From 15e948138de5bbff533c81b0a7bcfbd7036c582e Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 26 Aug 2015 12:53:38 -0700 Subject: [PATCH] GUAC-586: Associate AuthenticationProvider directly with UserContext. --- .../JDBCAuthenticationProviderModule.java | 16 +++++- .../guacamole/auth/jdbc/user/UserContext.java | 12 +++++ .../mysql/MySQLAuthenticationProvider.java | 3 +- .../PostgreSQLAuthenticationProvider.java | 3 +- .../guacamole/net/auth/UserContext.java | 10 ++++ .../simple/SimpleAuthenticationProvider.java | 2 +- .../net/auth/simple/SimpleUserContext.java | 51 ++++++++++++++----- 7 files changed, 80 insertions(+), 17 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java index bc7580033..0ffc7edd1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java @@ -63,6 +63,7 @@ import org.glyptodon.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermis import org.glyptodon.guacamole.auth.jdbc.activeconnection.ActiveConnectionService; import org.glyptodon.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection; import org.glyptodon.guacamole.environment.Environment; +import org.glyptodon.guacamole.net.auth.AuthenticationProvider; import org.mybatis.guice.MyBatisModule; import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider; @@ -86,19 +87,31 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { */ private final GuacamoleTunnelService tunnelService; + /** + * The AuthenticationProvider which is using this module to configure + * injection. + */ + private final AuthenticationProvider authProvider; + /** * Creates a new JDBC authentication provider module that configures the * various injected base classes using the given environment, and provides * connections using the given socket service. * + * @param authProvider + * The AuthenticationProvider which is using this module to configure + * injection. + * * @param environment * The environment to use to configure injected classes. * * @param tunnelService * The tunnel service to use to provide tunnels sockets for connections. */ - public JDBCAuthenticationProviderModule(Environment environment, + public JDBCAuthenticationProviderModule(AuthenticationProvider authProvider, + Environment environment, GuacamoleTunnelService tunnelService) { + this.authProvider = authProvider; this.environment = environment; this.tunnelService = tunnelService; } @@ -126,6 +139,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule { // Bind core implementations of guacamole-ext classes bind(ActiveConnectionDirectory.class); bind(ActiveConnectionPermissionSet.class); + bind(AuthenticationProvider.class).toInstance(authProvider); bind(Environment.class).toInstance(environment); bind(ConnectionDirectory.class); bind(ConnectionGroupDirectory.class); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java index 12676927a..9ac828bce 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java @@ -36,6 +36,7 @@ import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection; import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup; import org.glyptodon.guacamole.form.Form; import org.glyptodon.guacamole.net.auth.ActiveConnection; +import org.glyptodon.guacamole.net.auth.AuthenticationProvider; import org.glyptodon.guacamole.net.auth.Connection; import org.glyptodon.guacamole.net.auth.ConnectionGroup; import org.glyptodon.guacamole.net.auth.Directory; @@ -51,6 +52,12 @@ import org.glyptodon.guacamole.net.auth.User; public class UserContext extends RestrictedObject implements org.glyptodon.guacamole.net.auth.UserContext { + /** + * The AuthenticationProvider that created this UserContext. + */ + @Inject + private AuthenticationProvider authProvider; + /** * User directory restricted by the permissions of the user associated * with this context. @@ -103,6 +110,11 @@ public class UserContext extends RestrictedObject return getCurrentUser().getUser(); } + @Override + public AuthenticationProvider getAuthenticationProvider() { + return authProvider; + } + @Override public Directory getUserDirectory() throws GuacamoleException { return userDirectory; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java index db091b0e9..95e5d6bc7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java @@ -185,7 +185,8 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider { new MySQLAuthenticationProviderModule(environment), // Configure JDBC authentication core - new JDBCAuthenticationProviderModule(environment, getTunnelService(environment)) + new JDBCAuthenticationProviderModule(this, environment, + getTunnelService(environment)) ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java index 5663088a1..e4046a7bf 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java @@ -185,7 +185,8 @@ public class PostgreSQLAuthenticationProvider implements AuthenticationProvider new PostgreSQLAuthenticationProviderModule(environment), // Configure JDBC authentication core - new JDBCAuthenticationProviderModule(environment, getTunnelService(environment)) + new JDBCAuthenticationProviderModule(this, environment, + getTunnelService(environment)) ); diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/UserContext.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/UserContext.java index e1dddb23c..f668a3586 100644 --- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/UserContext.java +++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/UserContext.java @@ -43,6 +43,16 @@ public interface UserContext { */ User self(); + /** + * Returns the AuthenticationProvider which created this UserContext, which + * may not be the same AuthenticationProvider that authenticated the user + * associated with this UserContext. + * + * @return + * The AuthenticationProvider that created this UserContext. + */ + AuthenticationProvider getAuthenticationProvider(); + /** * Retrieves a Directory which can be used to view and manipulate other * users, but only as allowed by the permissions given to the user of this diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java index 83571db75..efc804c14 100644 --- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java +++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleAuthenticationProvider.java @@ -239,7 +239,7 @@ public abstract class SimpleAuthenticationProvider return null; // Return user context restricted to authorized configs - return new SimpleUserContext(authenticatedUser.getIdentifier(), configs); + return new SimpleUserContext(this, authenticatedUser.getIdentifier(), configs); } diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleUserContext.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleUserContext.java index 5a41e44d2..9293d46b3 100644 --- a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleUserContext.java +++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleUserContext.java @@ -30,6 +30,7 @@ import java.util.UUID; import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.form.Form; import org.glyptodon.guacamole.net.auth.ActiveConnection; +import org.glyptodon.guacamole.net.auth.AuthenticationProvider; import org.glyptodon.guacamole.net.auth.Connection; import org.glyptodon.guacamole.net.auth.ConnectionGroup; import org.glyptodon.guacamole.net.auth.Directory; @@ -50,7 +51,12 @@ public class SimpleUserContext implements UserContext { * The unique identifier of the root connection group. */ private static final String ROOT_IDENTIFIER = "ROOT"; - + + /** + * The AuthenticationProvider that created this UserContext. + */ + private final AuthenticationProvider authProvider; + /** * Reference to the user whose permissions dictate the configurations * accessible within this UserContext. @@ -84,24 +90,35 @@ public class SimpleUserContext implements UserContext { * Creates a new SimpleUserContext which provides access to only those * configurations within the given Map. The username is assigned * arbitrarily. - * - * @param configs A Map of all configurations for which the user associated - * with this UserContext has read access. + * + * @param authProvider + * The AuthenticationProvider creating this UserContext. + * + * @param configs + * A Map of all configurations for which the user associated with this + * UserContext has read access. */ - public SimpleUserContext(Map configs) { - this(UUID.randomUUID().toString(), configs); + public SimpleUserContext(AuthenticationProvider authProvider, + Map configs) { + this(authProvider, UUID.randomUUID().toString(), configs); } /** * Creates a new SimpleUserContext for the user with the given username * which provides access to only those configurations within the given Map. - * - * @param username The username of the user associated with this - * UserContext. - * @param configs A Map of all configurations for which the user associated - * with this UserContext has read access. + * + * @param authProvider + * The AuthenticationProvider creating this UserContext. + * + * @param username + * The username of the user associated with this UserContext. + * + * @param configs + * A Map of all configurations for which the user associated with + * this UserContext has read access. */ - public SimpleUserContext(String username, Map configs) { + public SimpleUserContext(AuthenticationProvider authProvider, + String username, Map configs) { Collection connectionIdentifiers = new ArrayList(configs.size()); Collection connectionGroupIdentifiers = Collections.singleton(ROOT_IDENTIFIER); @@ -138,7 +155,10 @@ public class SimpleUserContext implements UserContext { this.userDirectory = new SimpleUserDirectory(self); this.connectionDirectory = new SimpleConnectionDirectory(connections); this.connectionGroupDirectory = new SimpleConnectionGroupDirectory(Collections.singleton(this.rootGroup)); - + + // Associate provided AuthenticationProvider + this.authProvider = authProvider; + } @Override @@ -146,6 +166,11 @@ public class SimpleUserContext implements UserContext { return self; } + @Override + public AuthenticationProvider getAuthenticationProvider() { + return authProvider; + } + @Override public Directory getUserDirectory() throws GuacamoleException {