safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow unrestricted access to all Users and GuacamoleConfigurations through the Environment. Restrict access to everything and provide CRUD operations within UserContext. Define contract of permissions.

Browse Source
This commit is contained in:
Michael Jumper
2013-01-27 01:52:56 -08:00
committed by Michael Jumper
parent 003dc28511
commit 2d33753194
7 changed files with 196 additions and 328 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/AbstractUser.java
View File

@@ -46,8 +46,7 @@ import net.sourceforge.guacamole.GuacamoleException;
*
* @author Michael Jumper
*/
public class AbstractUser extends RestrictedObject
implements User, Comparable<AbstractUser> {
public abstract class AbstractUser implements User, Comparable<AbstractUser> {
/**
* The name of this user.

26
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/AuthenticationProvider.java
View File

@@ -50,16 +50,30 @@ import net.sourceforge.guacamole.GuacamoleException;
public interface AuthenticationProvider {
/**
* Returns the Environment authorized by the given credentials, or null if
* the given credentials are not authorized.
* Returns the environment exposed by this AuthenticationProvider. The
* environment provides unrestricted access to all available users and
* configurations, though operations which permanently affect users and
* configurations are only possible through a UserContext.
*
* @return An Environment containing all Users and GuacamoleConfigurations
* currently available through this AuthenticationProvider.
*
* @throws GuacamoleException If an error occurs while retrieving the
* environment.
*/
Environment getEnvironment() throws GuacamoleException;
/**
* Returns the UserContext of the user authorized by the given credentials.
*
* @param credentials The credentials to use to retrieve the environment.
* @return An Environment containing all Users and GuacamoleConfigurations
* the credentials provide access to.
* @return The UserContext of the user authorized by the given credentials,
* or null if the credentials are not authorized.
*
* @throws GuacamoleException If an error occurs while creating the
* Environment.
* UserContext.
*/
Environment getAuthorizedEnvironment(Credentials credentials)
UserContext getUserContext(Credentials credentials)
throws GuacamoleException;
}

95
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/Environment.java
View File

@@ -57,24 +57,8 @@ import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
public interface Environment {
/**
* Returns the User represented by the Credentials that own this
* Environment.
*
* @return The User represented by the Credentials that own this
* Environment.
*/
User self();
/*
* CONFIGURATION FUNCTIONS
*/
/**
* Returns a Map containing all GuacamoleConfigurations visible within this
* Environment. The keys of this Map are Strings which uniquely identify
* each configuration.
* Returns a Map containing absolutely all GuacamoleConfigurations. The
* keys of this Map are Strings which uniquely identify each configuration.
*
* @return A Map of all configurations visible.
* @throws GuacamoleException If an error occurs while retrieving
@@ -84,83 +68,12 @@ public interface Environment {
throws GuacamoleException;
/**
* Adds the given GuacamoleConfiguration to the overall set of available
* GuacamoleConfigurations, using the given unique identifier.
* Returns a Set containing absolutely all Users.
*
* @param identifier The identifier to assign to the configuration.
* @param config The configuration to add.
* @throws GuacamoleException If an error occurs while adding the
* configuration, or if adding the configuration
* is not allowed.
*/
void addConfiguration(String identifier, GuacamoleConfiguration config)
throws GuacamoleException;
/**
* Updates the GuacamoleConfiguration having the given unique identifier
* with the data contained in the given GuacamoleConfiguration.
*
* @param identifier The identifier to use when locating the configuration
* to update.
* @param config The configuration to use when updating the stored
* configuration.
* @throws GuacamoleException If an error occurs while updating the
* configuration, or if updating the
* configuration is not allowed.
*/
void updateConfiguration(String identifier, GuacamoleConfiguration config)
throws GuacamoleException;
/**
* Removes the GuacamoleConfiguration having the given unique identifier.
*
* @param identifier The identifier of the configuration to remove.
* @throws GuacamoleException If an error occurs while removing the
* configuration, or if removing the
* configuration is not allowed.
*/
void removeConfiguration(String identifier) throws GuacamoleException;
/*
* USER FUNCTIONS
*/
/**
* Returns a Set containing all Users visible within this Environment.
*
* @return A Set of all users visible.
* @return A Set of all users.
* @throws GuacamoleException If an error occurs while retrieving
* users.
*/
Set<User> getUsers() throws GuacamoleException;
/**
* Adds the given User to the overall set of available Users.
*
* @param user The user to add.
* @throws GuacamoleException If an error occurs while adding the user, or
* if adding the user is not allowed.
*/
void addUser(User user) throws GuacamoleException;
/**
* Updates the User with the data contained in the given User. The user to
* update is identified using the username of the User given.
*
* @param user The user to use when updating the stored user.
* @throws GuacamoleException If an error occurs while updating the user,
* or if updating the user is not allowed.
*/
void updateUser(User user) throws GuacamoleException;
/**
* Removes the given User from the overall set of available Users.
*
* @throws GuacamoleException If an error occurs while removing the user,
* or if removing user is not allowed.
*/
void removeUser(User user) throws GuacamoleException;
}

116
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/Restrictable.java
View File

@@ -1,116 +0,0 @@
package net.sourceforge.guacamole.net.auth;
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is guacamole-auth.
*
* The Initial Developer of the Original Code is
* Michael Jumper.
* Portions created by the Initial Developer are Copyright (C) 2010
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
import net.sourceforge.guacamole.GuacamoleException;
/**
* Interface which allows restricted objects to expose their restrictions.
*
* @author Michael Jumper
*/
public interface Restrictable {
/**
* All possible permissions for a restricted object.
*/
public enum Permission {
/**
* Access to read properties of the restricted object.
*/
READ,
/**
* Access to write properties of the restricted object.
*/
WRITE,
/**
* Access to change permissions of the restricted object.
*/
ADMINISTER
}
/**
* Checks whether the given user has the given permission on this object.
* Depending on the credentials given, access to reading permissions may
* be denied.
*
* @param credentials The credentials to use when reading permissions.
* @param user The user to read the permissions for.
* @param permission The permission to check.
* @return true if the user has the given permission, false otherwise.
* @throws GuacamoleException If an error occurs while reading the
* permissions, such as permission being denied.
*/
public boolean hasPermission(Credentials credentials,
User user, Permission permission) throws GuacamoleException;
/**
* Adds the given permission to the given user for this object. Depending
* on the credentials given, access to administering permissions may be
* denied.
*
* @param credentials The credentials to use when adding permissions.
* @param user The user to add the permission for.
* @param permission The permission to add.
* @throws GuacamoleException If an error occurs while adding the
* permission, such as permission being denied.
*/
public void addPermission(Credentials credentials,
User user, Permission permission) throws GuacamoleException;
/**
* Removes the given permission from the given user for this object.
* Depending on the credentials given, access to administering permissions
* may be denied.
*
* @param credentials The credentials to use when removing permissions.
* @param user The user to remove the permission from.
* @param permission The permission to add.
* @throws GuacamoleException If an error occurs while removing the
* permission, such as permission being denied.
*/
public void removePermission(Credentials credentials,
User user, Permission permission) throws GuacamoleException;
}

112
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/RestrictedObject.java
View File

@@ -1,112 +0,0 @@
package net.sourceforge.guacamole.net.auth;
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is guacamole-auth.
*
* The Initial Developer of the Original Code is
* Michael Jumper.
* Portions created by the Initial Developer are Copyright (C) 2010
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import net.sourceforge.guacamole.GuacamoleException;
/**
* A basic object providing permissions access and storage.
*
* @author Michael Jumper
*/
public abstract class RestrictedObject implements Restrictable {
/**
* Map of all user permissions.
*/
private Map<User, EnumSet<Restrictable.Permission>> permissions =
new HashMap<User, EnumSet<Restrictable.Permission>>();
@Override
public boolean hasPermission(Credentials credentials,
User user, Permission permission) throws GuacamoleException {
// Get permissions set, if any
EnumSet<Restrictable.Permission> userPermissions =
permissions.get(user);
// If permission set exists for this user, just test whether permission
// set contains the requested permission.
if (userPermissions != null)
return userPermissions.contains(permission);
// Default to no permission
return false;
}
@Override
public void addPermission(Credentials credentials,
User user, Permission permission) throws GuacamoleException {
// Get permissions set, if any
EnumSet<Restrictable.Permission> userPermissions =
permissions.get(user);
// If set does not exist, create it
if (userPermissions == null) {
userPermissions = EnumSet.<Restrictable.Permission>of(permission);
permissions.put(user, userPermissions);
}
// Otherwise, just add permission
else
userPermissions.add(permission);
}
@Override
public void removePermission(Credentials credentials,
User user, Permission permission) throws GuacamoleException {
// Get permissions set, if any
EnumSet<Restrictable.Permission> userPermissions =
permissions.get(user);
// Remove permission
if (userPermissions != null)
userPermissions.remove(permission);
}
}

2
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/User.java
View File

@@ -45,7 +45,7 @@ import net.sourceforge.guacamole.GuacamoleException;
*
* @author Michael Jumper
*/
public interface User extends Restrictable {
public interface User {
/**
* Returns the name of this user, which must be unique across all users.

170
guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/UserContext.java Normal file
View File

@@ -0,0 +1,170 @@
package net.sourceforge.guacamole.net.auth;
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is guacamole-auth.
*
* The Initial Developer of the Original Code is
* Michael Jumper.
* Portions created by the Initial Developer are Copyright (C) 2010
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
import java.util.Map;
import java.util.Set;
import net.sourceforge.guacamole.GuacamoleException;
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
/**
* The context of an active user. The functions of this class enforce all
* permissions and act only within the rights of the associated user.
*
* @author Michael Jumper
*/
public interface UserContext {
/**
* All possible permissions for user within a UserContext.
*
* Absolutely ALL possible operations that can possibly fail due to
* security issues within a UserContext must have a means of querying
* beforehand whether the operation will fail, and thus must have an
* associated permission value.
*/
public enum Permission {
/* STUB */
}
/**
* Returns the User whose access rights control the operations of this
* UserContext.
*
* @return The User whose access rights control the operations of this
* UserContext.
*/
User self();
/*
* USER FUNCTIONS
*/
/**
* Returns a Set containing all Users visible within this UserContext.
*
* @return A Set of all users visible.
* @throws GuacamoleException If an error occurs while retrieving
* users.
*/
Set<User> getUsers() throws GuacamoleException;
/**
* Adds the given User to the overall set of available Users.
*
* @param user The user to add.
* @throws GuacamoleException If an error occurs while adding the user, or
* if adding the user is not allowed.
*/
void addUser(User user) throws GuacamoleException;
/**
* Updates the User with the data contained in the given User. The user to
* update is identified using the username of the User given.
*
* @param user The user to use when updating the stored user.
* @throws GuacamoleException If an error occurs while updating the user,
* or if updating the user is not allowed.
*/
void updateUser(User user) throws GuacamoleException;
/**
* Removes the given User from the overall set of available Users.
*
* @throws GuacamoleException If an error occurs while removing the user,
* or if removing user is not allowed.
*/
void removeUser(User user) throws GuacamoleException;
/*
* CONFIGURATION FUNCTIONS
*/
/**
* Returns a Map containing all GuacamoleConfigurations visible within this
* UserContext. The keys of this Map are Strings which uniquely identify
* each configuration.
*
* @return A Map of all configurations visible.
* @throws GuacamoleException If an error occurs while retrieving
* configurations.
*/
Map<String, GuacamoleConfiguration> getConfigurations()
throws GuacamoleException;
/**
* Adds the given GuacamoleConfiguration to the overall set of available
* GuacamoleConfigurations, using the given unique identifier.
*
* @param identifier The identifier to assign to the configuration.
* @param config The configuration to add.
* @throws GuacamoleException If an error occurs while adding the
* configuration, or if adding the configuration
* is not allowed.
*/
void addConfiguration(String identifier, GuacamoleConfiguration config)
throws GuacamoleException;
/**
* Updates the GuacamoleConfiguration having the given unique identifier
* with the data contained in the given GuacamoleConfiguration.
*
* @param identifier The identifier to use when locating the configuration
* to update.
* @param config The configuration to use when updating the stored
* configuration.
* @throws GuacamoleException If an error occurs while updating the
* configuration, or if updating the
* configuration is not allowed.
*/
void updateConfiguration(String identifier, GuacamoleConfiguration config)
throws GuacamoleException;
/**
* Removes the GuacamoleConfiguration having the given unique identifier.
*
* @param identifier The identifier of the configuration to remove.
* @throws GuacamoleException If an error occurs while removing the
* configuration, or if removing the
* configuration is not allowed.
*/
void removeConfiguration(String identifier) throws GuacamoleException;
}