From c3f6aaad4383d31f700fd30c51618362ba984791 Mon Sep 17 00:00:00 2001
From: Henrik Nyman
Date: Wed, 9 Mar 2016 11:31:37 +0100
Subject: [PATCH] Extract separate interface for UserManager
---
.../impl/factory/CommunityEditionModule.java | 3 +-
.../security/auth/BasicAuthManager.java | 8 +++--
.../server/security/auth/UserManager.java | 36 +++++++++++++++++++
.../neo4j/server/rest/dbms/UserService.java | 16 +++++----
4 files changed, 54 insertions(+), 9 deletions(-)
create mode 100644 community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java
diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java
index f419a709dadf..d3de331e4b1a 100644
--- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java
+++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/CommunityEditionModule.java
@@ -234,6 +234,7 @@ else if ( key.equals( "" ) )
}
}
+ // TODO: Maybe the system should be locked down so you have to have an auth manager configured to get access at all
if ( key.equals( "" ) )
{
logging.getInternalLog( CommunityFacadeFactory.class )
@@ -241,7 +242,7 @@ else if ( key.equals( "" ) )
return AuthManager.NO_AUTH;
}
- throw new IllegalArgumentException( "No lock manager found with the name '" + key + "'." );
+ throw new IllegalArgumentException( "No auth manager found with the name '" + key + "'." );
}
protected TransactionHeaderInformationFactory createHeaderInformationFactory()
diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java
index d04d8833a77f..f679c931d643 100644
--- a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java
+++ b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthManager.java
@@ -26,9 +26,9 @@
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.kernel.api.security.AuthSubject;
import org.neo4j.kernel.api.security.AuthenticationResult;
+import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
import org.neo4j.kernel.lifecycle.Lifecycle;
import org.neo4j.server.security.auth.exception.ConcurrentModificationException;
-import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
/**
* Manages server authentication and authorization.
@@ -39,7 +39,7 @@
* so the given UserRepository should not be added to another LifeSupport.
*
*/
-public class BasicAuthManager implements Lifecycle, AuthManager
+public class BasicAuthManager implements Lifecycle, AuthManager, UserManager
{
private final AuthenticationStrategy authStrategy;
private final UserRepository users;
@@ -115,6 +115,7 @@ public AuthSubject login( String username, String password )
return new BasicAuthSubject( this, user, result );
}
+ @Override
public User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException,
IllegalCredentialsException
{
@@ -129,6 +130,7 @@ public User newUser( String username, String initialPassword, boolean requirePas
return user;
}
+ @Override
public boolean deleteUser( String username ) throws IOException
{
assertAuthEnabled();
@@ -136,6 +138,7 @@ public boolean deleteUser( String username ) throws IOException
return user != null && users.delete( user );
}
+ @Override
public User getUser( String username )
{
assertAuthEnabled();
@@ -160,6 +163,7 @@ public void setPassword( AuthSubject authSubject, String username, String passwo
}
}
+ @Override
public User setUserPassword( String username, String password ) throws IOException
{
assertAuthEnabled();
diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java b/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java
new file mode 100644
index 000000000000..28c1980ffdde
--- /dev/null
+++ b/community/security/src/main/java/org/neo4j/server/security/auth/UserManager.java
@@ -0,0 +1,36 @@
+/*
+ * Copyright (c) 2002-2016 "Neo Technology,"
+ * Network Engine for Objects in Lund AB [http://neotechnology.com]
+ *
+ * This file is part of Neo4j.
+ *
+ * Neo4j is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see .
+ */
+package org.neo4j.server.security.auth;
+
+import java.io.IOException;
+
+import org.neo4j.kernel.api.security.exception.IllegalCredentialsException;
+
+public interface UserManager
+{
+ User newUser( String username, String initialPassword, boolean requirePasswordChange ) throws IOException,
+ IllegalCredentialsException;
+
+ boolean deleteUser( String username ) throws IOException;
+
+ User getUser( String username );
+
+ User setUserPassword( String username, String password ) throws IOException;
+}
diff --git a/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java b/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java
index ffa0c77ef493..347cf9f08b58 100644
--- a/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java
+++ b/community/server/src/main/java/org/neo4j/server/rest/dbms/UserService.java
@@ -38,8 +38,8 @@
import org.neo4j.server.rest.repr.InputFormat;
import org.neo4j.server.rest.repr.OutputFormat;
import org.neo4j.server.rest.transactional.error.Neo4jError;
-import org.neo4j.server.security.auth.BasicAuthManager;
import org.neo4j.server.security.auth.User;
+import org.neo4j.server.security.auth.UserManager;
import static javax.ws.rs.core.Response.Status.BAD_REQUEST;
import static org.neo4j.server.rest.web.CustomStatusType.UNPROCESSABLE;
@@ -49,13 +49,17 @@ public class UserService
{
public static final String PASSWORD = "password";
- private final BasicAuthManager authManager;
+ private final UserManager userManager;
private final InputFormat input;
private final OutputFormat output;
public UserService( @Context AuthManager authManager, @Context InputFormat input, @Context OutputFormat output )
{
- this.authManager = (BasicAuthManager) authManager; // TODO: Figure out how to satisfy this dependency in a more reliable way without cluttering the kernel SPI
+ if ( !(authManager instanceof UserManager) )
+ {
+ new IllegalArgumentException( "The provided auth manager is not capable of user management" );
+ }
+ this.userManager = (UserManager) authManager;
this.input = input;
this.output = output;
}
@@ -70,7 +74,7 @@ public Response getUser( @PathParam("username") String username, @Context HttpSe
return output.notFound();
}
- final User currentUser = authManager.getUser( username );
+ final User currentUser = userManager.getUser( username );
if ( currentUser == null )
{
return output.notFound();
@@ -116,7 +120,7 @@ public Response setPassword( @PathParam("username") String username, @Context Ht
new Neo4jError( Status.Request.Invalid, "Password cannot be empty." ) ) );
}
- final User currentUser = authManager.getUser( username );
+ final User currentUser = userManager.getUser( username );
if (currentUser == null)
{
return output.notFound();
@@ -130,7 +134,7 @@ public Response setPassword( @PathParam("username") String username, @Context Ht
try
{
- if ( authManager.setUserPassword( username, newPassword ) == null )
+ if ( userManager.setUserPassword( username, newPassword ) == null )
{
return output.notFound();
}