As far as I know, the auth plugin currently only supports HTTP BASIC authentication. But it would be interesting to expand it to allow other authentication methods, for instance by allowing pluggable authentication providers.
So if I understand your question correctly, yes, it does support authentication beyond just limiting access by IP, but it does not support authentication using keys or certificates. Out of curiosity, what is the driver behind needing key-based authentication? The combination of HTTP BASIC, strong passwords and HTTPS seems like it would supply quite strong security, no? /Jake On Wed, Sep 21, 2011 at 9:16 PM, Nuo Yan <yan....@gmail.com> wrote: > Limiting access to certain URIs or IPs is great, but ideally at this moment > I also need something like a key-based authentication so I can send a > private key in the headers from my restclient and neo4j would authenticate > and only take authenticated requests. Does the authentication extension > support key-based authentication? If not, what forms of authentication does > it currently support (user/password, token-based, shared-secret)? > > Thanks, > Nuo > > On Wed, Sep 21, 2011 at 11:24 AM, Peter Neubauer < > peter.neuba...@neotechnology.com> wrote: > > > Nuo, > > Thomas Baum has been working on an authentication extension for Neo4j > > Server, see https://github.com/neo4j/authentication-extension. He > > could help you set it up and test it - it's used in hosting scenarios > > and should do what you want in terms of limiting access to certain > > URIs if that is what you want? > > > > Cheers, > > > > /peter neubauer > > > > GTalk: neubauer.peter > > Skype peter.neubauer > > Phone +46 704 106975 > > LinkedIn http://www.linkedin.com/in/neubauer > > Twitter http://twitter.com/peterneubauer > > > > http://www.neo4j.org - Your high performance graph > database. > > http://startupbootcamp.org/ - Ă–resund - Innovation happens HERE. > > http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing party. > > > > > > > > On Wed, Sep 21, 2011 at 6:14 PM, Nuo Yan <yan....@gmail.com> wrote: > > > For my scenario, I currently only use the LB for request > authentication, > > so > > > that not everyone on the network can access the neo4j server. In my use > > > case, I think making the base uri configurable (including the protocol, > > e.g. > > > https://foobar.com/) is enough. > > > > > > There are a couple other approaches that may also solve my problem. For > > > example, having a configurable option to make the REST APIs return only > > > relative paths in the result. Or, if neo4j could have a built-in > request > > > authentication mechanism for the REST interface, I may be able to get > rid > > of > > > the lb completely. > > > > > > > > > On Wed, Sep 21, 2011 at 7:04 AM, Peter Neubauer < > > > peter.neuba...@neotechnology.com> wrote: > > > > > >> Nuo, > > >> right now the server is discovering its own IP upon startup. However, > > >> it sounds reasonable to return configurable base URL. I am just > > >> wondering if that really is enough to support a LB scenario? Do you > > >> need more stuff there? > > >> > > >> Cheers, > > >> > > >> /peter neubauer > > >> > > >> GTalk: neubauer.peter > > >> Skype peter.neubauer > > >> Phone +46 704 106975 > > >> LinkedIn http://www.linkedin.com/in/neubauer > > >> Twitter http://twitter.com/peterneubauer > > >> > > >> http://www.neo4j.org - Your high performance graph > > database. > > >> http://startupbootcamp.org/ - Ă–resund - Innovation happens HERE. > > >> http://www.thoughtmade.com - Scandinavia's coolest Bring-a-Thing > party. > > >> > > >> > > >> > > >> On Tue, Sep 20, 2011 at 6:57 PM, Nuo Yan <yan....@gmail.com> wrote: > > >> > I access my neo4j server through the REST API. For security purpose, > I > > >> put > > >> > the neo4j server behind a nginx lb. I'm wondering if there is config > > >> entry > > >> > somewhere that I can set the neo4j server to return a customized > base > > uri > > >> > that I can set to my LB's uri. > > >> > > > >> > For example, currently creating a node by POSTing to the lb (say > > >> > https://10.0.0.1/db/data) returns > > >> > > > >> > { > > >> > "outgoing_relationships" : " > > >> > http://neo4j/db/data/node/160/relationships/out";, > > >> > "data" : { > > >> > }, > > >> > "traverse" : "http://neo4j/db/data/node/160/traverse/{returnType} > ", > > >> > "all_typed_relationships" : " > > >> > http://neo4j/db/data/node/160/relationships/all/{-list|&|types}", > > >> > "property" : "http://neo4j/db/data/node/160/properties/{key}";, > > >> > "self" : "http://neo4j/db/data/node/160";, > > >> > "properties" : "http://neo4j/db/data/node/160/properties";, > > >> > "outgoing_typed_relationships" : " > > >> > http://neo4j/db/data/node/160/relationships/out/{-list|&|types}", > > >> > "incoming_relationships" : " > > >> http://neo4j/db/data/node/160/relationships/in > > >> > ", > > >> > "extensions" : { > > >> > }, > > >> > "create_relationship" : " > http://neo4j/db/data/node/160/relationships > > ", > > >> > "paged_traverse" : " > > >> > > > >> > > > http://neo4j/db/data/node/160/paged/traverse/{returnType}{?pageSize,leaseTime} > > >> > ", > > >> > "all_relationships" : " > > http://neo4j/db/data/node/160/relationships/all > > >> ", > > >> > "incoming_typed_relationships" : " > > >> > http://neo4j/db/data/node/160/relationships/in/{-list|&|types}" > > >> > > > >> > > > >> > Is there a config on the neo4j server that I can set to make it > either > > >> > return the lb URI "https://10.0.0.1"; as the base uri or return > > relative > > >> path > > >> > in the result? > > >> > _______________________________________________ > > >> > Neo4j mailing list > > >> > User@lists.neo4j.org > > >> > https://lists.neo4j.org/mailman/listinfo/user > > >> > > > >> _______________________________________________ > > >> Neo4j mailing list > > >> User@lists.neo4j.org > > >> https://lists.neo4j.org/mailman/listinfo/user > > >> > > > _______________________________________________ > > > Neo4j mailing list > > > User@lists.neo4j.org > > > https://lists.neo4j.org/mailman/listinfo/user > > > > > _______________________________________________ > > Neo4j mailing list > > User@lists.neo4j.org > > https://lists.neo4j.org/mailman/listinfo/user > > > _______________________________________________ > Neo4j mailing list > User@lists.neo4j.org > https://lists.neo4j.org/mailman/listinfo/user > -- Jacob Hansson Phone: +46 (0) 763503395 Twitter: @jakewins _______________________________________________ Neo4j mailing list User@lists.neo4j.org https://lists.neo4j.org/mailman/listinfo/user
