• Home
• org.neo4j.app
• neo4j-server
• 5.25.1
• source code
• AuthorizationModule.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.neo4j.server.modules.AuthorizationModule Maven / Gradle / Ivy

/*
 * Copyright (c) "Neo4j"
 * Neo4j Sweden AB [https://neo4j.com]
 *
 * This file is part of Neo4j.
 *
 * Neo4j is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see .
 */
package org.neo4j.server.modules;

import java.util.List;
import java.util.function.Supplier;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import org.neo4j.configuration.Config;
import org.neo4j.configuration.GraphDatabaseSettings;
import org.neo4j.kernel.api.security.AuthManager;
import org.neo4j.logging.InternalLogProvider;
import org.neo4j.server.rest.dbms.AuthorizationDisabledFilter;
import org.neo4j.server.rest.dbms.AuthorizationEnabledFilter;
import org.neo4j.server.web.WebServer;

/**
 * The authorization module applies a {@link org.neo4j.server.rest.dbms.AuthorizationFilter AuthorizationFilter} to all paths except those configured in {@link
 * org.neo4j.server.configuration.ServerSettings#http_auth_allowlist ServerSettings#http_auth_allowlist}.
 * 

 * It must be enabled as soon as any other module is enabled.
 */
public class AuthorizationModule implements ServerModule {
    private final WebServer webServer;
    private final Config config;
    private final Supplier authManagerSupplier;
    private final InternalLogProvider logProvider;
    private final List uriWhitelist;

    public AuthorizationModule(
            WebServer webServer,
            Supplier authManager,
            InternalLogProvider logProvider,
            Config config,
            List uriWhitelist) {
        this.webServer = webServer;
        this.config = config;
        this.authManagerSupplier = authManager;
        this.logProvider = logProvider;
        this.uriWhitelist = uriWhitelist;
    }

    @Override
    public void start() {
        final Filter authorizationFilter;

        if (config.get(GraphDatabaseSettings.auth_enabled)) {
            authorizationFilter = new AuthorizationEnabledFilter(authManagerSupplier, logProvider, uriWhitelist);
        } else {
            authorizationFilter = createAuthorizationDisabledFilter();
        }

        webServer.addFilter(authorizationFilter, "/*");
    }

    @Override
    public void stop() {}

    protected AuthorizationDisabledFilter createAuthorizationDisabledFilter() {
        return new AuthorizationDisabledFilter();
    }
}