Fix semantics of update and events now that we know when credentials are present.

guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/AuthenticationSuccessEvent.java

@@ -8,9 +8,6 @@ import net.sourceforge.guacamole.net.auth.UserContext;
  * authentication. The credentials that passed authentication are included
  * within this event, and can be retrieved using getCredentials().
  * 
- * Note that this event is only triggered when the UserContext is initially
- * created. Any further updates to the UserContext to not trigger this event.
- *
  * @author Michael Jumper
  */
 public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {

guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java

@@ -5,9 +5,9 @@ import net.sourceforge.guacamole.net.auth.UserContext;
 
 /**
  * An event which is triggered whenever a tunnel is being closed. The tunnel
- * being closed can be accessed through getTunnel(), and the set of all
- * credentials available from the request which is closing the tunnel can be
- * retrieved using getCredentials().
+ * being closed can be accessed through getTunnel(), and the UserContext
+ * associated with the request which is closing the tunnel can be retrieved
+ * with getUserContext().
  *
  * @author Michael Jumper
  */

guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java

@@ -5,9 +5,10 @@ import net.sourceforge.guacamole.net.auth.UserContext;
 
 /**
  * An event which is triggered whenever a tunnel is being connected. The tunnel
- * being connected can be accessed through getTunnel(), and the set of all
- * credentials available from the request which is connecting the tunnel can be
- * retrieved using getCredentials().
+ * being connected can be accessed through getTunnel(), and the UserContext
+ * associated with the request which is connecting the tunnel can be retrieved
+ * with getUserContext().
+
  *
  * @author Michael Jumper
  */

guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java

@@ -224,7 +224,14 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
             }
         }
 
+        try {
+
+            // Obtain context from session
             HttpSession httpSession = request.getSession(true);
+            UserContext context = getUserContext(httpSession);
+
+            // If new credentials present, update/create context
+            if (hasNewCredentials(request)) {
 
                 // Retrieve username and password from parms
                 String username = request.getParameter("username");
@@ -237,18 +244,27 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
                 credentials.setUsername(username);
                 credentials.setPassword(password);
 
-        try {
-
                 SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
 
                 // If no cached context, attempt to get new context
-            UserContext context = getUserContext(httpSession);
-            if (context == null) {
-
+                if (context == null)
                     context = authProvider.getUserContext(credentials);
 
-                // If successful, log success and notify listeners
-                if (context != null) {
+                // Otherwise, update existing context
+                else
+                    context = authProvider.updateUserContext(context, credentials);
+
+                // If no context, fail authentication, notify listeners
+                if (context == null) {
+                    logger.warn("Authentication attempt from {} for user \"{}\" failed.",
+                            request.getRemoteAddr(), credentials.getUsername());
+
+                    notifyFailed(listeners, credentials);
+                }
+
+                // Otherwise, associate (possibly updated) context with session
+                // and notify listeners
+                else {
 
                     // Log successful authentication
                     logger.info("User \"{}\" successfully authenticated from {}.",
@@ -259,28 +275,16 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
                         context = null;
                     }
 
-                } // end if auth success
-
-            }
-
-            // Otherwise, update existing context
-            else if (hasNewCredentials(request))
-                context = authProvider.updateUserContext(context, credentials);
-
-            // If no context, fail authentication, notify listeners
-            if (context == null) {
-                logger.warn("Authentication attempt from {} for user \"{}\" failed.",
-                        request.getRemoteAddr(), credentials.getUsername());
-
-                notifyFailed(listeners, credentials);
-                sendError(response, HttpServletResponse.SC_FORBIDDEN,
-                    "Permission denied.");
-                return;
-            }
-
-            // Associate (possibly updated) context with session
                     httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
 
+                }
+
+            } // end if credentials present
+
+            // If no context, no authorizaton present
+            if (context == null)
+                throw new GuacamoleSecurityException("Not authenticated");
+
             // Allow servlet to run now that authentication has been validated
             authenticatedService(context, request, response);