diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java index f2d2e50bf..c8d80a76f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java @@ -23,7 +23,6 @@ import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.Set; -import javax.xml.stream.events.Characters; import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleSecurityException; @@ -289,6 +288,62 @@ public abstract class ModeledDirectoryObjectService filterIdentifiers(Collection identifiers) { + + // Obtain enough space for a full copy of the given identifiers + Collection validIdentifiers = new ArrayList(identifiers.size()); + + // Add only valid identifiers to the copy + for (String identifier : identifiers) { + if (isValidIdentifier(identifier)) + validIdentifiers.add(identifier); + } + + return validIdentifiers; + + } + @Override public InternalType retrieveObject(ModeledAuthenticatedUser user, String identifier) throws GuacamoleException { @@ -314,7 +369,7 @@ public abstract class ModeledDirectoryObjectService identifiers) throws GuacamoleException { // Ignore invalid identifiers - identifiers = ObjectModel.filterIdentifiers(identifiers); + identifiers = filterIdentifiers(identifiers); // Do not query if no identifiers given if (identifiers.isEmpty()) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectModel.java index f77abad00..06698acd3 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectModel.java @@ -19,9 +19,6 @@ package org.apache.guacamole.auth.jdbc.base; -import java.util.ArrayList; -import java.util.Collection; - /** * Object representation of a Guacamole object, such as a user or connection, * as represented in the database. @@ -87,60 +84,4 @@ public abstract class ObjectModel { this.objectID = objectID; } - /** - * Returns whether the given string is a valid identifier within the JDBC - * authentication extension. Invalid identifiers may result in SQL errors - * from the underlying database when used in queries. - * - * @param identifier - * The string to check for validity. - * - * @return - * true if the given string is a valid identifier, false otherwise. - */ - public static boolean isValidIdentifier(String identifier) { - - // Empty identifiers are invalid - if (identifier.isEmpty()) - return false; - - // Identifier is invalid if any non-numeric characters are present - for (int i = 0; i < identifier.length(); i++) { - if (!Character.isDigit(identifier.charAt(i))) - return false; - } - - // Identifier is valid - contains only numeric characters - return true; - - } - - /** - * Filters the given collection of strings, returning a new collection - * containing only those strings which are valid identifiers. If no strings - * within the collection are valid identifiers, the returned collection will - * simply be empty. - * - * @param identifiers - * The collection of strings to filter. - * - * @return - * A new collection containing only the strings within the provided - * collection which are valid identifiers. - */ - public static Collection filterIdentifiers(Collection identifiers) { - - // Obtain enough space for a full copy of the given identifiers - Collection validIdentifiers = new ArrayList(identifiers.size()); - - // Add only valid identifiers to the copy - for (String identifier : identifiers) { - if (ObjectModel.isValidIdentifier(identifier)) - validIdentifiers.add(identifier); - } - - return validIdentifiers; - - } - } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java index 57a022e3b..16f25b5b1 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java @@ -258,6 +258,14 @@ public class UserService extends ModeledDirectoryObjectService