GUACAMOLE-5: Merge sharing profile JDBC changes.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java

@@ -32,7 +32,6 @@ import org.apache.guacamole.auth.jdbc.user.UserDirectory;
 import org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionMapper;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
-import org.apache.guacamole.auth.jdbc.connection.ParameterMapper;
 import org.apache.guacamole.auth.jdbc.permission.SystemPermissionMapper;
 import org.apache.guacamole.auth.jdbc.user.UserMapper;
 import org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupService;
@@ -59,6 +58,15 @@ import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissio
 import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissionSet;
 import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionService;
 import org.apache.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection;
+import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper;
+import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper;
+import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService;
+import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionSet;
+import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile;
+import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory;
+import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper;
+import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper;
+import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService;
 import org.apache.guacamole.auth.jdbc.tunnel.RestrictedGuacamoleTunnelService;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.mybatis.guice.MyBatisModule;
@@ -118,8 +126,11 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         addMapperClass(ConnectionGroupPermissionMapper.class);
         addMapperClass(ConnectionPermissionMapper.class);
         addMapperClass(ConnectionRecordMapper.class);
-        addMapperClass(ParameterMapper.class);
+        addMapperClass(ConnectionParameterMapper.class);
         addMapperClass(SystemPermissionMapper.class);
+        addMapperClass(SharingProfileMapper.class);
+        addMapperClass(SharingProfileParameterMapper.class);
+        addMapperClass(SharingProfilePermissionMapper.class);
         addMapperClass(UserMapper.class);
         addMapperClass(UserPermissionMapper.class);
         
@@ -135,8 +146,11 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(ModeledConnection.class);
         bind(ModeledConnectionGroup.class);
         bind(ModeledGuacamoleConfiguration.class);
+        bind(ModeledSharingProfile.class);
         bind(ModeledUser.class);
         bind(RootConnectionGroup.class);
+        bind(SharingProfileDirectory.class);
+        bind(SharingProfilePermissionSet.class);
         bind(SystemPermissionSet.class);
         bind(TrackedActiveConnection.class);
         bind(UserContext.class);
@@ -153,6 +167,8 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(GuacamoleTunnelService.class).to(RestrictedGuacamoleTunnelService.class);
         bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
         bind(SaltService.class).to(SecureRandomSaltService.class);
+        bind(SharingProfilePermissionService.class);
+        bind(SharingProfileService.class);
         bind(SystemPermissionService.class);
         bind(UserPermissionService.class);
         bind(UserService.class);

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.java

@@ -27,7 +27,7 @@ import org.apache.ibatis.annotations.Param;
  *
  * @author Michael Jumper
  */
-public interface ParameterMapper {
+public interface ConnectionParameterMapper {
 
     /**
      * Returns a collection of all parameters associated with the connection
@@ -42,7 +42,7 @@ public interface ParameterMapper {
      *     having the given identifier. This collection will be empty if no
      *     such connection exists.
      */
-    Collection<ParameterModel> select(@Param("identifier") String identifier);
+    Collection<ConnectionParameterModel> select(@Param("identifier") String identifier);
 
     /**
      * Inserts each of the parameter model objects in the given collection as
@@ -54,7 +54,7 @@ public interface ParameterMapper {
      * @return
      *     The number of rows inserted.
      */
-    int insert(@Param("parameters") Collection<ParameterModel> parameters);
+    int insert(@Param("parameters") Collection<ConnectionParameterModel> parameters);
 
     /**
      * Deletes all parameters associated with the connection having the given

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterModel.java

@@ -24,7 +24,7 @@ package org.apache.guacamole.auth.jdbc.connection;
  *
  * @author Michael Jumper
  */
-public class ParameterModel {
+public class ConnectionParameterModel {
 
     /**
      * The identifier of the connection associated with this parameter.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordModel.java

@@ -23,7 +23,8 @@ import java.util.Date;
 
 /**
  * A single connection record representing a past usage of a particular
- * connection.
+ * connection. If the connection was being shared, the sharing profile used to
+ * join the connection is included in the record.
  *
  * @author Michael Jumper
  */
@@ -39,6 +40,21 @@ public class ConnectionRecordModel {
      */
     private String connectionName;
 
+    /**
+     * The identifier of the sharing profile associated with this connection
+     * record. If no sharing profile was used, or the sharing profile that was
+     * used was deleted, this will be null.
+     */
+    private String sharingProfileIdentifier;
+
+    /**
+     * The name of the sharing profile associated with this connection record.
+     * If no sharing profile was used, this will be null. If the sharing profile
+     * that was used was deleted, this will still contain the name of the
+     * sharing profile at the time that the connection was used.
+     */
+    private String sharingProfileName;
+
     /**
      * The database ID of the user associated with this connection record.
      */
@@ -110,6 +126,56 @@ public class ConnectionRecordModel {
         this.connectionName = connectionName;
     }
 
+    /**
+     * Returns the identifier of the sharing profile associated with this
+     * connection record. If no sharing profile was used, or the sharing profile
+     * that was used was deleted, this will be null.
+     *
+     * @return
+     *     The identifier of the sharing profile associated with this connection
+     *     record, or null if no sharing profile was used or if the sharing
+     *     profile that was used was deleted.
+     */
+    public String getSharingProfileIdentifier() {
+        return sharingProfileIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the sharing profile associated with this
+     * connection record. If no sharing profile was used, this should be null.
+     *
+     * @param sharingProfileIdentifier
+     *     The identifier of the sharing profile associated with this
+     *     connection record, or null if no sharing profile was used.
+     */
+    public void setSharingProfileIdentifier(String sharingProfileIdentifier) {
+        this.sharingProfileIdentifier = sharingProfileIdentifier;
+    }
+
+    /**
+     * Returns the human-readable name of the sharing profile associated with this
+     * connection record. If no sharing profile was used, this will be null.
+     *
+     * @return
+     *     The human-readable name of the sharing profile associated with this
+     *     connection record, or null if no sharing profile was used.
+     */
+    public String getSharingProfileName() {
+        return sharingProfileName;
+    }
+
+    /**
+     * Sets the human-readable name of the sharing profile associated with this
+     * connection record. If no sharing profile was used, this should be null.
+     *
+     * @param sharingProfileName
+     *     The human-readable name of the sharing profile associated with this
+     *     connection record, or null if no sharing profile was used.
+     */
+    public void setSharingProfileName(String sharingProfileName) {
+        this.sharingProfileName = sharingProfileName;
+    }
+
     /**
      * Returns the database ID of the user associated with this connection
      * record.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java

@@ -70,7 +70,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService<Mode
      * Mapper for accessing connection parameters.
      */
     @Inject
-    private ParameterMapper parameterMapper;
+    private ConnectionParameterMapper parameterMapper;
 
     /**
      * Mapper for accessing connection history.
@@ -197,12 +197,12 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService<Mode
      *     A collection of parameter models containing the name/value pairs
      *     of the given connection's parameters.
      */
-    private Collection<ParameterModel> getParameterModels(ModeledConnection connection) {
+    private Collection<ConnectionParameterModel> getParameterModels(ModeledConnection connection) {
 
         Map<String, String> parameters = connection.getConfiguration().getParameters();
         
         // Convert parameters to model objects
-        Collection<ParameterModel> parameterModels = new ArrayList<ParameterModel>(parameters.size());
+        Collection<ConnectionParameterModel> parameterModels = new ArrayList<ConnectionParameterModel>(parameters.size());
         for (Map.Entry<String, String> parameterEntry : parameters.entrySet()) {
 
             // Get parameter name and value
@@ -214,7 +214,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService<Mode
                 continue;
             
             // Produce model object from parameter
-            ParameterModel model = new ParameterModel();
+            ConnectionParameterModel model = new ConnectionParameterModel();
             model.setConnectionIdentifier(connection.getIdentifier());
             model.setName(name);
             model.setValue(value);
@@ -237,7 +237,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService<Mode
         connection.setConfiguration(object.getConfiguration());
 
         // Insert new parameters, if any
-        Collection<ParameterModel> parameterModels = getParameterModels(connection);
+        Collection<ConnectionParameterModel> parameterModels = getParameterModels(connection);
         if (!parameterModels.isEmpty())
             parameterMapper.insert(parameterModels);
 
@@ -253,7 +253,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService<Mode
         super.updateObject(user, object);
 
         // Replace existing parameters with new parameters, if any
-        Collection<ParameterModel> parameterModels = getParameterModels(object);
+        Collection<ConnectionParameterModel> parameterModels = getParameterModels(object);
         parameterMapper.delete(object.getIdentifier());
         if (!parameterModels.isEmpty())
             parameterMapper.insert(parameterModels);
@@ -332,7 +332,7 @@ public class ConnectionService extends ModeledGroupedDirectoryObjectService<Mode
 
         // Populate parameter map if we have permission to do so
         if (canRetrieveParameters) {
-            for (ParameterModel parameter : parameterMapper.select(identifier))
+            for (ConnectionParameterModel parameter : parameterMapper.select(identifier))
                 parameterMap.put(parameter.getName(), parameter.getValue());
         }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java

@@ -32,6 +32,7 @@ import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject;
+import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService;
 import org.apache.guacamole.form.Field;
 import org.apache.guacamole.form.Form;
 import org.apache.guacamole.form.NumericField;
@@ -99,6 +100,12 @@ public class ModeledConnection extends ModeledGroupedDirectoryObject<ConnectionM
     @Inject
     private ConnectionService connectionService;
 
+    /**
+     * Service for managing sharing profiles.
+     */
+    @Inject
+    private SharingProfileService sharingProfileService;
+
     /**
      * Service for creating and tracking tunnels.
      */
@@ -160,7 +167,7 @@ public class ModeledConnection extends ModeledGroupedDirectoryObject<ConnectionM
     @Override
     public Set<String> getSharingProfileIdentifiers()
             throws GuacamoleException {
-        return Collections.<String>emptySet();
+        return sharingProfileService.getIdentifiersWithin(getCurrentUser(), getIdentifier());
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java

@@ -60,12 +60,12 @@ public class ModeledConnectionRecord implements ConnectionRecord {
 
     @Override
     public String getSharingProfileIdentifier() {
-        return null;
+        return model.getSharingProfileIdentifier();
     }
 
     @Override
     public String getSharingProfileName() {
-        return null;
+        return model.getSharingProfileName();
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.java

@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.permission;
+
+/**
+ * Mapper for sharing profile permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface SharingProfilePermissionMapper
+        extends ObjectPermissionMapper {}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java

@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.user.ModeledUser;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting sharing profile permissions. This service will automatically enforce
+ * the permissions of the current user.
+ *
+ * @author Michael Jumper
+ */
+public class SharingProfilePermissionService extends ModeledObjectPermissionService {
+
+    /**
+     * Mapper for sharing profile permissions.
+     */
+    @Inject
+    private SharingProfilePermissionMapper sharingProfilePermissionMapper;
+    
+    /**
+     * Provider for sharing profile permission sets.
+     */
+    @Inject
+    private Provider<SharingProfilePermissionSet> sharingProfilePermissionSetProvider;
+    
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return sharingProfilePermissionMapper;
+    }
+
+    @Override
+    public ObjectPermissionSet getPermissionSet(AuthenticatedUser user,
+            ModeledUser targetUser) throws GuacamoleException {
+
+        // Create permission set for requested user
+        ObjectPermissionSet permissionSet = sharingProfilePermissionSetProvider.get();
+        permissionSet.init(user, targetUser);
+
+        return permissionSet;
+        
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionSet.java

@@ -0,0 +1,44 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+
+/**
+ * A database implementation of ObjectPermissionSet which uses an injected
+ * service to query and manipulate the sharing profile permissions associated
+ * with a particular user.
+ *
+ * @author Michael Jumper
+ */
+public class SharingProfilePermissionSet extends ObjectPermissionSet {
+
+    /**
+     * Service for querying and manipulating sharing profile permissions.
+     */
+    @Inject
+    private SharingProfilePermissionService sharingProfilePermissionService;
+    
+    @Override
+    protected ObjectPermissionService getObjectPermissionService() {
+        return sharingProfilePermissionService;
+    }
+ 
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java

@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Map;
+import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObject;
+import org.apache.guacamole.form.Form;
+import org.apache.guacamole.net.auth.SharingProfile;
+
+/**
+ * An implementation of the SharingProfile object which is backed by a database
+ * model.
+ *
+ * @author Michael Jumper
+ */
+public class ModeledSharingProfile
+        extends ModeledDirectoryObject<SharingProfileModel>
+        implements SharingProfile {
+
+    /**
+     * All possible attributes of sharing profile objects organized as
+     * individual, logical forms. Currently, there are no such attributes.
+     */
+    public static final Collection<Form> ATTRIBUTES = Collections.<Form>emptyList();
+
+    /**
+     * The manually-set parameter map, if any.
+     */
+    private Map<String, String> parameters = null;
+
+    /**
+     * Service for managing sharing profiles.
+     */
+    @Inject
+    private SharingProfileService sharingProfileService;
+
+    /**
+     * Creates a new, empty ModeledSharingProfile.
+     */
+    public ModeledSharingProfile() {
+    }
+
+    @Override
+    public String getName() {
+        return getModel().getName();
+    }
+
+    @Override
+    public void setName(String name) {
+        getModel().setName(name);
+    }
+
+    @Override
+    public String getPrimaryConnectionIdentifier() {
+        return getModel().getPrimaryConnectionIdentifier();
+    }
+
+    @Override
+    public void setPrimaryConnectionIdentifier(String identifier) {
+        getModel().setPrimaryConnectionIdentifier(identifier);
+    }
+
+    @Override
+    public Map<String, String> getParameters() {
+
+        // Retrieve visible parameters, if not overridden by setParameters()
+        if (parameters == null)
+            return sharingProfileService.retrieveParameters(getCurrentUser(),
+                    getModel().getIdentifier());
+
+        return parameters;
+
+    }
+
+    @Override
+    public void setParameters(Map<String, String> parameters) {
+        this.parameters = parameters;
+    }
+
+    @Override
+    public Map<String, String> getAttributes() {
+        return Collections.<String, String>emptyMap();
+    }
+
+    @Override
+    public void setAttributes(Map<String, String> attributes) {
+        // Do nothing - no attributes
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileDirectory.java

@@ -0,0 +1,85 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.RestrictedObject;
+import org.apache.guacamole.net.auth.Directory;
+import org.apache.guacamole.net.auth.SharingProfile;
+import org.mybatis.guice.transactional.Transactional;
+
+/**
+ * Implementation of the SharingProfile Directory which is driven by an
+ * underlying, arbitrary database.
+ *
+ * @author Michael Jumper
+ */
+public class SharingProfileDirectory extends RestrictedObject
+    implements Directory<SharingProfile> {
+
+    /**
+     * Service for managing sharing profile objects.
+     */
+    @Inject
+    private SharingProfileService sharingProfileService;
+
+    @Override
+    public SharingProfile get(String identifier) throws GuacamoleException {
+        return sharingProfileService.retrieveObject(getCurrentUser(), identifier);
+    }
+
+    @Override
+    @Transactional
+    public Collection<SharingProfile> getAll(Collection<String> identifiers) throws GuacamoleException {
+        return Collections.<SharingProfile>unmodifiableCollection(
+            sharingProfileService.retrieveObjects(getCurrentUser(), identifiers)
+        );
+    }
+
+    @Override
+    @Transactional
+    public Set<String> getIdentifiers() throws GuacamoleException {
+        return sharingProfileService.getIdentifiers(getCurrentUser());
+    }
+
+    @Override
+    @Transactional
+    public void add(SharingProfile object) throws GuacamoleException {
+        sharingProfileService.createObject(getCurrentUser(), object);
+    }
+
+    @Override
+    @Transactional
+    public void update(SharingProfile object) throws GuacamoleException {
+        ModeledSharingProfile sharingProfile = (ModeledSharingProfile) object;
+        sharingProfileService.updateObject(getCurrentUser(), sharingProfile);
+    }
+
+    @Override
+    @Transactional
+    public void remove(String identifier) throws GuacamoleException {
+        sharingProfileService.deleteObject(getCurrentUser(), identifier);
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java

@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+import java.util.Set;
+import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
+import org.apache.guacamole.auth.jdbc.user.UserModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for sharing profile objects.
+ *
+ * @author Michael Jumper
+ */
+public interface SharingProfileMapper
+        extends ModeledDirectoryObjectMapper<SharingProfileModel> {
+
+    /**
+     * Selects the identifiers of all sharing profiles associated with the given
+     * primary connection, regardless of whether they are readable by any
+     * particular user. This should only be called on behalf of a system
+     * administrator. If identifiers are needed by a non-administrative user who
+     * must have explicit read rights, use selectReadableIdentifiersWithin()
+     * instead.
+     *
+     * @param primaryConnectionIdentifier
+     *     The identifier of the primary connection.
+     *
+     * @return
+     *     A Set containing all identifiers of all objects.
+     */
+    Set<String> selectIdentifiersWithin(
+            @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier);
+    
+    /**
+     * Selects the identifiers of all sharing profiles associated with the given
+     * primary connection that are explicitly readable by the given user. If
+     * identifiers are needed by a system administrator (who, by definition,
+     * does not need explicit read rights), use selectIdentifiersWithin()
+     * instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether an identifier
+     *    is returned.
+     *
+     * @param primaryConnectionIdentifier
+     *     The identifier of the primary connection.
+     *
+     * @return
+     *     A Set containing all identifiers of all readable objects.
+     */
+    Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
+            @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier);
+
+    /**
+     * Selects the sharing profile associated with the given primary connection
+     * and having the given name. If no such sharing profile exists, null is
+     * returned.
+     *
+     * @param primaryConnectionIdentifier
+     *     The identifier of the primary connection to search against.
+     *
+     * @param name
+     *     The name of the sharing profile to find.
+     *
+     * @return
+     *     The sharing profile having the given name and associated with the
+     *     given primary connection, or null if no such sharing profile exists.
+     */
+    SharingProfileModel selectOneByName(
+            @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier,
+            @Param("name") String name);
+    
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java

@@ -0,0 +1,112 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+import org.apache.guacamole.auth.jdbc.base.ObjectModel;
+
+/**
+ * Object representation of a Guacamole sharing profile, as represented in the
+ * database.
+ *
+ * @author Michael Jumper
+ */
+public class SharingProfileModel extends ObjectModel {
+
+    /**
+     * The human-readable name associated with this sharing profile.
+     */
+    private String name;
+
+    /**
+     * The identifier of the primary connection associated with this
+     * sharing profile.
+     */
+    private String primaryConnectionIdentifier;
+
+    /**
+     * Creates a new, empty sharing profile.
+     */
+    public SharingProfileModel() {
+    }
+
+    /**
+     * Returns the name associated with this sharing profile.
+     *
+     * @return
+     *     The name associated with this sharing profile.
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Sets the name associated with this sharing profile.
+     *
+     * @param name
+     *     The name to associate with this sharing profile.
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Returns the identifier of the primary connection associated with this
+     * sharing profile.
+     *
+     * @return
+     *     The identifier of the primary connection associated with this
+     *     sharing profile.
+     */
+    public String getPrimaryConnectionIdentifier() {
+        return primaryConnectionIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the primary connection associated with this
+     * sharing profile.
+     *
+     * @param primaryConnectionIdentifier
+     *     The identifier of the primary connection associated with this
+     *     sharing profile.
+     */
+    public void setPrimaryConnectionIdentifier(String primaryConnectionIdentifier) {
+        this.primaryConnectionIdentifier = primaryConnectionIdentifier;
+    }
+
+    @Override
+    public String getIdentifier() {
+
+        // If no associated ID, then no associated identifier
+        Integer id = getObjectID();
+        if (id == null)
+            return null;
+
+        // Otherwise, the identifier is the ID as a string
+        return id.toString();
+
+    }
+
+    @Override
+    public void setIdentifier(String identifier) {
+        throw new UnsupportedOperationException("Sharing profile identifiers "
+                + "are derived from IDs. They cannot be set.");
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.java

@@ -0,0 +1,72 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+import java.util.Collection;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for sharing profile parameter objects.
+ *
+ * @author Michael Jumper
+ */
+public interface SharingProfileParameterMapper {
+
+    /**
+     * Returns a collection of all parameters associated with the sharing
+     * profile having the given identifier.
+     *
+     * @param identifier
+     *     The identifier of the sharing profile whose parameters are to be
+     *     retrieved.
+     *
+     * @return
+     *     A collection of all parameters associated with the sharing profile
+     *     having the given identifier. This collection will be empty if no
+     *     such sharing profile exists.
+     */
+    Collection<SharingProfileParameterModel> select(@Param("identifier") String identifier);
+
+    /**
+     * Inserts each of the parameter model objects in the given collection as
+     * new sharing profile parameters.
+     *
+     * @param parameters
+     *     The sharing profile parameters to insert.
+     *
+     * @return
+     *     The number of rows inserted.
+     */
+    int insert(@Param("parameters") Collection<SharingProfileParameterModel> parameters);
+
+    /**
+     * Deletes all parameters associated with the sharing profile having the
+     * given identifier.
+     *
+     * @param identifier
+     *     The identifier of the sharing profile whose parameters should be
+     *     deleted.
+     *
+     * @return
+     *     The number of rows deleted.
+     */
+    int delete(@Param("identifier") String identifier);
+    
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterModel.java

@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+/**
+ * A single parameter name/value pair belonging to a sharing profile.
+ *
+ * @author Michael Jumper
+ */
+public class SharingProfileParameterModel {
+
+    /**
+     * The identifier of the sharing profile associated with this parameter.
+     */
+    private String sharingProfileIdentifier;
+
+    /**
+     * The name of the parameter.
+     */
+    private String name;
+
+    /**
+     * The value the parameter is set to.
+     */
+    private String value;
+
+    /**
+     * Returns the identifier of the sharing profile associated with this
+     * parameter.
+     *
+     * @return
+     *     The identifier of the sharing profile associated with this
+     *     parameter.
+     */
+    public String getSharingProfileIdentifier() {
+        return sharingProfileIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the sharing profile associated with this
+     * parameter.
+     *
+     * @param sharingProfileIdentifier
+     *     The identifier of the sharing profile to associate with this
+     *     parameter.
+     */
+    public void setSharingProfileIdentifier(String sharingProfileIdentifier) {
+        this.sharingProfileIdentifier = sharingProfileIdentifier;
+    }
+
+    /**
+     * Returns the name of this parameter.
+     *
+     * @return
+     *     The name of this parameter.
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Sets the name of this parameter.
+     *
+     * @param name
+     *     The name of this parameter.
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Returns the value of this parameter.
+     *
+     * @return
+     *     The value of this parameter.
+     */
+    public String getValue() {
+        return value;
+    }
+
+    /**
+     * Sets the value of this parameter.
+     *
+     * @param value
+     *     The value of this parameter.
+     */
+    public void setValue(String value) {
+        this.value = value;
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java

@@ -0,0 +1,328 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.sharingprofile;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
+import org.apache.guacamole.GuacamoleClientException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
+import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper;
+import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.apache.guacamole.net.auth.SharingProfile;
+import org.apache.guacamole.net.auth.permission.ObjectPermission;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.permission.SystemPermission;
+import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating sharing profiles.
+ *
+ * @author Michael Jumper
+ */
+public class SharingProfileService
+        extends ModeledDirectoryObjectService<ModeledSharingProfile,
+            SharingProfile, SharingProfileModel> {
+
+    /**
+     * Mapper for accessing sharing profiles.
+     */
+    @Inject
+    private SharingProfileMapper sharingProfileMapper;
+
+    /**
+     * Mapper for manipulating sharing profile permissions.
+     */
+    @Inject
+    private SharingProfilePermissionMapper sharingProfilePermissionMapper;
+    
+    /**
+     * Mapper for accessing sharing profile parameters.
+     */
+    @Inject
+    private SharingProfileParameterMapper parameterMapper;
+
+    /**
+     * Provider for creating sharing profiles.
+     */
+    @Inject
+    private Provider<ModeledSharingProfile> sharingProfileProvider;
+
+    @Override
+    protected ModeledDirectoryObjectMapper<SharingProfileModel> getObjectMapper() {
+        return sharingProfileMapper;
+    }
+
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return sharingProfilePermissionMapper;
+    }
+
+    @Override
+    protected ModeledSharingProfile getObjectInstance(AuthenticatedUser currentUser,
+            SharingProfileModel model) {
+        ModeledSharingProfile sharingProfile = sharingProfileProvider.get();
+        sharingProfile.init(currentUser, model);
+        return sharingProfile;
+    }
+
+    @Override
+    protected SharingProfileModel getModelInstance(AuthenticatedUser currentUser,
+            final SharingProfile object) {
+
+        // Create new ModeledSharingProfile backed by blank model
+        SharingProfileModel model = new SharingProfileModel();
+        ModeledSharingProfile sharingProfile = getObjectInstance(currentUser, model);
+
+        // Set model contents through ModeledSharingProfile, copying the
+        // provided sharing profile
+        sharingProfile.setPrimaryConnectionIdentifier(object.getPrimaryConnectionIdentifier());
+        sharingProfile.setName(object.getName());
+        sharingProfile.setParameters(object.getParameters());
+        sharingProfile.setAttributes(object.getAttributes());
+
+        return model;
+        
+    }
+
+    @Override
+    protected boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return whether user has explicit sharing profile creation permission
+        SystemPermissionSet permissionSet = user.getUser().getSystemPermissions();
+        return permissionSet.hasPermission(SystemPermission.Type.CREATE_SHARING_PROFILE);
+
+    }
+
+    @Override
+    protected ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return permissions related to sharing profiles
+        return user.getUser().getSharingProfilePermissions();
+
+    }
+
+    @Override
+    protected void beforeCreate(AuthenticatedUser user,
+            SharingProfileModel model) throws GuacamoleException {
+
+        super.beforeCreate(user, model);
+        
+        // Name must not be blank
+        if (model.getName() == null || model.getName().trim().isEmpty())
+            throw new GuacamoleClientException("Sharing profile names must not be blank.");
+
+        // Do not attempt to create duplicate sharing profiles
+        SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName());
+        if (existing != null)
+            throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists.");
+
+    }
+
+    @Override
+    protected void beforeUpdate(AuthenticatedUser user,
+            SharingProfileModel model) throws GuacamoleException {
+
+        super.beforeUpdate(user, model);
+        
+        // Name must not be blank
+        if (model.getName() == null || model.getName().trim().isEmpty())
+            throw new GuacamoleClientException("Sharing profile names must not be blank.");
+        
+        // Check whether such a sharing profile is already present
+        SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName());
+        if (existing != null) {
+
+            // If the specified name matches a DIFFERENT existing sharing profile, the update cannot continue
+            if (!existing.getObjectID().equals(model.getObjectID()))
+                throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists.");
+
+        }
+
+    }
+
+    /**
+     * Given an arbitrary Guacamole sharing profile, produces a collection of
+     * parameter model objects containing the name/value pairs of that
+     * sharing profile's parameters.
+     *
+     * @param sharingProfile
+     *     The sharing profile whose configuration should be used to produce the
+     *     collection of parameter models.
+     *
+     * @return
+     *     A collection of parameter models containing the name/value pairs
+     *     of the given sharing profile's parameters.
+     */
+    private Collection<SharingProfileParameterModel> getParameterModels(ModeledSharingProfile sharingProfile) {
+
+        Map<String, String> parameters = sharingProfile.getParameters();
+        
+        // Convert parameters to model objects
+        Collection<SharingProfileParameterModel> parameterModels = new ArrayList<SharingProfileParameterModel>(parameters.size());
+        for (Map.Entry<String, String> parameterEntry : parameters.entrySet()) {
+
+            // Get parameter name and value
+            String name = parameterEntry.getKey();
+            String value = parameterEntry.getValue();
+
+            // There is no need to insert empty parameters
+            if (value == null || value.isEmpty())
+                continue;
+            
+            // Produce model object from parameter
+            SharingProfileParameterModel model = new SharingProfileParameterModel();
+            model.setSharingProfileIdentifier(sharingProfile.getIdentifier());
+            model.setName(name);
+            model.setValue(value);
+
+            // Add model to list
+            parameterModels.add(model);
+            
+        }
+
+        return parameterModels;
+
+    }
+
+    @Override
+    public ModeledSharingProfile createObject(AuthenticatedUser user, SharingProfile object)
+            throws GuacamoleException {
+
+        // Create sharing profile
+        ModeledSharingProfile sharingProfile = super.createObject(user, object);
+        sharingProfile.setParameters(object.getParameters());
+
+        // Insert new parameters, if any
+        Collection<SharingProfileParameterModel> parameterModels = getParameterModels(sharingProfile);
+        if (!parameterModels.isEmpty())
+            parameterMapper.insert(parameterModels);
+
+        return sharingProfile;
+
+    }
+    
+    @Override
+    public void updateObject(AuthenticatedUser user, ModeledSharingProfile object)
+            throws GuacamoleException {
+
+        // Update sharing profile
+        super.updateObject(user, object);
+
+        // Replace existing parameters with new parameters, if any
+        Collection<SharingProfileParameterModel> parameterModels = getParameterModels(object);
+        parameterMapper.delete(object.getIdentifier());
+        if (!parameterModels.isEmpty())
+            parameterMapper.insert(parameterModels);
+        
+    }
+
+    /**
+     * Returns the set of all identifiers for all sharing profiles associated
+     * with the given primary connection. Only sharing profiles that the user
+     * has read access to will be returned.
+     *
+     * Permission to read the primary connection having the given identifier is
+     * NOT checked.
+     *
+     * @param user
+     *     The user retrieving the identifiers.
+     * 
+     * @param identifier
+     *     The identifier of the primary connection.
+     *
+     * @return
+     *     The set of all identifiers for all sharing profiles associated with
+     *     the primary connection having the given identifier that the user has
+     *     read access to.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while reading identifiers.
+     */
+    public Set<String> getIdentifiersWithin(AuthenticatedUser user,
+            String identifier)
+            throws GuacamoleException {
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            return sharingProfileMapper.selectIdentifiersWithin(identifier);
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            return sharingProfileMapper.selectReadableIdentifiersWithin(
+                    user.getUser().getModel(), identifier);
+
+    }
+
+    /**
+     * Retrieves all parameters visible to the given user and associated with
+     * the sharing profile having the given identifier. If the given user has no
+     * access to such parameters, or no such sharing profile exists, the
+     * returned map will be empty.
+     *
+     * @param user
+     *     The user retrieving sharing profile parameters.
+     *
+     * @param identifier
+     *     The identifier of the sharing profile whose parameters are being
+     *     retrieved.
+     *
+     * @return
+     *     A new map of all parameter name/value pairs that the given user has
+     *     access to.
+     */
+    public Map<String, String> retrieveParameters(AuthenticatedUser user,
+            String identifier) {
+
+        Map<String, String> parameterMap = new HashMap<String, String>();
+
+        // Determine whether we have permission to read parameters
+        boolean canRetrieveParameters;
+        try {
+            canRetrieveParameters = hasObjectPermission(user, identifier,
+                    ObjectPermission.Type.UPDATE);
+        }
+
+        // Provide empty (but mutable) map if unable to check permissions
+        catch (GuacamoleException e) {
+            return parameterMap;
+        }
+
+        // Populate parameter map if we have permission to do so
+        if (canRetrieveParameters) {
+            for (SharingProfileParameterModel parameter : parameterMapper.select(identifier))
+                parameterMap.put(parameter.getName(), parameter.getValue());
+        }
+
+        return parameterMap;
+
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java

@@ -35,10 +35,9 @@ import org.apache.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.apache.guacamole.auth.jdbc.connection.ModeledConnection;
 import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
-import org.apache.guacamole.auth.jdbc.connection.ParameterMapper;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionModel;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel;
-import org.apache.guacamole.auth.jdbc.connection.ParameterModel;
+import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel;
 import org.apache.guacamole.auth.jdbc.user.UserModel;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleSecurityException;
@@ -55,6 +54,7 @@ import org.apache.guacamole.protocol.GuacamoleConfiguration;
 import org.apache.guacamole.token.StandardTokens;
 import org.apache.guacamole.token.TokenFilter;
 import org.mybatis.guice.transactional.Transactional;
+import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper;
 
 
 /**
@@ -88,7 +88,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
      * Mapper for accessing connection parameters.
      */
     @Inject
-    private ParameterMapper parameterMapper;
+    private ConnectionParameterMapper parameterMapper;
 
     /**
      * Mapper for accessing connection history.
@@ -217,8 +217,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
         config.setProtocol(model.getProtocol());
 
         // Set parameters from associated data
-        Collection<ParameterModel> parameters = parameterMapper.select(connection.getIdentifier());
+        Collection<ConnectionParameterModel> parameters = parameterMapper.select(connection.getIdentifier());
-        for (ParameterModel parameter : parameters)
+        for (ConnectionParameterModel parameter : parameters)
             config.setParameter(parameter.getName(), parameter.getValue());
 
         // Build token filter containing credential tokens

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java

@@ -38,6 +38,7 @@ import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionPermissionService;
 import org.apache.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
 import org.apache.guacamole.auth.jdbc.permission.ConnectionPermissionService;
+import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionService;
 import org.apache.guacamole.auth.jdbc.permission.UserPermissionService;
 import org.apache.guacamole.form.BooleanField;
 import org.apache.guacamole.form.DateField;
@@ -49,7 +50,6 @@ import org.apache.guacamole.net.auth.User;
 import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.net.auth.permission.SystemPermission;
 import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
-import org.apache.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -160,6 +160,12 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
     @Inject
     private ConnectionGroupPermissionService connectionGroupPermissionService;
 
+    /**
+     * Service for retrieving sharing profile permissions.
+     */
+    @Inject
+    private SharingProfilePermissionService sharingProfilePermissionService;
+
     /**
      * Service for retrieving active connection permissions.
      */
@@ -255,7 +261,7 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
     @Override
     public ObjectPermissionSet getSharingProfilePermissions()
             throws GuacamoleException {
-        return new SimpleObjectPermissionSet();
+        return sharingProfilePermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserContext.java

@@ -26,13 +26,14 @@ import org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
-import java.util.Collections;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.base.RestrictedObject;
 import org.apache.guacamole.auth.jdbc.activeconnection.ActiveConnectionDirectory;
 import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordSet;
 import org.apache.guacamole.auth.jdbc.connection.ModeledConnection;
 import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
+import org.apache.guacamole.auth.jdbc.sharingprofile.ModeledSharingProfile;
+import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory;
 import org.apache.guacamole.form.Form;
 import org.apache.guacamole.net.auth.ActiveConnection;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
@@ -41,7 +42,6 @@ import org.apache.guacamole.net.auth.ConnectionGroup;
 import org.apache.guacamole.net.auth.Directory;
 import org.apache.guacamole.net.auth.SharingProfile;
 import org.apache.guacamole.net.auth.User;
-import org.apache.guacamole.net.auth.simple.SimpleDirectory;
 
 /**
  * UserContext implementation which is driven by an arbitrary, underlying
@@ -80,6 +80,13 @@ public class UserContext extends RestrictedObject
     @Inject
     private ConnectionGroupDirectory connectionGroupDirectory;
 
+    /**
+     * Sharing profile directory restricted by the permissions of the user
+     * associated with this context.
+     */
+    @Inject
+    private SharingProfileDirectory sharingProfileDirectory;
+
     /**
      * ActiveConnection directory restricted by the permissions of the user
      * associated with this context.
@@ -108,6 +115,7 @@ public class UserContext extends RestrictedObject
         userDirectory.init(currentUser);
         connectionDirectory.init(currentUser);
         connectionGroupDirectory.init(currentUser);
+        sharingProfileDirectory.init(currentUser);
         activeConnectionDirectory.init(currentUser);
 
     }
@@ -140,7 +148,7 @@ public class UserContext extends RestrictedObject
     @Override
     public Directory<SharingProfile> getSharingProfileDirectory()
             throws GuacamoleException {
-        return new SimpleDirectory<SharingProfile>();
+        return sharingProfileDirectory;
     }
 
     @Override
@@ -184,7 +192,7 @@ public class UserContext extends RestrictedObject
 
     @Override
     public Collection<Form> getSharingProfileAttributes() {
-        return Collections.<Form>emptyList();
+        return ModeledSharingProfile.ATTRIBUTES;
     }
 
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql

@@ -106,6 +106,30 @@ CREATE TABLE `guacamole_user` (
 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+--
+-- Table of sharing profiles. Each sharing profile has a name, associated set
+-- of parameters, and a primary connection. The primary connection is the
+-- connection that the sharing profile shares, and the parameters dictate the
+-- restrictions/features which apply to the user joining the connection via the
+-- sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile (
+
+  `sharing_profile_id`    int(11)      NOT NULL AUTO_INCREMENT,
+  `sharing_profile_name`  varchar(128) NOT NULL,
+  `primary_connection_id` int(11)      NOT NULL,
+
+  PRIMARY KEY (`sharing_profile_id`),
+  UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id),
+
+  CONSTRAINT `guacamole_sharing_profile_ibfk_1`
+    FOREIGN KEY (`primary_connection_id`)
+    REFERENCES `guacamole_connection` (`connection_id`)
+    ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 --
 -- Table of connection parameters. Each parameter is simply a name/value pair
 -- associated with a connection.
@@ -125,6 +149,27 @@ CREATE TABLE `guacamole_connection_parameter` (
 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+--
+-- Table of sharing profile parameters. Each parameter is simply
+-- name/value pair associated with a sharing profile. These parameters dictate
+-- the restrictions/features which apply to the user joining the associated
+-- connection via the sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile_parameter (
+
+  `sharing_profile_id` integer       NOT NULL,
+  `parameter_name`     varchar(128)  NOT NULL,
+  `parameter_value`    varchar(4096) NOT NULL,
+
+  PRIMARY KEY (`sharing_profile_id`, `parameter_name`),
+
+  CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1`
+    FOREIGN KEY (`sharing_profile_id`)
+    REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 --
 -- Table of connection permissions. Each connection permission grants a user
 -- specific access to a connection.
@@ -177,6 +222,32 @@ CREATE TABLE `guacamole_connection_group_permission` (
 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+--
+-- Table of sharing profile permissions. Each sharing profile permission grants
+-- a user specific access to a sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile_permission (
+
+  `user_id`            integer NOT NULL,
+  `sharing_profile_id` integer NOT NULL,
+  `permission`         enum('READ',
+                            'UPDATE',
+                            'DELETE',
+                            'ADMINISTER') NOT NULL,
+
+  PRIMARY KEY (`user_id`, `sharing_profile_id`, `permission`),
+
+  CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1`
+    FOREIGN KEY (`sharing_profile_id`)
+    REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE,
+
+  CONSTRAINT `guacamole_sharing_profile_permission_ibfk_2`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
 --
 -- Table of system permissions. Each system permission grants a user a
 -- system-level privilege of some kind.
@@ -186,7 +257,8 @@ CREATE TABLE `guacamole_system_permission` (
 
   `user_id`    int(11) NOT NULL,
   `permission` enum('CREATE_CONNECTION',
-		    'CREATE_CONNECTION_GROUP',
+                    'CREATE_CONNECTION_GROUP',
+                    'CREATE_SHARING_PROFILE',
                     'CREATE_USER',
                     'ADMINISTER') NOT NULL,
 
@@ -232,27 +304,34 @@ CREATE TABLE `guacamole_user_permission` (
 
 CREATE TABLE `guacamole_connection_history` (
 
-  `history_id`      int(11)  NOT NULL AUTO_INCREMENT,
+  `history_id`           int(11)      NOT NULL AUTO_INCREMENT,
-  `user_id`         int(11)  DEFAULT NULL,
+  `user_id`              int(11)      DEFAULT NULL,
-  `username`        varchar(128) NOT NULL,
+  `username`             varchar(128) NOT NULL,
-  `connection_id`   int(11)  DEFAULT NULL,
+  `connection_id`        int(11)      DEFAULT NULL,
-  `connection_name` varchar(128) NOT NULL,
+  `connection_name`      varchar(128) NOT NULL,
-  `start_date`      datetime NOT NULL,
+  `sharing_profile_id`   int(11)      DEFAULT NULL,
-  `end_date`        datetime DEFAULT NULL,
+  `sharing_profile_name` varchar(128) DEFAULT NULL,
+  `start_date`           datetime     NOT NULL,
+  `end_date`             datetime     DEFAULT NULL,
 
   PRIMARY KEY (`history_id`),
   KEY `user_id` (`user_id`),
   KEY `connection_id` (`connection_id`),
+  KEY `sharing_profile_id` (`sharing_profile_id`),
   KEY `start_date` (`start_date`),
   KEY `end_date` (`end_date`),
 
   CONSTRAINT `guacamole_connection_history_ibfk_1`
     FOREIGN KEY (`user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE,
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE SET NULL,
 
   CONSTRAINT `guacamole_connection_history_ibfk_2`
     FOREIGN KEY (`connection_id`)
-    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE
+    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE SET NULL
+
+  CONSTRAINT `guacamole_connection_history_ibfk_3`
+    FOREIGN KEY (`sharing_profile_id`)
+    REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE SET NULL
 
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql

@@ -29,6 +29,7 @@ SELECT user_id, permission
 FROM (
           SELECT 'guacadmin'  AS username, 'CREATE_CONNECTION'       AS permission
     UNION SELECT 'guacadmin'  AS username, 'CREATE_CONNECTION_GROUP' AS permission
+    UNION SELECT 'guacadmin'  AS username, 'CREATE_SHARING_PROFILE'  AS permission
     UNION SELECT 'guacadmin'  AS username, 'CREATE_USER'             AS permission
     UNION SELECT 'guacadmin'  AS username, 'ADMINISTER'              AS permission
 ) permissions

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.9.10.sql

@@ -94,3 +94,91 @@ ALTER TABLE guacamole_connection_history
 ALTER TABLE guacamole_connection_group
     ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT 0;
 
+--
+-- Add new system-level permission
+--
+
+ALTER TABLE `guacamole_system_permission`
+    MODIFY `permission` enum('CREATE_CONNECTION',
+                             'CREATE_CONNECTION_GROUP',
+                             'CREATE_SHARING_PROFILE',
+                             'CREATE_USER',
+                             'ADMINISTER') NOT NULL;
+
+--
+-- Add sharing profile table
+--
+
+CREATE TABLE guacamole_sharing_profile (
+
+  `sharing_profile_id`    int(11)      NOT NULL AUTO_INCREMENT,
+  `sharing_profile_name`  varchar(128) NOT NULL,
+  `primary_connection_id` int(11)      NOT NULL,
+
+  PRIMARY KEY (`sharing_profile_id`),
+  UNIQUE KEY `sharing_profile_name_primary` (sharing_profile_name, primary_connection_id),
+
+  CONSTRAINT `guacamole_sharing_profile_ibfk_1`
+    FOREIGN KEY (`primary_connection_id`)
+    REFERENCES `guacamole_connection` (`connection_id`)
+    ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Add table of sharing profile parameters
+--
+
+CREATE TABLE guacamole_sharing_profile_parameter (
+
+  `sharing_profile_id` integer       NOT NULL,
+  `parameter_name`     varchar(128)  NOT NULL,
+  `parameter_value`    varchar(4096) NOT NULL,
+
+  PRIMARY KEY (`sharing_profile_id`, `parameter_name`),
+
+  CONSTRAINT `guacamole_sharing_profile_parameter_ibfk_1`
+    FOREIGN KEY (`sharing_profile_id`)
+    REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Object-level permission table for sharing profiles
+--
+
+CREATE TABLE guacamole_sharing_profile_permission (
+
+  `user_id`            integer NOT NULL,
+  `sharing_profile_id` integer NOT NULL,
+  `permission`         enum('READ',
+                            'UPDATE',
+                            'DELETE',
+                            'ADMINISTER') NOT NULL,
+
+  PRIMARY KEY (`user_id`, `sharing_profile_id`, `permission`),
+
+  CONSTRAINT `guacamole_sharing_profile_permission_ibfk_1`
+    FOREIGN KEY (`sharing_profile_id`)
+    REFERENCES `guacamole_sharing_profile` (`sharing_profile_id`) ON DELETE CASCADE,
+
+  CONSTRAINT `guacamole_sharing_profile_permission_ibfk_2`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Add new (optional) sharing profile ID and name columns to connection history
+--
+
+ALTER TABLE guacamole_connection_history
+    ADD COLUMN sharing_profile_id INT(11);
+
+ALTER TABLE guacamole_connection_history
+    ADD COLUMN sharing_profile_name VARCHAR(128);
+
+ALTER TABLE guacamole_connection_history
+    ADD CONSTRAINT guacamole_connection_history_ibfk_3
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml

@@ -21,10 +21,10 @@
     under the License.
 -->
 
-<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ParameterMapper">
+<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper">
 
     <!-- Result mapper for connection parameters -->
-    <resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.connection.ParameterModel">
+    <resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
         <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
         <result column="parameter_name"  property="name"                 jdbcType="VARCHAR"/>
         <result column="parameter_value" property="value"                jdbcType="VARCHAR"/>
@@ -48,7 +48,7 @@
     </delete>
 
     <!-- Insert all given parameters -->
-    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ParameterModel">
+    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
 
         INSERT INTO guacamole_connection_parameter (
             connection_id,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml

@@ -25,12 +25,14 @@
 
     <!-- Result mapper for system permissions -->
     <resultMap id="ConnectionRecordResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
-        <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
+        <result column="connection_id"        property="connectionIdentifier"     jdbcType="INTEGER"/>
-        <result column="connection_name" property="connectionName"       jdbcType="VARCHAR"/>
+        <result column="connection_name"      property="connectionName"           jdbcType="VARCHAR"/>
-        <result column="user_id"         property="userID"               jdbcType="INTEGER"/>
+        <result column="sharing_profile_id"   property="sharingProfileIdentifier" jdbcType="INTEGER"/>
-        <result column="username"        property="username"             jdbcType="VARCHAR"/>
+        <result column="sharing_profile_name" property="sharingProfileName"       jdbcType="VARCHAR"/>
-        <result column="start_date"      property="startDate"            jdbcType="TIMESTAMP"/>
+        <result column="user_id"              property="userID"                   jdbcType="INTEGER"/>
-        <result column="end_date"        property="endDate"              jdbcType="TIMESTAMP"/>
+        <result column="username"             property="username"                 jdbcType="VARCHAR"/>
+        <result column="start_date"           property="startDate"                jdbcType="TIMESTAMP"/>
+        <result column="end_date"             property="endDate"                  jdbcType="TIMESTAMP"/>
     </resultMap>
 
     <!-- Select all connection records from a given connection -->
@@ -39,6 +41,8 @@
         SELECT
             guacamole_connection_history.connection_id,
             guacamole_connection_history.connection_name,
+            guacamole_connection_history.sharing_profile_id,
+            guacamole_connection_history.sharing_profile_name,
             guacamole_connection_history.user_id,
             guacamole_connection_history.username,
             guacamole_connection_history.start_date,
@@ -58,6 +62,8 @@
         INSERT INTO guacamole_connection_history (
             connection_id,
             connection_name,
+            sharing_profile_id,
+            sharing_profile_name,
             user_id,
             username,
             start_date,
@@ -66,6 +72,8 @@
         VALUES (
             #{record.connectionIdentifier,jdbcType=VARCHAR},
             #{record.connectionName,jdbcType=VARCHAR},
+            #{record.sharingProfileIdentifier,jdbcType=VARCHAR},
+            #{record.sharingProfileName,jdbcType=VARCHAR},
             (SELECT user_id FROM guacamole_user
              WHERE username = #{record.username,jdbcType=VARCHAR}),
             #{record.username,jdbcType=VARCHAR},
@@ -81,6 +89,8 @@
         SELECT
             guacamole_connection_history.connection_id,
             guacamole_connection_history.connection_name,
+            guacamole_connection_history.sharing_profile_id,
+            guacamole_connection_history.sharing_profile_name,
             guacamole_connection_history.user_id,
             guacamole_connection_history.username,
             guacamole_connection_history.start_date,
@@ -136,6 +146,8 @@
         SELECT
             guacamole_connection_history.connection_id,
             guacamole_connection_history.connection_name,
+            guacamole_connection_history.sharing_profile_id,
+            guacamole_connection_history.sharing_profile_name,
             guacamole_connection_history.user_id,
             guacamole_connection_history.username,
             guacamole_connection_history.start_date,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml

@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper">
+
+    <!-- Result mapper for sharig profile permissions -->
+    <resultMap id="SharingProfilePermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"            property="userID"           jdbcType="INTEGER"/>
+        <result column="username"           property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"         property="type"             jdbcType="VARCHAR"
+                javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="sharing_profile_id" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="SharingProfilePermissionResultMap">
+
+        SELECT
+            guacamole_sharing_profile_permission.user_id,
+            username,
+            permission,
+            sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        JOIN guacamole_user ON guacamole_sharing_profile_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_sharing_profile_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="SharingProfilePermissionResultMap">
+
+        SELECT
+            guacamole_sharing_profile_permission.user_id,
+            username,
+            permission,
+            sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        JOIN guacamole_user ON guacamole_sharing_profile_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_sharing_profile_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+            AND sharing_profile_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND sharing_profile_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_sharing_profile_permission
+        WHERE (user_id, permission, sharing_profile_id) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_sharing_profile_permission (
+            user_id,
+            permission,
+            sharing_profile_id
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml

@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper">
+
+    <!-- Result mapper for sharing profile objects -->
+    <resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
+        <id     column="sharing_profile_id"    property="objectID"                    jdbcType="INTEGER"/>
+        <result column="sharing_profile_name"  property="name"                        jdbcType="VARCHAR"/>
+        <result column="primary_connection_id" property="primaryConnectionIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all sharing profile identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile
+    </select>
+
+    <!-- Select identifiers of all readable sharing profiles -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all sharing profiles identifiers associated with a particular connection -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile
+        WHERE
+            primary_connection_id = #{primaryConnectionIdentifier,jdbcType=VARCHAR}
+    </select>
+
+    <!-- Select identifiers of all readable sharing profiles associated with a particular connection -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile
+        JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id
+        WHERE
+            primary_connection_id = #{primaryConnectionIdentifier,jdbcType=VARCHAR}
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple sharing profiles by identifier -->
+    <select id="select" resultMap="SharingProfileResultMap">
+
+        SELECT
+            sharing_profile_id,
+            sharing_profile_name,
+            primary_connection_id
+        FROM guacamole_sharing_profile
+        WHERE sharing_profile_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple sharing profiles by identifier only if readable -->
+    <select id="selectReadable" resultMap="SharingProfileResultMap">
+
+        SELECT
+            guacamole_sharing_profile.sharing_profile_id,
+            guacamole_sharing_profile.sharing_profile_name,
+            primary_connection_id
+        FROM guacamole_sharing_profile
+        JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id
+        WHERE guacamole_sharing_profile.sharing_profile_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Select single sharing profile by name -->
+    <select id="selectOneByName" resultMap="SharingProfileResultMap">
+
+        SELECT
+            sharing_profile_id,
+            sharing_profile_name,
+            primary_connection_id
+        FROM guacamole_sharing_profile
+        WHERE 
+            primary_connection_id = #{primaryConnectionIdentifier,jdbcType=VARCHAR}
+            AND sharing_profile_name = #{name,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete single sharing profile by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_sharing_profile
+        WHERE sharing_profile_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single sharing profile -->
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
+
+        INSERT INTO guacamole_sharing_profile (
+            sharing_profile_name,
+            primary_connection_id
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.primaryConnectionIdentifier,jdbcType=VARCHAR},
+        )
+
+    </insert>
+
+    <!-- Update single sharing profile -->
+    <update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
+        UPDATE guacamole_sharing_profile
+        SET sharing_profile_name  = #{object.name,jdbcType=VARCHAR},
+            primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=VARCHAR}
+        WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}
+    </update>
+
+</mapper>

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper">
+
+    <!-- Result mapper for sharing profile parameters -->
+    <resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
+        <result column="sharing_profile_id" property="sharingProfileIdentifier" jdbcType="INTEGER"/>
+        <result column="parameter_name"     property="name"                     jdbcType="VARCHAR"/>
+        <result column="parameter_value"    property="value"                    jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all parameters of a given sharing profile -->
+    <select id="select" resultMap="ParameterResultMap">
+        SELECT
+            sharing_profile_id,
+            parameter_name,
+            parameter_value
+        FROM guacamole_sharing_profile_parameter
+        WHERE
+            sharing_profile_id = #{identifier,jdbcType=VARCHAR}
+    </select>
+
+    <!-- Delete all parameters of a given sharing profile -->
+    <delete id="delete">
+        DELETE FROM guacamole_sharing_profile_parameter
+        WHERE sharing_profile_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert all given parameters -->
+    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
+
+        INSERT INTO guacamole_sharing_profile_parameter (
+            sharing_profile_id,
+            parameter_name,
+            parameter_value
+        )
+        VALUES 
+            <foreach collection="parameters" item="parameter" separator=",">
+                (#{parameter.sharingProfileIdentifier,jdbcType=VARCHAR},
+                 #{parameter.name,jdbcType=VARCHAR},
+                 #{parameter.value,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+
+</mapper>

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql

@@ -44,6 +44,7 @@ CREATE TYPE guacamole_object_permission_type AS ENUM(
 CREATE TYPE guacamole_system_permission_type AS ENUM(
     'CREATE_CONNECTION',
     'CREATE_CONNECTION_GROUP',
+    'CREATE_SHARING_PROFILE',
     'CREATE_USER',
     'ADMINISTER'
 );
@@ -148,6 +149,34 @@ CREATE TABLE guacamole_user (
 
 );
 
+--
+-- Table of sharing profiles. Each sharing profile has a name, associated set
+-- of parameters, and a primary connection. The primary connection is the
+-- connection that the sharing profile shares, and the parameters dictate the
+-- restrictions/features which apply to the user joining the connection via the
+-- sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile (
+
+  sharing_profile_id    serial       NOT NULL,
+  sharing_profile_name  varchar(128) NOT NULL,
+  primary_connection_id integer      NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id),
+
+  CONSTRAINT sharing_profile_name_primary
+    UNIQUE (sharing_profile_name, primary_connection_id),
+
+  CONSTRAINT guacamole_sharing_profile_ibfk_1
+    FOREIGN KEY (primary_connection_id)
+    REFERENCES guacamole_connection (connection_id)
+    ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile(primary_connection_id);
+
 --
 -- Table of connection parameters. Each parameter is simply a name/value pair
 -- associated with a connection.
@@ -169,6 +198,29 @@ CREATE TABLE guacamole_connection_parameter (
 
 CREATE INDEX ON guacamole_connection_parameter(connection_id);
 
+--
+-- Table of sharing profile parameters. Each parameter is simply
+-- name/value pair associated with a sharing profile. These parameters dictate
+-- the restrictions/features which apply to the user joining the associated
+-- connection via the sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile_parameter (
+
+  sharing_profile_id integer       NOT NULL,
+  parameter_name     varchar(128)  NOT NULL,
+  parameter_value    varchar(4096) NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id, parameter_name),
+
+  CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_parameter(sharing_profile_id);
+
 --
 -- Table of connection permissions. Each connection permission grants a user
 -- specific access to a connection.
@@ -221,6 +273,32 @@ CREATE TABLE guacamole_connection_group_permission (
 CREATE INDEX ON guacamole_connection_group_permission(connection_group_id);
 CREATE INDEX ON guacamole_connection_group_permission(user_id);
 
+--
+-- Table of sharing profile permissions. Each sharing profile permission grants
+-- a user specific access to a sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile_permission (
+
+  user_id            integer NOT NULL,
+  sharing_profile_id integer NOT NULL,
+  permission         guacamole_object_permission_type NOT NULL,
+
+  PRIMARY KEY (user_id,sharing_profile_id,permission),
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE,
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_permission(sharing_profile_id);
+CREATE INDEX ON guacamole_sharing_profile_permission(user_id);
+
 --
 -- Table of system permissions. Each system permission grants a user a
 -- system-level privilege of some kind.
@@ -275,27 +353,34 @@ CREATE INDEX ON guacamole_user_permission(user_id);
 
 CREATE TABLE guacamole_connection_history (
 
-  history_id      serial       NOT NULL,
+  history_id           serial       NOT NULL,
-  user_id         integer      DEFAULT NULL,
+  user_id              integer      DEFAULT NULL,
-  username        varchar(128) NOT NULL,
+  username             varchar(128) NOT NULL,
-  connection_id   integer      DEFAULT NULL,
+  connection_id        integer      DEFAULT NULL,
-  connection_name varchar(128) NOT NULL,
+  connection_name      varchar(128) NOT NULL,
-  start_date      timestamptz  NOT NULL,
+  sharing_profile_id   integer      DEFAULT NULL,
-  end_date        timestamptz  DEFAULT NULL,
+  sharing_profile_name varchar(128) NOT NULL,
+  start_date           timestamptz  NOT NULL,
+  end_date             timestamptz  DEFAULT NULL,
 
   PRIMARY KEY (history_id),
 
   CONSTRAINT guacamole_connection_history_ibfk_1
     FOREIGN KEY (user_id)
-    REFERENCES guacamole_user (user_id) ON DELETE CASCADE,
+    REFERENCES guacamole_user (user_id) ON DELETE SET NULL,
 
   CONSTRAINT guacamole_connection_history_ibfk_2
     FOREIGN KEY (connection_id)
-    REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
+    REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL,
+
+  CONSTRAINT guacamole_connection_history_ibfk_3
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL
 
 );
 
 CREATE INDEX ON guacamole_connection_history(user_id);
 CREATE INDEX ON guacamole_connection_history(connection_id);
+CREATE INDEX ON guacamole_connection_history(sharing_profile_id);
 CREATE INDEX ON guacamole_connection_history(start_date);
 CREATE INDEX ON guacamole_connection_history(end_date);

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql

@@ -31,6 +31,7 @@ FROM (
     VALUES
         ('guacadmin', 'CREATE_CONNECTION'),
         ('guacadmin', 'CREATE_CONNECTION_GROUP'),
+        ('guacadmin', 'CREATE_SHARING_PROFILE'),
         ('guacadmin', 'CREATE_USER'),
         ('guacadmin', 'ADMINISTER')
 ) permissions (username, permission)

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql

@@ -95,3 +95,96 @@ ALTER TABLE guacamole_connection_history
 ALTER TABLE guacamole_connection_group
     ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT FALSE;
 
+--
+-- Add new system-level permission
+--
+
+ALTER TYPE guacamole_system_permission_type
+    ADD VALUE 'CREATE_SHARING_PROFILE'
+    AFTER 'CREATE_CONNECTION_GROUP';
+
+--
+-- Add sharing profile table
+--
+
+CREATE TABLE guacamole_sharing_profile (
+
+  sharing_profile_id    serial       NOT NULL,
+  sharing_profile_name  varchar(128) NOT NULL,
+  primary_connection_id integer      NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id),
+
+  CONSTRAINT sharing_profile_name_primary
+    UNIQUE (sharing_profile_name, primary_connection_id),
+
+  CONSTRAINT guacamole_sharing_profile_ibfk_1
+    FOREIGN KEY (primary_connection_id)
+    REFERENCES guacamole_connection (connection_id)
+    ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile(primary_connection_id);
+
+--
+-- Add table of sharing profile parameters
+--
+
+CREATE TABLE guacamole_sharing_profile_parameter (
+
+  sharing_profile_id integer       NOT NULL,
+  parameter_name     varchar(128)  NOT NULL,
+  parameter_value    varchar(4096) NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id, parameter_name),
+
+  CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_parameter(sharing_profile_id);
+
+--
+-- Object-level permission table for sharing profiles
+--
+
+CREATE TABLE guacamole_sharing_profile_permission (
+
+  user_id            integer NOT NULL,
+  sharing_profile_id integer NOT NULL,
+  permission         guacamole_object_permission_type NOT NULL,
+
+  PRIMARY KEY (user_id,sharing_profile_id,permission),
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE,
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_permission(sharing_profile_id);
+CREATE INDEX ON guacamole_sharing_profile_permission(user_id);
+
+--
+-- Add new (optional) sharing profile ID and name columns to connection history
+--
+
+ALTER TABLE guacamole_connection_history
+    ADD COLUMN sharing_profile_id integer;
+
+ALTER TABLE guacamole_connection_history
+    ADD COLUMN sharing_profile_name varchar(128);
+
+ALTER TABLE guacamole_connection_history
+    ADD CONSTRAINT guacamole_connection_history_ibfk_3
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL;
+
+CREATE INDEX ON guacamole_connection_history(sharing_profile_id);

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionParameterMapper.xml

@@ -21,10 +21,10 @@
     under the License.
 -->
 
-<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ParameterMapper">
+<mapper namespace="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper">
 
     <!-- Result mapper for connection parameters -->
-    <resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.connection.ParameterModel">
+    <resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
         <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
         <result column="parameter_name"  property="name"                 jdbcType="VARCHAR"/>
         <result column="parameter_value" property="value"                jdbcType="VARCHAR"/>
@@ -48,7 +48,7 @@
     </delete>
 
     <!-- Insert all given parameters -->
-    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ParameterModel">
+    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.connection.ConnectionParameterModel">
 
         INSERT INTO guacamole_connection_parameter (
             connection_id,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml

@@ -25,12 +25,14 @@
 
     <!-- Result mapper for system permissions -->
     <resultMap id="ConnectionRecordResultMap" type="org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel">
-        <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
+        <result column="connection_id"        property="connectionIdentifier"     jdbcType="INTEGER"/>
-        <result column="connection_name" property="connectionName"       jdbcType="VARCHAR"/>
+        <result column="connection_name"      property="connectionName"           jdbcType="VARCHAR"/>
-        <result column="user_id"         property="userID"               jdbcType="INTEGER"/>
+        <result column="sharing_profile_id"   property="sharingProfileIdentifier" jdbcType="INTEGER"/>
-        <result column="username"        property="username"             jdbcType="VARCHAR"/>
+        <result column="sharing_profile_name" property="sharingProfileName"       jdbcType="VARCHAR"/>
-        <result column="start_date"      property="startDate"            jdbcType="TIMESTAMP"/>
+        <result column="user_id"              property="userID"                   jdbcType="INTEGER"/>
-        <result column="end_date"        property="endDate"              jdbcType="TIMESTAMP"/>
+        <result column="username"             property="username"                 jdbcType="VARCHAR"/>
+        <result column="start_date"           property="startDate"                jdbcType="TIMESTAMP"/>
+        <result column="end_date"             property="endDate"                  jdbcType="TIMESTAMP"/>
     </resultMap>
 
     <!-- Select all connection records from a given connection -->
@@ -39,6 +41,8 @@
         SELECT
             guacamole_connection_history.connection_id,
             guacamole_connection_history.connection_name,
+            guacamole_connection_history.sharing_profile_id,
+            guacamole_connection_history.sharing_profile_name,
             guacamole_connection_history.user_id,
             guacamole_connection_history.username,
             guacamole_connection_history.start_date,
@@ -58,6 +62,8 @@
         INSERT INTO guacamole_connection_history (
             connection_id,
             connection_name,
+            sharing_profile_id,
+            sharing_profile_name,
             user_id,
             username,
             start_date,
@@ -66,6 +72,8 @@
         VALUES (
             #{record.connectionIdentifier,jdbcType=INTEGER}::integer,
             #{record.connectionName,jdbcType=VARCHAR},
+            #{record.sharingProfileIdentifier,jdbcType=INTEGER}::integer,
+            #{record.sharingProfileName,jdbcType=VARCHAR},
             (SELECT user_id FROM guacamole_user
              WHERE username = #{record.username,jdbcType=VARCHAR}),
             #{record.username,jdbcType=VARCHAR},
@@ -81,6 +89,8 @@
         SELECT
             guacamole_connection_history.connection_id,
             guacamole_connection_history.connection_name,
+            guacamole_connection_history.sharing_profile_id,
+            guacamole_connection_history.sharing_profile_name,
             guacamole_connection_history.user_id,
             guacamole_connection_history.username,
             guacamole_connection_history.start_date,
@@ -134,6 +144,8 @@
         SELECT
             guacamole_connection_history.connection_id,
             guacamole_connection_history.connection_name,
+            guacamole_connection_history.sharing_profile_id,
+            guacamole_connection_history.sharing_profile_name,
             guacamole_connection_history.user_id,
             guacamole_connection_history.username,
             guacamole_connection_history.start_date,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml

@@ -0,0 +1,117 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper">
+
+    <!-- Result mapper for sharing profile permissions -->
+    <resultMap id="SharingProfilePermissionResultMap" type="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"            property="userID"           jdbcType="INTEGER"/>
+        <result column="username"           property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"         property="type"             jdbcType="VARCHAR"
+                javaType="org.apache.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="sharing_profile_id" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="SharingProfilePermissionResultMap">
+
+        SELECT
+            guacamole_sharing_profile_permission.user_id,
+            username,
+            permission,
+            sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        JOIN guacamole_user ON guacamole_sharing_profile_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_sharing_profile_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="SharingProfilePermissionResultMap">
+
+        SELECT
+            guacamole_sharing_profile_permission.user_id,
+            username,
+            permission,
+            sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        JOIN guacamole_user ON guacamole_sharing_profile_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_sharing_profile_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
+            AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND sharing_profile_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=INTEGER}::integer
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type
+                </foreach>
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_sharing_profile_permission
+        WHERE (user_id, permission, sharing_profile_id) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
+                 #{permission.objectIdentifier,jdbcType=INTEGER}::integer)
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT INTO guacamole_sharing_profile_permission (
+            user_id,
+            permission,
+            sharing_profile_id
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
+                 #{permission.objectIdentifier,jdbcType=INTEGER}::integer)
+            </foreach>
+
+    </insert>
+
+</mapper>

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml

@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileMapper">
+
+    <!-- Result mapper for sharing profile objects -->
+    <resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
+        <id     column="sharing_profile_id"    property="objectID"                    jdbcType="INTEGER"/>
+        <result column="sharing_profile_name"  property="name"                        jdbcType="VARCHAR"/>
+        <result column="primary_connection_id" property="primaryConnectionIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all sharing profile identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile
+    </select>
+
+    <!-- Select identifiers of all readable sharing profiles -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all sharing profile identifiers associated with a particular connection -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile
+        WHERE
+            primary_connection_id = #{primaryConnectionIdentifier,jdbcType=INTEGER}::integer
+    </select>
+
+    <!-- Select identifiers of all readable sharing profiles associated with a particular connection -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT sharing_profile_id
+        FROM guacamole_sharing_profile
+        JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id
+        WHERE
+            primary_connection_id = #{primaryConnectionIdentifier,jdbcType=INTEGER}::integer
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple sharing profiles by identifier -->
+    <select id="select" resultMap="SharingProfileResultMap">
+
+        SELECT
+            sharing_profile_id,
+            sharing_profile_name,
+            primary_connection_id
+        FROM guacamole_sharing_profile
+        WHERE sharing_profile_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=INTEGER}::integer
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple sharing profiles by identifier only if readable -->
+    <select id="selectReadable" resultMap="SharingProfileResultMap">
+
+        SELECT
+            guacamole_sharing_profile.sharing_profile_id,
+            guacamole_sharing_profile.sharing_profile_name,
+            primary_connection_id
+        FROM guacamole_sharing_profile
+        JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id
+        WHERE guacamole_sharing_profile.sharing_profile_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=INTEGER}::integer
+            </foreach>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Select single sharing profile by name -->
+    <select id="selectOneByName" resultMap="SharingProfileResultMap">
+
+        SELECT
+            sharing_profile_id,
+            sharing_profile_name,
+            primary_connection_id
+        FROM guacamole_sharing_profile
+        WHERE 
+            primary_connection_id = #{primaryConnectionIdentifier,jdbcType=INTEGER}::integer
+            AND sharing_profile_name = #{name,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete single sharing profile by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_sharing_profile
+        WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
+    </delete>
+
+    <!-- Insert single sharing profile -->
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
+
+        INSERT INTO guacamole_sharing_profile (
+            sharing_profile_name,
+            primary_connection_id
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer
+        )
+
+    </insert>
+
+    <!-- Update single sharing profile -->
+    <update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
+        UPDATE guacamole_sharing_profile
+        SET sharing_profile_name  = #{object.name,jdbcType=VARCHAR},
+            primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer
+        WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}::integer
+    </update>
+
+</mapper>

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileParameterMapper.xml

@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements.  See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership.  The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied.  See the License for the
+    specific language governing permissions and limitations
+    under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterMapper">
+
+    <!-- Result mapper for sharing profile parameters -->
+    <resultMap id="ParameterResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
+        <result column="sharing_profile_id" property="sharingProfileIdentifier" jdbcType="INTEGER"/>
+        <result column="parameter_name"     property="name"                     jdbcType="VARCHAR"/>
+        <result column="parameter_value"    property="value"                    jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all parameters of a given sharing profile -->
+    <select id="select" resultMap="ParameterResultMap">
+        SELECT
+            sharing_profile_id,
+            parameter_name,
+            parameter_value
+        FROM guacamole_sharing_profile_parameter
+        WHERE
+            sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
+    </select>
+
+    <!-- Delete all parameters of a given sharing profile -->
+    <delete id="delete">
+        DELETE FROM guacamole_sharing_profile_parameter
+        WHERE sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
+    </delete>
+
+    <!-- Insert all given parameters -->
+    <insert id="insert" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileParameterModel">
+
+        INSERT INTO guacamole_sharing_profile_parameter (
+            sharing_profile_id,
+            parameter_name,
+            parameter_value
+        )
+        VALUES 
+            <foreach collection="parameters" item="parameter" separator=",">
+                (#{parameter.sharingProfileIdentifier,jdbcType=INTEGER}::integer,
+                 #{parameter.name,jdbcType=VARCHAR},
+                 #{parameter.value,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+
+</mapper>