Refactor of createAuthManager and clarification in Neo4jWithSocket

neo4j · Sep 13, 2016 · f718bd9 · f718bd9
1 parent 23fc812
commit f718bd9
Show file tree

Hide file tree

Showing 17 changed files with 83 additions and 83 deletions.
diff --git a/community/bolt/src/test/java/org/neo4j/bolt/v1/transport/integration/Neo4jWithSocket.java b/community/bolt/src/test/java/org/neo4j/bolt/v1/transport/integration/Neo4jWithSocket.java
@@ -28,12 +28,14 @@
 import java.nio.file.Path;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Optional;
 import java.util.function.Consumer;
 import java.util.function.Supplier;
 
 import org.neo4j.bolt.BoltKernelExtension;
 import org.neo4j.graphdb.GraphDatabaseService;
 import org.neo4j.graphdb.config.Setting;
+import org.neo4j.graphdb.mockfs.EphemeralFileSystemAbstraction;
 import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.test.TestGraphDatabaseFactory;
 
@@ -49,17 +51,17 @@ public class Neo4jWithSocket implements TestRule
 
     public Neo4jWithSocket()
     {
-        this( new TestGraphDatabaseFactory(), () -> null, settings -> {} );
+        this( new TestGraphDatabaseFactory(), EphemeralFileSystemAbstraction::new, settings -> {} );
     }
 
     public Neo4jWithSocket( Consumer<Map<Setting<?>, String>> configure )
     {
-        this( new TestGraphDatabaseFactory(), () -> null, configure );
+        this( new TestGraphDatabaseFactory(), EphemeralFileSystemAbstraction::new, configure );
     }
 
     public Neo4jWithSocket( TestGraphDatabaseFactory graphDatabaseFactory, Consumer<Map<Setting<?>, String>> configure )
     {
-        this( graphDatabaseFactory, () -> null, configure );
+        this( graphDatabaseFactory, EphemeralFileSystemAbstraction::new, configure );
     }
 
     public Neo4jWithSocket( TestGraphDatabaseFactory graphDatabaseFactory,

diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java
@@ -19,11 +19,15 @@
  */
 package org.neo4j.kernel.impl.factory;
 
-import java.io.IOException;
+import java.util.List;
+import java.util.ArrayList;
+import java.util.Optional;
+import java.util.stream.StreamSupport;
 
 import org.neo4j.graphdb.DependencyResolver;
 import org.neo4j.graphdb.factory.GraphDatabaseSettings;
 import org.neo4j.helpers.Service;
+import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.io.pagecache.IOLimiter;
 import org.neo4j.kernel.NeoStoreDataSource;
 import org.neo4j.kernel.api.bolt.BoltConnectionTracker;
@@ -48,6 +52,7 @@
 import org.neo4j.kernel.impl.store.id.IdReuseEligibility;
 import org.neo4j.kernel.impl.store.id.configuration.IdTypeConfigurationProvider;
 import org.neo4j.kernel.impl.transaction.TransactionHeaderInformationFactory;
+import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.kernel.info.DiagnosticsManager;
 import org.neo4j.kernel.internal.KernelDiagnostics;
 import org.neo4j.logging.Log;
@@ -126,37 +131,60 @@ public AuthManager createAuthManager( Config config, LogService logging,
             return AuthManager.NO_AUTH;
         }
 
-        String key = config.get( GraphDatabaseSettings.auth_manager );
+        String configuredKey = config.get( GraphDatabaseSettings.auth_manager );
+        List<AuthManager.Factory> wantedAuthManagerFactories = new ArrayList<>();
+        List<AuthManager.Factory> backupAuthManagerFactories = new ArrayList<>();
 
         for ( AuthManager.Factory candidate : Service.load( AuthManager.Factory.class ) )
         {
-            String candidateId = candidate.getKeys().iterator().next();
+            if ( StreamSupport.stream( candidate.getKeys().spliterator(), false ).anyMatch( configuredKey::equals ) )
+            {
+                wantedAuthManagerFactories.add( candidate );
+            }
+            else
+            {
+                backupAuthManagerFactories.add( candidate );
+            }
+        }
+
+        AuthManager authManager = tryMakeInOrder( config, logging, fileSystem, jobScheduler, wantedAuthManagerFactories );
+
+        if ( authManager == null )
+        {
+            authManager = tryMakeInOrder( config, logging, fileSystem, jobScheduler, backupAuthManagerFactories );
+        }
+
+        if ( authManager == null )
+        {
+            logging.getUserLog( GraphDatabaseFacadeFactory.class )
+                    .error( "No auth manager implementation specified and no default could be loaded. " +
+                            "It is an illegal product configuration to have auth enabled and not provide an " +
+                            "auth manager service." );
+            throw new IllegalArgumentException(
+                    "Auth enabled but no auth manager found. This is an illegal product configuration." );
+        }
+
+        return authManager;
+    }
+
+    private AuthManager tryMakeInOrder( Config config, LogService logging, FileSystemAbstraction fileSystem,
+            JobScheduler jobScheduler, List<AuthManager.Factory> authManagerFactories  )
+    {
+        for ( AuthManager.Factory x : authManagerFactories )
+        {
             try
             {
-                return candidate.newInstance( config, logging.getUserLogProvider(),
-                        authManagerLog(), fileSystem, jobScheduler );
+                return x.newInstance( config, logging.getUserLogProvider(), authManagerLog(),
+                        fileSystem, jobScheduler );
             }
-            catch ( Exception e1 )
+            catch ( Exception e )
             {
                 logging.getInternalLog( GraphDatabaseFacadeFactory.class )
-                        .info( "No auth manager implementation specified, defaulting to '" + candidateId + "'" );
-                try
-                {
-                    return candidate.newInstance( config, logging.getUserLogProvider(), authManagerLog(), fileSystem,
-                            jobScheduler );
-                }
-                catch ( Exception e2 )
-                {
-                    logging.getUserLog( GraphDatabaseFacadeFactory.class )
-                            .error( "No auth manager implementation specified and no default could be loaded. " +
-                                    "It is an illegal product configuration to have auth enabled and not provide an " +
-                                    "auth manager service." );
-                    throw new IllegalArgumentException( "Auth enabled but no auth manager found. This is an illegal product configuration." );
-                }
+                        .warn( "Attempted to load configured auth manager with keys '%s', but failed",
+                                String.join( ", ", x.getKeys() ), e );
             }
         }
-
-        throw new IllegalArgumentException( "No auth manager factory detected!." );
+        return null;
     }
 
     protected void registerProceduresFromProvider( String key, Procedures procedures ) throws KernelException

diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthSubject.java b/community/security/src/main/java/org/neo4j/server/security/auth/BasicAuthSubject.java
@@ -27,7 +27,9 @@
 import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
 
-import static org.neo4j.kernel.api.security.AuthenticationResult.*;
+import static org.neo4j.kernel.api.security.AuthenticationResult.FAILURE;
+import static org.neo4j.kernel.api.security.AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
+import static org.neo4j.kernel.api.security.AuthenticationResult.SUCCESS;
 
 public class BasicAuthSubject implements AuthSubject
 {

diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/Credential.java b/community/security/src/main/java/org/neo4j/server/security/auth/Credential.java
@@ -24,8 +24,8 @@
 import java.util.Arrays;
 import java.util.concurrent.ThreadLocalRandom;
 
-import org.neo4j.string.UTF8;
 import org.neo4j.string.HexString;
+import org.neo4j.string.UTF8;
 
 public class Credential
 {

diff --git a/community/security/src/main/java/org/neo4j/server/security/auth/UserSerialization.java b/community/security/src/main/java/org/neo4j/server/security/auth/UserSerialization.java
@@ -19,7 +19,6 @@
  */
 package org.neo4j.server.security.auth;
 
-import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.server.security.auth.exception.FormatException;
 import org.neo4j.string.HexString;
 

diff --git a/community/security/src/test/java/org/neo4j/server/security/auth/FileUserRepositoryTest.java b/community/security/src/test/java/org/neo4j/server/security/auth/FileUserRepositoryTest.java
@@ -37,17 +37,6 @@
 import org.neo4j.graphdb.mockfs.DelegatingFileSystemAbstraction;
 import org.neo4j.io.fs.DelegateFileSystemAbstraction;
 import org.neo4j.io.fs.FileSystemAbstraction;
-import com.google.common.jimfs.Configuration;
-import com.google.common.jimfs.Jimfs;
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.ExpectedException;
-import org.junit.runner.RunWith;
-import org.junit.runners.Parameterized;
-import org.junit.runners.Parameterized.Parameters;
-
-import org.neo4j.io.fs.DelegatingFileSystem;
-import org.neo4j.io.fs.DelegatingFileSystemProvider;
 import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
 import org.neo4j.logging.AssertableLogProvider;
 import org.neo4j.logging.LogProvider;
@@ -62,7 +51,6 @@
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.fail;
-
 import static org.neo4j.test.assertion.Assert.assertException;
 
 @RunWith(Parameterized.class)

diff --git a/...urity/src/main/java/org/neo4j/server/security/enterprise/auth/AbstractRoleRepository.java b/...urity/src/main/java/org/neo4j/server/security/enterprise/auth/AbstractRoleRepository.java
@@ -283,12 +283,4 @@ protected void removeFromUserMap( RoleRecord role )
             }
         }
     }
-
-    protected void assertValidRoleName( String roleName )
-    {
-        if ( !isValidRoleName( roleName ) )
-        {
-            throw new IllegalArgumentException( "'" + roleName + "' is not a valid role name." );
-        }
-    }
 }
diff --git a/...src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java b/...src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java
@@ -21,7 +21,6 @@
 
 import com.github.benmanes.caffeine.cache.Ticker;
 import org.apache.shiro.realm.Realm;
-import org.slf4j.impl.StaticLoggerBinder;
 
 import java.io.File;
 import java.util.ArrayList;
@@ -32,9 +31,9 @@
 import org.neo4j.io.fs.FileSystemAbstraction;
 import org.neo4j.kernel.api.security.AuthManager;
 import org.neo4j.kernel.configuration.Config;
-import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.kernel.impl.enterprise.SecurityLog;
 import org.neo4j.kernel.impl.enterprise.configuration.EnterpriseEditionSettings;
+import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.logging.Log;
 import org.neo4j.logging.LogProvider;
 import org.neo4j.server.security.auth.AuthenticationStrategy;

diff --git a/...curity/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java b/...curity/src/main/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealm.java
@@ -53,7 +53,6 @@
 import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
 import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
 import org.neo4j.kernel.impl.util.JobScheduler;
-import org.neo4j.logging.Log;
 import org.neo4j.server.security.auth.AuthenticationStrategy;
 import org.neo4j.server.security.auth.Credential;
 import org.neo4j.server.security.auth.ListSnapshot;

diff --git a/...rise/security/src/main/java/org/neo4j/server/security/enterprise/auth/RoleRepository.java b/...rise/security/src/main/java/org/neo4j/server/security/enterprise/auth/RoleRepository.java
@@ -19,9 +19,8 @@
  */
 package org.neo4j.server.security.enterprise.auth;
 
-import java.util.List;
-
 import java.io.IOException;
+import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
 

diff --git a/...se/security/src/main/java/org/neo4j/server/security/enterprise/auth/SecuritySettings.java b/...se/security/src/main/java/org/neo4j/server/security/enterprise/auth/SecuritySettings.java
@@ -19,23 +19,17 @@
  */
 package org.neo4j.server.security.enterprise.auth;
 
-import java.io.File;
 import java.util.List;
 
 import org.neo4j.graphdb.config.Setting;
 import org.neo4j.graphdb.factory.Description;
-import org.neo4j.graphdb.factory.GraphDatabaseSettings;
-import org.neo4j.helpers.HostnamePort;
 
 import static org.neo4j.kernel.configuration.Settings.BOOLEAN;
 import static org.neo4j.kernel.configuration.Settings.DURATION;
-import static org.neo4j.kernel.configuration.Settings.HOSTNAME_PORT;
 import static org.neo4j.kernel.configuration.Settings.INTEGER;
 import static org.neo4j.kernel.configuration.Settings.NO_DEFAULT;
-import static org.neo4j.kernel.configuration.Settings.PATH;
 import static org.neo4j.kernel.configuration.Settings.STRING;
 import static org.neo4j.kernel.configuration.Settings.STRING_LIST;
-import static org.neo4j.kernel.configuration.Settings.derivedSetting;
 import static org.neo4j.kernel.configuration.Settings.setting;
 
 /**

diff --git a/...rity/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthenticationInfo.java b/...rity/src/main/java/org/neo4j/server/security/enterprise/auth/ShiroAuthenticationInfo.java
@@ -23,7 +23,11 @@
 import org.apache.shiro.authc.SimpleAuthenticationInfo;
 
 import org.neo4j.kernel.api.security.AuthenticationResult;
-import static org.neo4j.kernel.api.security.AuthenticationResult.*;
+
+import static org.neo4j.kernel.api.security.AuthenticationResult.FAILURE;
+import static org.neo4j.kernel.api.security.AuthenticationResult.PASSWORD_CHANGE_REQUIRED;
+import static org.neo4j.kernel.api.security.AuthenticationResult.SUCCESS;
+import static org.neo4j.kernel.api.security.AuthenticationResult.TOO_MANY_ATTEMPTS;
 
 public class ShiroAuthenticationInfo extends SimpleAuthenticationInfo
 {

diff --git a/...ty/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresLoggingTest.java b/...ty/src/test/java/org/neo4j/server/security/enterprise/auth/AuthProceduresLoggingTest.java
@@ -31,6 +31,7 @@
 import org.neo4j.kernel.api.security.AuthSubject;
 import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
 import org.neo4j.kernel.impl.enterprise.SecurityLog;
+import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.kernel.internal.GraphDatabaseAPI;
 import org.neo4j.logging.AssertableLogProvider;
 import org.neo4j.server.security.auth.AuthenticationStrategy;
@@ -67,10 +68,12 @@ public void setUp() throws Throwable
 
     private EnterpriseUserManager getUserManager() throws Throwable
     {
-        InternalFlatFileRealm realm = new InternalFlatFileRealm( new InMemoryUserRepository(),
-                new InMemoryRoleRepository(),
-                new BasicPasswordPolicy(),
-                mock( AuthenticationStrategy.class ) );
+        InternalFlatFileRealm realm = new InternalFlatFileRealm(
+                                            new InMemoryUserRepository(),
+                                            new InMemoryRoleRepository(),
+                                            new BasicPasswordPolicy(),
+                                            mock( AuthenticationStrategy.class ),
+                                            mock( JobScheduler.class ) );
         realm.start(); // creates default user and roles
         return realm;
     }

diff --git a/...ise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java b/...ise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java
@@ -74,21 +74,21 @@ public class BoltInteraction implements NeoInteractionLevel<BoltInteraction.Bolt
     protected final Factory<TransportConnection> connectionFactory = SocketConnection::new;
     private final Neo4jWithSocket server;
     private Map<String,BoltSubject> subjects = new HashMap<>();
-    private FileSystemAbstraction fileSystem;
+    private EphemeralFileSystemAbstraction fileSystem;
     EnterpriseAuthManager authManager;
 
     BoltInteraction( Map<Setting<?>, String> config ) throws IOException
     {
         TestEnterpriseGraphDatabaseFactory factory = new TestEnterpriseGraphDatabaseFactory();
-        factory.setFileSystem( new EphemeralFileSystemAbstraction() );
-        this.server = new Neo4jWithSocket(
+        fileSystem = new EphemeralFileSystemAbstraction();
+        server = new Neo4jWithSocket(
                 factory,
+                () -> fileSystem,
                 settings -> {
                     settings.put( GraphDatabaseSettings.auth_enabled, "true" );
                     settings.putAll( config );
                 } );
         server.restartDatabase( r -> {} );
-        this.fileSystem = factory.getFileSystem();
         GraphDatabaseFacade db = (GraphDatabaseFacade) server.graphDatabaseService();
         authManager = db.getDependencyResolver().resolveDependency( EnterpriseAuthManager.class );
     }
@@ -190,6 +190,7 @@ public void tearDown() throws Throwable
         }
         subjects.clear();
         server.graphDatabaseService().shutdown();
+        fileSystem.shutdown();
     }
 
     @Override

diff --git a/...ty/src/test/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmTest.java b/...ty/src/test/java/org/neo4j/server/security/enterprise/auth/InternalFlatFileRealmTest.java
@@ -29,21 +29,14 @@
 import org.junit.Before;
 import org.junit.Test;
 
-import java.io.IOException;
 import java.time.Clock;
 import java.util.List;
 
-import org.neo4j.kernel.api.security.exception.InvalidArgumentsException;
-import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
-import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthSubject;
-import org.neo4j.kernel.impl.enterprise.SecurityLog;
-import org.neo4j.kernel.impl.util.JobScheduler;
-import org.neo4j.logging.AssertableLogProvider;
-import org.neo4j.logging.Log;
 import org.neo4j.kernel.api.security.AuthenticationResult;
 import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException;
 import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthSubject;
 import org.neo4j.kernel.impl.enterprise.SecurityLog;
+import org.neo4j.kernel.impl.util.JobScheduler;
 import org.neo4j.server.security.auth.AuthenticationStrategy;
 import org.neo4j.server.security.auth.BasicPasswordPolicy;
 import org.neo4j.server.security.auth.InMemoryUserRepository;
@@ -55,11 +48,8 @@
 import static org.hamcrest.Matchers.is;
 import static org.junit.Assert.assertThat;
 import static org.mockito.Mockito.mock;
-import static org.neo4j.logging.AssertableLogProvider.inLog;
 import static org.neo4j.server.security.auth.SecurityTestUtils.authToken;
 import static org.neo4j.server.security.enterprise.auth.AuthTestUtil.listOf;
-import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.ARCHITECT;
-import static org.neo4j.server.security.enterprise.auth.PredefinedRolesBuilder.READER;
 
 public class InternalFlatFileRealmTest
 {
@@ -131,7 +121,6 @@ public TestRealm( UserRepository userRepository, RoleRepository roleRepository,
             super( userRepository, roleRepository, passwordPolicy, authenticationStrategy, jobScheduler );
         }
 
-
         boolean takeAuthenticationFlag()
         {
             boolean t = authenticationFlag;

diff --git a/.../security/src/test/java/org/neo4j/server/security/enterprise/auth/ShiroAuthTokenTest.java b/.../security/src/test/java/org/neo4j/server/security/enterprise/auth/ShiroAuthTokenTest.java
@@ -28,8 +28,6 @@
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.equalTo;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
 import static org.neo4j.helpers.collection.MapUtil.map;
 
 public class ShiroAuthTokenTest