Merge pull request #8020 from henriknyman/3.1-fix-plugin-realm-auth-info

Fix plugin realms authentication to work with multiple realms

enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthenticationInfo.java

@@ -21,6 +21,7 @@
 
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.subject.SimplePrincipalCollection;
 import org.apache.shiro.util.ByteSource;
 
 import org.neo4j.kernel.api.security.AuthenticationResult;
@@ -51,6 +52,13 @@ public ShiroAuthenticationInfo( Object principal, String credentials, String rea
         }
     }
 
+    public ShiroAuthenticationInfo( Object principal, Object hashedCredentials, ByteSource credentialsSalt,
+            String realmName, AuthenticationResult authenticationResult )
+    {
+        super( principal, hashedCredentials, credentialsSalt, realmName );
+        this.authenticationResult = authenticationResult;
+    }
+
     public AuthenticationResult getAuthenticationResult()
     {
         return authenticationResult;

enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginAuthInfo.java

@@ -19,34 +19,41 @@
  */
 package org.neo4j.server.security.enterprise.auth.plugin;
 
-import org.apache.shiro.authc.SimpleAccount;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.Permission;
 import org.apache.shiro.crypto.hash.SimpleHash;
 import org.apache.shiro.util.ByteSource;
 
+import java.util.Collection;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.server.security.enterprise.auth.SecureHasher;
+import org.neo4j.server.security.enterprise.auth.ShiroAuthenticationInfo;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthInfo;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.CacheableAuthInfo;
 
-public class PluginAuthInfo extends SimpleAccount
+public class PluginAuthInfo extends ShiroAuthenticationInfo implements AuthorizationInfo
 {
-    public PluginAuthInfo( Object principal, Object credentials, String realmName, Set<String> roles )
+    Set<String> roles;
+
+    public PluginAuthInfo( Object principal, String realmName, Set<String> roles )
     {
-        super( principal, credentials, realmName, roles, null );
+        super( principal, null, realmName, AuthenticationResult.SUCCESS );
+        this.roles = roles;
     }
 
     public PluginAuthInfo( Object principal, Object hashedCredentials, ByteSource credentialsSalt,
             String realmName, Set<String> roles )
     {
-        super( principal, hashedCredentials, credentialsSalt, realmName );
-        setRoles( roles );
+        super( principal, hashedCredentials, credentialsSalt, realmName, AuthenticationResult.SUCCESS );
+        this.roles = roles;
     }
 
     public static PluginAuthInfo create( AuthInfo authInfo, String realmName )
     {
-        return new PluginAuthInfo( authInfo.getPrincipal(), null, realmName,
+        return new PluginAuthInfo( authInfo.getPrincipal(), realmName,
                 authInfo.getRoles().stream().collect( Collectors.toSet() ) );
     }
 
@@ -68,8 +75,26 @@ public static PluginAuthInfo createCacheable( AuthInfo authInfo, String realmNam
         }
         else
         {
-            return new PluginAuthInfo( authInfo.getPrincipal(), null, realmName,
+            return new PluginAuthInfo( authInfo.getPrincipal(), realmName,
                     authInfo.getRoles().stream().collect( Collectors.toSet() ) );
         }
     }
+
+    @Override
+    public Collection<String> getRoles()
+    {
+        return roles;
+    }
+
+    @Override
+    public Collection<String> getStringPermissions()
+    {
+        return null;
+    }
+
+    @Override
+    public Collection<Permission> getObjectPermissions()
+    {
+        return null;
+    }
 }

enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/plugin/PluginAuthenticationInfo.java

@@ -23,26 +23,28 @@
 import org.apache.shiro.crypto.hash.SimpleHash;
 import org.apache.shiro.util.ByteSource;
 
+import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.server.security.enterprise.auth.SecureHasher;
+import org.neo4j.server.security.enterprise.auth.ShiroAuthenticationInfo;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.AuthenticationInfo;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.CacheableAuthenticationInfo;
 import org.neo4j.server.security.enterprise.auth.plugin.spi.CustomCacheableAuthenticationInfo;
 
-public class PluginAuthenticationInfo extends SimpleAuthenticationInfo implements CustomCredentialsMatcherSupplier
+public class PluginAuthenticationInfo extends ShiroAuthenticationInfo implements CustomCredentialsMatcherSupplier
 {
     private CustomCacheableAuthenticationInfo.CredentialsMatcher credentialsMatcher;
 
     public PluginAuthenticationInfo( Object principal, String realmName,
             CustomCacheableAuthenticationInfo.CredentialsMatcher credentialsMatcher )
     {
-        super( principal, null, realmName );
+        super( principal, null, realmName, AuthenticationResult.SUCCESS );
         this.credentialsMatcher = credentialsMatcher;
     }
 
     public PluginAuthenticationInfo( Object principal, Object hashedCredentials, ByteSource credentialsSalt,
             String realmName )
     {
-        super( principal, hashedCredentials, credentialsSalt, realmName );
+        super( principal, hashedCredentials, credentialsSalt, realmName, AuthenticationResult.SUCCESS );
     }
 
     @Override