Github user mike-jumper commented on a diff in the pull request:
https://github.com/apache/incubator-guacamole-client/pull/78#discussion_r87676633
--- Diff:
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java
---
@@ -72,7 +71,7 @@ public AuthenticatedUser
authenticateUser(AuthenticationProvider authenticationP
*
* @return
* A new UserContext instance for the user identified by the given
- * credentials.
+ * credentials, or null if no such user exists within the database.
--- End diff --
If that part is confusing, I'd say we need to improve the wording of the
comment which reads "allow access".
`null` does not mean "allow access"; it means the user that just
authenticated has no context within scope of this `AuthenticationProvider`.
We're only allowing access in the sense that we're not invalidating the auth
result. Access to data within the scope of the `AuthenticationProvider` is
denied, but no stance is taken as to the validity of the authentication attempt
in the first place.
This is in contrast to the branch where `getUserContext()` throws an
exception, in which case not only is access to the data denied, but we're
revoking the positive auth result that would otherwise be valid.
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
