cancel
Showing results for 
Search instead for 
Did you mean: 

Extending Authorization for Neo4j Enterprise

mdfrenchman
Graph Voyager

Can anyone tell me if the specific principal making a connection request to the graph is available in the AuthorizationPlugin.Adapter.authorize method?

From what I can tell, It's a collection of all principals and providers. I'm not sure if that collection is for the whole server or what the context of it is.

If anyone can point me to documentation on it that'd be much appreciated.

Thanks,
Mike

2 REPLIES 2

The Collection<PrincipalAndProvider> in authorize contains the principal and the name of authentication provider that has been used e.g [(native, "mike"), (ldap, "mike")].
So if your plugin only should do authorization when the user has been authenticated through a specific authentication provider, you could check that here.
The documentation around this that I know of is at Authentication and authorization plugins - Neo4j Java Reference

Thanks Olivia! I can confirm this is what was occurring and limited the logic needed to key off the provider. Setting the auth_ttl setting in the neo4j.config made this a bit easier to figure out through testing.