CODEWITHSUNDEEP
javarestneo4j
Tom
Tom

Reputation: 47

Authenticate to access the server with Java Neo4j Rest Api

I'm starting to use the Neo4j Rest Api but when I try to connect the server I get the following error :

{
  "errors" : [ {
    "code" : "Neo.ClientError.Security.AuthorizationFailed",
    "message" : "No authorization header supplied."
  } ]
}

This error seems to be normal because I am not authenticating to the server when I use my requests. In the Neo4j 2.2.2 manual (http://neo4j.com/docs/stable/rest-api-security.html) I've read I'm getting this error because :

Requests should include an Authorization header, with a value of Basic , where "payload" is a base64 encoded string of "username:password". Example request GET http://localhost:7474/user/neo4j Accept: application/json; charset=UTF-8 Authorization: Basic bmVvNGo6c2VjcmV0

But I can't get rid of this error because I don't know how to include the header in my requests ! Here is an example of a request in my code :

WebResource resource = Client.create().resource( nodeEntryPointUri );   
ClientResponse response = resource.accept( MediaType.APPLICATION_JSON )
                .type( MediaType.APPLICATION_JSON )
                .entity( "{\"data\" : \"nex\"}" )
                .post( ClientResponse.class );      
response.close();

So if anyone can help me to authenticate to the server with my requests, that could be really helpful !

Thanks

Upvotes: 2

Views: 1122

Answers (2)

manonthemat
manonthemat

Reputation: 6251

An alternative approach is to disable the authentication altogether. To do that, open the conf/neo4j-server.properties file and set dbms.security.auth_enabled to false. Restart the server and you don't need to authenticate.

Now I'm not saying you should give anybody access to the Neo4j server. That'd be a bad idea. But what you can do is make the server only listen to the local network and/or restrict access to the machine running the database via (hardware) firewall. Another level of security would be to use neo4j inside a docker container that links up to your application.

Authentication is a new feature and has only been included in version 2.2 in a simple form, because many people requested it. The companies I know of that work with Neo4j in production don't rely on the authentication feature of Neo4j, but instead turn it off (too much overhead) and rely on methods briefly described above.

In the end, only the application servers should have access to Neo4j.

Upvotes: 1

Stefan Armbruster
Stefan Armbruster

Reputation: 39915

In Jersey 1.x you can supply your client instance with a filter dealing with authentication:

Client client = Client.create()
client.addFilter(new HTTPBasicAuthFilter("neo4j","<mypwd>")); // <-- that's it!
WebResource resource = client.resource(
    "http://localhost:7474/db/data/transaction/commit"
);

ClientResponse response = resource.accept( MediaType.APPLICATION_JSON )
   .type( MediaType.APPLICATION_JSON )
   .post( ClientResponse.class, someStringContainingJsonPayload);

Upvotes: 5

Related Questions