Authentication, authorization on stand alone enterprise version.
82 views
Skip to first unread message
@gokool
unread,
Apr 25, 2012, 11:37:23 PM4/25/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Neo4j
We have a deployment of the enterprise version of Neo4J as a stand
alone server. We are building a Javascript application through which
users would see the graph data according to some business use-cases
(not as nodes and edges but as business entities and their
relationships). However, if a user wants to, they could locate the URL
of the Neo4J server and hence gain access to the whole data through
either the Cypher api or the REST API. We want to be able to limit
that.
Is there a way to authenticate access to the Cypher/REST APIs through
configuration. Is there a way Neo4J admin module lets one do this.
Also, is there a way to authorize users by profile at the graph layer.
i.e. I should be able to say, let user of profile "X" access the nodes
with property "P1" and users of profile "Y" access the nodes with
property "P2".
@gokool
Jim Webber
unread,
Apr 26, 2012, 12:58:02 AM4/26/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ne...@googlegroups.com
Hello,
The Neo4j admin module doesn't directly support this. What you'd use in this case is an authentication rule (code) that you plug into the server. If you take a look at this:
Check out section 25.1.4. That's where you can see how to customise the security surface of Neo4j to support arbitrary authorisation.
Jim
@gokool
unread,
Apr 26, 2012, 1:44:13 AM4/26/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to Neo4j
Thanks Jim. This is helpful.
So I am guessing that once I modify the code, the way I would
integrate this to my deployment would be to compile the jar again and
overwrite that jar file on the server.
Peter Neubauer
unread,
Apr 26, 2012, 1:47:58 AM4/26/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ne...@googlegroups.com
Or,
You build your own jar against the apis, and add put it into the plugins folder. Then it is picked up and you just have to adjust the server configuration.
Michael Hunger
unread,
Apr 26, 2012, 4:10:23 AM4/26/12
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message