This is an automated email from the ASF dual-hosted git repository. mjumper pushed a commit to branch staging/1.1.0 in repository https://gitbox.apache.org/repos/asf/guacamole-client.git
The following commit(s) were added to refs/heads/staging/1.1.0 by this push: new 52d6a6a GUACAMOLE-715: Provide skeleton ModeledUser when none exists in DB. new 60ff499 GUACAMOLE-715: Merge automatic generation of in-memory skeleton users for JDBC auth. 52d6a6a is described below commit 52d6a6aff8be4b55698145246280cc5ba5abc875 Author: Nick Couchman <nick_couch...@cotyinc.com> AuthorDate: Tue Apr 9 13:05:33 2019 -0400 GUACAMOLE-715: Provide skeleton ModeledUser when none exists in DB. --- .../jdbc/JDBCAuthenticationProviderService.java | 24 +++++++------- .../apache/guacamole/auth/jdbc/user/UserModel.java | 11 +++++++ .../guacamole/auth/jdbc/user/UserService.java | 37 ++++++++++++++++++++++ 3 files changed, 60 insertions(+), 12 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java index 68e2a47..ff605b9 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java @@ -96,6 +96,7 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider // Retrieve user account for already-authenticated user ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser); + ModeledUserContext context = userContextProvider.get(); if (user != null && !user.isDisabled()) { // Enforce applicable account restrictions @@ -118,24 +119,23 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider userService.resetExpiredPassword(user, authenticatedUser.getCredentials()); } - // Return all data associated with the authenticated user - ModeledUserContext context = userContextProvider.get(); - context.init(user.getCurrentUser()); - return context; - + } + + // If no user account is found, and database-specific account + // restrictions do not apply, get an empty user. + else if (!databaseRestrictionsApplicable) { + user = userService.retrieveSkeletonUser(authenticationProvider, authenticatedUser); } // Veto authentication result only if database-specific account // restrictions apply in this situation - if (databaseRestrictionsApplicable) + else throw new GuacamoleInvalidCredentialsException("Invalid login", CredentialsInfo.USERNAME_PASSWORD); - - // There is no data to be returned for the user, either because they do - // not exist or because restrictions prevent their data from being - // retrieved, but no restrictions apply which should prevent the user - // from authenticating entirely - return null; + + // Initialize the UserContext with the user account and return it. + context.init(user.getCurrentUser()); + return context; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java index 194a26d..3d441d6 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java @@ -127,6 +127,17 @@ public class UserModel extends EntityModel { public UserModel() { super(EntityType.USER); } + + /** + * Creates a new user having the provided identifier. + * + * @param identifier + * The identifier of the new user. + */ + public UserModel(String identifier) { + super(EntityType.USER); + super.setIdentifier(identifier); + } /** * Returns the hash of this user's password and password salt. This may be diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java index 60bd1e1..0cfe900 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java @@ -423,6 +423,43 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User return user; } + + /** + * Generates an empty (skeleton) user corresponding to the given + * AuthenticatedUser. The user will not be stored in the database, and + * will only be available in-memory during the time the session is + * active. + * + * @param authenticationProvider + * The AuthenticationProvider on behalf of which the user is being + * retrieved. + * + * @param authenticatedUser + * The AuthenticatedUser to generate the skeleton account for. + * + * @return + * The empty ModeledUser which corresponds to the given + * AuthenticatedUser. + * + * @throws GuacamoleException + * If a ModeledUser object for the user corresponding to the given + * AuthenticatedUser cannot be created. + */ + public ModeledUser retrieveSkeletonUser(AuthenticationProvider authenticationProvider, + AuthenticatedUser authenticatedUser) throws GuacamoleException { + + // Set up an empty user model + ModeledUser user = getObjectInstance(null, + new UserModel(authenticatedUser.getIdentifier())); + + // Create user object, and configure cyclic reference + user.setCurrentUser(new ModeledAuthenticatedUser(authenticatedUser, + authenticationProvider, user)); + + // Return the new user. + return user; + + } /** * Resets the password of the given user to the new password specified via