Database Reference
In-Depth Information
Listing 6-3.
Implementing a Security Rule
package com.graphstory.practicalneo4j;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.neo4j.server.rest.security.SecurityFilter;
import org.neo4j.server.rest.security.SecurityRule;
public class GraphStoryIPCheck implements SecurityRule {
static Logger log = Logger.getLogger(GraphStoryIPCheck.class);
public static final String REALM = "GraphStory";
@Override
public boolean isAuthorized(HttpServletRequest request)
{
String IPs[] = { "128.0.0.1", "173.193.188.115" };
if (Arrays.asList(IPs).contains(request.getRemoteAddr())) {
System.out.println("passed");
return true;
}
else {
System.out.println("did not pass");
return false;
}
}
@Override
public String forUriPath()
{
return "/*";
}
@Override
public String
wwwAuthenticateHeader
()
{
return SecurityFilter.basicAuthenticationResponse(REALM);
}
}
In this example, the security rule is registered by adding the rules class to the neo4j-server.properties config file,
as shown in Listing 6-4. When you restart Neo4j and attempt to access Neo4jBrowser, you should notice—unless your
IP matches one of those listed—that you are unable to access the browser.
Listing 6-4.
Adding the Security Rule to neo4j-server.properties
org.neo4j.server.rest.security_rules= com.graphstory.practicalneo4j.GraphStoryIPCheck
