Database Reference
In-Depth Information
Fine-grained authorization
Security requirements may vary from organization to organization and to make it more
complex, there are instances where the country laws, local authorities, or various govern-
ment policies govern the security requirements. It is difficult (if not impossible) to provide
a single framework that meets all security requirements of various organizations. There-
fore, for all those instances where standard security measures are not enough, Neo4j
provides the flexibility to implement and inject custom security rules / policies to secure
various REST endpoints. It exposes the
org.neo4j.server.rest.security.SecurityRule
interface for implement-
ing custom security policies / rules; furthermore, it can be configured in
<$NEO4J_HOME>/conf/neo4j-server.properties
.
and Neo4j
and perform the following steps to implement and configure a custom security
rule to deny access to all HTTP REST endpoints, which creates or updates a node or rela-
tionship:
1. Open
Spring-Neo4j/pom.xml
and add the following dependency within the
<dependencies>
and
</dependencies>
tags:
<dependency>
<groupId>org.neo4j.app</groupId>
<artifactId>neo4j-server</artifactId>
<version>${neo4j.version}</version>
</dependency>
2. Create a new package
org.neo4j.custom.security.rules
and create a
new class
DenyCreateRequestSecurityRule.java
within this package.
3. Add the following source code within
DenyCreateRequestSecurityRule
:
package org.neo4j.custom.security.rules;
import javax.servlet.http.HttpServletRequest;
import org.neo4j.server.rest.security.SecurityFilter;
import org.neo4j.server.rest.security.SecurityRule;
public class DenyCreateRequestSecurityRule implements
SecurityRule{
