Skip to content

Commit

Permalink
Base framework for specifying realms in AuthToken
Browse files Browse the repository at this point in the history
  • Loading branch information
@craigtaverner
craigtaverner committed Sep 8, 2016
1 parent af4bd58 commit f711efc
Show file tree
Hide file tree
Showing 4 changed files with 34 additions and 2 deletions.
3 changes: 2 additions & 1 deletion ...curity/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java
View file
Expand Up @@ -194,7 +194,8 @@ public boolean supports( AuthenticationToken token )
{
if ( token instanceof ShiroAuthToken )
{
return ((ShiroAuthToken) token).getScheme().equals( "basic" );
ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
return shiroAuthToken.getScheme().equals( "basic" ) && (shiroAuthToken.supportsRealm( "neo4j" ));
}
return false;
}
Expand Down
24 changes: 24 additions & 0 deletions enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/LdapRealm.java
View file
Expand Up @@ -60,6 +60,7 @@
import javax.naming.ldap.StartTlsResponse;

import org.neo4j.kernel.api.security.AuthenticationResult;
import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
import org.neo4j.kernel.configuration.Config;
import org.neo4j.logging.Log;
import org.neo4j.logging.LogProvider;
Expand Down Expand Up @@ -270,6 +271,29 @@ protected void clearCachedAuthorizationInfo( PrincipalCollection principals )
authorizationInfoCache.remove( username );
}

@Override
public boolean supports( AuthenticationToken token )
{
return super.supports( token ) && realmUnspecifiedOrMatched( token );
}

private boolean realmUnspecifiedOrMatched( AuthenticationToken token )
{
try
{
if ( token instanceof ShiroAuthToken )
{
ShiroAuthToken shiroAuthToken = (ShiroAuthToken) token;
return shiroAuthToken.getScheme().equals( "basic" ) && (shiroAuthToken.supportsRealm( "ldap" ));
}
return false;
}
catch ( InvalidAuthTokenException e )
{
return false;
}
}

@Override
protected AuthorizationInfo doGetAuthorizationInfo( PrincipalCollection principals )
{
Expand Down
7 changes: 7 additions & 0 deletions ...rise/security/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthToken.java
View file
Expand Up @@ -28,6 +28,7 @@

public class ShiroAuthToken implements AuthenticationToken
{
private static final String REALM_KEY = "realm";
private final Map<String,Object> authToken;

public ShiroAuthToken( Map<String,Object> authToken )
Expand Down Expand Up @@ -56,4 +57,10 @@ Map<String,Object> getAuthTokenMap()
{
return authToken;
}

/** returns true if token map does not specify a realm, or if it specifies the requested realm */
public boolean supportsRealm( String realm )
{
return !authToken.containsKey( REALM_KEY ) || authToken.get( REALM_KEY ).equals( realm );
}
}
2 changes: 1 addition & 1 deletion ...ise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java
View file
Expand Up @@ -129,7 +129,7 @@ public BoltSubject login( String username, String password ) throws Exception
}
subject.client.connect( address ).send( TransportTestUtil.acceptedVersions( 1, 0, 0, 0 ) )
.send( TransportTestUtil.chunk( InitMessage.init( "TestClient/1.1",
map( "principal", username, "credentials", password, "scheme", "basic" ) ) ) );
map( "realm", "neo4j", "principal", username, "credentials", password, "scheme", "basic" ) ) ) );
assertThat( subject.client, TransportTestUtil.eventuallyReceives( new byte[]{0, 0, 0, 1} ) );
subject.setLoginResult( TransportTestUtil.receiveOneResponseMessage( subject.client ) );
return subject;
Expand Down

0 comments on commit f711efc

Please sign in to comment.