GUACAMOLE-1239: Make identifier comparison case-insensitive.

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/conf/SSOEnvironment.java

@@ -0,0 +1,62 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.sso.conf;
+
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.DelegatingEnvironment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * An SSO-specific environment that defines generic properties that can be used
+ * with any of the implemented SSO providers.
+ */
+public abstract class SSOEnvironment extends DelegatingEnvironment {
+    
+    /**
+     * Create a new instance of the SSOEnvironment using the underlying
+     * LocalEnvironment to read configured properties.
+     */
+    public SSOEnvironment() {
+        super(LocalEnvironment.getInstance());
+    }
+    
+    /**
+     * Returns true if the usernames provided to the SSO authentication
+     * module should be treated as case-sensitive, or false if usernames
+     * should be treated as case-insensitive. The default is true, usernames
+     * will be case-sensitive in keeping with the past behavior of Guacamole
+     * prior to the addition of this option.
+     * 
+     * @return
+     *     true if usernames should be treated as case-sensitive, otherwise
+     *     false.
+     * 
+     * @throws GuacamoleException 
+     *     If guacamole.properties cannot be parsed.
+     */
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        
+        // While most SSO systems do not use case to differentiate between
+        // usernames, this currently defaults to true to avoid suddenly
+        // breaking any extensions that rely on case-sensitivity.
+        return true;
+    }
+    
+}

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/user/SSOAuthenticatedUser.java

@@ -23,9 +23,13 @@ import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.Environment;
 import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * An AuthenticatedUser whose identity has been supplied by an arbitrary SSO
@@ -35,12 +39,23 @@ import org.apache.guacamole.net.auth.Credentials;
  */
 public class SSOAuthenticatedUser extends AbstractAuthenticatedUser {
 
+    /**
+     * Logger for this class.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(SSOAuthenticatedUser.class);
+    
     /**
      * Reference to the authentication provider associated with this
      * authenticated user.
      */
     @Inject
     private AuthenticationProvider authProvider;
+    
+    /**
+     * The environment in which this instance of Guacamole is running.
+     */
+    @Inject
+    private Environment environment;
 
     /**
      * The credentials provided when this user was authenticated.
@@ -112,5 +127,22 @@ public class SSOAuthenticatedUser extends AbstractAuthenticatedUser {
     public Set<String> getEffectiveUserGroups() {
         return effectiveGroups;
     }
+    
+    @Override
+    public boolean isCaseSensitive() {
+        try {
+            return environment.getCaseSensitiveUsernames();
+        }
+        catch (GuacamoleException e) {
+            // Most SSO systems do not consider usernames to be case-sensitive;
+            // however, in order to avoid any surprises created by the introduction
+            // of case-sensitivity, we've opted to continue to evaluate these
+            // usernames in a case-sensitive manner by default.
+            LOGGER.error("Error occurred when trying to retrieve case-sensitivity configuration: {}. "
+                    + "Usernames comparisons will be done in a case-sensitive manner.", e.getMessage());
+            LOGGER.debug("Exception caught when trying to access the case-sensitivity property.", e);
+            return true;
+        }
+    }
 
 }

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java

@@ -20,18 +20,28 @@
 package org.apache.guacamole.auth.cas;
 
 import com.google.inject.AbstractModule;
+import org.apache.guacamole.auth.cas.conf.CASEnvironment;
 import org.apache.guacamole.auth.cas.conf.ConfigurationService;
 import org.apache.guacamole.auth.cas.ticket.TicketValidationService;
+import org.apache.guacamole.environment.Environment;
 
 /**
  * Guice module which configures CAS-specific injections.
  */
 public class CASAuthenticationProviderModule extends AbstractModule {
 
+    /**
+     * The configuration environment for this server and extension.
+     */
+    private final Environment environment = new CASEnvironment();
+    
     @Override
     protected void configure() {
         bind(ConfigurationService.class);
         bind(TicketValidationService.class);
+        
+        bind(Environment.class).toInstance(environment);
+        
     }
 
 }

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASEnvironment.java

@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.cas.conf;
+
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.DelegatingEnvironment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * An environment for retrieving CAS-related properties from the Guacamole
+ * configuration.
+ */
+public class CASEnvironment extends DelegatingEnvironment {
+    
+    /**
+     * Create a new instance of the configuration environment for the
+     * CAS SSO module, pulling the default instance of the LocalEnvironment.
+     */
+    public CASEnvironment() {
+        super(LocalEnvironment.getInstance());
+    }
+    
+    @Override
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        
+        // While most SSO systems do not consider usernames case-sensitive,
+        // this defaults to the global Guacamole configuration, which defaults
+        // to true, in order to avoid surprising or breaking environments that
+        // may rely on this behavior. This can be overridden for the entire
+        // Guacamole instance or for this extension.
+        return getProperty(CASGuacamoleProperties.CAS_CASE_SENSITIVE_USERNAMES,
+                super.getCaseSensitiveUsernames());
+        
+    }
+    
+}

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java

@@ -20,6 +20,7 @@
 package org.apache.guacamole.auth.cas.conf;
 
 import org.apache.guacamole.auth.cas.group.GroupFormat;
+import org.apache.guacamole.properties.BooleanGuacamoleProperty;
 import org.apache.guacamole.properties.EnumGuacamoleProperty;
 import org.apache.guacamole.properties.URIGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
@@ -117,5 +118,17 @@ public class CASGuacamoleProperties {
         public String getName() { return "cas-group-ldap-attribute"; }
 
     };
+    
+    /**
+     * A property used to configure whether or not usernames within the CAS SSO
+     * module should be treated as case-sensitive.
+     */
+    public static final BooleanGuacamoleProperty CAS_CASE_SENSITIVE_USERNAMES =
+            new BooleanGuacamoleProperty() {
+    
+        @Override
+        public String getName() { return "cas-case-sensitive-usernames"; }
+                
+    };
 
 }

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java

@@ -22,19 +22,28 @@ package org.apache.guacamole.auth.openid;
 import com.google.inject.AbstractModule;
 import com.google.inject.Scopes;
 import org.apache.guacamole.auth.openid.conf.ConfigurationService;
+import org.apache.guacamole.auth.openid.conf.OpenIDEnvironment;
 import org.apache.guacamole.auth.sso.NonceService;
 import org.apache.guacamole.auth.openid.token.TokenValidationService;
+import org.apache.guacamole.environment.Environment;
 
 /**
  * Guice module which configures OpenID-specific injections.
  */
 public class OpenIDAuthenticationProviderModule extends AbstractModule {
 
+    /**
+     * The configuration environment for this server and extension.
+     */
+    private final Environment environment = new OpenIDEnvironment();
+    
     @Override
     protected void configure() {
         bind(ConfigurationService.class);
         bind(NonceService.class).in(Scopes.SINGLETON);
         bind(TokenValidationService.class);
+        
+        bind(Environment.class).toInstance(environment);
     }
 
 }

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java

@@ -26,6 +26,7 @@ import java.util.Collections;
 import java.util.List;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.properties.BooleanGuacamoleProperty;
 import org.apache.guacamole.properties.IntegerGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 import org.apache.guacamole.properties.URIGuacamoleProperty;
@@ -217,7 +218,19 @@ public class ConfigurationService {
 
         @Override
         public String getName() { return "openid-redirect-uri"; }
-
+        
+    };
+    
+    /**
+     * A property used to configure whether or not usernames within the OpenID
+     * SSO module should be treated as case-sensitive.
+     */
+    public static final BooleanGuacamoleProperty OPENID_CASE_SENSITIVE_USERNAMES =
+            new BooleanGuacamoleProperty() {
+    
+        @Override
+        public String getName() { return "openid-case-sensitive-usernames"; }
+                
     };
 
     /**

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/OpenIDEnvironment.java

@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.openid.conf;
+
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.DelegatingEnvironment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * An environment for retrieving OpenID-related properties from the Guacamole
+ * configuration.
+ */
+public class OpenIDEnvironment extends DelegatingEnvironment {
+    
+    /**
+     * Create a new instance of the configuration environment for the
+     * OpenID SSO module, pulling the default instance of the LocalEnvironment.
+     */
+    public OpenIDEnvironment() {
+        super(LocalEnvironment.getInstance());
+    }
+    
+    @Override
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        
+        // While most SSO systems do not consider usernames case-sensitive,
+        // this defaults to the global Guacamole configuration, which defaults
+        // to true, in order to avoid surprising or breaking environments that
+        // may rely on this behavior. This can be overridden for the entire
+        // Guacamole instance or for this extension.
+        return getProperty(ConfigurationService.OPENID_CASE_SENSITIVE_USERNAMES,
+                super.getCaseSensitiveUsernames());
+        
+    }
+    
+}

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/SAMLAuthenticationProviderModule.java

@@ -24,12 +24,19 @@ import org.apache.guacamole.auth.saml.conf.ConfigurationService;
 import org.apache.guacamole.auth.saml.acs.AssertionConsumerServiceResource;
 import org.apache.guacamole.auth.saml.acs.SAMLAuthenticationSessionManager;
 import org.apache.guacamole.auth.saml.acs.SAMLService;
+import org.apache.guacamole.auth.saml.conf.SAMLEnvironment;
+import org.apache.guacamole.environment.Environment;
 
 /**
  * Guice module which configures SAML-specific injections.
  */
 public class SAMLAuthenticationProviderModule extends AbstractModule {
 
+    /**
+     * The environment for this server and extension.
+     */
+    private final Environment environment = new SAMLEnvironment();
+    
     @Override
     protected void configure() {
         bind(AssertionConsumerServiceResource.class);
@@ -37,6 +44,8 @@ public class SAMLAuthenticationProviderModule extends AbstractModule {
         bind(SAMLAuthenticationSessionManager.class);
         bind(SAMLService.class);
         
+        bind(Environment.class).toInstance(environment);
+        
         requestStaticInjection(SAMLAuthenticationEventListener.class);
     }
 

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java

@@ -189,6 +189,18 @@ public class ConfigurationService {
         public String getName() { return "saml-private-key-path"; }
 
     };
+    
+    /**
+     * A property used to configure whether or not usernames within the SAML SSO
+     * module should be treated as case-sensitive.
+     */
+    public static final BooleanGuacamoleProperty SAML_CASE_SENSITIVE_USERNAMES =
+            new BooleanGuacamoleProperty() {
+    
+        @Override
+        public String getName() { return "saml-case-sensitive-usernames"; }
+                
+    };
 
     /**
      * The Guacamole server environment.

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/SAMLEnvironment.java

@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.saml.conf;
+
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.DelegatingEnvironment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * An environment for retrieving SAML-related properties from the Guacamole
+ * configuration.
+ */
+public class SAMLEnvironment extends DelegatingEnvironment {
+    
+    /**
+     * Create a new instance of the configuration environment for the
+     * SAML SSO module, pulling the default instance of the LocalEnvironment.
+     */
+    public SAMLEnvironment() {
+        super(LocalEnvironment.getInstance());
+    }
+    
+    @Override
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        
+        // While most SSO systems do not consider usernames case-sensitive,
+        // this defaults to the global Guacamole configuration, which defaults
+        // to true, in order to avoid surprising or breaking environments that
+        // may rely on this behavior. This can be overridden for the entire
+        // Guacamole instance or for this extension.
+        return getProperty(ConfigurationService.SAML_CASE_SENSITIVE_USERNAMES,
+                super.getCaseSensitiveUsernames());
+        
+    }
+    
+}

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationProviderModule.java

@@ -22,7 +22,9 @@ package org.apache.guacamole.auth.ssl;
 import com.google.inject.AbstractModule;
 import com.google.inject.Scopes;
 import org.apache.guacamole.auth.ssl.conf.ConfigurationService;
+import org.apache.guacamole.auth.ssl.conf.SSLEnvironment;
 import org.apache.guacamole.auth.sso.NonceService;
+import org.apache.guacamole.environment.Environment;
 
 /**
  * Guice module which configures injections specific to SSO using SSL/TLS
@@ -30,12 +32,19 @@ import org.apache.guacamole.auth.sso.NonceService;
  */
 public class SSLAuthenticationProviderModule extends AbstractModule {
 
+    /**
+     * The configuration environment of this server and extension.
+     */
+    private final Environment environment = new SSLEnvironment();
+    
     @Override
     protected void configure() {
         bind(ConfigurationService.class);
         bind(NonceService.class).in(Scopes.SINGLETON);
         bind(SSLAuthenticationSessionManager.class);
 
+        bind(Environment.class).toInstance(environment);
+        
         requestStaticInjection(SSLAuthenticationEventListener.class);
     }
 

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java

@@ -28,6 +28,7 @@ import javax.ws.rs.core.UriBuilder;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.environment.Environment;
+import org.apache.guacamole.properties.BooleanGuacamoleProperty;
 import org.apache.guacamole.properties.IntegerGuacamoleProperty;
 import org.apache.guacamole.properties.StringGuacamoleProperty;
 import org.apache.guacamole.properties.URIGuacamoleProperty;
@@ -186,6 +187,18 @@ public class ConfigurationService {
         public String getName() { return "ssl-max-domain-validity"; }
 
     };
+    
+    /**
+     * A property used to configure whether or not usernames within the SSL SSO
+     * module should be treated as case-sensitive.
+     */
+    public static final BooleanGuacamoleProperty SSL_CASE_SENSITIVE_USERNAMES =
+            new BooleanGuacamoleProperty() {
+    
+        @Override
+        public String getName() { return "ssl-case-sensitive-usernames"; }
+                
+    };
 
     /**
      * The Guacamole server environment.

extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/SSLEnvironment.java

@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.ssl.conf;
+
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.environment.DelegatingEnvironment;
+import org.apache.guacamole.environment.LocalEnvironment;
+
+/**
+ * An environment for retrieving SSL-related properties from the Guacamole
+ * configuration.
+ */
+public class SSLEnvironment extends DelegatingEnvironment {
+    
+    /**
+     * Create a new instance of the configuration environment for the
+     * SSL SSO module, pulling the default instance of the LocalEnvironment.
+     */
+    public SSLEnvironment() {
+        super(LocalEnvironment.getInstance());
+    }
+    
+    @Override
+    public boolean getCaseSensitiveUsernames() throws GuacamoleException {
+        
+        // While most SSO systems do not consider usernames case-sensitive,
+        // this defaults to the global Guacamole configuration, which defaults
+        // to true, in order to avoid surprising or breaking environments that
+        // may rely on this behavior. This can be overridden for the entire
+        // Guacamole instance or for this extension.
+        return getProperty(ConfigurationService.SSL_CASE_SENSITIVE_USERNAMES,
+                super.getCaseSensitiveUsernames());
+        
+    }
+    
+}