Change transaction and connection management procedures to be built-ins

community/graphdb-api/src/main/java/org/neo4j/graphdb/security/AuthorizationViolationException.java

@@ -28,6 +28,8 @@
  */
 public class AuthorizationViolationException extends RuntimeException implements Status.HasStatus
 {
+    public static final String PERMISSION_DENIED = "Permission denied.";
+
     private Status statusCode = Status.Security.Forbidden;
 
     public AuthorizationViolationException( String msg, Status statusCode )

community/kernel/src/main/java/org/neo4j/kernel/api/ExecutingQuery.java

@@ -35,8 +35,13 @@ public class ExecutingQuery
     private final Map<String, Object> queryParameters;
     private final long startTime;
 
-    public ExecutingQuery( long queryId, String authSubjectName, String queryText, Map<String,Object>
-            queryParameters, long startTime )
+    public ExecutingQuery(
+            long queryId,
+            String authSubjectName,
+            String queryText,
+            Map<String,Object> queryParameters,
+            long startTime
+    )
     {
         this.queryId = queryId;
         this.authSubjectName = authSubjectName;

community/kernel/src/main/java/org/neo4j/kernel/api/security/AuthSubject.java

@@ -53,6 +53,22 @@ public interface AuthSubject extends AccessMode
      */
     String username();
 
+    /**
+     * @param username a username
+     * @return true if the provided username is the underlying user name of this subject
+     */
+    boolean hasUsername( String username );
+
+    /**
+     * Ensure that the provided username is the name of an existing user known to the system.
+     *
+     * @param username a username
+     * @throws InvalidArgumentsException if the provided user name is not the name of an existing user
+     */
+    default void ensureUserExistsWithName( String username ) throws InvalidArgumentsException {
+        throw new InvalidArgumentsException( "User '" + username + "' does not exit." );
+    }
+
     /**
      * Implementation to use when authentication has not yet been performed. Allows nothing.
      */
@@ -77,7 +93,7 @@ public void setPassword( String password, boolean requirePasswordChange )
         }
 
         @Override
-        public boolean doesUsernameMatch( String username )
+        public boolean hasUsername( String username )
         {
             return false;
         }
@@ -196,7 +212,7 @@ public void setPassword( String password, boolean requirePasswordChange )
         }
 
         @Override
-        public boolean doesUsernameMatch( String username )
+        public boolean hasUsername( String username )
         {
             return false;
         }
@@ -207,6 +223,4 @@ public boolean allowsProcedureWith( String[] roleNames )
             return true;
         }
     };
-
-    boolean doesUsernameMatch( String username );
 }

community/kernel/src/main/java/org/neo4j/kernel/impl/factory/DataSourceModule.java

@@ -416,6 +416,12 @@ private Procedures setupProcedures( PlatformModule platform, EditionModule editi
             internalLog.error( "Failed to register built-in edition procedures at start up: " + e.getMessage() );
         }
 
+        // Service providers
+        for ( ProceduresProvider candidate : Service.load( ProceduresProvider.class ) )
+        {
+            candidate.registerProcedures( procedures );
+        }
+
         return procedures;
     }
 

community/security/src/main/java/org/neo4j/server/security/auth/AuthProcedures.java

@@ -56,7 +56,7 @@ public void createUser(
     public void deleteUser( @Name( "username" ) String username ) throws InvalidArgumentsException, IOException
     {
         BasicAuthSubject subject = BasicAuthSubject.castOrFail( authSubject );
-        if ( subject.doesUsernameMatch( username ) )
+        if ( subject.hasUsername( username ) )
         {
             throw new InvalidArgumentsException( "Deleting yourself (user '" + username + "') is not allowed." );
         }

community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java

@@ -161,7 +161,7 @@ public void setPassword( AuthSubject authSubject, String username, String passwo
     {
         BasicAuthSubject basicAuthSubject = BasicAuthSubject.castOrFail( authSubject );
 
-        if ( !basicAuthSubject.doesUsernameMatch( username ) )
+        if ( !basicAuthSubject.hasUsername( username ) )
         {
             throw new AuthorizationViolationException( "Invalid attempt to change the password for user " + username );
         }

community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthSubject.java

@@ -113,7 +113,7 @@ public BasicAuthManager getAuthManager()
     }
 
     @Override
-    public boolean doesUsernameMatch( String username )
+    public boolean hasUsername( String username )
     {
         return user.name().equals( username );
     }

enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java

@@ -85,7 +85,6 @@
 import org.neo4j.kernel.internal.DefaultKernelData;
 import org.neo4j.kernel.lifecycle.LifeSupport;
 import org.neo4j.kernel.lifecycle.LifecycleStatus;
-import org.neo4j.logging.Log;
 import org.neo4j.logging.LogProvider;
 import org.neo4j.storageengine.api.StorageEngine;
 import org.neo4j.time.Clocks;

enterprise/kernel/src/main/java/org/neo4j/kernel/enterprise/api/security/EnterpriseAuthSubject.java

@@ -30,4 +30,18 @@ public interface EnterpriseAuthSubject extends AuthSubject
      * Enterprise has the concept of users being admins.
      */
     boolean isAdmin();
+
+    static EnterpriseAuthSubject castOrFail( AuthSubject authSubject )
+    {
+        return castOrFail( EnterpriseAuthSubject.class, authSubject );
+    }
+
+    static <T extends EnterpriseAuthSubject> T castOrFail( Class<T> clazz, AuthSubject authSubject )
+    {
+        if ( !(clazz.isInstance( authSubject )) )
+        {
+            throw new IllegalArgumentException( "Incorrect AuthSubject type " + authSubject.getClass().getTypeName() );
+        }
+        return clazz.cast( authSubject );
+    }
 }