GUACAMOLE-5: Use AuthenticationProviderService as the means of defining AuthenticationProvider behavior.

2025-09-06 13:17:41 +00:00 · 2016-07-28 17:16:03 -07:00
parent 600002531e
commit 4e3212f9fd
5 changed files with 140 additions and 105 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticationProviderService.java
@@ -17,19 +17,13 @@
 * under the License.
 */
-package org.apache.guacamole.auth.jdbc.user;
+package org.apache.guacamole.auth.jdbc;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.sharing.ConnectionSharingService;
 import org.apache.guacamole.auth.jdbc.sharing.SharedConnectionUser;
 import org.apache.guacamole.auth.jdbc.sharing.SharedConnectionUserContext;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
-import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.UserContext;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
 /**
 * Service which authenticates users based on credentials and provides for
@@ -38,31 +32,7 @@ import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsExce
 *
 * @author Michael Jumper
 */
-public class AuthenticationProviderService  {
+public interface AuthenticationProviderService  {
    /**
     * Service for accessing users.
     */
    @Inject
    private UserService userService;
    /**
     * Provider for retrieving UserContext instances.
     */
    @Inject
    private Provider<UserContext> userContextProvider;
    /**
     * Provider for retrieving SharedConnectionUserContext instances.
     */
    @Inject
    private Provider<SharedConnectionUserContext> sharedUserContextProvider;
    /**
     * Service for sharing active connections.
     */
    @Inject
    private ConnectionSharingService sharingService;
    /**
     * Authenticates the user having the given credentials, returning a new
@@ -86,24 +56,7 @@ public class AuthenticationProviderService  {
     *     credentials are invalid or expired.
     */
    public AuthenticatedUser authenticateUser(AuthenticationProvider authenticationProvider,
-            Credentials credentials) throws GuacamoleException {
+            Credentials credentials) throws GuacamoleException;
        AuthenticatedUser user;
        // Check whether user is authenticating with a valid sharing key
        user = sharingService.retrieveSharedConnectionUser(authenticationProvider, credentials);
        if (user != null)
            return user;
        // Authenticate user
        user = userService.retrieveAuthenticatedUser(authenticationProvider, credentials);
        if (user != null)
            return user;
        // Otherwise, unauthorized
        throw new GuacamoleInvalidCredentialsException("Invalid login", CredentialsInfo.USERNAME_PASSWORD);
    }
    /**
     * Returning a new UserContext instance for the given already-authenticated
@@ -121,26 +74,7 @@ public class AuthenticationProviderService  {
     *     If an error occurs during authentication, or if the given
     *     credentials are invalid or expired.
     */
-    public org.apache.guacamole.net.auth.UserContext getUserContext(
+    public UserContext getUserContext(AuthenticatedUser authenticatedUser)
-            AuthenticatedUser authenticatedUser) throws GuacamoleException {
+            throws GuacamoleException;
        // Produce sharing-specific user context if this is the user of a shared connection
        if (authenticatedUser instanceof SharedConnectionUser) {
            SharedConnectionUserContext context = sharedUserContextProvider.get();
            context.init((SharedConnectionUser) authenticatedUser);
            return context;
        }
        // Retrieve user account for already-authenticated user
        ModeledUser user = userService.retrieveUser(authenticatedUser);
        if (user == null)
            return null;
        // Link to user context
        UserContext context = userContextProvider.get();
        context.init(user.getCurrentUser());
        return context;
    }
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java
@@ -24,48 +24,58 @@ import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.UserContext;
 import org.apache.guacamole.auth.jdbc.user.AuthenticationProviderService;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 /**
- * Provides a base implementation of an AuthenticationProvider which is backed
+ * Provides a base implementation of an AuthenticationProvider which delegates
- * by an arbitrary underlying database. It is up to the subclass implementation
+ * the various function calls to an underlying AuthenticationProviderService
- * to configure the underlying database appropriately via Guice.
+ * implementation. As such a service is injectable by Guice, this provides a
 * means for Guice to (effectively) apply dependency injection to an
 * AuthenticationProvider, even though it is the AuthenticationProvider that
 * serves as the entry point.
 *
 * @author James Muehlner
 * @author Michael Jumper
 */
-public abstract class JDBCAuthenticationProvider implements AuthenticationProvider {
+public abstract class InjectedAuthenticationProvider implements AuthenticationProvider {
    /**
-     * Provider of the singleton Injector instance which will manage the object
+     * The AuthenticationProviderService to which all AuthenticationProvider
-     * graph of this authentication provider.
+     * calls will be delegated.
     */
-    private final JDBCInjectorProvider injectorProvider;
+    private final AuthenticationProviderService authProviderService;
    /**
-     * Creates a new AuthenticationProvider that is backed by an arbitrary
+     * Creates a new AuthenticationProvider that delegates all calls to an
-     * underlying database.
+     * underlying AuthenticationProviderService. The behavior of the
     * AuthenticationProvider is defined by the given
     * AuthenticationProviderService implementation, which will be injected by
     * the Guice Injector provided by the given JDBCInjectorProvider.
     *
     * @param injectorProvider
     *     A JDBCInjectorProvider instance which provides singleton instances
     *     of a Guice Injector, pre-configured to set up all injections and
     *     access to the underlying database via MyBatis.
     *
     * @param authProviderServiceClass
     *    The AuthenticationProviderService implementation which defines the
     *    behavior of this AuthenticationProvider.
     *
     * @throws GuacamoleException
     *     If the Injector cannot be created due to an error.
     */
-    public JDBCAuthenticationProvider(JDBCInjectorProvider injectorProvider) {
+    public InjectedAuthenticationProvider(JDBCInjectorProvider injectorProvider,
-        this.injectorProvider = injectorProvider;
+            Class<? extends AuthenticationProviderService> authProviderServiceClass)
        throws GuacamoleException {
        Injector injector = injectorProvider.get();
        authProviderService = injector.getInstance(authProviderServiceClass);
    }
    @Override
    public AuthenticatedUser authenticateUser(Credentials credentials)
            throws GuacamoleException {
        Injector injector = injectorProvider.get();
        // Create AuthenticatedUser based on credentials, if valid
        AuthenticationProviderService authProviderService = injector.getInstance(AuthenticationProviderService.class);
        return authProviderService.authenticateUser(this, credentials);
    }
    @Override
@@ -80,13 +90,7 @@ public abstract class JDBCAuthenticationProvider implements AuthenticationProvid
    @Override
    public UserContext getUserContext(AuthenticatedUser authenticatedUser)
            throws GuacamoleException {
        Injector injector = injectorProvider.get();
        // Create UserContext based on credentials, if valid
        AuthenticationProviderService authProviderService = injector.getInstance(AuthenticationProviderService.class);
        return authProviderService.getUserContext(authenticatedUser);
    }
    @Override
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
@@ -0,0 +1,85 @@
 /*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
 package org.apache.guacamole.auth.jdbc;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.user.ModeledUser;
 import org.apache.guacamole.auth.jdbc.user.UserContext;
 import org.apache.guacamole.auth.jdbc.user.UserService;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
 /**
 * AuthenticationProviderService implementation which authenticates users with
 * a username/password pair, producing new UserContext objects which are backed
 * by an underlying, arbitrary database.
 *
 * @author Michael Jumper
 */
 public class JDBCAuthenticationProviderService implements AuthenticationProviderService  {
    /**
     * Service for accessing users.
     */
    @Inject
    private UserService userService;
    /**
     * Provider for retrieving UserContext instances.
     */
    @Inject
    private Provider<UserContext> userContextProvider;
    @Override
    public AuthenticatedUser authenticateUser(AuthenticationProvider authenticationProvider,
            Credentials credentials) throws GuacamoleException {
        // Authenticate user
        AuthenticatedUser user = userService.retrieveAuthenticatedUser(authenticationProvider, credentials);
        if (user != null)
            return user;
        // Otherwise, unauthorized
        throw new GuacamoleInvalidCredentialsException("Invalid login", CredentialsInfo.USERNAME_PASSWORD);
    }
    @Override
    public org.apache.guacamole.net.auth.UserContext getUserContext(
            AuthenticatedUser authenticatedUser) throws GuacamoleException {
        // Retrieve user account for already-authenticated user
        ModeledUser user = userService.retrieveUser(authenticatedUser);
        if (user == null)
            return null;
        // Link to user context
        UserContext context = userContextProvider.get();
        context.init(user.getCurrentUser());
        return context;
    }
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProvider.java
@@ -19,7 +19,9 @@
 package org.apache.guacamole.auth.mysql;
-import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProvider;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.InjectedAuthenticationProvider;
 import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderService;
 /**
 * Provides a MySQL based implementation of the AuthenticationProvider
@@ -28,15 +30,19 @@ import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProvider;
 * @author James Muehlner
 * @author Michael Jumper
 */
-public class MySQLAuthenticationProvider extends JDBCAuthenticationProvider {
+public class MySQLAuthenticationProvider extends InjectedAuthenticationProvider {
    /**
     * Creates a new MySQLAuthenticationProvider that reads and writes
     * authentication data to a MySQL database defined by properties in
     * guacamole.properties.
     *
     * @throws GuacamoleException
     *     If a required property is missing, or an error occurs while parsing
     *     a property.
     */
-    public MySQLAuthenticationProvider() {
+    public MySQLAuthenticationProvider() throws GuacamoleException {
-        super(new MySQLInjectorProvider());
+        super(new MySQLInjectorProvider(), JDBCAuthenticationProviderService.class);
    }
    @Override
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
@@ -19,7 +19,9 @@
 package org.apache.guacamole.auth.postgresql;
-import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProvider;
+import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.InjectedAuthenticationProvider;
 import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProviderService;
 /**
 * Provides a PostgreSQL-based implementation of the AuthenticationProvider
@@ -28,15 +30,19 @@ import org.apache.guacamole.auth.jdbc.JDBCAuthenticationProvider;
 * @author James Muehlner
 * @author Michael Jumper
 */
-public class PostgreSQLAuthenticationProvider extends JDBCAuthenticationProvider {
+public class PostgreSQLAuthenticationProvider extends InjectedAuthenticationProvider {
    /**
     * Creates a new PostgreSQLAuthenticationProvider that reads and writes
     * authentication data to a PostgreSQL database defined by properties in
     * guacamole.properties.
     *
     * @throws GuacamoleException
     *     If a required property is missing, or an error occurs while parsing
     *     a property.
     */
-    public PostgreSQLAuthenticationProvider() {
+    public PostgreSQLAuthenticationProvider() throws GuacamoleException {
-        super(new PostgreSQLInjectorProvider());
+        super(new PostgreSQLInjectorProvider(), JDBCAuthenticationProviderService.class);
    }
    @Override