diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java index 80d22198c..5dcd8740d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java @@ -78,6 +78,28 @@ public class SharedUser implements User { public void setIdentifier(String identifier) { throw new UnsupportedOperationException("Users authenticated via share keys are immutable."); } + + /** + * {@inheritDoc} + * + *

SharedUser accounts are always enabled, as access is controlled via + * the shared token. + */ + @Override + public boolean isDisabled() { + return false; + } + + /** + * {@inheritDoc} + * + *

This method silently ignores the value passed in the disabled parameter, + * as disabling the account is done by invalidating the sharing token. + */ + @Override + public void setDisabled(boolean disabled) { + // Silently ignore the parameter + } @Override public Map getAttributes() { diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index c10bd435c..811ccaa31 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -63,12 +63,6 @@ public class ModeledUser extends ModeledPermissions implements User { */ private static final Logger logger = LoggerFactory.getLogger(ModeledUser.class); - /** - * The name of the attribute which controls whether a user account is - * disabled. - */ - public static final String DISABLED_ATTRIBUTE_NAME = "disabled"; - /** * The name of the attribute which controls whether a user's password is * expired and must be reset upon login. @@ -121,7 +115,6 @@ public class ModeledUser extends ModeledPermissions implements User { * form. */ public static final Form ACCOUNT_RESTRICTIONS = new Form("restrictions", Arrays.asList( - new BooleanField(DISABLED_ATTRIBUTE_NAME, "true"), new BooleanField(EXPIRED_ATTRIBUTE_NAME, "true"), new TimeField(ACCESS_WINDOW_START_ATTRIBUTE_NAME), new TimeField(ACCESS_WINDOW_END_ATTRIBUTE_NAME), @@ -149,7 +142,6 @@ public class ModeledUser extends ModeledPermissions implements User { User.Attribute.EMAIL_ADDRESS, User.Attribute.ORGANIZATION, User.Attribute.ORGANIZATIONAL_ROLE, - DISABLED_ATTRIBUTE_NAME, EXPIRED_ATTRIBUTE_NAME, ACCESS_WINDOW_START_ATTRIBUTE_NAME, ACCESS_WINDOW_END_ATTRIBUTE_NAME, @@ -281,6 +273,16 @@ public class ModeledUser extends ModeledPermissions implements User { userModel.setPasswordDate(new Timestamp(System.currentTimeMillis())); } + + @Override + public boolean isDisabled() { + return getModel().isDisabled(); + } + + @Override + public void setDisabled(boolean disabled) { + getModel().setDisabled(disabled); + } /** * Returns the this user's current password record. If the user is new, this @@ -309,9 +311,6 @@ public class ModeledUser extends ModeledPermissions implements User { */ private void putRestrictedAttributes(Map attributes) { - // Set disabled attribute - attributes.put(DISABLED_ATTRIBUTE_NAME, getModel().isDisabled() ? "true" : null); - // Set password expired attribute attributes.put(EXPIRED_ATTRIBUTE_NAME, getModel().isExpired() ? "true" : null); @@ -424,10 +423,6 @@ public class ModeledUser extends ModeledPermissions implements User { */ private void setRestrictedAttributes(Map attributes) { - // Translate disabled attribute - if (attributes.containsKey(DISABLED_ATTRIBUTE_NAME)) - getModel().setDisabled("true".equals(attributes.get(DISABLED_ATTRIBUTE_NAME))); - // Translate password expired attribute if (attributes.containsKey(EXPIRED_ATTRIBUTE_NAME)) getModel().setExpired("true".equals(attributes.get(EXPIRED_ATTRIBUTE_NAME))); @@ -737,19 +732,6 @@ public class ModeledUser extends ModeledPermissions implements User { return isActive(getAccessWindowStart(), getAccessWindowEnd()); } - /** - * Returns whether this user account has been disabled. The credentials of - * disabled user accounts are treated as invalid, effectively disabling - * that user's access to data for which they would otherwise have - * permission. - * - * @return - * true if this user account has been disabled, false otherwise. - */ - public boolean isDisabled() { - return getModel().isDisabled(); - } - /** * Returns whether this user's password has expired. If a user's password * is expired, it must be immediately changed upon login. A user account diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java index b31b61e1e..8b30db4b3 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/ModeledUserGroup.java @@ -42,36 +42,17 @@ import org.apache.guacamole.net.auth.UserGroup; public class ModeledUserGroup extends ModeledPermissions implements UserGroup { - /** - * The name of the attribute which controls whether a user group is - * disabled. - */ - public static final String DISABLED_ATTRIBUTE_NAME = "disabled"; - - /** - * All attributes related to restricting user groups, within a logical - * form. - */ - public static final Form ACCOUNT_RESTRICTIONS = new Form("restrictions", Arrays.asList( - new BooleanField(DISABLED_ATTRIBUTE_NAME, "true") - )); - /** * All possible attributes of user groups organized as individual, * logical forms. */ - public static final Collection

ATTRIBUTES = Collections.unmodifiableCollection(Arrays.asList( - ACCOUNT_RESTRICTIONS - )); - + public static final Collection ATTRIBUTES = Collections.emptyList(); + /** * The names of all attributes which are explicitly supported by this * extension's UserGroup objects. */ - public static final Set ATTRIBUTE_NAMES = - Collections.unmodifiableSet(new HashSet(Arrays.asList( - DISABLED_ATTRIBUTE_NAME - ))); + public static final Set ATTRIBUTE_NAMES = Collections.emptySet(); /** * Provider for RelatedObjectSets containing the user groups of which this @@ -121,6 +102,16 @@ public class ModeledUserGroup extends ModeledPermissions super.init(currentUser, model); this.exposeRestrictedAttributes = exposeRestrictedAttributes; } + + @Override + public boolean isDisabled() { + return getModel().isDisabled(); + } + + @Override + public void setDisabled(boolean disabled) { + getModel().setDisabled(disabled); + } /** * Stores all restricted (privileged) attributes within the given Map, @@ -133,9 +124,6 @@ public class ModeledUserGroup extends ModeledPermissions */ private void putRestrictedAttributes(Map attributes) { - // Set disabled attribute - attributes.put(DISABLED_ATTRIBUTE_NAME, getModel().isDisabled() ? "true" : null); - } /** @@ -147,9 +135,6 @@ public class ModeledUserGroup extends ModeledPermissions */ private void setRestrictedAttributes(Map attributes) { - // Translate disabled attribute - getModel().setDisabled("true".equals(attributes.get(DISABLED_ATTRIBUTE_NAME))); - } @Override