diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java index 68e2a4774..ff605b984 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java @@ -96,6 +96,7 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider // Retrieve user account for already-authenticated user ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser); + ModeledUserContext context = userContextProvider.get(); if (user != null && !user.isDisabled()) { // Enforce applicable account restrictions @@ -118,24 +119,23 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider userService.resetExpiredPassword(user, authenticatedUser.getCredentials()); } - // Return all data associated with the authenticated user - ModeledUserContext context = userContextProvider.get(); - context.init(user.getCurrentUser()); - return context; - + } + + // If no user account is found, and database-specific account + // restrictions do not apply, get an empty user. + else if (!databaseRestrictionsApplicable) { + user = userService.retrieveSkeletonUser(authenticationProvider, authenticatedUser); } // Veto authentication result only if database-specific account // restrictions apply in this situation - if (databaseRestrictionsApplicable) + else throw new GuacamoleInvalidCredentialsException("Invalid login", CredentialsInfo.USERNAME_PASSWORD); - - // There is no data to be returned for the user, either because they do - // not exist or because restrictions prevent their data from being - // retrieved, but no restrictions apply which should prevent the user - // from authenticating entirely - return null; + + // Initialize the UserContext with the user account and return it. + context.init(user.getCurrentUser()); + return context; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java index 194a26d4c..3d441d638 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java @@ -127,6 +127,17 @@ public class UserModel extends EntityModel { public UserModel() { super(EntityType.USER); } + + /** + * Creates a new user having the provided identifier. + * + * @param identifier + * The identifier of the new user. + */ + public UserModel(String identifier) { + super(EntityType.USER); + super.setIdentifier(identifier); + } /** * Returns the hash of this user's password and password salt. This may be diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java index 60bd1e146..0cfe90067 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java @@ -423,6 +423,43 @@ public class UserService extends ModeledDirectoryObjectService