Moved the setting and refactored.

community/kernel/src/main/java/org/neo4j/graphdb/factory/GraphDatabaseSettings.java

@@ -502,6 +502,10 @@ public enum LabelIndex
     public static final Setting<File> auth_store =
             pathSetting( "unsupported.dbms.security.auth_store.location", NO_DEFAULT );
 
+    @Description("A comma separated list of procedures that are allowed full access to the database, note that this" +
+            " will enable them to bypass security. Use with care.")
+    public static final Setting<String> procedure_unrestricted = setting( "dbms.security.procedures.unrestricted", Settings.STRING, "" );
+
     // Bolt Settings
 
     @Description("Default network interface to listen for incoming connections. " +

community/kernel/src/main/java/org/neo4j/kernel/impl/factory/GraphDatabaseFacadeFactory.java

@@ -25,7 +25,6 @@
 import java.util.function.Function;
 import java.util.function.Supplier;
 
-import org.neo4j.configuration.Description;
 import org.neo4j.configuration.LoadableConfig;
 import org.neo4j.graphdb.config.Setting;
 import org.neo4j.graphdb.security.URLAccessRule;
@@ -100,10 +99,6 @@ public static class Configuration implements LoadableConfig
         @Internal
         public static final Setting<String> editionName =
                 setting( "unsupported.dbms.edition", Settings.STRING, Edition.unknown.toString() );
-
-        @Description("A comma separated list of procedures that are allowed full access to the database, note that this" +
-                " will enable them to bypass security. Use with care.")
-        public static final Setting<String> procedure_full_access = setting( "dbms.security.procedures.full_access", Settings.STRING, "" );
     }
 
     protected final DatabaseInfo databaseInfo;

community/kernel/src/main/java/org/neo4j/kernel/impl/proc/ProcedureConfig.java

@@ -21,12 +21,13 @@
 
 import java.util.Collections;
 import java.util.List;
+import java.util.function.Function;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.kernel.configuration.Config;
-import org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.Configuration;
 
 import static java.util.Arrays.stream;
 
@@ -56,33 +57,30 @@ public ProcedureConfig( Config config )
         this.defaultValue = config.getValue( PROC_ALLOWED_SETTING_DEFAULT_NAME )
                 .map( Object::toString )
                 .orElse( "" );
-        String allowedRoles = config.getValue( PROC_ALLOWED_SETTING_ROLES ).map( Object::toString ).orElse( "" );
-        if ( allowedRoles.isEmpty() )
+        this.matchers = parseMatchers( PROC_ALLOWED_SETTING_ROLES, config, SETTING_DELIMITER, procToRoleSpec ->
         {
-            this.matchers = Collections.emptyList();
-        }
-        else
-        {
-            this.matchers = Stream.of( allowedRoles.split( SETTING_DELIMITER ) )
-                    .map( procToRoleSpec ->
-                    {
-                        String[] spec = procToRoleSpec.split( MAPPING_DELIMITER );
-                        String[] roles = stream( spec[1].split( ROLES_DELIMITER ) )
-                                .map( String::trim ).toArray( String[]::new );
-                        return new ProcMatcher( spec[0].trim(), roles );
-                    } )
-                    .collect( Collectors.toList() );
-        }
-        String fullAccessProcedures =
-                config.getValue( Configuration.procedure_full_access.name() ).map( Object::toString ).orElse( "" );
+            String[] spec = procToRoleSpec.split( MAPPING_DELIMITER );
+            String[] roles = stream( spec[1].split( ROLES_DELIMITER ) ).map( String::trim ).toArray( String[]::new );
+            return new ProcMatcher( spec[0].trim(), roles );
+        } );
+
+        this.accessPatterns =
+                parseMatchers( GraphDatabaseSettings.procedure_unrestricted.name(), config, PROCEDURE_DELIMITER,
+                        ProcedureConfig::compilePattern );
+    }
+
+    private <T> List<T> parseMatchers( String configName, Config config, String delimiter, Function<String,T>
+            matchFunc )
+    {
+        String fullAccessProcedures = config.getValue( configName ).map( Object::toString ).orElse( "" );
         if ( fullAccessProcedures.isEmpty() )
         {
-            this.accessPatterns = Collections.emptyList();
+            return Collections.emptyList();
         }
         else
         {
-            this.accessPatterns = Stream.of( fullAccessProcedures.split( PROCEDURE_DELIMITER ) )
-                    .map( ProcedureConfig::compilePattern ).collect( Collectors.toList() );
+            return Stream.of( fullAccessProcedures.split( delimiter ) ).map( matchFunc )
+                    .collect( Collectors.toList() );
         }
     }
 

community/kernel/src/test/java/org/neo4j/kernel/impl/proc/ProcedureJarLoaderTest.java

@@ -46,11 +46,11 @@
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.junit.Assert.assertThat;
+import static org.neo4j.graphdb.factory.GraphDatabaseSettings.procedure_unrestricted;
 import static org.neo4j.helpers.collection.Iterators.asList;
 import static org.neo4j.helpers.collection.MapUtil.genericMap;
 import static org.neo4j.kernel.api.proc.Neo4jTypes.NTInteger;
 import static org.neo4j.kernel.api.proc.ProcedureSignature.procedureSignature;
-import static org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.Configuration.procedure_full_access;
 
 @SuppressWarnings( "WeakerAccess" )
 public class ProcedureJarLoaderTest
@@ -371,7 +371,7 @@ private ComponentRegistry registryWithUnsafeAPI()
     private ProcedureConfig procedureConfig()
     {
         Config config = Config.defaults().with(
-                genericMap( procedure_full_access.name(), "org.neo4j.kernel.impl.proc.unsafeFullAccessProcedure" ) );
+                genericMap( procedure_unrestricted.name(), "org.neo4j.kernel.impl.proc.unsafeFullAccessProcedure" ) );
         return new ProcedureConfig( config );
     }
 }

enterprise/security/src/test/java/org/neo4j/kernel/impl/proc/ProcedureConfigTest.java

@@ -25,8 +25,8 @@
 
 import static org.hamcrest.CoreMatchers.equalTo;
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.neo4j.graphdb.factory.GraphDatabaseSettings.procedure_unrestricted;
 import static org.neo4j.helpers.collection.MapUtil.genericMap;
-import static org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.Configuration.procedure_full_access;
 import static org.neo4j.kernel.impl.proc.ProcedureConfig.PROC_ALLOWED_SETTING_DEFAULT_NAME;
 import static org.neo4j.kernel.impl.proc.ProcedureConfig.PROC_ALLOWED_SETTING_ROLES;
 
@@ -141,7 +141,7 @@ public void shouldNotAllowFullAccessDefault()
     @Test
     public void shouldAllowFullAccessForProcedures()
     {
-        Config config = Config.defaults().with( genericMap( procedure_full_access.name(),
+        Config config = Config.defaults().with( genericMap( procedure_unrestricted.name(),
                 "test.procedure.name" ) );
         ProcedureConfig procConfig = new ProcedureConfig( config );
 
@@ -152,7 +152,7 @@ public void shouldAllowFullAccessForProcedures()
     @Test
     public void shouldAllowFullAccessForSeveralProcedures()
     {
-        Config config = Config.defaults().with( genericMap( procedure_full_access.name(),
+        Config config = Config.defaults().with( genericMap( procedure_unrestricted.name(),
                 "test.procedure.name, test.procedure.otherName" ) );
         ProcedureConfig procConfig = new ProcedureConfig( config );
 
@@ -164,7 +164,7 @@ public void shouldAllowFullAccessForSeveralProcedures()
     @Test
     public void shouldAllowFullAcsessForSeveralProceduresOddNames()
     {
-        Config config = Config.defaults().with( genericMap( procedure_full_access.name(),
+        Config config = Config.defaults().with( genericMap( procedure_unrestricted.name(),
                 "test\\.procedure.name, test*rocedure.otherName" ) );
         ProcedureConfig procConfig = new ProcedureConfig( config );
 
@@ -176,7 +176,7 @@ public void shouldAllowFullAcsessForSeveralProceduresOddNames()
     @Test
     public void shouldAllowFullAccessWildcardProceduresNames()
     {
-        Config config = Config.defaults().with( genericMap( procedure_full_access.name(),
+        Config config = Config.defaults().with( genericMap( procedure_unrestricted.name(),
                 " test.procedure.*  ,     test.*.otherName" ) );
         ProcedureConfig procConfig = new ProcedureConfig( config );
 

integrationtests/src/test/java/org/neo4j/procedure/ProcedureIT.java

@@ -52,7 +52,6 @@
 import org.neo4j.graphdb.RelationshipType;
 import org.neo4j.graphdb.Result;
 import org.neo4j.graphdb.Transaction;
-import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.graphdb.security.AuthorizationViolationException;
 import org.neo4j.helpers.Exceptions;
 import org.neo4j.helpers.collection.Iterators;
@@ -75,9 +74,10 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 import static org.neo4j.graphdb.Label.label;
+import static org.neo4j.graphdb.factory.GraphDatabaseSettings.plugin_dir;
+import static org.neo4j.graphdb.factory.GraphDatabaseSettings.procedure_unrestricted;
 import static org.neo4j.helpers.collection.Iterables.asList;
 import static org.neo4j.helpers.collection.MapUtil.map;
-import static org.neo4j.kernel.impl.factory.GraphDatabaseFacadeFactory.Configuration.procedure_full_access;
 import static org.neo4j.logging.AssertableLogProvider.inLog;
 import static org.neo4j.procedure.Mode.SCHEMA;
 import static org.neo4j.procedure.Mode.WRITE;
@@ -476,8 +476,8 @@ public void shouldLogLikeThereIsNoTomorrow() throws Throwable
                 .setInternalLogProvider( logProvider )
                 .setUserLogProvider( logProvider )
                 .newImpermanentDatabaseBuilder()
-                .setConfig( GraphDatabaseSettings.plugin_dir, plugins.getRoot().getAbsolutePath() )
-                .setConfig( procedure_full_access, "org.neo4j.procedure.*" )
+                .setConfig( plugin_dir, plugins.getRoot().getAbsolutePath() )
+                .setConfig( procedure_unrestricted, "org.neo4j.procedure.*" )
                 .newGraphDatabase();
 
         // When
@@ -1137,8 +1137,8 @@ public void setUp() throws IOException
         new JarBuilder().createJarFor( plugins.newFile( "myFunctions.jar" ), ClassWithFunctions.class );
         db = new TestGraphDatabaseFactory()
                 .newImpermanentDatabaseBuilder()
-                .setConfig( GraphDatabaseSettings.plugin_dir, plugins.getRoot().getAbsolutePath() )
-                .setConfig( procedure_full_access, "org.neo4j.procedure.*" )
+                .setConfig( plugin_dir, plugins.getRoot().getAbsolutePath() )
+                .setConfig( procedure_unrestricted, "org.neo4j.procedure.*" )
                 .newGraphDatabase();
     }