From c3f6aaad4383d31f700fd30c51618362ba984791 Mon Sep 17 00:00:00 2001 From: Henrik Nyman Date: Wed, 9 Mar 2016 11:31:37 +0100 Subject: [PATCH] Extract separate interface for UserManager --- .../impl/factory/CommunityEditionModule.java | 3 +- .../security/auth/BasicAuthManager.java | 8 +++-- .../server/security/auth/UserManager.java | 36 +++++++++++++++++++ .../neo4j/server/rest/dbms/UserService.java | 16 +++++---- 4 files changed, 54 insertions(+), 9 deletions(-) create mode 100644 community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java index f419a709dadf..d3de331e4b1a 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java @@ -234,6 +234,7 @@ else if ( key.equals( "" ) ) } } + // TODO: Maybe the system should be locked down so you have to have an auth manager configured to get access at all if ( key.equals( "" ) ) { logging.getInternalLog( CommunityFacadeFactory.class ) @@ -241,7 +242,7 @@ else if ( key.equals( "" ) ) return AuthManager.NO_AUTH; } - throw new IllegalArgumentException( "No lock manager found with the name '" + key + "'." ); + throw new IllegalArgumentException( "No auth manager found with the name '" + key + "'." ); } protected TransactionHeaderInformationFactory createHeaderInformationFactory() diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java index d04d8833a77f..f679c931d643 100644 --- a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java +++ b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java @@ -26,9 +26,9 @@ import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.api.security.AuthenticationResult; +import org.neo4j.kernel.api.security.exception.IllegalCredentialsException; import org.neo4j.kernel.lifecycle.Lifecycle; import org.neo4j.server.security.auth.exception.ConcurrentModificationException; -import org.neo4j.kernel.api.security.exception.IllegalCredentialsException; /** * Manages server authentication and authorization. @@ -39,7 +39,7 @@ * so the given UserRepository should not be added to another LifeSupport. *

*/ -public class BasicAuthManager implements Lifecycle, AuthManager +public class BasicAuthManager implements Lifecycle, AuthManager, UserManager { private final AuthenticationStrategy authStrategy; private final UserRepository users; @@ -115,6 +115,7 @@ public AuthSubject login( String username, String password ) return new BasicAuthSubject( this, user, result ); } + @Override public User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException, IllegalCredentialsException { @@ -129,6 +130,7 @@ public User newUser( String username, String initialPassword, boolean requirePas return user; } + @Override public boolean deleteUser( String username ) throws IOException { assertAuthEnabled(); @@ -136,6 +138,7 @@ public boolean deleteUser( String username ) throws IOException return user != null && users.delete( user ); } + @Override public User getUser( String username ) { assertAuthEnabled(); @@ -160,6 +163,7 @@ public void setPassword( AuthSubject authSubject, String username, String passwo } } + @Override public User setUserPassword( String username, String password ) throws IOException { assertAuthEnabled(); diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java new file mode 100644 index 000000000000..28c1980ffdde --- /dev/null +++ b/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java @@ -0,0 +1,36 @@ +/* + * Copyright (c) 2002-2016 "Neo Technology," + * Network Engine for Objects in Lund AB [http://neotechnology.com] + * + * This file is part of Neo4j. + * + * Neo4j is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +package org.neo4j.server.security.auth; + +import java.io.IOException; + +import org.neo4j.kernel.api.security.exception.IllegalCredentialsException; + +public interface UserManager +{ + User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException, + IllegalCredentialsException; + + boolean deleteUser( String username ) throws IOException; + + User getUser( String username ); + + User setUserPassword( String username, String password ) throws IOException; +} diff --git a/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java b/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java index ffa0c77ef493..347cf9f08b58 100644 --- a/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java +++ b/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java @@ -38,8 +38,8 @@ import org.neo4j.server.rest.repr.InputFormat; import org.neo4j.server.rest.repr.OutputFormat; import org.neo4j.server.rest.transactional.error.Neo4jError; -import org.neo4j.server.security.auth.BasicAuthManager; import org.neo4j.server.security.auth.User; +import org.neo4j.server.security.auth.UserManager; import static javax.ws.rs.core.Response.Status.BAD_REQUEST; import static org.neo4j.server.rest.web.CustomStatusType.UNPROCESSABLE; @@ -49,13 +49,17 @@ public class UserService { public static final String PASSWORD = "password"; - private final BasicAuthManager authManager; + private final UserManager userManager; private final InputFormat input; private final OutputFormat output; public UserService( @Context AuthManager authManager, @Context InputFormat input, @Context OutputFormat output ) { - this.authManager = (BasicAuthManager) authManager; // TODO: Figure out how to satisfy this dependency in a more reliable way without cluttering the kernel SPI + if ( !(authManager instanceof UserManager) ) + { + new IllegalArgumentException( "The provided auth manager is not capable of user management" ); + } + this.userManager = (UserManager) authManager; this.input = input; this.output = output; } @@ -70,7 +74,7 @@ public Response getUser( @PathParam("username") String username, @Context HttpSe return output.notFound(); } - final User currentUser = authManager.getUser( username ); + final User currentUser = userManager.getUser( username ); if ( currentUser == null ) { return output.notFound(); @@ -116,7 +120,7 @@ public Response setPassword( @PathParam("username") String username, @Context Ht new Neo4jError( Status.Request.Invalid, "Password cannot be empty." ) ) ); } - final User currentUser = authManager.getUser( username ); + final User currentUser = userManager.getUser( username ); if (currentUser == null) { return output.notFound(); @@ -130,7 +134,7 @@ public Response setPassword( @PathParam("username") String username, @Context Ht try { - if ( authManager.setUserPassword( username, newPassword ) == null ) + if ( userManager.setUserPassword( username, newPassword ) == null ) { return output.notFound(); }