Extract separate interface for UserManager

neo4j · May 11, 2016 · c3f6aaa · c3f6aaa
1 parent b5d7c46
commit c3f6aaa
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 9 deletions.
diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java
@@ -234,14 +234,15 @@ else if ( key.equals( "" ) )
             }
         }
 
+        // TODO: Maybe the system should be locked down so you have to have an auth manager configured to get access at all
         if ( key.equals( "" ) )
         {
             logging.getInternalLog( CommunityFacadeFactory.class )
                     .info( "No auth manager implementation specified, defaulting to no authentication" );
             return AuthManager.NO_AUTH;
         }
 
-        throw new IllegalArgumentException( "No lock manager found with the name '" + key + "'." );
+        throw new IllegalArgumentException( "No auth manager found with the name '" + key + "'." );
     }
 
     protected TransactionHeaderInformationFactory createHeaderInformationFactory()

diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java
@@ -26,9 +26,9 @@
 import org.neo4j.kernel.api.security.AuthManager;
 import org.neo4j.kernel.api.security.AuthSubject;
 import org.neo4j.kernel.api.security.AuthenticationResult;
+import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
 import org.neo4j.kernel.lifecycle.Lifecycle;
 import org.neo4j.server.security.auth.exception.ConcurrentModificationException;
-import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
 
 /**
  * Manages server authentication and authorization.
@@ -39,7 +39,7 @@
  *       so the given UserRepository should not be added to another LifeSupport.
  * </p>
  */
-public class BasicAuthManager implements Lifecycle, AuthManager
+public class BasicAuthManager implements Lifecycle, AuthManager, UserManager
 {
     private final AuthenticationStrategy authStrategy;
     private final UserRepository users;
@@ -115,6 +115,7 @@ public AuthSubject login( String username, String password )
         return new BasicAuthSubject( this, user, result );
     }
 
+    @Override
     public User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException,
             IllegalCredentialsException
     {
@@ -129,13 +130,15 @@ public User newUser( String username, String initialPassword, boolean requirePas
         return user;
     }
 
+    @Override
     public boolean deleteUser( String username ) throws IOException
     {
         assertAuthEnabled();
         User user = users.findByName( username );
         return user != null && users.delete( user );
     }
 
+    @Override
     public User getUser( String username )
     {
         assertAuthEnabled();
@@ -160,6 +163,7 @@ public void setPassword( AuthSubject authSubject, String username, String passwo
         }
     }
 
+    @Override
     public User setUserPassword( String username, String password ) throws IOException
     {
         assertAuthEnabled();

diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2002-2016 "Neo Technology,"
+ * Network Engine for Objects in Lund AB [http://neotechnology.com]
+ *
+ * This file is part of Neo4j.
+ *
+ * Neo4j is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.neo4j.server.security.auth;
+
+import java.io.IOException;
+
+import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
+
+public interface UserManager
+{
+    User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException,
+            IllegalCredentialsException;
+
+    boolean deleteUser( String username ) throws IOException;
+
+    User getUser( String username );
+
+    User setUserPassword( String username, String password ) throws IOException;
+}
diff --git a/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java b/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java
@@ -38,8 +38,8 @@
 import org.neo4j.server.rest.repr.InputFormat;
 import org.neo4j.server.rest.repr.OutputFormat;
 import org.neo4j.server.rest.transactional.error.Neo4jError;
-import org.neo4j.server.security.auth.BasicAuthManager;
 import org.neo4j.server.security.auth.User;
+import org.neo4j.server.security.auth.UserManager;
 
 import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
 import static org.neo4j.server.rest.web.CustomStatusType.UNPROCESSABLE;
@@ -49,13 +49,17 @@ public class UserService
 {
     public static final String PASSWORD = "password";
 
-    private final BasicAuthManager authManager;
+    private final UserManager userManager;
     private final InputFormat input;
     private final OutputFormat output;
 
     public UserService( @Context AuthManager authManager, @Context InputFormat input, @Context OutputFormat output )
     {
-        this.authManager = (BasicAuthManager) authManager; // TODO: Figure out how to satisfy this dependency in a more reliable way without cluttering the kernel SPI
+        if ( !(authManager instanceof UserManager) )
+        {
+            new IllegalArgumentException( "The provided auth manager is not capable of user management" );
+        }
+        this.userManager = (UserManager) authManager;
         this.input = input;
         this.output = output;
     }
@@ -70,7 +74,7 @@ public Response getUser( @PathParam("username") String username, @Context HttpSe
             return output.notFound();
         }
 
-        final User currentUser = authManager.getUser( username );
+        final User currentUser = userManager.getUser( username );
         if ( currentUser == null )
         {
             return output.notFound();
@@ -116,7 +120,7 @@ public Response setPassword( @PathParam("username") String username, @Context Ht
                     new Neo4jError( Status.Request.Invalid, "Password cannot be empty." ) ) );
         }
 
-        final User currentUser = authManager.getUser( username );
+        final User currentUser = userManager.getUser( username );
         if (currentUser == null)
         {
             return output.notFound();
@@ -130,7 +134,7 @@ public Response setPassword( @PathParam("username") String username, @Context Ht
 
         try
         {
-            if ( authManager.setUserPassword( username, newPassword ) == null )
+            if ( userManager.setUserPassword( username, newPassword ) == null )
             {
                 return output.notFound();
             }