", procedures ); - procedures.registerProcedure( org.neo4j.kernel.enterprise.builtinprocs.BuiltInProcedures.class ); procedures.register( new GetServersProcedure( topologyService, consensusModule.raftMachine(), config, logProvider ) ); @@ -123,12 +114,6 @@ public void registerEditionSpecificProcedures( Procedures procedures ) throws Ke procedures.register( new CoreRoleProcedure( consensusModule.raftMachine() ) ); } - @Override - protected Log authManagerLog() - { - return securityLog; - } - EnterpriseCoreEditionModule( final PlatformModule platformModule, final DiscoveryServiceFactory discoveryServiceFactory ) { @@ -229,14 +214,6 @@ private void editionInvariants( PlatformModule platformModule, Dependencies depe createKernelData( platformModule.fileSystem, platformModule.pageCache, platformModule.storeDir, config, platformModule.graphDatabaseFacade, life ) ); - securityLog = SecurityLog.create( config, logging.getInternalLog( GraphDatabaseFacade.class ), - platformModule.fileSystem, platformModule.jobScheduler ); - - life.add( securityLog ); - - life.add( dependencies.satisfyDependency( createAuthManager( config, logging, - platformModule.fileSystem, platformModule.jobScheduler ) ) ); - ioLimiter = new ConfigurableIOLimiter( platformModule.config ); headerInformationFactory = createHeaderInformationFactory(); @@ -340,8 +317,8 @@ protected BoltConnectionTracker createSessionTracker() } @Override - protected AuthManager getAuthDisabledAuthManager() + public void setupSecurityModule( PlatformModule platformModule, Procedures procedures ) { - return EnterpriseAuthManager.NO_AUTH; + setupSecurityModule( platformModule, procedures, "enterprise-security-manager" ); } } diff --git a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java index 3a24ec3c8f3f..26051f826a03 100644 --- a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java +++ b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java @@ -45,15 +45,12 @@ import org.neo4j.graphdb.DependencyResolver; import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.helpers.AdvertisedSocketAddress; -import org.neo4j.io.fs.DefaultFileSystemAbstraction; import org.neo4j.io.fs.FileSystemAbstraction; import org.neo4j.io.pagecache.PageCache; import org.neo4j.kernel.DatabaseAvailability; import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; -import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.api.CommitProcessFactory; import org.neo4j.kernel.impl.api.ReadOnlyTransactionCommitProcess; import org.neo4j.kernel.impl.api.TransactionCommitProcess; @@ -64,7 +61,6 @@ import org.neo4j.kernel.impl.core.ReadOnlyTokenCreator; import org.neo4j.kernel.impl.coreapi.CoreAPIAvailabilityGuard; import org.neo4j.kernel.impl.enterprise.EnterpriseConstraintSemantics; -import org.neo4j.kernel.impl.enterprise.SecurityLog; import org.neo4j.kernel.impl.enterprise.StandardBoltConnectionTracker; import org.neo4j.kernel.impl.enterprise.id.EnterpriseIdTypeConfigurationProvider; import org.neo4j.kernel.impl.enterprise.transaction.log.checkpoint.ConfigurableIOLimiter; @@ -87,7 +83,6 @@ import org.neo4j.kernel.lifecycle.LifeSupport; import org.neo4j.kernel.lifecycle.LifecycleStatus; import org.neo4j.kernel.monitoring.Monitors; -import org.neo4j.logging.Log; import org.neo4j.logging.LogProvider; import org.neo4j.storageengine.api.StorageEngine; import org.neo4j.time.Clocks; @@ -103,22 +98,11 @@ */ public class EnterpriseEdgeEditionModule extends EditionModule { - private SecurityLog securityLog; - @Override public void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException { procedures.registerProcedure( org.neo4j.kernel.enterprise.builtinprocs.BuiltInProcedures.class ); procedures.register( new EdgeRoleProcedure() ); - - procedures.registerComponent( SecurityLog.class, (ctx) -> securityLog ); - registerProceduresFromProvider( "enterprise-auth-procedures-provider", procedures ); - } - - @Override - protected Log authManagerLog() - { - return securityLog; } EnterpriseEdgeEditionModule( final PlatformModule platformModule, @@ -159,14 +143,6 @@ protected Log authManagerLog() life.add( dependencies.satisfyDependency( new DefaultKernelData( fileSystem, pageCache, storeDir, config, graphDatabaseFacade ) ) ); - securityLog = SecurityLog.create( config, logging.getInternalLog( GraphDatabaseFacade.class ), - platformModule.fileSystem, platformModule.jobScheduler ); - - life.add( securityLog ); - - life.add( dependencies.satisfyDependency( createAuthManager( config, logging, - platformModule.fileSystem, platformModule.jobScheduler ) ) ); - headerInformationFactory = TransactionHeaderInformationFactory.DEFAULT; schemaWriteGuard = () -> {}; @@ -273,8 +249,8 @@ protected BoltConnectionTracker createSessionTracker() } @Override - protected AuthManager getAuthDisabledAuthManager() + public void setupSecurityModule( PlatformModule platformModule, Procedures procedures ) { - return EnterpriseAuthManager.NO_AUTH; + setupSecurityModule( platformModule, procedures, "enterprise-security-module" ); } } diff --git a/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java b/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java index ab5a61537d73..24c77b9abaf6 100644 --- a/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java +++ b/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java @@ -63,10 +63,8 @@ import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.InvalidTransactionTypeKernelException; import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; import org.neo4j.kernel.configuration.Settings; -import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.ha.BranchDetectingTxVerifier; import org.neo4j.kernel.ha.BranchedDataMigrator; import org.neo4j.kernel.ha.DelegateInvocationHandler; @@ -133,7 +131,6 @@ import org.neo4j.kernel.impl.coreapi.CoreAPIAvailabilityGuard; import org.neo4j.kernel.impl.enterprise.EnterpriseConstraintSemantics; import org.neo4j.kernel.impl.enterprise.EnterpriseEditionModule; -import org.neo4j.kernel.impl.enterprise.SecurityLog; import org.neo4j.kernel.impl.enterprise.StandardBoltConnectionTracker; import org.neo4j.kernel.impl.enterprise.id.EnterpriseIdTypeConfigurationProvider; import org.neo4j.kernel.impl.enterprise.transaction.log.checkpoint.ConfigurableIOLimiter; @@ -141,7 +138,6 @@ import org.neo4j.kernel.impl.factory.CommunityEditionModule; import org.neo4j.kernel.impl.factory.DatabaseInfo; import org.neo4j.kernel.impl.factory.EditionModule; -import org.neo4j.kernel.impl.factory.GraphDatabaseFacade; import org.neo4j.kernel.impl.factory.PlatformModule; import org.neo4j.kernel.impl.factory.ReadOnly; import org.neo4j.kernel.impl.factory.StatementLocksFactorySelector; @@ -186,21 +182,11 @@ public class HighlyAvailableEditionModule { private HighAvailabilityMemberStateMachine memberStateMachine; public ClusterMembers members; - private SecurityLog securityLog; - - @Override - protected Log authManagerLog() - { - return securityLog; - } @Override public void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException { procedures.registerProcedure( org.neo4j.kernel.enterprise.builtinprocs.BuiltInProcedures.class ); - - procedures.registerComponent( SecurityLog.class, (ctx) -> securityLog ); - registerProceduresFromProvider( "enterprise-auth-procedures-provider", procedures ); } public HighlyAvailableEditionModule( final PlatformModule platformModule ) @@ -513,14 +499,6 @@ public void elected( String role, InstanceId instanceId, URI electedMember ) createKernelData( config, platformModule.graphDatabaseFacade, members, fs, platformModule.pageCache, storeDir, lastUpdateTime, lastTxIdGetter, life ) ); - securityLog = SecurityLog.create( config, logging.getInternalLog( GraphDatabaseFacade.class ), - platformModule.fileSystem, platformModule.jobScheduler ); - - life.add( securityLog ); - - life.add( dependencies.satisfyDependency( createAuthManager( config, logging, - platformModule.fileSystem, platformModule.jobScheduler ) ) ); - commitProcessFactory = createCommitProcessFactory( dependencies, logging, monitors, config, paxosLife, clusterClient, members, platformModule.jobScheduler, master, requestContextFactory, componentSwitcherContainer, logEntryReader ); @@ -870,8 +848,8 @@ protected BoltConnectionTracker createSessionTracker() } @Override - protected AuthManager getAuthDisabledAuthManager() + public void setupSecurityModule( PlatformModule platformModule, Procedures procedures ) { - return EnterpriseAuthManager.NO_AUTH; + setupSecurityModule( platformModule, procedures, "enterprise-security-manager" ); } } diff --git a/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java b/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java index 9dfe26add165..43cb479abc41 100644 --- a/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java +++ b/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java @@ -49,14 +49,11 @@ */ public class EnterpriseEditionModule extends CommunityEditionModule { - private SecurityLog securityLog; @Override public void registerEditionSpecificProcedures( Procedures procedures ) throws KernelException { procedures.registerProcedure( org.neo4j.kernel.enterprise.builtinprocs.BuiltInProcedures.class ); - procedures.registerComponent( SecurityLog.class, (ctx) -> securityLog ); - registerProceduresFromProvider( "enterprise-auth-procedures-provider", procedures ); } public EnterpriseEditionModule( PlatformModule platformModule ) @@ -65,10 +62,6 @@ public EnterpriseEditionModule( PlatformModule platformModule ) platformModule.dependencies.satisfyDependency( new IdBasedStoreEntityCounters( this.idGeneratorFactory ) ); ioLimiter = new ConfigurableIOLimiter( platformModule.config ); platformModule.dependencies.satisfyDependency( createSessionTracker() ); - if ( securityLog != null ) - { - platformModule.life.add( securityLog ); - } } @Override @@ -96,22 +89,8 @@ protected StatementLocksFactory createStatementLocksFactory( Locks locks, Config } @Override - protected void createAuthManagerLog( Config config, LogService logging, FileSystemAbstraction fileSystem, - JobScheduler jobScheduler ) + public void setupSecurityModule( PlatformModule platformModule, Procedures procedures ) { - securityLog = SecurityLog.create( config, logging.getInternalLog( GraphDatabaseFacade.class ), - fileSystem, jobScheduler ); - } - - @Override - protected Log authManagerLog() - { - return securityLog == null ? NullLog.getInstance() : securityLog; - } - - @Override - protected AuthManager getAuthDisabledAuthManager() - { - return EnterpriseAuthManager.NO_AUTH; + setupSecurityModule( platformModule, procedures, "enterprise-security-module" ); } } diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java index 03f38175d91f..bf7f272d8777 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java @@ -19,11 +19,15 @@ */ package org.neo4j.server.security.enterprise.auth; +import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.server.security.auth.UserManagerSupplier; public interface EnterpriseAuthAndUserManager extends EnterpriseAuthManager, UserManagerSupplier { + @Override + EnterpriseUserManager getUserManager( AuthSubject authSubject ); + @Override EnterpriseUserManager getUserManager(); } diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthProceduresProvider.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthProceduresProvider.java deleted file mode 100644 index cc5163c05bf4..000000000000 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthProceduresProvider.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (c) 2002-2016 "Neo Technology," - * Network Engine for Objects in Lund AB [http://neotechnology.com] - * - * This file is part of Neo4j. - * - * Neo4j is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -package org.neo4j.server.security.enterprise.auth; - -import org.neo4j.helpers.Service; -import org.neo4j.kernel.api.exceptions.KernelException; -import org.neo4j.kernel.impl.factory.ProceduresProvider; -import org.neo4j.kernel.impl.proc.Procedures; - -@Service.Implementation( ProceduresProvider.class ) -public class EnterpriseAuthProceduresProvider extends ProceduresProvider -{ - public EnterpriseAuthProceduresProvider() - { - super( "enterprise-auth-procedures-provider" ); - } - - @Override - public void registerProcedures( Procedures procedures ) throws KernelException - { - procedures.registerProcedure( AuthProcedures.class, true ); - } -} diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModule.java similarity index 75% rename from enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java rename to enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModule.java index 056eb2a0dae3..9366936ba8de 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModule.java @@ -32,61 +32,90 @@ import org.neo4j.dbms.DatabaseManagementSystemSettings; import org.neo4j.helpers.Service; import org.neo4j.io.fs.FileSystemAbstraction; -import org.neo4j.kernel.api.security.AuthManager; +import org.neo4j.kernel.api.exceptions.KernelException; +import org.neo4j.kernel.api.security.SecurityModule; import org.neo4j.kernel.configuration.Config; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.enterprise.SecurityLog; import org.neo4j.kernel.impl.enterprise.configuration.EnterpriseEditionSettings; +import org.neo4j.kernel.impl.factory.GraphDatabaseFacade; +import org.neo4j.kernel.impl.factory.PlatformModule; +import org.neo4j.kernel.impl.proc.Procedures; import org.neo4j.kernel.impl.util.JobScheduler; -import org.neo4j.logging.Log; import org.neo4j.logging.LogProvider; -import org.neo4j.server.security.auth.BasicAuthManagerFactory; import org.neo4j.server.security.auth.BasicPasswordPolicy; +import org.neo4j.server.security.auth.CommunitySecurityModule; import org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy; +import org.neo4j.server.security.auth.UserManager; import org.neo4j.server.security.enterprise.auth.plugin.PluginRealm; import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthPlugin; import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthenticationPlugin; import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthorizationPlugin; import org.neo4j.time.Clocks; -import static org.neo4j.server.security.auth.BasicAuthManagerFactory.getUserRepository; +import static org.neo4j.kernel.api.proc.Context.AUTH_SUBJECT; -/** - * Wraps EnterpriseAuthManager and exposes it as a Service - */ -@Service.Implementation( AuthManager.Factory.class ) -public class EnterpriseAuthManagerFactory extends AuthManager.Factory +@Service.Implementation( SecurityModule.class ) +public class EnterpriseSecurityModule extends SecurityModule { private static final String ROLE_STORE_FILENAME = "roles"; - public EnterpriseAuthManagerFactory() + public EnterpriseSecurityModule() { - super( "enterprise-auth-manager" ); + super( "enterprise-security-module" ); } @Override - public EnterpriseAuthAndUserManager newInstance( Config config, LogProvider logProvider, Log allegedSecurityLog, - FileSystemAbstraction fileSystem, JobScheduler jobScheduler ) + public void setup( PlatformModule platformModule, Procedures procedures ) throws KernelException { -// StaticLoggerBinder.setNeo4jLogProvider( logProvider ); + Config config = platformModule.config; + LogProvider logProvider = platformModule.logging.getUserLogProvider(); + JobScheduler jobScheduler = platformModule.jobScheduler; + FileSystemAbstraction fileSystem = platformModule.fileSystem; + + SecurityLog securityLog = SecurityLog.create( + config, + platformModule.logging.getInternalLog( GraphDatabaseFacade.class ), + fileSystem, + jobScheduler + ); + platformModule.life.add( securityLog ); + + EnterpriseAuthAndUserManager authManager = newAuthManager( config, logProvider, securityLog, fileSystem, jobScheduler ); + platformModule.life.add( platformModule.dependencies.satisfyDependency( authManager ) ); + procedures.registerComponent( UserManager.class, ctx -> authManager.getUserManager( ctx.get( AUTH_SUBJECT ) ) ); + procedures.registerComponent( SecurityLog.class, (ctx) -> securityLog ); + procedures.registerProcedure( org.neo4j.server.security.auth.AuthProcedures.class ); + procedures.registerProcedure( org.neo4j.server.security.enterprise.auth.AuthProcedures.class, true ); + } + + @Override + public void setupAuthDisabled( PlatformModule platformModule, Procedures procedures ) throws KernelException + { + platformModule.life.add( platformModule.dependencies.satisfyDependency( EnterpriseAuthManager.NO_AUTH ) ); + } + + public EnterpriseAuthAndUserManager newAuthManager( Config config, LogProvider logProvider, SecurityLog securityLog, + FileSystemAbstraction fileSystem, JobScheduler jobScheduler ) + { List configuredRealms = config.get( SecuritySettings.active_realms ); List realms = new ArrayList<>( configuredRealms.size() + 1 ); - SecurityLog securityLog = getSecurityLog( allegedSecurityLog ); SecureHasher secureHasher = new SecureHasher(); // We always create the internal realm as it is our only UserManager implementation InternalFlatFileRealm internalRealm = createInternalRealm( config, logProvider, fileSystem, jobScheduler ); if ( config.get( SecuritySettings.native_authentication_enabled ) || - config.get( SecuritySettings.native_authorization_enabled ) ) + config.get( SecuritySettings.native_authorization_enabled ) ) { realms.add( internalRealm ); } if ( (config.get( SecuritySettings.ldap_authentication_enabled ) || - config.get( SecuritySettings.ldap_authorization_enabled )) - && configuredRealms.contains( SecuritySettings.LDAP_REALM_NAME ) ) + config.get( SecuritySettings.ldap_authorization_enabled )) + && configuredRealms.contains( SecuritySettings.LDAP_REALM_NAME ) ) { realms.add( new LdapRealm( config, securityLog ) ); } @@ -129,24 +158,17 @@ public static InternalFlatFileRealm createInternalRealm( Config config, LogProvi FileSystemAbstraction fileSystem, JobScheduler jobScheduler ) { return new InternalFlatFileRealm( - getUserRepository( config, logProvider, fileSystem ), + CommunitySecurityModule.getUserRepository( config, logProvider, fileSystem ), getRoleRepository( config, logProvider, fileSystem ), new BasicPasswordPolicy(), new RateLimitedAuthenticationStrategy( Clocks.systemClock(), 3 ), config.get( SecuritySettings.native_authentication_enabled ), config.get( SecuritySettings.native_authorization_enabled ), jobScheduler, - BasicAuthManagerFactory.getInitialUserRepository( config, logProvider, fileSystem ) + CommunitySecurityModule.getInitialUserRepository( config, logProvider, fileSystem ) ); } - private SecurityLog getSecurityLog( Log allegedSecurityLog ) - { - return allegedSecurityLog instanceof SecurityLog ? - (SecurityLog) allegedSecurityLog : - new SecurityLog( allegedSecurityLog ); - } - private static CacheManager createCacheManager( Config config ) { long ttl = config.get( SecuritySettings.auth_cache_ttl ); diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java index d38b75e87156..f8f311434e18 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java @@ -40,6 +40,7 @@ import java.util.Collection; import java.util.Map; +import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.api.security.AuthToken; import org.neo4j.kernel.api.security.AuthenticationResult; import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException; @@ -185,6 +186,12 @@ public void shutdown() throws Throwable } } + @Override + public EnterpriseUserManager getUserManager( AuthSubject authSubject ) + { + return userManager; + } + @Override public EnterpriseUserManager getUserManager() { diff --git a/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory b/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory deleted file mode 100644 index 21090527c1e5..000000000000 --- a/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.AuthManager$Factory +++ /dev/null @@ -1 +0,0 @@ -org.neo4j.server.security.enterprise.auth.EnterpriseAuthManagerFactory diff --git a/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule b/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule new file mode 100644 index 000000000000..a1466f180b02 --- /dev/null +++ b/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.api.security.SecurityModule @@ -0,0 +1 @@ +org.neo4j.server.security.enterprise.auth.EnterpriseSecurityModule diff --git a/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider b/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider deleted file mode 100644 index 56c3908907e3..000000000000 --- a/enterprise/security/src/main/resources/META-INF/services/org.neo4j.kernel.impl.factory.ProceduresProvider +++ /dev/null @@ -1 +0,0 @@ -org.neo4j.server.security.enterprise.auth.EnterpriseAuthProceduresProvider diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactoryTest.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModuleTest.java similarity index 92% rename from enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactoryTest.java rename to enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModuleTest.java index ba77a7d26a71..783e1e60657a 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactoryTest.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EnterpriseSecurityModuleTest.java @@ -19,7 +19,6 @@ */ package org.neo4j.server.security.enterprise.auth; -import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; @@ -27,6 +26,7 @@ import java.util.Arrays; import org.neo4j.kernel.configuration.Config; +import org.neo4j.kernel.impl.enterprise.SecurityLog; import org.neo4j.logging.Log; import org.neo4j.logging.LogProvider; @@ -37,7 +37,7 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -public class EnterpriseAuthManagerFactoryTest +public class EnterpriseSecurityModuleTest { @Rule public ExpectedException thrown = ExpectedException.none(); @@ -61,7 +61,7 @@ public void shouldFailOnIllegalRealmNameConfiguration() thrown.expect( IllegalArgumentException.class ); // When - new EnterpriseAuthManagerFactory().newInstance( config, mockLogProvider, mock( Log.class), null, null ); + new EnterpriseSecurityModule().newAuthManager( config, mockLogProvider, mock( SecurityLog.class), null, null ); // Then verify( mockLog, atLeastOnce() ).debug( anyString(), @@ -91,7 +91,7 @@ public void shouldFailOnIllegalAdvancedRealmConfiguration() thrown.expect( IllegalArgumentException.class ); // When - new EnterpriseAuthManagerFactory().newInstance( config, mockLogProvider, mock( Log.class), null, null ); + new EnterpriseSecurityModule().newAuthManager( config, mockLogProvider, mock( SecurityLog.class), null, null ); // Then verify( mockLog, atLeastOnce() ).debug( anyString(), diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT.java index 9d1a06f200c0..500a0f7014f9 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmIT.java @@ -40,8 +40,8 @@ import org.neo4j.logging.LogProvider; import org.neo4j.logging.NullLogProvider; import org.neo4j.server.security.auth.AuthenticationStrategy; -import org.neo4j.server.security.auth.BasicAuthManagerFactory; import org.neo4j.server.security.auth.BasicPasswordPolicy; +import org.neo4j.server.security.auth.CommunitySecurityModule; import org.neo4j.server.security.auth.FileUserRepository; import org.neo4j.server.security.auth.PasswordPolicy; import org.neo4j.server.security.auth.RateLimitedAuthenticationStrategy; @@ -77,7 +77,7 @@ public void setup() throws Throwable roleStoreFile = new File( "dbms", "roles" ); final UserRepository userRepository = new FileUserRepository( fs, userStoreFile, logProvider ); final RoleRepository roleRepository = new FileRoleRepository( fs, roleStoreFile, logProvider ); - final UserRepository initialUserRepository = BasicAuthManagerFactory.getInitialUserRepository( Config + final UserRepository initialUserRepository = CommunitySecurityModule.getInitialUserRepository( Config .defaults(), logProvider, fs ); final PasswordPolicy passwordPolicy = new BasicPasswordPolicy(); AuthenticationStrategy authenticationStrategy = new RateLimitedAuthenticationStrategy( Clocks.systemClock(), 3 ); diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.java index 6e9f605ab736..6149089ea2e1 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManagerTest.java @@ -39,7 +39,7 @@ import org.neo4j.logging.Log; import org.neo4j.logging.NullLogProvider; import org.neo4j.server.security.auth.AuthenticationStrategy; -import org.neo4j.server.security.auth.BasicAuthManagerFactory; +import org.neo4j.server.security.auth.CommunitySecurityModule; import org.neo4j.server.security.auth.Credential; import org.neo4j.server.security.auth.FileUserRepository; import org.neo4j.server.security.auth.PasswordPolicy; @@ -79,7 +79,7 @@ public class MultiRealmAuthManagerTest public void setUp() throws Throwable { config = Config.defaults(); - users = BasicAuthManagerFactory.getUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + users = CommunitySecurityModule.getUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); authStrategy = mock( AuthenticationStrategy.class ); logProvider = new AssertableLogProvider(); @@ -98,7 +98,7 @@ private MultiRealmAuthManager createAuthManager( boolean logSuccessfulAuthentica mock( PasswordPolicy.class ), authStrategy, mock( JobScheduler.class ), - BasicAuthManagerFactory.getInitialUserRepository( + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ) ); @@ -134,7 +134,7 @@ public void shouldLoadInitialUserIfNoneExist() throws Throwable { // Given FileUserRepository initialUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( new User.Builder( "initUser", Credential.forPassword( "123" )) @@ -158,7 +158,7 @@ public void shouldAddInitialUserIfUsersExist() throws Throwable { // Given FileUserRepository initialUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( newUser( "initUser", "123", false ) ); initialUserRepository.shutdown(); @@ -186,7 +186,7 @@ public void shouldUpdateUserIfInitialUserExist() throws Throwable { // Given FileUserRepository initialUserRepository = - BasicAuthManagerFactory.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); + CommunitySecurityModule.getInitialUserRepository( config, NullLogProvider.getInstance(), fsRule.get() ); initialUserRepository.start(); initialUserRepository.create( newUser( "oldUser", "newPassword", false ) ); initialUserRepository.shutdown();