GUACAMOLE-220: Move JDBC handling of effective groups to RemoteAuthenticatedUser level. Stub out retrieval of effective groups.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/6e71f330 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/6e71f330 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/6e71f330 Branch: refs/heads/staging/1.0.0 Commit: 6e71f330b8f8108751fa2fee2b5adea1ae6aecae Parents: a155397 Author: Michael Jumper <mjum...@apache.org> Authored: Fri Apr 6 13:46:36 2018 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Wed Sep 19 23:56:51 2018 -0700 ---------------------------------------------------------------------- .../sharing/user/SharedAuthenticatedUser.java | 11 +++-------- .../jdbc/user/ModeledAuthenticatedUser.java | 9 ++------- .../guacamole/auth/jdbc/user/ModeledUser.java | 16 ++++++++++++++++ .../auth/jdbc/user/RemoteAuthenticatedUser.java | 20 +++++++++++++++++++- 4 files changed, 40 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/6e71f330/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java index 958213c..96c6a9e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java @@ -20,7 +20,6 @@ package org.apache.guacamole.auth.jdbc.sharing.user; import java.util.Collections; -import java.util.Set; import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; @@ -52,7 +51,8 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser { * The AuthenticatedUser to copy. */ public SharedAuthenticatedUser(AuthenticatedUser authenticatedUser) { - super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials()); + super(authenticatedUser.getAuthenticationProvider(), + authenticatedUser.getCredentials(), Collections.<String>emptySet()); this.shareKey = null; this.identifier = authenticatedUser.getIdentifier(); } @@ -75,7 +75,7 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser { */ public SharedAuthenticatedUser(AuthenticationProvider authenticationProvider, Credentials credentials, String shareKey) { - super(authenticationProvider, credentials); + super(authenticationProvider, credentials, Collections.<String>emptySet()); this.shareKey = shareKey; this.identifier = AuthenticatedUser.ANONYMOUS_IDENTIFIER; } @@ -102,9 +102,4 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser { throw new UnsupportedOperationException("Users authenticated via share keys are immutable."); } - @Override - public Set<String> getEffectiveUserGroups() { - return Collections.<String>emptySet(); - } - } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/6e71f330/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java index 8c201d0..e756374 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java @@ -76,7 +76,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { */ public ModeledAuthenticatedUser(AuthenticatedUser authenticatedUser, AuthenticationProvider modelAuthenticationProvider, ModeledUser user) { - super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials()); + super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials(), authenticatedUser.getEffectiveUserGroups()); this.modelAuthenticationProvider = modelAuthenticationProvider; this.user = user; } @@ -98,7 +98,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { */ public ModeledAuthenticatedUser(AuthenticationProvider authenticationProvider, ModeledUser user, Credentials credentials) { - super(authenticationProvider, credentials); + super(authenticationProvider, credentials, user.getEffectiveUserGroups()); this.modelAuthenticationProvider = authenticationProvider; this.user = user; } @@ -169,9 +169,4 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { user.setIdentifier(identifier); } - @Override - public Set<String> getEffectiveUserGroups() { - return Collections.<String>emptySet(); - } - } http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/6e71f330/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 737aec8..0628d74 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -854,6 +854,22 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us return new SimpleRelatedObjectSet(); } + /** + * Returns the identifiers of all user groups defined within the database + * which apply to this user, including any groups inherited through + * membership in yet more groups. + * + * @return + * The identifiers of all user groups defined within the database which + * apply to this user. + */ + public Set<String> getEffectiveUserGroups() { + + // FIXME: STUB + return /*retrieveEffectiveIdentifiers(this, */Collections.<String>emptySet()/*)*/; + + } + @Override public Permissions getEffectivePermissions() throws GuacamoleException { return new Permissions() { http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/6e71f330/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java index d68d9a9..324892e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java @@ -19,6 +19,8 @@ package org.apache.guacamole.auth.jdbc.user; +import java.util.Collections; +import java.util.Set; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; @@ -44,6 +46,12 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { private final String remoteHost; /** + * The identifiers of any groups of which this user is a member, including + * groups inherited through membership in other groups. + */ + private final Set<String> effectiveGroups; + + /** * Creates a new RemoteAuthenticatedUser, deriving the associated remote * host from the given credentials. * @@ -52,12 +60,17 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { * * @param credentials * The credentials given by the user when they authenticated. + * + * @param effectiveGroups + * The identifiers of any groups of which this user is a member, + * including groups inherited through membership in other groups. */ public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider, - Credentials credentials) { + Credentials credentials, Set<String> effectiveGroups) { this.authenticationProvider = authenticationProvider; this.credentials = credentials; this.remoteHost = credentials.getRemoteAddress(); + this.effectiveGroups = Collections.unmodifiableSet(effectiveGroups); } @Override @@ -76,6 +89,11 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { } @Override + public Set<String> getEffectiveUserGroups() { + return effectiveGroups; + } + + @Override public AuthenticationProvider getAuthenticationProvider() { return authenticationProvider; }