From d3d5fef1e70e87c838eaf3ffc08daaa526af6982 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 12 Feb 2015 19:53:52 -0800
Subject: [PATCH 01/60] GUAC-1101: Remove use of mybatis-generator. Temporarily
 remove all but users. Add common interfaces and simple queries.

---
 extensions/guacamole-auth-mysql/pom.xml       |  41 +-
 .../net/auth/mysql/ActiveConnectionMap.java   | 502 ---------
 .../net/auth/mysql/ConnectionDirectory.java   | 336 ------
 .../auth/mysql/ConnectionGroupDirectory.java  | 300 ------
 .../net/auth/mysql/DirectoryObject.java       |  56 +
 .../mysql/MySQLAuthenticationProvider.java    |  42 +-
 .../net/auth/mysql/MySQLConnection.java       | 164 ---
 .../net/auth/mysql/MySQLConnectionGroup.java  | 199 ----
 .../net/auth/mysql/MySQLGuacamoleSocket.java  |  20 +-
 .../guacamole/net/auth/mysql/MySQLUser.java   | 211 ++--
 .../net/auth/mysql/MySQLUserContext.java      |  38 +-
 .../net/auth/mysql/UserDirectory.java         | 702 +------------
 .../auth/mysql/dao/DirectoryObjectMapper.java |  97 ++
 .../net/auth/mysql/dao/UserMapper.java        |  52 +
 .../net/auth/mysql/model/UserModel.java       | 149 +++
 .../mysql/service/ConnectionGroupService.java | 446 --------
 .../auth/mysql/service/ConnectionService.java | 548 ----------
 .../mysql/service/DirectoryObjectService.java | 183 ++++
 .../service/PasswordEncryptionService.java    |  16 +-
 .../mysql/service/PermissionCheckService.java | 968 ------------------
 .../SHA256PasswordEncryptionService.java      |  12 +-
 .../net/auth/mysql/service/UserService.java   | 323 +-----
 .../src/main/resources/generatorConfig.xml    | 136 ---
 .../net/auth/mysql/dao/UserMapper.xml         | 106 ++
 24 files changed, 841 insertions(+), 4806 deletions(-)
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ActiveConnectionMap.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/resources/generatorConfig.xml
 create mode 100644 extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml

diff --git a/extensions/guacamole-auth-mysql/pom.xml b/extensions/guacamole-auth-mysql/pom.xml
index e4a4f6544..912908484 100644
--- a/extensions/guacamole-auth-mysql/pom.xml
+++ b/extensions/guacamole-auth-mysql/pom.xml
@@ -48,32 +48,6 @@
                 </executions>
             </plugin>
 
-            <!-- MyBatis Generator plugin -->
-            <plugin>
-                <groupId>org.mybatis.generator</groupId>
-                <artifactId>mybatis-generator-maven-plugin</artifactId>
-                <version>1.3.2</version>
-
-                <executions>
-                    <execution>
-                        <id>Generate MyBatis Artifacts</id>
-                        <goals>
-                            <goal>generate</goal>
-                        </goals>
-                    </execution>
-                </executions>
-
-                <!-- MySQL Connector -->
-                <dependencies>
-                    <dependency>
-                        <groupId>mysql</groupId>
-                        <artifactId>mysql-connector-java</artifactId>
-                        <version>5.1.23</version>
-                    </dependency>
-                </dependencies>
-
-            </plugin>
-
         </plugins>
     </build>
 
@@ -104,22 +78,31 @@
         <dependency>
             <groupId>org.mybatis</groupId>
             <artifactId>mybatis</artifactId>
-            <version>3.1.1</version>
+            <version>3.2.8</version>
         </dependency>
         
         <!-- MyBatis Guice -->
         <dependency>
             <groupId>org.mybatis</groupId>
             <artifactId>mybatis-guice</artifactId>
-            <version>3.2</version>
+            <version>3.6</version>
         </dependency>
-        
+
+        <!-- Guice -->
+        <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+            <version>3.0</version>
+        </dependency>
+
+               
         <!-- Google Collections -->
         <dependency>
             <groupId>com.google.collections</groupId>
             <artifactId>google-collections</artifactId>
             <version>1.0</version>
         </dependency>
+
     </dependencies>
 
 </project>
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ActiveConnectionMap.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ActiveConnectionMap.java
deleted file mode 100644
index 272434aa9..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ActiveConnectionMap.java
+++ /dev/null
@@ -1,502 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-
-import com.google.inject.Inject;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import org.glyptodon.guacamole.GuacamoleException;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionHistoryMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionHistory;
-import org.glyptodon.guacamole.GuacamoleResourceNotFoundException;
-
-/**
- * Represents the map of currently active Connections to the count of the number
- * of current users. Whenever a socket is opened, the connection count should be
- * incremented, and whenever a socket is closed, the connection count should be 
- * decremented.
- *
- * @author James Muehlner
- */
-public class ActiveConnectionMap {
-    
-    /**
-     * Represents the count of users currently using a MySQL connection.
-     */
-    public class Connection {
-        
-        /**
-         * The ID of the MySQL connection that this Connection represents.
-         */
-        private int connectionID;
-        
-        /**
-         * The number of users currently using this connection.
-         */
-        private int currentUserCount;
-        
-        /**
-         * Returns the ID of the MySQL connection that this Connection 
-         * represents.
-         * 
-         * @return the ID of the MySQL connection that this Connection 
-         * represents.
-         */
-        public int getConnectionID() {
-            return connectionID;
-        }
-        
-        /**
-         * Returns the number of users currently using this connection.
-         * 
-         * @return the number of users currently using this connection.
-         */
-        public int getCurrentUserCount() {
-            return currentUserCount;
-        }
-        
-        /**
-         * Set the current user count for this connection.
-         * 
-         * @param currentUserCount The new user count for this Connection.
-         */
-        public void setCurrentUserCount(int currentUserCount) {
-            this.currentUserCount = currentUserCount;
-        }
-        
-        /**
-         * Create a new Connection for the given connectionID with a zero
-         * current user count.
-         * 
-         * @param connectionID The ID of the MySQL connection that this 
-         *                     Connection represents.
-         */
-        public Connection(int connectionID) {
-            this.connectionID = connectionID;
-            this.currentUserCount = 0;
-        }
-    }
-    
-    /*
-     * Represents a user connected to a connection or BALANCING connection group.
-     */
-    public class ConnectionUser {
-        /**
-         * The ID of the connection or connection group that this ConnectionUser refers to.
-         */
-        private int identifier; 
-        
-        /**
-         * The user that this ConnectionUser refers to.
-         */
-        private int userID;
-
-        /**
-         * Returns ID of the connection or connection group that this ConnectionUser refers to.
-         * @return ID of the connection or connection group that this ConnectionUser refers to.
-         */
-        public int getIdentifier() {
-            return identifier;
-        }
-
-        /**
-         * Returns the user ID that this ConnectionUser refers to.
-         * @return the user ID that this ConnectionUser refers to.
-         */
-        public int getUserID() {
-            return userID;
-        }
-        
-        /**
-         * Create a ConnectionUser with the given connection or connection group
-         * ID and user ID.
-         * 
-         * @param identifier The connection or connection group ID that this 
-         *                   ConnectionUser refers to.
-         * @param userID The user ID that this ConnectionUser refers to.
-         */
-        public ConnectionUser(int identifier, int userID) {
-            this.identifier = identifier;
-            this.userID = userID;
-        }
-        
-        @Override
-        public boolean equals(Object other) {
-            
-            // Only another ConnectionUser can equal this ConnectionUser
-            if(!(other instanceof ConnectionUser))
-                return false;
-            
-            ConnectionUser otherConnectionGroupUser = 
-                    (ConnectionUser)other;
-            
-            /* 
-             * Two ConnectionGroupUsers are equal iff they represent the exact 
-             * same pairing of connection or connection group and user.
-             */
-            return this.identifier == otherConnectionGroupUser.identifier
-                    && this.userID == otherConnectionGroupUser.userID;
-        }
-
-        @Override
-        public int hashCode() {
-            int hash = 3;
-            hash = 23 * hash + this.identifier;
-            hash = 23 * hash + this.userID;
-            return hash;
-        }
-    }
-
-    /**
-     * DAO for accessing connection history.
-     */
-    @Inject
-    private ConnectionHistoryMapper connectionHistoryDAO;
-
-    /**
-     * Map of all the connections that are currently active to the
-     * count of current users.
-     */
-    private Map<Integer, Connection> activeConnectionMap =
-            new HashMap<Integer, Connection>();
-
-    /**
-     * Map of all the connection group users to the count of current usages.
-     */
-    private Map<ConnectionUser, Integer> activeConnectionGroupUserMap =
-            new HashMap<ConnectionUser, Integer>();
-
-    /**
-     * Map of all the connection users to the count of current usages.
-     */
-    private Map<ConnectionUser, Integer> activeConnectionUserMap =
-            new HashMap<ConnectionUser, Integer>();
-    
-    /**
-     * Returns the number of connections opened by the given user using 
-     * the given ConnectionGroup.
-     * 
-     * @param connectionGroupID The connection group ID that this 
-     *                          ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     * 
-     * @return The number of connections opened by the given user to the given
-     *         ConnectionGroup.
-     */
-    public int getConnectionGroupUserCount(int connectionGroupID, int userID) {
-        Integer count = activeConnectionGroupUserMap.get
-                (new ConnectionUser(connectionGroupID, userID));
-        
-        // No ConnectionUser found means this combination was never used
-        if(count == null)
-            return 0;
-        
-        return count;
-    }
-    
-    /**
-     * Checks if the given user is currently connected to the given BALANCING
-     * connection group.
-     * 
-     * @param connectionGroupID The connection group ID that this 
-     *                          ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     * 
-     * @return True if the given user is currently connected to the given 
-     *         BALANCING connection group, false otherwise.
-     */
-    public boolean isConnectionGroupUserActive(int connectionGroupID, int userID) {
-        Integer count = activeConnectionGroupUserMap.get
-                (new ConnectionUser(connectionGroupID, userID));
-        
-        // The connection group is in use if the ConnectionUser count > 0
-        return count != null && count > 0;
-    }
-    
-    /**
-     * Increment the count of the number of connections opened by the given user
-     * to the given ConnectionGroup.
-     * 
-     * @param connectionGroupID The connection group ID that this 
-     *                          ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     */
-    private void incrementConnectionGroupUserCount(int connectionGroupID, int userID) {
-        int currentCount = getConnectionGroupUserCount(connectionGroupID, userID);
-        
-        activeConnectionGroupUserMap.put
-                (new ConnectionUser(connectionGroupID, userID), currentCount + 1);
-    }
-    
-    /**
-     * Decrement the count of the number of connections opened by the given user
-     * to the given ConnectionGroup.
-     * 
-     * @param connectionGroupID The connection group ID that this 
-     *                          ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     */
-    private void decrementConnectionGroupUserCount(int connectionGroupID, int userID) {
-        int currentCount = getConnectionGroupUserCount(connectionGroupID, userID);
-        
-        activeConnectionGroupUserMap.put
-                (new ConnectionUser(connectionGroupID, userID), currentCount - 1);
-    }
-    
-    /**
-     * Returns the number of connections opened by the given user using 
-     * the given Connection.
-     * 
-     * @param connectionID The connection ID that this ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     * 
-     * @return The number of connections opened by the given user to the given
-     *         connection.
-     */
-    public int getConnectionUserCount(int connectionID, int userID) {
-        Integer count = activeConnectionUserMap.get
-                (new ConnectionUser(connectionID, userID));
-        
-        // No ConnectionUser found means this combination was never used
-        if(count == null)
-            return 0;
-        
-        return count;
-    }
-    
-    /**
-     * Checks if the given user is currently connected to the given connection.
-     * 
-     * @param connectionID The connection ID that this ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     * 
-     * @return True if the given user is currently connected to the given 
-     *         connection, false otherwise.
-     */
-    public boolean isConnectionUserActive(int connectionID, int userID) {
-        Integer count = activeConnectionUserMap.get
-                (new ConnectionUser(connectionID, userID));
-        
-        // The connection is in use if the ConnectionUser count > 0
-        return count != null && count > 0;
-    }
-    
-    /**
-     * Increment the count of the number of connections opened by the given user
-     * to the given Connection.
-     * 
-     * @param connectionID The connection ID that this ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     */
-    private void incrementConnectionUserCount(int connectionID, int userID) {
-        int currentCount = getConnectionUserCount(connectionID, userID);
-        
-        activeConnectionUserMap.put
-                (new ConnectionUser(connectionID, userID), currentCount + 1);
-    }
-    
-    /**
-     * Decrement the count of the number of connections opened by the given user
-     * to the given Connection.
-     * 
-     * @param connectionID The connection ID that this ConnectionUser refers to.
-     * @param userID The user ID that this ConnectionUser refers to.
-     */
-    private void decrementConnectionUserCount(int connectionID, int userID) {
-        int currentCount = getConnectionUserCount(connectionID, userID);
-        
-        activeConnectionUserMap.put
-                (new ConnectionUser(connectionID, userID), currentCount - 1);
-    }
-    
-    /**
-     * Returns the ID of the connection with the lowest number of current
-     * active users, if found.
-     * 
-     * @param connectionIDs The subset of connection IDs to find the least
-     *                      used connection within.
-     * 
-     * @return The ID of the connection with the lowest number of current
-     *         active users, if found.
-     */
-    public Integer getLeastUsedConnection(Collection<Integer> connectionIDs) {
-        
-        if(connectionIDs.isEmpty())
-            return null;
-        
-        int minUserCount = Integer.MAX_VALUE;
-        Integer minConnectionID = null;
-        
-        for(Integer connectionID : connectionIDs) {
-            Connection connection = activeConnectionMap.get(connectionID);
-            
-            /*
-             * If the connection is not found in the map, it has not been used,
-             * and therefore will be count 0.
-             */
-            if(connection == null) {
-                minUserCount = 0;
-                minConnectionID = connectionID;
-            }
-            // If this is the least active connection
-            else if(connection.getCurrentUserCount() < minUserCount) {
-                minUserCount = connection.getCurrentUserCount();
-                minConnectionID = connection.getConnectionID();
-            }
-        }
-        
-        return minConnectionID;
-    }
-    
-    /**
-     * Returns the count of currently active users for the given connectionID.
-     * @return the count of currently active users for the given connectionID.
-     */
-    public int getCurrentUserCount(int connectionID) {
-        Connection connection = activeConnectionMap.get(connectionID);
-        
-        if(connection == null)
-            return 0;
-        
-        return connection.getCurrentUserCount();
-    }
-    
-    /**
-     * Decrement the current user count for this Connection.
-     * 
-     * @param connectionID The ID of the MySQL connection that this 
-     *                     Connection represents.
-     * 
-     * @throws GuacamoleException If the connection is not found.
-     */
-    private void decrementUserCount(int connectionID)
-            throws GuacamoleException {
-        Connection connection = activeConnectionMap.get(connectionID);
-        
-        if(connection == null)
-            throw new GuacamoleResourceNotFoundException
-                    ("Connection to decrement does not exist.");
-        
-        // Decrement the current user count
-        connection.setCurrentUserCount(connection.getCurrentUserCount() - 1);
-    }
-    
-    /**
-     * Increment the current user count for this Connection.
-     * 
-     * @param connectionID The ID of the MySQL connection that this 
-     *                     Connection represents.
-     * 
-     * @throws GuacamoleException If the connection is not found.
-     */
-    private void incrementUserCount(int connectionID) {
-        Connection connection = activeConnectionMap.get(connectionID);
-        
-        // If the Connection does not exist, it should be created
-        if(connection == null) {
-            connection = new Connection(connectionID);
-            activeConnectionMap.put(connectionID, connection);
-        }
-        
-        // Increment the current user count
-        connection.setCurrentUserCount(connection.getCurrentUserCount() + 1);
-    }
-
-    /**
-     * Check if a connection is currently in use.
-     * @param connectionID The connection to check the status of.
-     * @return true if the connection is currently in use.
-     */
-    public boolean isActive(int connectionID) {
-        return getCurrentUserCount(connectionID) > 0;
-    }
-
-    /**
-     * Set a connection as open.
-     * @param connectionID The ID of the connection that is being opened.
-     * @param userID The ID of the user who is opening the connection.
-     * @param connectionGroupID The ID of the BALANCING connection group that is
-     *                          being connected to; null if not used.
-     * @return The ID of the history record created for this open connection.
-     */
-    public int openConnection(int connectionID, int userID, Integer connectionGroupID) {
-
-        // Create the connection history record
-        ConnectionHistory connectionHistory = new ConnectionHistory();
-        connectionHistory.setConnection_id(connectionID);
-        connectionHistory.setUser_id(userID);
-        connectionHistory.setStart_date(new Date());
-        connectionHistoryDAO.insert(connectionHistory);
-
-        // Increment the user count
-        incrementUserCount(connectionID);
-        
-        // Increment the connection user count
-        incrementConnectionUserCount(connectionID, userID);
-        
-        // If this is a connection to a BALANCING ConnectionGroup, increment the count
-        if(connectionGroupID != null)
-            incrementConnectionGroupUserCount(connectionGroupID, userID);
-
-        return connectionHistory.getHistory_id();
-    }
-
-    /**
-     * Set a connection as closed.
-     * @param historyID The ID of the history record about the open connection.
-     * @param connectionGroupID The ID of the BALANCING connection group that is
-     *                          being connected to; null if not used.
-     * @throws GuacamoleException If the open connection history is not found.
-     */
-    public void closeConnection(int historyID, Integer connectionGroupID) 
-            throws GuacamoleException {
-
-        // Get the existing history record
-        ConnectionHistory connectionHistory =
-                connectionHistoryDAO.selectByPrimaryKey(historyID);
-
-        if(connectionHistory == null)
-            throw new GuacamoleResourceNotFoundException("History record not found.");
-        
-        // Get the connection and user IDs
-        int connectionID = connectionHistory.getConnection_id();
-        int userID = connectionHistory.getUser_id();
-
-        // Update the connection history record to mark that it is now closed
-        connectionHistory.setEnd_date(new Date());
-        connectionHistoryDAO.updateByPrimaryKey(connectionHistory);
-
-        // Decrement the user count.
-        decrementUserCount(connectionID);
-        
-        // Decrement the connection user count
-        decrementConnectionUserCount(connectionID, userID);
-        
-        // If this is a connection to a BALANCING ConnectionGroup, decrement the count
-        if(connectionGroupID != null)
-            decrementConnectionGroupUserCount(connectionGroupID, userID);
-    }
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
deleted file mode 100644
index e9fde29dc..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
+++ /dev/null
@@ -1,336 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-
-import com.google.inject.Inject;
-import java.util.Set;
-import org.glyptodon.guacamole.GuacamoleClientException;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.auth.Connection;
-import org.glyptodon.guacamole.net.auth.Directory;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionParameterMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameter;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameterExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
-import org.glyptodon.guacamole.GuacamoleResourceNotFoundException;
-import org.glyptodon.guacamole.GuacamoleUnsupportedException;
-import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
-import org.mybatis.guice.transactional.Transactional;
-
-/**
- * A MySQL-based implementation of the connection directory.
- *
- * @author James Muehlner
- */
-public class ConnectionDirectory implements Directory<String, Connection>{
-
-    /**
-     * The user who this connection directory belongs to. Access is based on
-     * his/her permission settings.
-     */
-    private AuthenticatedUser currentUser;
-
-    /**
-     * The ID of the parent connection group.
-     */
-    private Integer parentID;
-
-    /**
-     * Service for checking permissions.
-     */
-    @Inject
-    private PermissionCheckService permissionCheckService;
-
-    /**
-     * Service managing connections.
-     */
-    @Inject
-    private ConnectionService connectionService;
-
-    /**
-     * Service managing connection groups.
-     */
-    @Inject
-    private ConnectionGroupService connectionGroupService;
-
-    /**
-     * Service for manipulating connection permissions in the database.
-     */
-    @Inject
-    private ConnectionPermissionMapper connectionPermissionDAO;
-
-    /**
-     * Service for manipulating connection parameters in the database.
-     */
-    @Inject
-    private ConnectionParameterMapper connectionParameterDAO;
-
-    /**
-     * Set the user and parentID for this directory.
-     *
-     * @param currentUser
-     *     The user owning this connection directory.
-     *
-     * @param parentID
-     *     The ID of the parent connection group.
-     */
-    public void init(AuthenticatedUser currentUser, Integer parentID) {
-        this.currentUser = currentUser;
-        this.parentID = parentID;
-    }
-
-    @Transactional
-    @Override
-    public Connection get(String identifier) throws GuacamoleException {
-
-        // Get connection
-        MySQLConnection connection =
-                connectionService.retrieveConnection(identifier, currentUser);
-        
-        if(connection == null)
-            return null;
-        
-        // Verify permission to use the parent connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (connection.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify access is granted
-        permissionCheckService.verifyConnectionAccess(
-                currentUser,
-                connection.getConnectionID(),
-                MySQLConstants.CONNECTION_READ);
-
-        // Return connection
-        return connection;
-
-    }
-
-    @Transactional
-    @Override
-    public Set<String> getIdentifiers() throws GuacamoleException {
-        
-        // Verify permission to use the connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-        
-        return permissionCheckService.retrieveConnectionIdentifiers(currentUser, 
-                parentID, MySQLConstants.CONNECTION_READ);
-    }
-
-    @Transactional
-    @Override
-    public void add(Connection object) throws GuacamoleException {
-
-        String name = object.getName().trim();
-        if(name.isEmpty())
-            throw new GuacamoleClientException("The connection name cannot be blank.");
-        
-        // Verify permission to create
-        permissionCheckService.verifySystemAccess(currentUser,
-                MySQLConstants.SYSTEM_CONNECTION_CREATE);
-        
-        // Verify permission to edit the connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser, 
-                this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE);
-        
-        // Verify permission to use the connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify that no connection already exists with this name.
-        MySQLConnection previousConnection =
-                connectionService.retrieveConnection(name, parentID, currentUser);
-        if(previousConnection != null)
-            throw new GuacamoleClientException("That connection name is already in use.");
-
-        // Create connection
-        MySQLConnection connection = connectionService.createConnection(
-                name, object.getConfiguration().getProtocol(), currentUser, parentID);
-        
-        // Set the connection ID
-        object.setIdentifier(connection.getIdentifier());
-
-        // Add connection parameters
-        createConfigurationValues(connection.getConnectionID(),
-                object.getConfiguration());
-
-        // Finally, give the current user full access to the newly created
-        // connection.
-        ConnectionPermissionKey newConnectionPermission = new ConnectionPermissionKey();
-        newConnectionPermission.setUser_id(currentUser.getUserID());
-        newConnectionPermission.setConnection_id(connection.getConnectionID());
-
-        // Read permission
-        newConnectionPermission.setPermission(MySQLConstants.CONNECTION_READ);
-        connectionPermissionDAO.insert(newConnectionPermission);
-
-        // Update permission
-        newConnectionPermission.setPermission(MySQLConstants.CONNECTION_UPDATE);
-        connectionPermissionDAO.insert(newConnectionPermission);
-
-        // Delete permission
-        newConnectionPermission.setPermission(MySQLConstants.CONNECTION_DELETE);
-        connectionPermissionDAO.insert(newConnectionPermission);
-
-        // Administer permission
-        newConnectionPermission.setPermission(MySQLConstants.CONNECTION_ADMINISTER);
-        connectionPermissionDAO.insert(newConnectionPermission);
-
-    }
-
-    /**
-     * Inserts all parameter values from the given configuration into the
-     * database, associating them with the connection having the givenID.
-     *
-     * @param connection_id The ID of the connection to associate all
-     *                      parameters with.
-     * @param config The GuacamoleConfiguration to read parameters from.
-     */
-    private void createConfigurationValues(int connection_id,
-            GuacamoleConfiguration config) {
-
-        // Insert new parameters for each parameter in the config
-        for (String name : config.getParameterNames()) {
-
-            // Create a ConnectionParameter based on the current parameter
-            ConnectionParameter parameter = new ConnectionParameter();
-            parameter.setConnection_id(connection_id);
-            parameter.setParameter_name(name);
-            parameter.setParameter_value(config.getParameter(name));
-
-            // Insert connection parameter
-            connectionParameterDAO.insert(parameter);
-        }
-
-    }
-
-    @Transactional
-    @Override
-    public void update(Connection object) throws GuacamoleException {
-
-        // If connection not actually from this auth provider, we can't handle
-        // the update
-        if (!(object instanceof MySQLConnection))
-            throw new GuacamoleUnsupportedException("Connection not from database.");
-
-        MySQLConnection mySQLConnection = (MySQLConnection) object;
-
-        // Verify permission to update
-        permissionCheckService.verifyConnectionAccess(currentUser,
-                mySQLConnection.getConnectionID(),
-                MySQLConstants.CONNECTION_UPDATE);
-
-        // Perform update
-        connectionService.updateConnection(mySQLConnection);
-
-        // Delete old connection parameters
-        ConnectionParameterExample parameterExample = new ConnectionParameterExample();
-        parameterExample.createCriteria().andConnection_idEqualTo(mySQLConnection.getConnectionID());
-        connectionParameterDAO.deleteByExample(parameterExample);
-
-        // Add connection parameters
-        createConfigurationValues(mySQLConnection.getConnectionID(),
-                object.getConfiguration());
-
-    }
-
-    @Transactional
-    @Override
-    public void remove(String identifier) throws GuacamoleException {
-
-        // Get connection
-        MySQLConnection mySQLConnection =
-                connectionService.retrieveConnection(identifier, currentUser);
-        
-        if(mySQLConnection == null)
-            throw new GuacamoleResourceNotFoundException("Connection not found.");
-        
-        // Verify permission to use the parent connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (mySQLConnection.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify permission to delete
-        permissionCheckService.verifyConnectionAccess(currentUser,
-                mySQLConnection.getConnectionID(),
-                MySQLConstants.CONNECTION_DELETE);
-
-        // Delete the connection itself
-        connectionService.deleteConnection(mySQLConnection.getConnectionID());
-
-    }
-
-    @Override
-    public void move(String identifier, Directory<String, Connection> directory) 
-            throws GuacamoleException {
-        
-        if(!(directory instanceof ConnectionDirectory))
-            throw new GuacamoleUnsupportedException("Directory not from database");
-        
-        Integer toConnectionGroupID = ((ConnectionDirectory)directory).parentID;
-        
-        // Get connection
-        MySQLConnection mySQLConnection =
-                connectionService.retrieveConnection(identifier, currentUser);
-        
-        if(mySQLConnection == null)
-            throw new GuacamoleResourceNotFoundException("Connection not found.");
-
-        // Verify permission to update the connection
-        permissionCheckService.verifyConnectionAccess(currentUser,
-                mySQLConnection.getConnectionID(),
-                MySQLConstants.CONNECTION_UPDATE);
-        
-        // Verify permission to use the from connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (mySQLConnection.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify permission to update the from connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                mySQLConnection.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE);
-        
-        // Verify permission to use the to connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (toConnectionGroupID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify permission to update the to connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
-
-        // Verify that no connection already exists with this name.
-        MySQLConnection previousConnection =
-                connectionService.retrieveConnection(mySQLConnection.getName(), 
-                toConnectionGroupID, currentUser);
-        if(previousConnection != null)
-            throw new GuacamoleClientException("That connection name is already in use.");
-        
-        // Update the connection
-        mySQLConnection.setParentID(toConnectionGroupID);
-        connectionService.updateConnection(mySQLConnection);
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
deleted file mode 100644
index 0064b7708..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
+++ /dev/null
@@ -1,300 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-
-import com.google.inject.Inject;
-import java.util.Set;
-import org.glyptodon.guacamole.GuacamoleClientException;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.auth.ConnectionGroup;
-import org.glyptodon.guacamole.net.auth.ConnectionGroup.Type;
-import org.glyptodon.guacamole.net.auth.Directory;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
-import org.glyptodon.guacamole.GuacamoleResourceNotFoundException;
-import org.glyptodon.guacamole.GuacamoleUnsupportedException;
-import org.mybatis.guice.transactional.Transactional;
-
-/**
- * A MySQL-based implementation of the connection group directory.
- *
- * @author James Muehlner
- */
-public class ConnectionGroupDirectory implements Directory<String, ConnectionGroup>{
-
-    /**
-     * The user who this connection directory belongs to. Access is based on
-     * his/her permission settings.
-     */
-    private AuthenticatedUser currentUser;
-
-    /**
-     * The ID of the parent connection group.
-     */
-    private Integer parentID;
-
-    /**
-     * Service for checking permissions.
-     */
-    @Inject
-    private PermissionCheckService permissionCheckService;
-
-    /**
-     * Service managing connection groups.
-     */
-    @Inject
-    private ConnectionGroupService connectionGroupService;
-
-    /**
-     * Service for manipulating connection group permissions in the database.
-     */
-    @Inject
-    private ConnectionGroupPermissionMapper connectionGroupPermissionDAO;
-
-    /**
-     * Set the user and parentID for this directory.
-     *
-     * @param currentUser
-     *     The user owning this connection group directory.
-     *
-     * @param parentID
-     *     The ID of the parent connection group.
-     */
-    public void init(AuthenticatedUser currentUser, Integer parentID) {
-        this.parentID = parentID;
-        this.currentUser = currentUser;
-    }
-
-    @Transactional
-    @Override
-    public ConnectionGroup get(String identifier) throws GuacamoleException {
-
-        // Get connection
-        MySQLConnectionGroup connectionGroup =
-                connectionGroupService.retrieveConnectionGroup(identifier, currentUser);
-        
-        if(connectionGroup == null)
-            return null;
-        
-        // Verify permission to use the parent connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (connectionGroup.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify access is granted
-        permissionCheckService.verifyConnectionGroupAccess(
-                currentUser,
-                connectionGroup.getConnectionGroupID(),
-                MySQLConstants.CONNECTION_GROUP_READ);
-
-        // Return connection group
-        return connectionGroup;
-
-    }
-
-    @Transactional
-    @Override
-    public Set<String> getIdentifiers() throws GuacamoleException {
-        
-        // Verify permission to use the connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-        
-        return permissionCheckService.retrieveConnectionGroupIdentifiers(currentUser, 
-                parentID, MySQLConstants.CONNECTION_GROUP_READ);
-    }
-
-    @Transactional
-    @Override
-    public void add(ConnectionGroup object) throws GuacamoleException {
-
-        String name = object.getName().trim();
-        if(name.isEmpty())
-            throw new GuacamoleClientException("The connection group name cannot be blank.");
-        
-        Type type = object.getType();
-        
-        String mySQLType = MySQLConstants.getConnectionGroupTypeConstant(type);
-        
-        // Verify permission to create
-        permissionCheckService.verifySystemAccess(currentUser,
-                MySQLConstants.SYSTEM_CONNECTION_GROUP_CREATE);
-        
-        // Verify permission to edit the parent connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser, 
-                this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE);
-        
-        // Verify permission to use the parent connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify that no connection already exists with this name.
-        MySQLConnectionGroup previousConnectionGroup =
-                connectionGroupService.retrieveConnectionGroup(name, parentID, currentUser);
-        if(previousConnectionGroup != null)
-            throw new GuacamoleClientException("That connection group name is already in use.");
-
-        // Create connection group
-        MySQLConnectionGroup connectionGroup = connectionGroupService
-                .createConnectionGroup(name, currentUser, parentID, mySQLType);
-        
-        // Set the connection group ID
-        object.setIdentifier(connectionGroup.getIdentifier());
-
-        // Finally, give the current user full access to the newly created
-        // connection group.
-        ConnectionGroupPermissionKey newConnectionGroupPermission = new ConnectionGroupPermissionKey();
-        newConnectionGroupPermission.setUser_id(currentUser.getUserID());
-        newConnectionGroupPermission.setConnection_group_id(connectionGroup.getConnectionGroupID());
-
-        // Read permission
-        newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_READ);
-        connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
-
-        // Update permission
-        newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_UPDATE);
-        connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
-
-        // Delete permission
-        newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_DELETE);
-        connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
-
-        // Administer permission
-        newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_ADMINISTER);
-        connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
-
-    }
-
-    @Transactional
-    @Override
-    public void update(ConnectionGroup object) throws GuacamoleException {
-
-        // If connection not actually from this auth provider, we can't handle
-        // the update
-        if (!(object instanceof MySQLConnectionGroup))
-            throw new GuacamoleUnsupportedException("Connection not from database.");
-
-        MySQLConnectionGroup mySQLConnectionGroup = (MySQLConnectionGroup) object;
-
-        // Verify permission to update
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                mySQLConnectionGroup.getConnectionGroupID(),
-                MySQLConstants.CONNECTION_GROUP_UPDATE);
-
-        // Perform update
-        connectionGroupService.updateConnectionGroup(mySQLConnectionGroup);
-    }
-
-    @Transactional
-    @Override
-    public void remove(String identifier) throws GuacamoleException {
-
-        // Get connection
-        MySQLConnectionGroup mySQLConnectionGroup =
-                connectionGroupService.retrieveConnectionGroup(identifier, currentUser);
-        
-        if(mySQLConnectionGroup == null)
-            throw new GuacamoleResourceNotFoundException("Connection group not found.");
-        
-        // Verify permission to use the parent connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (mySQLConnectionGroup.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify permission to delete
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                mySQLConnectionGroup.getConnectionGroupID(),
-                MySQLConstants.CONNECTION_GROUP_DELETE);
-
-        // Delete the connection group itself
-        connectionGroupService.deleteConnectionGroup
-                (mySQLConnectionGroup.getConnectionGroupID());
-
-    }
-
-    @Override
-    public void move(String identifier, Directory<String, ConnectionGroup> directory) 
-            throws GuacamoleException {
-        
-        if(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER.equals(identifier))
-            throw new GuacamoleUnsupportedException("The root connection group cannot be moved.");
-        
-        if(!(directory instanceof ConnectionGroupDirectory))
-            throw new GuacamoleUnsupportedException("Directory not from database");
-        
-        Integer toConnectionGroupID = ((ConnectionGroupDirectory)directory).parentID;
-
-        // Get connection group
-        MySQLConnectionGroup mySQLConnectionGroup =
-                connectionGroupService.retrieveConnectionGroup(identifier, currentUser);
-        
-        if(mySQLConnectionGroup == null)
-            throw new GuacamoleResourceNotFoundException("Connection group not found.");
-
-        // Verify permission to update the connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                mySQLConnectionGroup.getConnectionGroupID(),
-                MySQLConstants.CONNECTION_GROUP_UPDATE);
-        
-        // Verify permission to use the from connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (mySQLConnectionGroup.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify permission to update the from connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                mySQLConnectionGroup.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE);
-        
-        // Verify permission to use the to connection group for organizational purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (toConnectionGroupID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-
-        // Verify permission to update the to connection group
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
-
-        // Verify that no connection already exists with this name.
-        MySQLConnectionGroup previousConnectionGroup =
-                connectionGroupService.retrieveConnectionGroup(mySQLConnectionGroup.getName(), 
-                toConnectionGroupID, currentUser);
-        if(previousConnectionGroup != null)
-            throw new GuacamoleClientException("That connection group name is already in use.");
-        
-        // Verify that moving this connectionGroup would not cause a cycle
-        Integer relativeParentID = toConnectionGroupID;
-        while(relativeParentID != null) {
-            if(relativeParentID == mySQLConnectionGroup.getConnectionGroupID())
-                throw new GuacamoleUnsupportedException("Connection group cycle detected.");
-            
-            MySQLConnectionGroup relativeParentGroup = connectionGroupService.
-                    retrieveConnectionGroup(relativeParentID, currentUser);
-            
-            relativeParentID = relativeParentGroup.getParentID();
-        }
-        
-        // Update the connection
-        mySQLConnectionGroup.setParentID(toConnectionGroupID);
-        connectionGroupService.updateConnectionGroup(mySQLConnectionGroup);
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
new file mode 100644
index 000000000..cae34ea43
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+/**
+ * Common interface for objects that will ultimately be made available through
+ * the Directory class. All such objects will need the same base set of queries
+ * to fulfill the needs of the Directory class.
+ *
+ * @author Michael Jumper
+ * @param <ModelType>
+ *     The type of object contained within the directory whose objects are
+ *     mapped by this mapper.
+ */
+public interface DirectoryObject<ModelType> {
+
+    /**
+     * Returns the backing model object. Changes to the model object will
+     * affect this object, and changes to this object will affect the model
+     * object.
+     *
+     * @return
+     *     The user model object backing this MySQLUser.
+     */
+    public ModelType getModel();
+
+    /**
+     * Sets the backing model object. This will effectively replace all data
+     * contained within this object.
+     *
+     * @param model
+     *     The backing model object.
+     */
+    public void setModel(ModelType model);
+
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 2a0080325..ece180551 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -33,20 +33,9 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.UserContext;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionHistoryMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionParameterMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SHA256PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SecureRandomSaltService;
@@ -65,16 +54,11 @@ import org.mybatis.guice.datasource.helper.JdbcHelper;
  */
 public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
-    /**
-     * Set of all active connections.
-     */
-    private ActiveConnectionMap activeConnectionMap = new ActiveConnectionMap();
-
     /**
      * Injector which will manage the object graph of this authentication
      * provider.
      */
-    private Injector injector;
+    private final Injector injector;
 
     @Override
     public UserContext getUserContext(Credentials credentials) throws GuacamoleException {
@@ -83,10 +67,10 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
         UserService userService = injector.getInstance(UserService.class);
 
         // Get user
-        MySQLUser authenticatedUser = userService.retrieveUser(credentials);
-        if (authenticatedUser != null) {
+        MySQLUser user = userService.retrieveUser(credentials);
+        if (user != null) {
             MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
-            context.init(new AuthenticatedUser(authenticatedUser.getUserID(), credentials));
+            context.init(user);
             return context;
         }
 
@@ -145,27 +129,15 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bindTransactionFactoryType(JdbcTransactionFactory.class);
 
                     // Add MyBatis mappers
-                    addMapperClass(ConnectionHistoryMapper.class);
-                    addMapperClass(ConnectionMapper.class);
-                    addMapperClass(ConnectionGroupMapper.class);
-                    addMapperClass(ConnectionGroupPermissionMapper.class);
-                    addMapperClass(ConnectionParameterMapper.class);
-                    addMapperClass(ConnectionPermissionMapper.class);
-                    addMapperClass(SystemPermissionMapper.class);
                     addMapperClass(UserMapper.class);
-                    addMapperClass(UserPermissionMapper.class);
 
                     // Bind interfaces
-                    bind(MySQLUserContext.class);
-                    bind(UserDirectory.class);
                     bind(MySQLUser.class);
-                    bind(SaltService.class).to(SecureRandomSaltService.class);
+                    bind(MySQLUserContext.class);
                     bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
-                    bind(PermissionCheckService.class);
-                    bind(ConnectionService.class);
-                    bind(ConnectionGroupService.class);
+                    bind(SaltService.class).to(SecureRandomSaltService.class);
+                    bind(UserDirectory.class);
                     bind(UserService.class);
-                    bind(ActiveConnectionMap.class).toInstance(activeConnectionMap);
 
                 }
             } // end of mybatis module
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
deleted file mode 100644
index c685f7eaa..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-
-import com.google.inject.Inject;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
-import org.glyptodon.guacamole.net.auth.AbstractConnection;
-import org.glyptodon.guacamole.net.auth.ConnectionRecord;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
-import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
-import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
-
-/**
- * A MySQL based implementation of the Connection object.
- * @author James Muehlner
- */
-public class MySQLConnection extends AbstractConnection {
-
-    /**
-     * The ID associated with this connection in the database.
-     */
-    private Integer connectionID;
-
-    /**
-     * The ID of the parent connection group for this connection.
-     */
-    private Integer parentID;
-
-    /**
-     * The user who queried or created this connection.
-     */
-    private AuthenticatedUser currentUser;
-
-    /**
-     * History of this connection.
-     */
-    private List<ConnectionRecord> history = new ArrayList<ConnectionRecord>();
-
-    /**
-     * Service for managing connections.
-     */
-    @Inject
-    private ConnectionService connectionService;
-
-    /**
-     * Create a default, empty connection.
-     */
-    public MySQLConnection() {
-    }
-
-    /**
-     * Get the ID of the corresponding connection record.
-     * @return The ID of the corresponding connection, if any.
-     */
-    public Integer getConnectionID() {
-        return connectionID;
-    }
-
-    /**
-     * Sets the ID of the corresponding connection record.
-     * @param connectionID The ID to assign to this connection.
-     */
-    public void setConnectionID(Integer connectionID) {
-        this.connectionID = connectionID;
-    }
-
-    /**
-     * Get the ID of the parent connection group for this connection, if any.
-     * @return The ID of the parent connection group for this connection, if any.
-     */
-    public Integer getParentID() {
-        return parentID;
-    }
-
-    /**
-     * Sets the ID of the parent connection group for this connection.
-     * @param parentID The ID of the parent connection group for this connection.
-     */
-    public void setParentID(Integer parentID) {
-        this.parentID = parentID;
-
-        // Translate to string identifier
-        if (parentID != null)
-            this.setParentIdentifier(String.valueOf(parentID));
-        else
-            this.setParentIdentifier(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER);
-
-    }
-
-    /**
-     * Initialize from explicit values.
-     *
-     * @param connectionID
-     *     The ID of the associated database record, if any.
-     *
-     * @param parentID
-     *     The ID of the parent connection group for this connection, if any.
-     *
-     * @param name 
-     *     The human-readable name associated with this connection.
-     *
-     * @param identifier
-     *     The unique identifier associated with this connection.
-     *
-     * @param config
-     *     The GuacamoleConfiguration associated with this connection.
-     *
-     * @param history
-     *     All ConnectionRecords associated with this connection.
-     *
-     * @param currentUser 
-     *     The user who queried this connection.
-     */
-    public void init(Integer connectionID, Integer parentID, String name, 
-            String identifier, GuacamoleConfiguration config,
-            List<? extends ConnectionRecord> history,
-            AuthenticatedUser currentUser) {
-
-        this.connectionID = connectionID;
-        this.setParentID(parentID);
-        setName(name);
-        setIdentifier(identifier);
-        setConfiguration(config);
-        this.history.addAll(history);
-        this.currentUser = currentUser;
-
-    }
-
-    @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
-        return connectionService.connect(this, info, currentUser, null);
-    }
-
-    @Override
-    public List<? extends ConnectionRecord> getHistory() throws GuacamoleException {
-        return Collections.unmodifiableList(history);
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
deleted file mode 100644
index 53380bb5c..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-
-import com.google.inject.Inject;
-import com.google.inject.Provider;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
-import org.glyptodon.guacamole.net.auth.AbstractConnectionGroup;
-import org.glyptodon.guacamole.net.auth.Connection;
-import org.glyptodon.guacamole.net.auth.ConnectionGroup;
-import org.glyptodon.guacamole.net.auth.Directory;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
-import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
-
-/**
- * A MySQL based implementation of the ConnectionGroup object.
- * @author James Muehlner
- */
-public class MySQLConnectionGroup extends AbstractConnectionGroup {
-
-    /**
-     * The ID associated with this connection group in the database.
-     */
-    private Integer connectionGroupID;
-
-    /**
-     * The ID of the parent connection group for this connection group.
-     */
-    private Integer parentID;
-
-    /**
-     * The user who queried or created this connection group.
-     */
-    private AuthenticatedUser currentUser;
-    
-    /**
-     * A Directory of connections that have this connection group as a parent.
-     */
-    private ConnectionDirectory connectionDirectory = null;
-    
-    /**
-     * A Directory of connection groups that have this connection group as a parent.
-     */
-    private ConnectionGroupDirectory connectionGroupDirectory = null;
-
-    /**
-     * Service managing connection groups.
-     */
-    @Inject
-    private ConnectionGroupService connectionGroupService;
-
-    /**
-     * Service for checking permissions.
-     */
-    @Inject
-    private PermissionCheckService permissionCheckService;
-    
-    /**
-     * Service for creating new ConnectionDirectory objects.
-     */
-    @Inject Provider<ConnectionDirectory> connectionDirectoryProvider;
-    
-    /**
-     * Service for creating new ConnectionGroupDirectory objects.
-     */
-    @Inject Provider<ConnectionGroupDirectory> connectionGroupDirectoryProvider;
-
-    /**
-     * Create a default, empty connection group.
-     */
-    public MySQLConnectionGroup() {
-    }
-
-    /**
-     * Get the ID of the corresponding connection group record.
-     * @return The ID of the corresponding connection group, if any.
-     */
-    public Integer getConnectionGroupID() {
-        return connectionGroupID;
-    }
-
-    /**
-     * Sets the ID of the corresponding connection group record.
-     * @param connectionGroupID The ID to assign to this connection group.
-     */
-    public void setConnectionID(Integer connectionGroupID) {
-        this.connectionGroupID = connectionGroupID;
-    }
-
-    /**
-     * Get the ID of the parent connection group for this connection group, if any.
-     * @return The ID of the parent connection group for this connection group, if any.
-     */
-    public Integer getParentID() {
-        return parentID;
-    }
-
-    /**
-     * Sets the ID of the parent connection group for this connection group.
-     * @param parentID The ID of the parent connection group for this connection group.
-     */
-    public void setParentID(Integer parentID) {
-        this.parentID = parentID;
-
-        // Translate to string identifier
-        if (parentID != null)
-            this.setParentIdentifier(String.valueOf(parentID));
-        else
-            this.setParentIdentifier(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER);
-
-    }
-
-    /**
-     * Initialize from explicit values.
-     *
-     * @param connectionGroupID
-     *     The ID of the associated database record, if any.
-     *
-     * @param parentID
-     *     The ID of the parent connection group for this connection group, if
-     *     any.
-     *
-     * @param name
-     *     The name of this connection group.
-     *
-     * @param identifier
-     *     The unique identifier associated with this connection group.
-     *
-     * @param type
-     *     The type of this connection group.
-     *
-     * @param currentUser
-     *     The user who queried this connection.
-     */
-    public void init(Integer connectionGroupID, Integer parentID, String name, 
-            String identifier, ConnectionGroup.Type type, AuthenticatedUser currentUser) {
-        this.connectionGroupID = connectionGroupID;
-        this.setParentID(parentID);
-        setName(name);
-        setIdentifier(identifier);
-        setType(type);
-        this.currentUser = currentUser;
-        
-        connectionDirectory = connectionDirectoryProvider.get();
-        connectionDirectory.init(currentUser, connectionGroupID);
-        
-        connectionGroupDirectory = connectionGroupDirectoryProvider.get();
-        connectionGroupDirectory.init(currentUser, connectionGroupID);
-    }
-
-    @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
-        
-        // Verify permission to use the connection group for balancing purposes
-        permissionCheckService.verifyConnectionGroupUsageAccess
-                (this.connectionGroupID, currentUser, MySQLConstants.CONNECTION_GROUP_BALANCING);
-
-        // Verify permission to delete
-        permissionCheckService.verifyConnectionGroupAccess(currentUser,
-                this.connectionGroupID,
-                MySQLConstants.CONNECTION_GROUP_READ);
-        
-        return connectionGroupService.connect(this, info, currentUser);
-    }
-    
-    @Override
-    public Directory<String, Connection> getConnectionDirectory() throws GuacamoleException {
-        return connectionDirectory;
-    }
-
-    @Override
-    public Directory<String, ConnectionGroup> getConnectionGroupDirectory() throws GuacamoleException {
-        return connectionGroupDirectory;
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java
index 4200bfe5d..86c72b2e8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java
@@ -23,7 +23,6 @@
 package net.sourceforge.guacamole.net.auth.mysql;
 
 
-import com.google.inject.Inject;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.io.GuacamoleReader;
 import org.glyptodon.guacamole.io.GuacamoleWriter;
@@ -35,12 +34,6 @@ import org.glyptodon.guacamole.net.GuacamoleSocket;
  */
 public class MySQLGuacamoleSocket implements GuacamoleSocket {
 
-    /**
-     * Injected ActiveConnectionMap which will contain all active connections.
-     */
-    @Inject
-    private ActiveConnectionMap activeConnectionMap;
-
     /**
      * The wrapped socket.
      */
@@ -86,18 +79,7 @@ public class MySQLGuacamoleSocket implements GuacamoleSocket {
 
     @Override
     public void close() throws GuacamoleException {
-
-        // Mark this connection as inactive
-        synchronized (activeConnectionMap) {
-
-            if (isOpen())
-                activeConnectionMap.closeConnection(historyID, connectionGroupID);
-
-            // Close socket
-            socket.close();
-
-        }
-
+        socket.close();
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index 25b07f123..36d159afe 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -22,40 +22,50 @@
 
 package net.sourceforge.guacamole.net.auth.mysql;
 
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
+import com.google.inject.Inject;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
+import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.auth.AbstractUser;
 import org.glyptodon.guacamole.net.auth.User;
-import org.glyptodon.guacamole.net.auth.permission.Permission;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.simple.SimpleSystemPermissionSet;
 
 /**
  * A MySQL based implementation of the User object.
  * @author James Muehlner
  */
-public class MySQLUser extends AbstractUser {
+public class MySQLUser implements User, DirectoryObject<UserModel> {
 
     /**
-     * The ID of this user in the database, if any.
+     * Service for hashing passwords.
      */
-    private Integer userID;
+    @Inject
+    private PasswordEncryptionService encryptionService;
 
     /**
-     * The set of current permissions a user has.
+     * Service for providing secure, random salts.
      */
-    private Set<Permission> permissions = new HashSet<Permission>();
+    @Inject
+    private SaltService saltService;
+    
+    /**
+     * The internal model object containing the values which represent this
+     * user in the database.
+     */
+    private UserModel userModel;
 
     /**
-     * Any newly added permissions that have yet to be committed.
+     * The plaintext password previously set by a call to setPassword(), if
+     * any. The password of a user cannot be retrieved once saved into the
+     * database, so this serves to ensure getPassword() returns a reasonable
+     * value if setPassword() is called. If no password has been set, or the
+     * user was retrieved from the database, this will be null.
      */
-    private Set<Permission> newPermissions = new HashSet<Permission>();
-
-    /**
-     * Any newly deleted permissions that have yet to be deleted.
-     */
-    private Set<Permission> removedPermissions = new HashSet<Permission>();
-
+    private String password = null;
+    
     /**
      * Creates a new, empty MySQLUser.
      */
@@ -63,118 +73,85 @@ public class MySQLUser extends AbstractUser {
     }
 
     /**
-     * Initializes a new MySQLUser having the given username.
-     *
-     * @param name The name to assign to this MySQLUser.
+     * Creates a new MySQLUser backed by the given user model object. Changes
+     * to this model object will affect the new MySQLUser even after creation,
+     * and changes to the new MySQLUser will affect this model object.
+     * 
+     * @param userModel
+     *     The user model object to use to back this MySQLUser.
      */
-    public void init(String name) {
-        init(null, name, null, Collections.EMPTY_SET);
-    }
-
-    /**
-     * Initializes a new MySQLUser, copying all data from the given user
-     * object.
-     *
-     * @param user The user object to copy.
-     * @throws GuacamoleException If an error occurs while reading the user
-     *                            data in the given object.
-     */
-    public void init(User user) throws GuacamoleException {
-        init(null, user.getUsername(), user.getPassword(), user.getPermissions());
-    }
-
-    /**
-     * Initializes a new MySQLUser initialized from the given data from the
-     * database.
-     *
-     * @param userID The ID of the user in the database, if any.
-     * @param username The username of this user.
-     * @param password The password to assign to this user.
-     * @param permissions The permissions to assign to this user, as
-     *                    retrieved from the database.
-     */
-    public void init(Integer userID, String username, String password,
-            Set<Permission> permissions) {
-        this.userID = userID;
-        setUsername(username);
-        setPassword(password);
-        this.permissions.addAll(permissions);
-    }
-
-    /**
-     * Get the current set of permissions this user has.
-     * @return the current set of permissions.
-     */
-    public Set<Permission> getCurrentPermissions() {
-        return permissions;
-    }
-
-    /**
-     * Get any new permissions that have yet to be inserted.
-     * @return the new set of permissions.
-     */
-    public Set<Permission> getNewPermissions() {
-        return newPermissions;
-    }
-
-    /**
-     * Get any permissions that have not yet been deleted.
-     * @return the permissions that need to be deleted.
-     */
-    public Set<Permission> getRemovedPermissions() {
-        return removedPermissions;
-    }
-
-    /**
-     * Reset the new and removed permission sets after they are
-     * no longer needed.
-     */
-    public void resetPermissions() {
-        newPermissions.clear();
-        removedPermissions.clear();
-    }
-
-    /**
-     * Returns the ID of this user in the database, if it exists.
-     *
-     * @return The ID of this user in the database, or null if this user
-     *         was not retrieved from the database.
-     */
-    public Integer getUserID() {
-        return userID;
-    }
-
-    /**
-     * Sets the ID of this user to the given value.
-     *
-     * @param userID The ID to assign to this user.
-     */
-    public void setUserID(Integer userID) {
-        this.userID = userID;
+    public MySQLUser(UserModel userModel) {
+        this.userModel = userModel;
     }
 
     @Override
-    public Set<Permission> getPermissions() throws GuacamoleException {
-        return Collections.unmodifiableSet(permissions);
+    public UserModel getModel() {
+        return userModel;
     }
 
     @Override
-    public boolean hasPermission(Permission permission) throws GuacamoleException {
-        return permissions.contains(permission);
+    public void setModel(UserModel userModel) {
+        this.userModel = userModel;
+        this.password = null;
     }
 
     @Override
-    public void addPermission(Permission permission) throws GuacamoleException {
-        permissions.add(permission);
-        newPermissions.add(permission);
-        removedPermissions.remove(permission);
+    public String getUsername() {
+        return userModel.getUsername();
     }
 
     @Override
-    public void removePermission(Permission permission) throws GuacamoleException {
-        permissions.remove(permission);
-        newPermissions.remove(permission);
-        removedPermissions.add(permission);
+    public void setUsername(String username) {
+        userModel.setUsername(username);
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public void setPassword(String password) {
+
+        // Store plaintext password internally
+        this.password = password;
+        
+        // Generate new salt and hash given password using newly-generated salt
+        byte[] salt = saltService.generateSalt();
+        byte[] hash = encryptionService.createPasswordHash(password, salt);
+
+        // Set stored salt and hash
+        userModel.setPasswordSalt(salt);
+        userModel.setPasswordHash(hash);
+
+    }
+
+    @Override
+    public SystemPermissionSet getSystemPermissions()
+            throws GuacamoleException {
+        // STUB
+        return new SimpleSystemPermissionSet();
+    }
+
+    @Override
+    public ObjectPermissionSet<String> getConnectionPermissions()
+            throws GuacamoleException {
+        // STUB
+        return new SimpleObjectPermissionSet<String>();
+    }
+
+    @Override
+    public ObjectPermissionSet<String> getConnectionGroupPermissions()
+            throws GuacamoleException {
+        // STUB
+        return new SimpleObjectPermissionSet<String>();
+    }
+
+    @Override
+    public ObjectPermissionSet<String> getUserPermissions()
+            throws GuacamoleException {
+        // STUB
+        return new SimpleObjectPermissionSet<String>();
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index 43f0728bb..55766260d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -24,13 +24,15 @@ package net.sourceforge.guacamole.net.auth.mysql;
 
 
 import com.google.inject.Inject;
+import java.util.Collections;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
-import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
-import org.glyptodon.guacamole.net.auth.Credentials;
+import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionDirectory;
+import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroup;
+import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroupDirectory;
 
 /**
  * The MySQL representation of a UserContext.
@@ -39,10 +41,9 @@ import org.glyptodon.guacamole.net.auth.Credentials;
 public class MySQLUserContext implements UserContext {
 
     /**
-     * The the user owning this context. The permissions of this user dictate
-     * the access given via the user and connection directories.
+     * The the user owning this context.
      */
-    private AuthenticatedUser currentUser;
+    private MySQLUser currentUser;
 
     /**
      * User directory restricted by the permissions of the user associated
@@ -51,36 +52,19 @@ public class MySQLUserContext implements UserContext {
     @Inject
     private UserDirectory userDirectory;
     
-    /**
-     * The root connection group.
-     */
-    @Inject
-    private MySQLConnectionGroup rootConnectionGroup;
-
-    /**
-     * Service for accessing users.
-     */
-    @Inject
-    private UserService userService;
-
     /**
      * Initializes the user and directories associated with this context.
      *
      * @param currentUser
      *     The user owning this context.
      */
-    public void init(AuthenticatedUser currentUser) {
+    public void init(MySQLUser currentUser) {
         this.currentUser = currentUser;
-        userDirectory.init(currentUser);
-        rootConnectionGroup.init(null, null, 
-                MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
-                MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
-                ConnectionGroup.Type.ORGANIZATIONAL, currentUser);
     }
 
     @Override
     public User self() {
-        return userService.retrieveUser(currentUser.getUserID());
+        return currentUser;
     }
 
     @Override
@@ -90,7 +74,11 @@ public class MySQLUserContext implements UserContext {
 
     @Override
     public ConnectionGroup getRootConnectionGroup() throws GuacamoleException {
-        return rootConnectionGroup;
+        /* STUB */
+        return new SimpleConnectionGroup("ROOT", "ROOT",
+            new SimpleConnectionDirectory(Collections.EMPTY_MAP),
+            new SimpleConnectionGroupDirectory(Collections.EMPTY_LIST)
+        );
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index 66a1a16df..9014c7238 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -23,686 +23,76 @@
 package net.sourceforge.guacamole.net.auth.mysql;
 
 
-import com.google.common.base.Preconditions;
-import com.google.common.collect.Sets;
 import com.google.inject.Inject;
-import java.util.ArrayList;
 import java.util.Collection;
-import java.util.List;
-import java.util.Map;
+import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.GuacamoleClientException;
+import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
-import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
-import org.glyptodon.guacamole.GuacamoleUnsupportedException;
-import org.glyptodon.guacamole.net.auth.permission.ConnectionGroupPermission;
-import org.glyptodon.guacamole.net.auth.permission.ConnectionPermission;
-import org.glyptodon.guacamole.net.auth.permission.Permission;
-import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
-import org.glyptodon.guacamole.net.auth.permission.UserPermission;
 import org.mybatis.guice.transactional.Transactional;
 
 /**
  * A MySQL based implementation of the User Directory.
+ *
  * @author James Muehlner
+ * @author Michael Jumper
  */
 public class UserDirectory implements Directory<String, User> {
 
     /**
-     * The user this user directory belongs to. Access is based on his/her
-     * permission settings.
-     */
-    private AuthenticatedUser currentUser;
-
-    /**
-     * Service for accessing users.
+     * Service for managing user objects.
      */
     @Inject
     private UserService userService;
 
-    /**
-     * Service for accessing connections.
-     */
-    @Inject
-    private ConnectionService connectionService;
-
-    /**
-     * Service for accessing connection groups.
-     */
-    @Inject
-    private ConnectionGroupService connectionGroupService;
-
-    /**
-     * DAO for accessing user permissions, which will be injected.
-     */
-    @Inject
-    private UserPermissionMapper userPermissionDAO;
-
-    /**
-     * DAO for accessing connection permissions, which will be injected.
-     */
-    @Inject
-    private ConnectionPermissionMapper connectionPermissionDAO;
-
-    /**
-     * DAO for accessing connection group permissions, which will be injected.
-     */
-    @Inject
-    private ConnectionGroupPermissionMapper connectionGroupPermissionDAO;
-
-    /**
-     * DAO for accessing system permissions, which will be injected.
-     */
-    @Inject
-    private SystemPermissionMapper systemPermissionDAO;
-
-    /**
-     * Service for checking various permissions, which will be injected.
-     */
-    @Inject
-    private PermissionCheckService permissionCheckService;
-
-    /**
-     * Set the user for this directory.
-     *
-     * @param currentUser
-     *     The user whose permissions define the visibility of other users in
-     *     this directory.
-     */
-    public void init(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-
-    @Transactional
-    @Override
-    public org.glyptodon.guacamole.net.auth.User get(String identifier)
-            throws GuacamoleException {
-
-        // Get user
-        MySQLUser user = userService.retrieveUser(identifier);
-        
-        if(user == null)
-            return null;
-
-        // Verify access is granted
-        permissionCheckService.verifyUserAccess(currentUser,
-                user.getUserID(),
-                MySQLConstants.USER_READ);
-
-        // Return user
-        return user;
-
-    }
-
-    @Transactional
-    @Override
-    public Set<String> getIdentifiers() throws GuacamoleException {
-        return permissionCheckService.retrieveUsernames(currentUser,
-                MySQLConstants.USER_READ);
-    }
-
-    @Override
-    @Transactional
-    public void add(org.glyptodon.guacamole.net.auth.User object)
-            throws GuacamoleException {
-
-        String username = object.getUsername().trim();
-        if(username.isEmpty())
-            throw new GuacamoleClientException("The username cannot be blank.");
-
-        // Verify current user has permission to create users
-        permissionCheckService.verifySystemAccess(currentUser,
-                MySQLConstants.SYSTEM_USER_CREATE);
-        Preconditions.checkNotNull(object);
-
-        // Verify that no user already exists with this username.
-        MySQLUser previousUser = userService.retrieveUser(username);
-        if(previousUser != null)
-            throw new GuacamoleClientException("That username is already in use.");
-
-        // Create new user
-        MySQLUser user = userService.createUser(username, object.getPassword());
-
-        // Create permissions of new user in database
-        createPermissions(user.getUserID(), object.getPermissions());
-
-        // Give the current user full access to the newly created user.
-        UserPermissionKey newUserPermission = new UserPermissionKey();
-        newUserPermission.setUser_id(currentUser.getUserID());
-        newUserPermission.setAffected_user_id(user.getUserID());
-
-        // READ permission on new user
-        newUserPermission.setPermission(MySQLConstants.USER_READ);
-        userPermissionDAO.insert(newUserPermission);
-
-        // UPDATE permission on new user
-        newUserPermission.setPermission(MySQLConstants.USER_UPDATE);
-        userPermissionDAO.insert(newUserPermission);
-
-        // DELETE permission on new user
-        newUserPermission.setPermission(MySQLConstants.USER_DELETE);
-        userPermissionDAO.insert(newUserPermission);
-
-        // ADMINISTER permission on new user
-        newUserPermission.setPermission(MySQLConstants.USER_ADMINISTER);
-        userPermissionDAO.insert(newUserPermission);
-
-    }
-
-    /**
-     * Add the given permissions to the given user.
-     *
-     * @param user_id The ID of the user whose permissions should be updated.
-     * @param permissions The permissions to add.
-     * @throws GuacamoleException If an error occurs while updating the
-     *                            permissions of the given user.
-     */
-    private void createPermissions(int user_id, Set<Permission> permissions) throws GuacamoleException {
-
-        // Partition given permissions by permission type
-        List<UserPermission> newUserPermissions = new ArrayList<UserPermission>();
-        List<ConnectionPermission> newConnectionPermissions = new ArrayList<ConnectionPermission>();
-        List<ConnectionGroupPermission> newConnectionGroupPermissions = new ArrayList<ConnectionGroupPermission>();
-        List<SystemPermission> newSystemPermissions = new ArrayList<SystemPermission>();
-
-        for (Permission permission : permissions) {
-
-            if (permission instanceof UserPermission)
-                newUserPermissions.add((UserPermission) permission);
-
-            else if (permission instanceof ConnectionPermission)
-                newConnectionPermissions.add((ConnectionPermission) permission);
-
-            else if (permission instanceof ConnectionGroupPermission)
-                newConnectionGroupPermissions.add((ConnectionGroupPermission) permission);
-
-            else if (permission instanceof SystemPermission)
-                newSystemPermissions.add((SystemPermission) permission);
-        }
-
-        // Create the new permissions
-        createUserPermissions(user_id, newUserPermissions);
-        createConnectionPermissions(user_id, newConnectionPermissions);
-        createConnectionGroupPermissions(user_id, newConnectionGroupPermissions);
-        createSystemPermissions(user_id, newSystemPermissions);
-
-    }
-
-    /**
-     * Remove the given permissions from the given user.
-     *
-     * @param user_id The ID of the user whose permissions should be updated.
-     * @param permissions The permissions to remove.
-     * @throws GuacamoleException If an error occurs while updating the
-     *                            permissions of the given user.
-     */
-    private void removePermissions(int user_id, Set<Permission> permissions)
-            throws GuacamoleException {
-
-        // Partition given permissions by permission type
-        List<UserPermission> removedUserPermissions = new ArrayList<UserPermission>();
-        List<ConnectionPermission> removedConnectionPermissions = new ArrayList<ConnectionPermission>();
-        List<ConnectionGroupPermission> removedConnectionGroupPermissions = new ArrayList<ConnectionGroupPermission>();
-        List<SystemPermission> removedSystemPermissions = new ArrayList<SystemPermission>();
-
-        for (Permission permission : permissions) {
-
-            if (permission instanceof UserPermission)
-                removedUserPermissions.add((UserPermission) permission);
-
-            else if (permission instanceof ConnectionPermission)
-                removedConnectionPermissions.add((ConnectionPermission) permission);
-
-            else if (permission instanceof ConnectionGroupPermission)
-                removedConnectionGroupPermissions.add((ConnectionGroupPermission) permission);
-
-            else if (permission instanceof SystemPermission)
-                removedSystemPermissions.add((SystemPermission) permission);
-        }
-
-        // Delete the removed permissions.
-        deleteUserPermissions(user_id, removedUserPermissions);
-        deleteConnectionPermissions(user_id, removedConnectionPermissions);
-        deleteConnectionGroupPermissions(user_id, removedConnectionGroupPermissions);
-        deleteSystemPermissions(user_id, removedSystemPermissions);
-
-    }
-
-    /**
-     * Create the given user permissions for the given user.
-     *
-     * @param user_id The ID of the user to change the permissions of.
-     * @param permissions The new permissions the given user should have when
-     *                    this operation completes.
-     * @throws GuacamoleException If permission to alter the access permissions
-     *                            of affected objects is denied.
-     */
-    private void createUserPermissions(int user_id,
-            Collection<UserPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Get list of administerable user IDs
-        List<Integer> administerableUserIDs =
-            permissionCheckService.retrieveUserIDs(currentUser,
-                MySQLConstants.USER_ADMINISTER);
-
-        // Get set of usernames corresponding to administerable users
-        Map<String, Integer> administerableUsers =
-                userService.translateUsernames(administerableUserIDs);
-
-        // Insert all given permissions
-        for (UserPermission permission : permissions) {
-
-            // Get original ID
-            Integer affected_id =
-                    administerableUsers.get(permission.getObjectIdentifier());
-
-            // Verify that the user actually has permission to administrate
-            // every one of these users
-            if (affected_id == null)
-                throw new GuacamoleSecurityException(
-                      "User #" + currentUser.getUserID()
-                    + " does not have permission to administrate user "
-                    + permission.getObjectIdentifier());
-
-            // Create new permission
-            UserPermissionKey newPermission = new UserPermissionKey();
-            newPermission.setUser_id(currentUser.getUserID());
-            newPermission.setPermission(MySQLConstants.getUserConstant(permission.getType()));
-            newPermission.setAffected_user_id(affected_id);
-            userPermissionDAO.insert(newPermission);
-
-         }
-
-    }
-
-    /**
-     * Delete permissions having to do with users for a given user.
-     *
-     * @param user_id The ID of the user to change the permissions of.
-     * @param permissions The permissions the given user should no longer have
-     *                    when this operation completes.
-     * @throws GuacamoleException If permission to alter the access permissions
-     *                            of affected objects is denied.
-     */
-    private void deleteUserPermissions(int user_id,
-            Collection<UserPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Get list of administerable user IDs
-        List<Integer> administerableUserIDs =
-            permissionCheckService.retrieveUserIDs(currentUser,
-                MySQLConstants.USER_ADMINISTER);
-
-        // Get set of usernames corresponding to administerable users
-        Map<String, Integer> administerableUsers =
-                userService.translateUsernames(administerableUserIDs);
-
-        // Delete requested permissions
-        for (UserPermission permission : permissions) {
-
-            // Get original ID
-            Integer affected_id =
-                    administerableUsers.get(permission.getObjectIdentifier());
-
-            // Verify that the user actually has permission to administrate
-            // every one of these users
-            if (affected_id == null)
-                throw new GuacamoleSecurityException(
-                      "User #" + currentUser.getUserID()
-                    + " does not have permission to administrate user "
-                    + permission.getObjectIdentifier());
-
-            // Delete requested permission
-            UserPermissionExample userPermissionExample = new UserPermissionExample();
-            userPermissionExample.createCriteria()
-                .andUser_idEqualTo(user_id)
-                .andPermissionEqualTo(MySQLConstants.getUserConstant(permission.getType()))
-                .andAffected_user_idEqualTo(affected_id);
-            userPermissionDAO.deleteByExample(userPermissionExample);
-
-        }
-
-    }
-
-    /**
-     * Create any new permissions having to do with connections for a given
-     * user.
-     *
-     * @param user_id The ID of the user to assign or remove permissions from.
-     * @param permissions The new permissions the user should have after this
-     *                    operation completes.
-     * @throws GuacamoleException If permission to alter the access permissions
-     *                            of affected objects is deniedD
-     */
-    private void createConnectionPermissions(int user_id,
-            Collection<ConnectionPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Get list of administerable connection IDs
-        Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
-            permissionCheckService.retrieveConnectionIDs(currentUser,
-                MySQLConstants.CONNECTION_ADMINISTER));
-
-        // Insert all given permissions
-        for (ConnectionPermission permission : permissions) {
-
-            // Get original ID
-            Integer connection_id = Integer.valueOf(permission.getObjectIdentifier());
-
-            // Throw exception if permission to administer this connection
-            // is not granted
-            if (!administerableConnectionIDs.contains(connection_id))
-                throw new GuacamoleSecurityException(
-                      "User #" + currentUser.getUserID()
-                    + " does not have permission to administrate connection "
-                    + permission.getObjectIdentifier());
-
-            // Create new permission
-            ConnectionPermissionKey newPermission = new ConnectionPermissionKey();
-            newPermission.setUser_id(user_id);
-            newPermission.setPermission(MySQLConstants.getConnectionConstant(permission.getType()));
-            newPermission.setConnection_id(connection_id);
-            connectionPermissionDAO.insert(newPermission);
-
-        }
-    }
-
-    /**
-     * Create any new permissions having to do with connection groups 
-     * for a given user.
-     *
-     * @param user_id The ID of the user to assign or remove permissions from.
-     * @param permissions The new permissions the user should have after this
-     *                    operation completes.
-     * @throws GuacamoleException If permission to alter the access permissions
-     *                            of affected objects is deniedD
-     */
-    private void createConnectionGroupPermissions(int user_id,
-            Collection<ConnectionGroupPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Get list of administerable connection group IDs
-        Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
-            permissionCheckService.retrieveConnectionGroupIDs(currentUser,
-                MySQLConstants.CONNECTION_GROUP_ADMINISTER));
-
-        // Insert all given permissions
-        for (ConnectionGroupPermission permission : permissions) {
-
-            // Get original ID
-            Integer connection_group_id = Integer.valueOf(permission.getObjectIdentifier());
-
-            // Throw exception if permission to administer this connection group
-            // is not granted
-            if (!administerableConnectionGroupIDs.contains(connection_group_id))
-                throw new GuacamoleSecurityException(
-                      "User #" + currentUser.getUserID()
-                    + " does not have permission to administrate connection group"
-                    + permission.getObjectIdentifier());
-
-            // Create new permission
-            ConnectionGroupPermissionKey newPermission = new ConnectionGroupPermissionKey();
-            newPermission.setUser_id(user_id);
-            newPermission.setPermission(MySQLConstants.getConnectionGroupConstant(permission.getType()));
-            newPermission.setConnection_group_id(connection_group_id);
-            connectionGroupPermissionDAO.insert(newPermission);
-
-        }
-    }
-
-    /**
-     * Delete permissions having to do with connections for a given user.
-     *
-     * @param user_id The ID of the user to change the permissions of.
-     * @param permissions The permissions the given user should no longer have
-     *                    when this operation completes.
-     * @throws GuacamoleException If permission to alter the access permissions
-     *                            of affected objects is denied.
-     */
-    private void deleteConnectionPermissions(int user_id,
-            Collection<ConnectionPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Get list of administerable connection IDs
-        Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
-            permissionCheckService.retrieveConnectionIDs(currentUser,
-                MySQLConstants.CONNECTION_ADMINISTER));
-
-        // Delete requested permissions
-        for (ConnectionPermission permission : permissions) {
-
-            // Get original ID
-            Integer connection_id = Integer.valueOf(permission.getObjectIdentifier());
-
-            // Verify that the user actually has permission to administrate
-            // every one of these connections
-            if (!administerableConnectionIDs.contains(connection_id))
-                throw new GuacamoleSecurityException(
-                      "User #" + currentUser.getUserID()
-                    + " does not have permission to administrate connection "
-                    + permission.getObjectIdentifier());
-
-            ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample();
-            connectionPermissionExample.createCriteria()
-                .andUser_idEqualTo(user_id)
-                .andPermissionEqualTo(MySQLConstants.getConnectionConstant(permission.getType()))
-                .andConnection_idEqualTo(connection_id);
-            connectionPermissionDAO.deleteByExample(connectionPermissionExample);
-
-        }
-
-    }
-
-    /**
-     * Delete permissions having to do with connection groups for a given user.
-     *
-     * @param user_id The ID of the user to change the permissions of.
-     * @param permissions The permissions the given user should no longer have
-     *                    when this operation completes.
-     * @throws GuacamoleException If permission to alter the access permissions
-     *                            of affected objects is denied.
-     */
-    private void deleteConnectionGroupPermissions(int user_id,
-            Collection<ConnectionGroupPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Get list of administerable connection group IDs
-        Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
-            permissionCheckService.retrieveConnectionGroupIDs(currentUser,
-                MySQLConstants.CONNECTION_GROUP_ADMINISTER));
-
-        // Delete requested permissions
-        for (ConnectionGroupPermission permission : permissions) {
-
-            // Get original ID
-            Integer connection_group_id = Integer.valueOf(permission.getObjectIdentifier());
-
-            // Verify that the user actually has permission to administrate
-            // every one of these connection groups
-            if (!administerableConnectionGroupIDs.contains(connection_group_id))
-                throw new GuacamoleSecurityException(
-                      "User #" + currentUser.getUserID()
-                    + " does not have permission to administrate connection group"
-                    + permission.getObjectIdentifier());
-
-            ConnectionGroupPermissionExample connectionGroupPermissionExample = new ConnectionGroupPermissionExample();
-            connectionGroupPermissionExample.createCriteria()
-                .andUser_idEqualTo(user_id)
-                .andPermissionEqualTo(MySQLConstants.getConnectionGroupConstant(permission.getType()))
-                .andConnection_group_idEqualTo(connection_group_id);
-            connectionGroupPermissionDAO.deleteByExample(connectionGroupPermissionExample);
-
-        }
-
-    }
-
-    /**
-     * Create any new system permissions for a given user. All permissions in
-     * the given list will be inserted.
-     *
-     * @param user_id The ID of the user whose permissions should be updated.
-     * @param permissions The new system permissions that the given user should
-     *                    have when this operation completes.
-     * @throws GuacamoleException If permission to administer system permissions
-     *                            is denied.
-     */
-    private void createSystemPermissions(int user_id,
-            Collection<SystemPermission> permissions) throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if(permissions.isEmpty())
-            return;
-
-        // Only a system administrator can add system permissions.
-        permissionCheckService.verifySystemAccess(
-                currentUser, SystemPermission.Type.ADMINISTER.name());
-
-        // Insert all requested permissions
-        for (SystemPermission permission : permissions) {
-
-            // Insert permission
-            SystemPermissionKey newSystemPermission = new SystemPermissionKey();
-            newSystemPermission.setUser_id(user_id);
-            newSystemPermission.setPermission(MySQLConstants.getSystemConstant(permission.getType()));
-            systemPermissionDAO.insert(newSystemPermission);
-
-        }
-
-    }
-
-    /**
-     * Delete system permissions for a given user. All permissions in
-     * the given list will be removed from the user.
-     *
-     * @param user_id The ID of the user whose permissions should be updated.
-     * @param permissions The permissions the given user should no longer have
-     *                    when this operation completes.
-     * @throws GuacamoleException If the permissions specified could not be
-     *                            removed due to system restrictions.
-     */
-    private void deleteSystemPermissions(int user_id,
-            Collection<SystemPermission> permissions)
-            throws GuacamoleException {
-
-        // If no permissions given, stop now
-        if (permissions.isEmpty())
-            return;
-
-        // Prevent self-de-adminifying
-        if (user_id == currentUser.getUserID())
-            throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed.");
-
-        // Build list of requested system permissions
-        List<String> systemPermissionTypes = new ArrayList<String>();
-        for (SystemPermission permission : permissions)
-            systemPermissionTypes.add(MySQLConstants.getSystemConstant(permission.getType()));
-
-        // Delete the requested system permissions for this user
-        SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
-        systemPermissionExample.createCriteria().andUser_idEqualTo(user_id)
-                .andPermissionIn(systemPermissionTypes);
-        systemPermissionDAO.deleteByExample(systemPermissionExample);
-
-    }
-
-    @Override
-    @Transactional
-    public void update(org.glyptodon.guacamole.net.auth.User object)
-            throws GuacamoleException {
-
-        // If user not actually from this auth provider, we can't handle updated
-        // permissions.
-        if (!(object instanceof MySQLUser))
-            throw new GuacamoleUnsupportedException("User not from database.");
-
-        MySQLUser mySQLUser = (MySQLUser) object;
-
-        // Validate permission to update this user is granted
-        permissionCheckService.verifyUserAccess(currentUser,
-                mySQLUser.getUserID(),
-                MySQLConstants.USER_UPDATE);
-
-        // Update the user in the database
-        userService.updateUser(mySQLUser);
-
-        // Update permissions in database
-        createPermissions(mySQLUser.getUserID(), mySQLUser.getNewPermissions());
-        removePermissions(mySQLUser.getUserID(), mySQLUser.getRemovedPermissions());
-
-        // The appropriate permissions have been inserted and deleted, so
-        // reset the new and removed permission sets.
-        mySQLUser.resetPermissions();
-
-    }
-
-    @Override
-    @Transactional
-    public void remove(String identifier) throws GuacamoleException {
-
-        // Get user pending deletion
-        MySQLUser user = userService.retrieveUser(identifier);
-
-        // Prevent self-deletion
-        if (user.getUserID() == currentUser.getUserID())
-            throw new GuacamoleUnsupportedException("Deleting your own user is not allowed.");
-
-        // Validate current user has permission to remove the specified user
-        permissionCheckService.verifyUserAccess(currentUser,
-                user.getUserID(),
-                MySQLConstants.USER_DELETE);
-
-        // Delete specified user
-        userService.deleteUser(user.getUserID());
-
-    }
-
     @Override
     public void move(String identifier, Directory<String, User> groupIdentifier) 
             throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }
 
+    @Override
+    public User get(String identifier) throws GuacamoleException {
+        return userService.retrieveObject(identifier);
+    }
+
+    @Override
+    @Transactional
+    public Collection<User> getAll(Collection<String> identifiers) throws GuacamoleException {
+        return Collections.<User>unmodifiableCollection(userService.retrieveObjects(identifiers));
+    }
+
+    @Override
+    @Transactional
+    public Set<String> getIdentifiers() throws GuacamoleException {
+        // STUB
+        return userService.getIdentifiers();
+    }
+
+    @Override
+    @Transactional
+    public void add(User object) throws GuacamoleException {
+        // STUB
+        MySQLUser user = (MySQLUser) object;
+        userService.createObject(user);
+    }
+
+    @Override
+    @Transactional
+    public void update(User object) throws GuacamoleException {
+        // STUB
+        MySQLUser user = (MySQLUser) object;
+        userService.updateObject(user);
+    }
+
+    @Override
+    @Transactional
+    public void remove(String identifier) throws GuacamoleException {
+        // STUB
+        userService.deleteObject(identifier);
+    }
+
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
new file mode 100644
index 000000000..3687b95c3
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.Collection;
+import java.util.Set;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Common interface for objects that will ultimately be made available through
+ * the Directory class. All such objects will need the same base set of queries
+ * to fulfill the needs of the Directory class.
+ *
+ * @author Michael Jumper
+ * @param <T>
+ *     The type of object contained within the directory whose objects are
+ *     mapped by this mapper.
+ */
+public interface DirectoryObjectMapper<T> {
+
+    /**
+     * Selects the identifiers of all objects.
+     *
+     * @return
+     *     A Set containing all identifiers of all objects.
+     */
+    Set<String> selectIdentifiers();
+    
+    /**
+     * Selects all objects which have the given identifiers. If an identifier
+     * has no corresponding object, it will be ignored.
+     *
+     * @param identifiers
+     *     The identifiers of the objects to return.
+     *
+     * @return 
+     *     A Collection of all objects having the given identifiers.
+     */
+    Collection<T> select(@Param("identifiers") Collection<String> identifiers);
+
+    /**
+     * Inserts the given object into the database. If the object already
+     * exists, this will result in an error.
+     *
+     * @param object
+     *     The object to insert.
+     *
+     * @return
+     *     The number of rows inserted.
+     */
+    int insert(@Param("object") T object);
+
+    /**
+     * Deletes the given object into the database. If the object does not 
+     * exist, this operation has no effect.
+     *
+     * @param identifier
+     *     The identifier of the object to delete.
+     *
+     * @return
+     *     The number of rows deleted.
+     */
+    int delete(@Param("identifier") String identifier);
+
+    /**
+     * Updates the given existing object in the database. If the object does 
+     * not actually exist, this operation has no effect.
+     *
+     * @param object
+     *     The object to update.
+     *
+     * @return
+     *     The number of rows updated.
+     */
+    int update(@Param("object") T object);
+    
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java
new file mode 100644
index 000000000..048d61207
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for user objects.
+ *
+ * @author Michael Jumper
+ */
+public interface UserMapper extends DirectoryObjectMapper<UserModel> {
+
+    /**
+     * Returns the user having the given username and password, if any. If no
+     * such user exists, null is returned.
+     *
+     * @param username
+     *     The username of the user to return.
+     *
+     * @param password
+     *     The password of the user to return.
+     *
+     * @return
+     *     The user having the given username and password, or null if no such
+     *     user exists.
+     */
+    UserModel selectByCredentials(@Param("username") String username,
+            @Param("password") String password);
+    
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
new file mode 100644
index 000000000..4130b6033
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+/**
+ * Object representation of a Guacamole user, as represented in the database.
+ *
+ * @author Michael Jumper
+ */
+public class UserModel {
+
+    /**
+     * The ID of this user in the database, if any.
+     */
+    private Integer userID;
+
+    /**
+     * The unique username which identifies this user.
+     */
+    private String username;
+    
+    /**
+     * The SHA-256 hash of the password and salt.
+     */
+    private byte[] passwordHash;
+
+    /**
+     * The 32-byte random binary password salt that was appended to the
+     * password prior to hashing.
+     */
+    private byte[] passwordSalt;
+
+    /**
+     * Creates a new, empty user.
+     */
+    public UserModel() {
+    }
+
+    /**
+     * Returns the username that uniquely identifies this user.
+     *
+     * @return
+     *     The username that uniquely identifies this user.
+     */
+    public String getUsername() {
+        return username;
+    }
+
+    /**
+     * Sets the username that uniquely identifies this user.
+     *
+     * @param username
+     *     The username that uniquely identifies this user.
+     */
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    /**
+     * Returns the ID of this user in the database, if it exists.
+     *
+     * @return
+     *     The ID of this user in the database, or null if this user was not
+     *     retrieved from the database.
+     */
+    public Integer getUserID() {
+        return userID;
+    }
+
+    /**
+     * Sets the ID of this user to the given value.
+     *
+     * @param userID
+     *     The ID to assign to this user.
+     */
+    public void setUserID(Integer userID) {
+        this.userID = userID;
+    }
+
+    /**
+     * Returns the hash of this user's password and password salt. This may be
+     * null if the user was not retrieved from the database, and setPassword()
+     * has not yet been called.
+     *
+     * @return
+     *     The hash of this user's password and password salt.
+     */
+    public byte[] getPasswordHash() {
+        return passwordHash;
+    }
+
+    /**
+     * Sets the hash of this user's password and password salt. This is
+     * normally only set upon retrieval from the database, or through a call
+     * to the higher-level setPassword() function.
+     *
+     * @param passwordHash
+     *     The hash of this user's password and password salt.
+     */
+    public void setPasswordHash(byte[] passwordHash) {
+        this.passwordHash = passwordHash;
+    }
+
+    /**
+     * Returns the random salt that was used when generating this user's
+     * password hash. This may be null if the user was not retrieved from the
+     * database, and setPassword() has not yet been called.
+     *
+     * @return
+     *     The random salt that was used when generating this user's password
+     *     hash.
+     */
+    public byte[] getPasswordSalt() {
+        return passwordSalt;
+    }
+
+    /**
+     * Sets the random salt that was used when generating this user's password
+     * hash. This is normally only set upon retrieval from the database, or
+     * through a call to the higher-level setPassword() function.
+     *
+     * @param passwordSalt
+     *     The random salt used when generating this user's password hash.
+     */
+    public void setPasswordSalt(byte[] passwordSalt) {
+        this.passwordSalt = passwordSalt;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
deleted file mode 100644
index 4c21ee548..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
+++ /dev/null
@@ -1,446 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql.service;
-
-import com.google.inject.Inject;
-import com.google.inject.Provider;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
-import net.sourceforge.guacamole.net.auth.mysql.ActiveConnectionMap;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroup;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupExample.Criteria;
-import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
-import org.glyptodon.guacamole.GuacamoleClientTooManyException;
-import org.glyptodon.guacamole.GuacamoleResourceNotFoundException;
-import org.glyptodon.guacamole.GuacamoleServerBusyException;
-import org.glyptodon.guacamole.properties.GuacamoleProperties;
-import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
-
-/**
- * Service which provides convenience methods for creating, retrieving, and
- * manipulating connection groups.
- *
- * @author James Muehlner
- */
-public class ConnectionGroupService {
-    
-    /**
-     * Service for managing connections.
-     */
-    @Inject
-    private ConnectionService connectionService;
-    
-    /**
-     * DAO for accessing connection groups.
-     */
-    @Inject
-    private ConnectionGroupMapper connectionGroupDAO;
-
-    /**
-     * Provider which creates MySQLConnectionGroups.
-     */
-    @Inject
-    private Provider<MySQLConnectionGroup> mysqlConnectionGroupProvider;
-    
-    /**
-     * The map of all active connections.
-     */
-    @Inject
-    private ActiveConnectionMap activeConnectionMap;
-    
-
-    /**
-     * Retrieves the connection group having the given 
-     * name from the database.
-     *
-     * @param name
-     *     The name of the connection to return.
-     *
-     * @param parentID
-     *     The ID of the parent connection group.
-     *
-     * @param currentUser
-     *     The user who queried this connection group.
-     *
-     * @return
-     *     The connection having the given name, or null if no such connection
-     *     group could be found.
-     */
-    public MySQLConnectionGroup retrieveConnectionGroup(String name, Integer parentID,
-            AuthenticatedUser currentUser) {
-
-        // Create criteria
-        ConnectionGroupExample example = new ConnectionGroupExample();
-        Criteria criteria = example.createCriteria().andConnection_group_nameEqualTo(name);
-        if(parentID != null)
-            criteria.andParent_idEqualTo(parentID);
-        else
-            criteria.andParent_idIsNull();
-        
-        // Query connection group by name and parentID
-        List<ConnectionGroup> connectionGroups =
-                connectionGroupDAO.selectByExample(example);
-
-        // If no connection group found, return null
-        if(connectionGroups.isEmpty())
-            return null;
-
-        // Otherwise, return found connection
-        return toMySQLConnectionGroup(connectionGroups.get(0), currentUser);
-
-    }
-
-    /**
-     * Retrieves the connection group having the given unique identifier 
-     * from the database.
-     *
-     * @param uniqueIdentifier
-     *     The unique identifier of the connection group to retrieve.
-     *
-     * @param currentUser 
-     *     The user who queried this connection group.
-     *
-     * @return
-     *     The connection group having the given unique identifier, or null if
-     *     no such connection group was found.
-     * 
-     * @throws GuacamoleException
-     *     If an error occurs while retrieving the connection group.
-     */
-    public MySQLConnectionGroup retrieveConnectionGroup(String uniqueIdentifier, 
-            AuthenticatedUser currentUser) throws GuacamoleException {
-
-        // The unique identifier for a MySQLConnectionGroup is the database ID
-        Integer connectionGroupID = null;
-        
-        // Try to parse the connectionID if it's not the root group
-        if(!MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER.equals(uniqueIdentifier)) {
-            try {
-                connectionGroupID = Integer.parseInt(uniqueIdentifier);
-            } catch(NumberFormatException e) {
-                throw new GuacamoleResourceNotFoundException("Invalid connection group ID.");
-            }
-        }
-        
-        return retrieveConnectionGroup(connectionGroupID, currentUser);
-    }
-    
-    /**
-     * Retrieves the connection group having the given ID from the database.
-     *
-     * @param id
-     *     The ID of the connection group to retrieve.
-     *
-     * @param currentUser
-     *     The user who queried this connection.
-     *
-     * @return
-     *     The connection group having the given ID, or null if no such
-     *     connection was found.
-     */
-    public MySQLConnectionGroup retrieveConnectionGroup(Integer id, AuthenticatedUser currentUser) {
-
-        // This is the root connection group, so just create it here
-        if(id == null) {
-            MySQLConnectionGroup connectionGroup = mysqlConnectionGroupProvider.get();
-            connectionGroup.init(null, null, 
-                    MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
-                    MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
-                    org.glyptodon.guacamole.net.auth.ConnectionGroup.Type.ORGANIZATIONAL, 
-                    currentUser);
-            
-            return connectionGroup;
-        }
-        
-        // Query connection by ID
-        ConnectionGroup connectionGroup = connectionGroupDAO.selectByPrimaryKey(id);
-
-        // If no connection found, return null
-        if(connectionGroup == null)
-            return null;
-
-        // Otherwise, return found connection
-        return toMySQLConnectionGroup(connectionGroup, currentUser);
-    }
-
-    /**
-     * Connect to the connection within the given group with the lowest number
-     * of currently active users.
-     *
-     * @param group
-     *     The group to load balance across.
-     *
-     * @param info
-     *     The information to use when performing the connection handshake.
-     *
-     * @param currentUser
-     *     The user who is connecting to the socket.
-     * 
-     * @return
-     *     The connected socket.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while connecting the socket.
-     */
-    public GuacamoleSocket connect(MySQLConnectionGroup group, 
-            GuacamoleClientInformation info, AuthenticatedUser currentUser)
-            throws GuacamoleException {
-       
-        // Get all connections in the group.
-        List<Integer> connectionIDs = connectionService.getAllConnectionIDs
-                (group.getConnectionGroupID());
-        
-        synchronized (activeConnectionMap) {
-
-            // Get the least used connection.
-            Integer leastUsedConnectionID = 
-                    activeConnectionMap.getLeastUsedConnection(connectionIDs);
-            
-            if(leastUsedConnectionID == null)
-                throw new GuacamoleResourceNotFoundException("No connections found in group.");
-            
-            if(GuacamoleProperties.getProperty(
-                    MySQLGuacamoleProperties.MYSQL_DISALLOW_SIMULTANEOUS_CONNECTIONS, false)
-                    && activeConnectionMap.isActive(leastUsedConnectionID))
-                throw new GuacamoleServerBusyException
-                        ("Cannot connect. All connections are in use.");
-            
-            if(GuacamoleProperties.getProperty(
-                    MySQLGuacamoleProperties.MYSQL_DISALLOW_DUPLICATE_CONNECTIONS, true)
-                    && activeConnectionMap.isConnectionGroupUserActive(group.getConnectionGroupID(), currentUser.getUserID()))
-                throw new GuacamoleClientTooManyException
-                        ("Cannot connect. Connection group already in use by this user.");
-
-            // Get the connection 
-            MySQLConnection connection = connectionService
-                    .retrieveConnection(leastUsedConnectionID, currentUser);
-            
-            // Connect to the connection
-            return connectionService.connect(connection, info, currentUser, group.getConnectionGroupID());
-
-        }
-            
-    }
-    
-    /**
-     * Returns a list of the IDs of all connection groups with a given parent ID.
-     * @param parentID The ID of the parent for all the queried connection groups.
-     * @return a list of the IDs of all connection groups with a given parent ID.
-     */
-    public List<Integer> getAllConnectionGroupIDs(Integer parentID) {
-        
-        // Create criteria
-        ConnectionGroupExample example = new ConnectionGroupExample();
-        Criteria criteria = example.createCriteria();
-        
-        if(parentID != null)
-            criteria.andParent_idEqualTo(parentID);
-        else
-            criteria.andParent_idIsNull();
-        
-        // Query the connections
-        List<ConnectionGroup> connectionGroups = connectionGroupDAO.selectByExample(example);
-        
-        // List of IDs of connections with the given parent
-        List<Integer> connectionGroupIDs = new ArrayList<Integer>();
-        
-        for(ConnectionGroup connectionGroup : connectionGroups) {
-            connectionGroupIDs.add(connectionGroup.getConnection_group_id());
-        }
-        
-        return connectionGroupIDs;
-    }
-
-    /**
-     * Get the identifiers of all the connection groups defined in the system 
-     * with a certain parentID.
-     *
-     * @return A Set of identifiers of all the connection groups defined 
-     * in the system with the given parentID.
-     */
-    public Set<String> getAllConnectionGroupIdentifiers(Integer parentID) {
-
-        // Set of all present connection identifiers
-        Set<String> identifiers = new HashSet<String>();
-        
-        // Set up Criteria
-        ConnectionGroupExample example = new ConnectionGroupExample();
-        Criteria criteria = example.createCriteria();
-        if(parentID != null)
-            criteria.andParent_idEqualTo(parentID);
-        else
-            criteria.andParent_idIsNull();
-
-        // Query connection identifiers
-        List<ConnectionGroup> connectionGroups =
-                connectionGroupDAO.selectByExample(example);
-        for (ConnectionGroup connectionGroup : connectionGroups)
-            identifiers.add(String.valueOf(connectionGroup.getConnection_group_id()));
-
-        return identifiers;
-
-    }
-
-    /**
-     * Convert the given database-retrieved Connection into a MySQLConnection.
-     * The parameters of the given connection will be read and added to the
-     * MySQLConnection in the process.
-     *
-     * @param connection
-     *     The connection to convert.
-     *
-     * @param currentUser
-     *     The user who queried this connection.
-     *
-     * @return
-     *     A new MySQLConnection containing all data associated with the
-     *     specified connection.
-     */
-    private MySQLConnectionGroup toMySQLConnectionGroup(ConnectionGroup connectionGroup,
-            AuthenticatedUser currentUser) {
-
-        // Create new MySQLConnection from retrieved data
-        MySQLConnectionGroup mySQLConnectionGroup = mysqlConnectionGroupProvider.get();
-        
-        String mySqlType = connectionGroup.getType();
-        org.glyptodon.guacamole.net.auth.ConnectionGroup.Type authType;
-        
-        if(mySqlType.equals(MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL))
-            authType = org.glyptodon.guacamole.net.auth.ConnectionGroup.Type.ORGANIZATIONAL;
-        else
-            authType = org.glyptodon.guacamole.net.auth.ConnectionGroup.Type.BALANCING;
-        
-        mySQLConnectionGroup.init(
-            connectionGroup.getConnection_group_id(),
-            connectionGroup.getParent_id(),
-            connectionGroup.getConnection_group_name(),
-            Integer.toString(connectionGroup.getConnection_group_id()),
-            authType,
-            currentUser
-        );
-
-        return mySQLConnectionGroup;
-
-    }
-
-    /**
-     * Get the connection group IDs of all the connection groups defined in the system.
-     *
-     * @return A list of connection group IDs of all the connection groups defined in the system.
-     */
-    public List<Integer> getAllConnectionGroupIDs() {
-
-        // Set of all present connection group IDs
-        List<Integer> connectionGroupIDs = new ArrayList<Integer>();
-
-        // Query all connection IDs
-        List<ConnectionGroup> connections =
-                connectionGroupDAO.selectByExample(new ConnectionGroupExample());
-        for (ConnectionGroup connection : connections)
-            connectionGroupIDs.add(connection.getConnection_group_id());
-
-        return connectionGroupIDs;
-
-    }
-
-    /**
-     * Creates a new connection group having the given name and type.
-     *
-     * @param name
-     *     The name to assign to the new connection group.
-     *
-     * @param currentUser
-     *     The user who created this connection group.
-     *
-     * @param parentID
-     *     The ID of the parent of the new connection group, if any.
-     *
-     * @param type
-     *     The type of the new connection group.
-     *
-     * @return A new MySQLConnectionGroup containing the data of the newly created
-     *         connection group.
-     */
-    public MySQLConnectionGroup createConnectionGroup(String name, AuthenticatedUser currentUser, 
-            Integer parentID, String type) {
-
-        // Initialize database connection
-        ConnectionGroup connectionGroup = new ConnectionGroup();
-        connectionGroup.setConnection_group_name(name);
-        connectionGroup.setParent_id(parentID);
-        connectionGroup.setType(type);
-
-        // Create connection
-        connectionGroupDAO.insert(connectionGroup);
-        return toMySQLConnectionGroup(connectionGroup, currentUser);
-
-    }
-
-    /**
-     * Updates the connection group in the database corresponding to the given
-     * MySQLConnectionGroup.
-     *
-     * @param mySQLConnectionGroup The MySQLConnectionGroup to update (save) 
-     *                             to the database. 
-     *                             This connection must already exist.
-     */
-    public void updateConnectionGroup(MySQLConnectionGroup mySQLConnectionGroup) {
-
-        // Populate connection
-        ConnectionGroup connectionGroup = new ConnectionGroup();
-        connectionGroup.setConnection_group_id(mySQLConnectionGroup.getConnectionGroupID());
-        connectionGroup.setParent_id(mySQLConnectionGroup.getParentID());
-        connectionGroup.setConnection_group_name(mySQLConnectionGroup.getName());
-        
-        switch(mySQLConnectionGroup.getType()) {
-            case BALANCING :
-                connectionGroup.setType(MySQLConstants.CONNECTION_GROUP_BALANCING);
-                break;
-            case ORGANIZATIONAL:
-                connectionGroup.setType(MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
-                break;
-        }
-
-        // Update the connection group in the database
-        connectionGroupDAO.updateByPrimaryKey(connectionGroup);
-
-    }
-
-    /**
-     * Deletes the connection group having the given ID from the database.
-     * @param id The ID of the connection group to delete.
-     */
-    public void deleteConnectionGroup(int id) {
-        connectionGroupDAO.deleteByPrimaryKey(id);
-    }
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
deleted file mode 100644
index 63126eb76..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ /dev/null
@@ -1,548 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql.service;
-
-import com.google.inject.Inject;
-import com.google.inject.Provider;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
-import org.glyptodon.guacamole.net.InetGuacamoleSocket;
-import org.glyptodon.guacamole.net.SSLGuacamoleSocket;
-import net.sourceforge.guacamole.net.auth.mysql.ActiveConnectionMap;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionRecord;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLGuacamoleSocket;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionHistoryMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionParameterMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.Connection;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionExample.Criteria;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionHistory;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionHistoryExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameter;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameterExample;
-import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
-import org.glyptodon.guacamole.properties.GuacamoleProperties;
-import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
-import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
-import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
-import org.apache.ibatis.session.RowBounds;
-import org.glyptodon.guacamole.GuacamoleClientTooManyException;
-import org.glyptodon.guacamole.GuacamoleResourceConflictException;
-import org.glyptodon.guacamole.token.StandardTokens;
-import org.glyptodon.guacamole.token.TokenFilter;
-
-/**
- * Service which provides convenience methods for creating, retrieving, and
- * manipulating connections.
- *
- * @author Michael Jumper, James Muehlner
- */
-public class ConnectionService {
-
-    /**
-     * DAO for accessing connections.
-     */
-    @Inject
-    private ConnectionMapper connectionDAO;
-
-    /**
-     * DAO for accessing connection parameters.
-     */
-    @Inject
-    private ConnectionParameterMapper connectionParameterDAO;
-
-    /**
-     * DAO for accessing connection history.
-     */
-    @Inject
-    private ConnectionHistoryMapper connectionHistoryDAO;
-
-    /**
-     * Provider which creates MySQLConnections.
-     */
-    @Inject
-    private Provider<MySQLConnection> mySQLConnectionProvider;
-
-    /**
-     * Provider which creates MySQLGuacamoleSockets.
-     */
-    @Inject
-    private Provider<MySQLGuacamoleSocket> mySQLGuacamoleSocketProvider;
-
-    /**
-     * Map of all currently active connections.
-     */
-    @Inject
-    private ActiveConnectionMap activeConnectionMap;
-
-    /**
-     * Service managing users.
-     */
-    @Inject
-    private UserService userService;
-
-    /**
-     * Retrieves the connection having the given name from the database.
-     *
-     * @param name
-     *     The name of the connection to return.
-     *
-     * @param parentID
-     *     The ID of the parent connection group.
-     *
-     * @param currentUser 
-     *     The user who queried this connection.
-     *
-     * @return
-     *     The connection having the given name, or null if no such
-     *     connection could be found.
-     */
-    public MySQLConnection retrieveConnection(String name, Integer parentID,
-            AuthenticatedUser currentUser) {
-
-        // Create criteria
-        ConnectionExample example = new ConnectionExample();
-        Criteria criteria = example.createCriteria().andConnection_nameEqualTo(name);
-        if(parentID != null)
-            criteria.andParent_idEqualTo(parentID);
-        else
-            criteria.andParent_idIsNull();
-        
-        // Query connection by name and parentID
-        List<Connection> connections =
-                connectionDAO.selectByExample(example);
-
-        // If no connection found, return null
-        if(connections.isEmpty())
-            return null;
-
-        // Otherwise, return found connection
-        return toMySQLConnection(connections.get(0), currentUser);
-
-    }
-
-    /**
-     * Retrieves the connection having the given unique identifier 
-     * from the database.
-     *
-     * @param uniqueIdentifier
-     *     The unique identifier of the connection to retrieve.
-     * 
-     * @param currentUser
-     *     The user who queried this connection.
-     *
-     * @return
-     *     The connection having the given unique identifier, or null if no
-     *     such connection was found.
-     */
-    public MySQLConnection retrieveConnection(String uniqueIdentifier, AuthenticatedUser currentUser) {
-
-        // The unique identifier for a MySQLConnection is the database ID
-        int connectionID;
-        try {
-            connectionID = Integer.parseInt(uniqueIdentifier);
-        } catch(NumberFormatException e) {
-            // Invalid number means it can't be a DB record; not found
-            return null;
-        }
-        
-        return retrieveConnection(connectionID, currentUser);
-    }
-
-    /**
-     * Retrieves the connection having the given ID from the database.
-     *
-     * @param id
-     *     The ID of the connection to retrieve.
-     *
-     * @param currentUser
-     *     The user who queried this connection.
-     *
-     * @return
-     *     The connection having the given ID, or null if no such connection
-     *     was found.
-     */
-    public MySQLConnection retrieveConnection(int id, AuthenticatedUser currentUser) {
-
-        // Query connection by ID
-        Connection connection = connectionDAO.selectByPrimaryKey(id);
-
-        // If no connection found, return null
-        if(connection == null)
-            return null;
-
-        // Otherwise, return found connection
-        return toMySQLConnection(connection, currentUser);
-    }
-    
-    /**
-     * Returns a list of the IDs of all connections with a given parent ID.
-     * @param parentID The ID of the parent for all the queried connections.
-     * @return a list of the IDs of all connections with a given parent ID.
-     */
-    public List<Integer> getAllConnectionIDs(Integer parentID) {
-        
-        // Create criteria
-        ConnectionExample example = new ConnectionExample();
-        Criteria criteria = example.createCriteria();
-        
-        if(parentID != null)
-            criteria.andParent_idEqualTo(parentID);
-        else
-            criteria.andParent_idIsNull();
-        
-        // Query the connections
-        List<Connection> connections = connectionDAO.selectByExample(example);
-        
-        // List of IDs of connections with the given parent
-        List<Integer> connectionIDs = new ArrayList<Integer>();
-        
-        for(Connection connection : connections) {
-            connectionIDs.add(connection.getConnection_id());
-        }
-        
-        return connectionIDs;
-    }
-
-    /**
-     * Convert the given database-retrieved Connection into a MySQLConnection.
-     * The parameters of the given connection will be read and added to the
-     * MySQLConnection in the process.
-     *
-     * @param connection
-     *     The connection to convert.
-     *
-     * @param currentUser
-     *     The user who queried this connection.
-     *
-     * @return A new MySQLConnection containing all data associated with the
-     *         specified connection.
-     */
-    private MySQLConnection toMySQLConnection(Connection connection, AuthenticatedUser currentUser) {
-
-        // Build configuration
-        GuacamoleConfiguration config = new GuacamoleConfiguration();
-
-        // Query parameters for configuration
-        ConnectionParameterExample connectionParameterExample = new ConnectionParameterExample();
-        connectionParameterExample.createCriteria().andConnection_idEqualTo(connection.getConnection_id());
-        List<ConnectionParameter> connectionParameters =
-                connectionParameterDAO.selectByExample(connectionParameterExample);
-
-        // Set protocol
-        config.setProtocol(connection.getProtocol());
-
-        // Set all values for all parameters
-        for (ConnectionParameter parameter : connectionParameters)
-            config.setParameter(parameter.getParameter_name(),
-                    parameter.getParameter_value());
-
-        // Create new MySQLConnection from retrieved data
-        MySQLConnection mySQLConnection = mySQLConnectionProvider.get();
-        mySQLConnection.init(
-            connection.getConnection_id(),
-            connection.getParent_id(),
-            connection.getConnection_name(),
-            Integer.toString(connection.getConnection_id()),
-            config,
-            retrieveHistory(connection.getConnection_id()),
-            currentUser
-        );
-
-        return mySQLConnection;
-
-    }
-
-    /**
-     * Retrieves the history of the connection having the given ID.
-     *
-     * @param connectionID The ID of the connection to retrieve the history of.
-     * @return A list of MySQLConnectionRecord documenting the history of this
-     *         connection.
-     */
-    public List<MySQLConnectionRecord> retrieveHistory(int connectionID) {
-
-        // Retrieve history records relating to given connection ID
-        ConnectionHistoryExample example = new ConnectionHistoryExample();
-        example.createCriteria().andConnection_idEqualTo(connectionID);
-
-        // We want to return the newest records first
-        example.setOrderByClause("start_date DESC");
-
-        // Set the maximum number of history records returned to 100
-        RowBounds rowBounds = new RowBounds(0, 100);
-
-        // Retrieve all connection history entries
-        List<ConnectionHistory> connectionHistories =
-                connectionHistoryDAO.selectByExampleWithRowbounds(example, rowBounds);
-
-        // Convert history entries to connection records
-        List<MySQLConnectionRecord> connectionRecords = new ArrayList<MySQLConnectionRecord>();
-        Set<Integer> userIDSet = new HashSet<Integer>();
-        for(ConnectionHistory history : connectionHistories) {
-            userIDSet.add(history.getUser_id());
-        }
-
-        // Determine whether connection is currently active
-        int user_count = activeConnectionMap.getCurrentUserCount(connectionID);
-
-        // Get all the usernames for the users who are in the history
-        Map<Integer, String> usernameMap = userService.retrieveUsernames(userIDSet);
-
-        // Create the new ConnectionRecords
-        for(ConnectionHistory history : connectionHistories) {
-
-            Date startDate = history.getStart_date();
-            Date endDate = history.getEnd_date();
-            String username = usernameMap.get(history.getUser_id());
-
-            // If there are active users, list the top N not-ended connections
-            // as active (best guess)
-            MySQLConnectionRecord connectionRecord;
-            if (user_count > 0 && endDate == null) {
-                connectionRecord = new MySQLConnectionRecord(startDate, endDate, username, true);
-                user_count--;
-            }
-
-            // If no active users, or end date is recorded, connection is not
-            // active.
-            else
-                connectionRecord = new MySQLConnectionRecord(startDate, endDate, username, false);
-
-            connectionRecords.add(connectionRecord);
-
-        }
-
-        return connectionRecords;
-    }
-    
-    
-
-    /**
-     * Create a MySQLGuacamoleSocket using the provided connection.
-     *
-     * @param connection
-     *     The connection to use when connecting the socket.
-     *
-     * @param info
-     *     The information to use when performing the connection handshake.
-     *
-     * @param currentUser 
-     *     The user who is connecting to the socket.
-     *
-     * @param connectionGroupID
-     *     The ID of the balancing connection group that is being connected to;
-     *     null if not used.
-     *
-     * @return
-     *     The connected socket.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while connecting the socket.
-     */
-    public MySQLGuacamoleSocket connect(MySQLConnection connection,
-            GuacamoleClientInformation info, AuthenticatedUser currentUser,
-            Integer connectionGroupID)
-        throws GuacamoleException {
-
-        synchronized (activeConnectionMap) {
-
-            // If the given connection is active, and multiple simultaneous
-            // connections are not allowed, disallow connection
-            if(GuacamoleProperties.getProperty(
-                    MySQLGuacamoleProperties.MYSQL_DISALLOW_SIMULTANEOUS_CONNECTIONS, false)
-                    && activeConnectionMap.isActive(connection.getConnectionID()))
-                throw new GuacamoleResourceConflictException("Cannot connect. This connection is in use.");
-            
-            if(GuacamoleProperties.getProperty(
-                    MySQLGuacamoleProperties.MYSQL_DISALLOW_DUPLICATE_CONNECTIONS, true)
-                    && activeConnectionMap.isConnectionUserActive(connection.getConnectionID(), currentUser.getUserID()))
-                throw new GuacamoleClientTooManyException
-                        ("Cannot connect. Connection already in use by this user.");
-
-            // Get guacd connection information
-            String host = GuacamoleProperties.getRequiredProperty(GuacamoleProperties.GUACD_HOSTNAME);
-            int port = GuacamoleProperties.getRequiredProperty(GuacamoleProperties.GUACD_PORT);
-
-            // Build token filter containing credential tokens
-            TokenFilter tokenFilter = new TokenFilter();
-            StandardTokens.addStandardTokens(tokenFilter, currentUser.getCredentials());
-
-            // Filter the configuration
-            GuacamoleConfiguration config = new GuacamoleConfiguration(connection.getConfiguration());
-            tokenFilter.filterValues(config.getParameters());
-            
-            // Get socket
-            GuacamoleSocket socket;
-            if (GuacamoleProperties.getProperty(GuacamoleProperties.GUACD_SSL, false))
-                socket = new ConfiguredGuacamoleSocket(
-                    new SSLGuacamoleSocket(host, port),
-                    config, info
-                );
-            else
-                socket = new ConfiguredGuacamoleSocket(
-                    new InetGuacamoleSocket(host, port),
-                    config, info
-                );
-
-            // Mark this connection as active
-            int historyID = activeConnectionMap.openConnection(connection.getConnectionID(), 
-                    currentUser.getUserID(), connectionGroupID);
-
-                // Return new MySQLGuacamoleSocket
-            MySQLGuacamoleSocket mySQLGuacamoleSocket = mySQLGuacamoleSocketProvider.get();
-            mySQLGuacamoleSocket.init(socket, historyID, connectionGroupID);
-                
-            return mySQLGuacamoleSocket;
-
-        }
-
-    }
-
-    /**
-     * Creates a new connection having the given name and protocol.
-     *
-     * @param name
-     *     The name to assign to the new connection.
-     *
-     * @param protocol
-     *     The protocol to assign to the new connection.
-     *
-     * @param currentUser
-     *     The user who created this connection.
-     *
-     * @param parentID
-     *     The ID of the parent connection group.
-     *
-     * @return
-     *     A new MySQLConnection containing the data of the newly created
-     *     connection.
-     */
-    public MySQLConnection createConnection(String name, String protocol,
-            AuthenticatedUser currentUser, Integer parentID) {
-
-        // Initialize database connection
-        Connection connection = new Connection();
-        connection.setConnection_name(name);
-        connection.setProtocol(protocol);
-        connection.setParent_id(parentID);
-
-        // Create connection
-        connectionDAO.insert(connection);
-        return toMySQLConnection(connection, currentUser);
-
-    }
-
-    /**
-     * Deletes the connection having the given ID from the database.
-     * @param id The ID of the connection to delete.
-     */
-    public void deleteConnection(int id) {
-        connectionDAO.deleteByPrimaryKey(id);
-    }
-
-    /**
-     * Updates the connection in the database corresponding to the given
-     * MySQLConnection.
-     *
-     * @param mySQLConnection The MySQLConnection to update (save) to the
-     *                        database. This connection must already exist.
-     */
-    public void updateConnection(MySQLConnection mySQLConnection) {
-
-        // Populate connection
-        Connection connection = new Connection();
-        connection.setConnection_id(mySQLConnection.getConnectionID());
-        connection.setParent_id(mySQLConnection.getParentID());
-        connection.setConnection_name(mySQLConnection.getName());
-        connection.setProtocol(mySQLConnection.getConfiguration().getProtocol());
-
-        // Update the connection in the database
-        connectionDAO.updateByPrimaryKey(connection);
-
-    }
-
-    /**
-     * Get the identifiers of all the connections defined in the system 
-     * with a certain parentID.
-     *
-     * @return A Set of identifiers of all the connections defined in the system
-     * with the given parentID.
-     */
-    public Set<String> getAllConnectionIdentifiers(Integer parentID) {
-
-        // Set of all present connection identifiers
-        Set<String> identifiers = new HashSet<String>();
-        
-        // Set up Criteria
-        ConnectionExample example = new ConnectionExample();
-        Criteria criteria = example.createCriteria();
-        if(parentID != null)
-            criteria.andParent_idEqualTo(parentID);
-        else
-            criteria.andParent_idIsNull();
-
-        // Query connection identifiers
-        List<Connection> connections =
-                connectionDAO.selectByExample(example);
-        for (Connection connection : connections)
-            identifiers.add(String.valueOf(connection.getConnection_id()));
-
-        return identifiers;
-
-    }
-
-    /**
-     * Get the connection IDs of all the connections defined in the system 
-     * with a certain parent connection group.
-     *
-     * @return A list of connection IDs of all the connections defined in the system.
-     */
-    public List<Integer> getAllConnectionIDs() {
-
-        // Set of all present connection IDs
-        List<Integer> connectionIDs = new ArrayList<Integer>();
-
-        // Create the criteria
-        ConnectionExample example = new ConnectionExample();
-        
-        // Query the connections
-        List<Connection> connections =
-                connectionDAO.selectByExample(example);
-        for (Connection connection : connections)
-            connectionIDs.add(connection.getConnection_id());
-
-        return connectionIDs;
-
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
new file mode 100644
index 000000000..f33744d25
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -0,0 +1,183 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.DirectoryObject;
+import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating users.
+ *
+ * @author Michael Jumper
+ * @param <ObjectType>
+ *     The type of object this service provides access to.
+ *
+ * @param <ModelType>
+ *     The underlying model object used to represent ObjectType in the
+ *     database.
+ */
+public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<ModelType>, ModelType> {
+
+    /**
+     * Returns an instance of a mapper for the type of object used by this
+     * service.
+     *
+     * @return
+     *     A mapper which provides access to the model objects associated with
+     *     the objects used by this service.
+     */
+    protected abstract DirectoryObjectMapper<ModelType> getObjectMapper();
+
+    /**
+     * Returns an instance of an object which is backed by the given model
+     * object.
+     *
+     * @param model
+     *     The model object to use to back the returned object.
+     *
+     * @return
+     *     An object which is backed by the given model object.
+     */
+    protected abstract ObjectType getObjectInstance(ModelType model);
+
+    /**
+     * Returns a collection of objects which are backed by the models in the
+     * given collection.
+     *
+     * @param models
+     *     The model objects to use to back the objects within the returned
+     *     collection.
+     *
+     * @return
+     *     A collection of objects which are backed by the models in the given
+     *     collection.
+     */
+    protected Collection<ObjectType> getObjectInstances(Collection<ModelType> models) {
+
+        // Create new collection of objects by manually converting each model
+        Collection<ObjectType> objects = new ArrayList<ObjectType>(models.size());
+        for (ModelType model : models)
+            objects.add(getObjectInstance(model));
+
+        return objects;
+        
+    }
+
+    /**
+     * Retrieves the single object that has the given identifier, if it exists.
+     *
+     * @param identifier
+     *     The identifier of the object to retrieve.
+     *
+     * @return
+     *     The object having the given identifier, or null if no such object
+     *     exists.
+     */
+    public ObjectType retrieveObject(String identifier) {
+
+        // Pull objects having given identifier
+        Collection<ObjectType> objects = retrieveObjects(Collections.singleton(identifier));
+
+        // If no such object, return null
+        if (objects.isEmpty())
+            return null;
+
+        // The object collection will have exactly one element unless the
+        // database has seriously lost integrity
+        assert(objects.size() == 1);
+
+        // Return first and only object 
+        return objects.iterator().next();
+
+    }
+    
+    /**
+     * Retrieves all objects that have the identifiers in the given collection.
+     *
+     * @param identifiers
+     *     The identifiers of the objects to retrieve.
+     *
+     * @return
+     *     The objects having the given identifiers.
+     */
+    public Collection<ObjectType> retrieveObjects(Collection<String> identifiers) {
+
+        // Do not query if no identifiers given
+        if (identifiers.isEmpty())
+            return Collections.EMPTY_LIST;
+
+        // Return collection of requested objects
+        return getObjectInstances(getObjectMapper().select(identifiers));
+        
+    }
+
+    /**
+     * Creates the given object within the database. If the object already
+     * exists, an error will be thrown. The internal model object will be
+     * updated appropriately to contain the new database ID.
+     *
+     * @param object
+     *     The object to create.
+     */
+    public void createObject(ObjectType object) {
+        getObjectMapper().insert(object.getModel());
+    }
+
+    /**
+     * Deletes the object having the given identifier. If no such object
+     * exists, this function has no effect.
+     *
+     * @param identifier
+     *     The identifier of the object to delete.
+     */
+    public void deleteObject(String identifier) {
+        getObjectMapper().delete(identifier);
+    }
+
+    /**
+     * Updates the given object in the database, applying any changes that have
+     * been made. If no such object exists, this function has no effect.
+     *
+     * @param object
+     *     The object to update.
+     */
+    public void updateObject(ObjectType object) {
+        getObjectMapper().update(object.getModel());
+    }
+
+    /**
+     * Returns the set of all identifiers for all objects in the database.
+     *
+     * @return
+     *     The set of all identifiers for all objects in the database.
+     */
+    public Set<String> getIdentifiers() {
+        return getObjectMapper().selectIdentifiers();
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
index 67ea8bab0..5d21eeb3e 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
@@ -22,27 +22,12 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
-
 /**
  * A service to perform password encryption and checking.
  * @author James Muehlner
  */
 public interface PasswordEncryptionService {
 
-    /**
-     * Checks whether the provided, unhashed password matches the given
-     * hash/salt pair.
-     *
-     * @param password The unhashed password to validate.
-     * @param hashedPassword The hashed password to compare the given password
-     *                       against.
-     * @param salt The salt used when the hashed password given was created.
-     * @return true if the provided credentials match the values given, false
-     *         otherwise.
-     */
-    public boolean checkPassword(String password, byte[] hashedPassword,
-            byte[] salt);
-
     /**
      * Creates a password hash based on the provided username, password, and
      * salt.
@@ -52,4 +37,5 @@ public interface PasswordEncryptionService {
      * @return The generated password hash.
      */
     public byte[] createPasswordHash(String password, byte[] salt);
+
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
deleted file mode 100644
index a6a8d2326..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
+++ /dev/null
@@ -1,968 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql.service;
-
-import com.google.inject.Inject;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import org.glyptodon.guacamole.GuacamoleSecurityException;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionExample.Criteria;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionKey;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserPermissionExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserPermissionKey;
-import org.glyptodon.guacamole.net.auth.permission.ConnectionGroupPermission;
-import org.glyptodon.guacamole.net.auth.permission.ConnectionPermission;
-import org.glyptodon.guacamole.net.auth.permission.Permission;
-import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
-import org.glyptodon.guacamole.net.auth.permission.UserPermission;
-
-/**
- * A service to retrieve information about what objects a user has permission to.
- * @author James Muehlner
- */
-public class PermissionCheckService {
-
-    /**
-     * Service for accessing users.
-     */
-    @Inject
-    private UserService userService;
-
-    /**
-     * Service for accessing connections.
-     */
-    @Inject
-    private ConnectionService connectionService;
-
-    /**
-     * Service for accessing connection groups.
-     */
-    @Inject
-    private ConnectionGroupService connectionGroupService;
-
-    /**
-     * DAO for accessing permissions related to users.
-     */
-    @Inject
-    private UserPermissionMapper userPermissionDAO;
-
-    /**
-     * DAO for accessing permissions related to connections.
-     */
-    @Inject
-    private ConnectionPermissionMapper connectionPermissionDAO;
-    
-    /**
-     * DAO for accessing permissions related to connection groups.
-     */
-    @Inject
-    private ConnectionGroupPermissionMapper connectionGroupPermissionDAO;
-
-    /**
-     * DAO for accessing permissions related to the system as a whole.
-     */
-    @Inject
-    private SystemPermissionMapper systemPermissionDAO;
-
-    /**
-     * Verifies that the user has the specified access to the given other
-     * user. If permission is denied, a GuacamoleSecurityException is thrown.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param affectedUserID
-     *     The user that would be affected by the operation if permission is
-     *     granted.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @throws GuacamoleSecurityException
-     *     If the specified permission is not granted.
-     */
-    public void verifyUserAccess(AuthenticatedUser currentUser, int affectedUserID,
-            String permissionType) throws GuacamoleSecurityException {
-
-        // If permission does not exist, throw exception
-        if(!checkUserAccess(currentUser, affectedUserID, permissionType))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-
-    /**
-     * Verifies that the user has the specified access to the given connection.
-     * If permission is denied, a GuacamoleSecurityException is thrown.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param affectedConnectionID
-     *     The connection that would be affected by the operation if permission
-     *     is granted.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @throws GuacamoleSecurityException
-     *     If the specified permission is not granted.
-     */
-    public void verifyConnectionAccess(AuthenticatedUser currentUser,
-            int affectedConnectionID, String permissionType) throws GuacamoleSecurityException {
-
-        // If permission does not exist, throw exception
-        if(!checkConnectionAccess(currentUser, affectedConnectionID, permissionType))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-
-    /**
-     * Verifies that the user has the specified access to the given connection group.
-     * If permission is denied, a GuacamoleSecurityException is thrown.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param affectedConnectionGroupID
-     *     The connection group that would be affected by the operation if
-     *     permission is granted.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @throws GuacamoleSecurityException
-     *     If the specified permission is not granted.
-     */
-    public void verifyConnectionGroupAccess(AuthenticatedUser currentUser,
-            Integer affectedConnectionGroupID, String permissionType) throws GuacamoleSecurityException {
-
-        // If permission does not exist, throw exception
-        if(!checkConnectionGroupAccess(currentUser, affectedConnectionGroupID, permissionType))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-    
-    /**
-     * Verifies that the user has the specified access to the system. If
-     * permission is denied, a GuacamoleSecurityException is thrown.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param systemPermissionType
-     *     The type of permission to check for.
-     *
-     * @throws GuacamoleSecurityException
-     *     If the specified permission is not granted.
-     */
-    public void verifySystemAccess(AuthenticatedUser currentUser, String systemPermissionType)
-            throws GuacamoleSecurityException {
-
-        // If permission does not exist, throw exception
-        if(!checkSystemAccess(currentUser, systemPermissionType))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-
-    /**
-     * Checks whether a user has the specified type of access to the affected
-     * user.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param affectedUserID
-     *     The user that would be affected by the operation if permission is
-     *     granted.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     true if the specified permission is granted, false otherwise.
-     */
-    public boolean checkUserAccess(AuthenticatedUser currentUser,
-            Integer affectedUserID, String permissionType) {
-
-        // A system administrator has full access to everything.
-        if(checkSystemAdministratorAccess(currentUser))
-            return true;
-
-        // Check existence of requested permission
-        UserPermissionExample example = new UserPermissionExample();
-        example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andAffected_user_idEqualTo(affectedUserID).andPermissionEqualTo(permissionType);
-        return userPermissionDAO.countByExample(example) > 0;
-
-    }
-
-    /**
-     * Checks whether a user has the specified type of access to the affected
-     * connection.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param affectedConnectionID
-     *     The connection that would be affected by the operation if permission
-     *     is granted.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     true if the specified permission is granted, false otherwise.
-     */
-    public boolean checkConnectionAccess(AuthenticatedUser currentUser,
-            Integer affectedConnectionID, String permissionType) {
-
-        // A system administrator has full access to everything.
-        if(checkSystemAdministratorAccess(currentUser))
-            return true;
-
-        // Check existence of requested permission
-        ConnectionPermissionExample example = new ConnectionPermissionExample();
-        example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andConnection_idEqualTo(affectedConnectionID).andPermissionEqualTo(permissionType);
-        return connectionPermissionDAO.countByExample(example) > 0;
-
-    }
-
-    /**
-     * Checks whether a user has the specified type of access to the affected
-     * connection group.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param affectedConnectionGroupID
-     *     The connection group that would be affected by the operation if
-     *     permission is granted.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     true if the specified permission is granted, false otherwise.
-     */
-    public boolean checkConnectionGroupAccess(AuthenticatedUser currentUser,
-            Integer affectedConnectionGroupID, String permissionType) {
-
-        // All users have implicit permission to read and update the root connection group
-        if(affectedConnectionGroupID == null && 
-                MySQLConstants.CONNECTION_GROUP_READ.equals(permissionType) ||
-                MySQLConstants.CONNECTION_GROUP_UPDATE.equals(permissionType))
-            return true;
-        
-        // A system administrator has full access to everything.
-        if(checkSystemAdministratorAccess(currentUser))
-            return true;
-
-        // Check existence of requested permission
-        ConnectionGroupPermissionExample example = new ConnectionGroupPermissionExample();
-        example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andConnection_group_idEqualTo(affectedConnectionGroupID).andPermissionEqualTo(permissionType);
-        return connectionGroupPermissionDAO.countByExample(example) > 0;
-
-    }
-
-    /**
-     * Checks whether a user has the specified type of access to the system.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param systemPermissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     true if the specified permission is granted, false otherwise.
-     */
-    private boolean checkSystemAccess(AuthenticatedUser currentUser, String systemPermissionType) {
-
-        // A system administrator has full access to everything.
-        if(checkSystemAdministratorAccess(currentUser))
-            return true;
-
-        // Check existence of requested permission
-        SystemPermissionExample example = new SystemPermissionExample();
-        example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andPermissionEqualTo(systemPermissionType);
-        return systemPermissionDAO.countByExample(example) > 0;
-
-    }
-
-    /**
-     * Checks whether a user has system administrator access to the system.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @return
-     *     true if the system administrator access exists, false otherwise.
-     */
-    private boolean checkSystemAdministratorAccess(AuthenticatedUser currentUser) {
-
-        // Check existence of system administrator permission
-        SystemPermissionExample example = new SystemPermissionExample();
-        example.createCriteria().andUser_idEqualTo(currentUser.getUserID())
-                .andPermissionEqualTo(MySQLConstants.SYSTEM_ADMINISTER);
-        return systemPermissionDAO.countByExample(example) > 0;
-    }
-    
-    /**
-     * Verifies that the specified group can be used for organization 
-     * by the given user.
-     * 
-     * @param connectionGroupID
-     *     The ID of the affected ConnectionGroup.
-     *
-     * @param currentUser
-     *     The user to check.
-     * 
-     * @param type
-     *     The desired usage.
-     *
-     * @throws GuacamoleSecurityException
-     *     If the connection group cannot be used for organization.
-     */
-    public void verifyConnectionGroupUsageAccess(Integer connectionGroupID, 
-            AuthenticatedUser currentUser, String type) throws GuacamoleSecurityException {
-
-        // If permission does not exist, throw exception
-        if(!checkConnectionGroupUsageAccess(connectionGroupID, currentUser, type))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-    
-    /**
-     * Check whether a user can use connectionGroup for the given usage.
-     *
-     * @param connectionGroupID
-     *     The ID of the affected connection group.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param usage
-     *     The desired usage.
-     *
-     * @return
-     *     true if the user can use the connection group for the given usage.
-     */
-    private boolean checkConnectionGroupUsageAccess(
-            Integer connectionGroupID, AuthenticatedUser currentUser, String usage) {
-        
-        // The root level connection group can only be used for organization
-        if(connectionGroupID == null)
-            return MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL.equals(usage);
-
-        // A system administrator has full access to everything.
-        if(checkSystemAdministratorAccess(currentUser))
-            return true;
-        
-        // A connection group administrator can use the group either way.
-        if(checkConnectionGroupAccess(currentUser, connectionGroupID,
-                MySQLConstants.CONNECTION_GROUP_ADMINISTER))
-            return true;
-        
-        // Query the connection group
-        MySQLConnectionGroup connectionGroup = connectionGroupService.
-                retrieveConnectionGroup(connectionGroupID, currentUser);
-        
-        // If the connection group is not found, it cannot be used.
-        if(connectionGroup == null)
-            return false;
-
-        // Verify that the desired usage matches the type.
-        return MySQLConstants.getConnectionGroupTypeConstant(
-                connectionGroup.getType()).equals(usage);
-        
-    }
-
-    /**
-     * Find the list of the IDs of all users a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     A list of all user IDs this user has the specified access to.
-     */
-    public List<Integer> retrieveUserIDs(AuthenticatedUser currentUser, String permissionType) {
-
-        // A system administrator has access to all users.
-        if(checkSystemAdministratorAccess(currentUser))
-            return userService.getAllUserIDs();
-
-        // Query all user permissions for the given user and permission type
-        UserPermissionExample example = new UserPermissionExample();
-        example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andPermissionEqualTo(permissionType);
-        example.setDistinct(true);
-        List<UserPermissionKey> userPermissions =
-                userPermissionDAO.selectByExample(example);
-
-        // Convert result into list of IDs
-        List<Integer> currentUsers = new ArrayList<Integer>(userPermissions.size());
-        for(UserPermissionKey permission : userPermissions)
-            currentUsers.add(permission.getAffected_user_id());
-
-        return currentUsers;
-
-    }
-
-    /**
-     * Find the list of the IDs of all connections a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     A list of all connection IDs this user has the specified access to.
-     */
-    public List<Integer> retrieveConnectionIDs(AuthenticatedUser currentUser,
-            String permissionType) {
-
-        return retrieveConnectionIDs(currentUser, null, permissionType, false);
-
-    }
-
-    /**
-     * Find the list of the IDs of all connections a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param parentID
-     *     The parent connection group.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     A list of all connection IDs this user has the specified access to.
-     */
-    public List<Integer> retrieveConnectionIDs(AuthenticatedUser currentUser, Integer parentID,
-            String permissionType) {
-
-        return retrieveConnectionIDs(currentUser, parentID, permissionType, true);
-
-    }
-
-    /**
-     * Find the list of the IDs of all connections a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param parentID
-     *     The parent connection group.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @param checkParentID
-     *     Whether the parentID should be checked or not.
-     * 
-     * @return
-     *     A list of all connection IDs this user has the specified access to.
-     */
-    private List<Integer> retrieveConnectionIDs(AuthenticatedUser currentUser, Integer parentID,
-            String permissionType, boolean checkParentID) {
-
-        // A system administrator has access to all connections.
-        if(checkSystemAdministratorAccess(currentUser)) {
-            if(checkParentID)
-                return connectionService.getAllConnectionIDs(parentID);
-            else
-                return connectionService.getAllConnectionIDs();
-        }
-
-        // Query all connection permissions for the given user and permission type
-        ConnectionPermissionExample example = new ConnectionPermissionExample();
-        Criteria criteria = example.createCriteria().andUser_idEqualTo(currentUser.getUserID())
-                .andPermissionEqualTo(permissionType);
-        
-        // Ensure that the connections are all under the parent ID, if needed
-        if(checkParentID) {
-            // Get the IDs of all connections in the connection group
-            List<Integer> allConnectionIDs = connectionService.getAllConnectionIDs(parentID);
-            
-            if(allConnectionIDs.isEmpty())
-                return Collections.EMPTY_LIST;
-            
-            criteria.andConnection_idIn(allConnectionIDs);
-        }
-                                              
-        example.setDistinct(true);
-        List<ConnectionPermissionKey> connectionPermissions =
-                connectionPermissionDAO.selectByExample(example);
-
-        // Convert result into list of IDs
-        List<Integer> connectionIDs = new ArrayList<Integer>(connectionPermissions.size());
-        for(ConnectionPermissionKey permission : connectionPermissions)
-            connectionIDs.add(permission.getConnection_id());
-
-        return connectionIDs;
-
-    }
-
-    /**
-     * Find the list of the IDs of all connection groups a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     A list of all connection group IDs this user has the specified
-     *     access to.
-     */
-    public List<Integer> retrieveConnectionGroupIDs(AuthenticatedUser currentUser,
-            String permissionType) {
-
-        return retrieveConnectionGroupIDs(currentUser, null, permissionType, false);
-
-    }
-
-    /**
-     * Find the list of the IDs of all connection groups a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     *
-     * @param parentID
-     *     The parent connection group.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @return
-     *     A list of all connection group IDs this user has the specified
-     *     access to.
-     */
-    public List<Integer> retrieveConnectionGroupIDs(AuthenticatedUser currentUser, Integer parentID,
-            String permissionType) {
-
-        return retrieveConnectionGroupIDs(currentUser, parentID, permissionType, true);
-
-    }
-
-    /**
-     * Find the list of the IDs of all connection groups a user has permission to.
-     * The access type is defined by permissionType.
-     *
-     * @param currentUser
-     *     The user to check.
-     * 
-     * @param parentID
-     *     The parent connection group.
-     *
-     * @param permissionType
-     *     The type of permission to check for.
-     *
-     * @param checkParentID
-     *     Whether the parentID should be checked or not.
-     *
-     * @return
-     *     A list of all connection group IDs this user has the specified
-     *     access to.
-     */
-    private List<Integer> retrieveConnectionGroupIDs(AuthenticatedUser currentUser, Integer parentID,
-            String permissionType, boolean checkParentID) {
-
-        // A system administrator has access to all connectionGroups .
-        if(checkSystemAdministratorAccess(currentUser)) {
-            if(checkParentID)
-                return connectionGroupService.getAllConnectionGroupIDs(parentID);
-            else
-                return connectionGroupService.getAllConnectionGroupIDs();
-        }
-
-        // Query all connection permissions for the given user and permission type
-        ConnectionGroupPermissionExample example = new ConnectionGroupPermissionExample();
-        ConnectionGroupPermissionExample.Criteria criteria = 
-                example.createCriteria().andUser_idEqualTo(currentUser.getUserID())
-                .andPermissionEqualTo(permissionType);
-        
-        // Ensure that the connection groups are all under the parent ID, if needed
-        if(checkParentID) {
-            // Get the IDs of all connection groups in the connection group
-            List<Integer> allConnectionGroupIDs = connectionGroupService
-                    .getAllConnectionGroupIDs(parentID);
-            
-            if(allConnectionGroupIDs.isEmpty())
-                return Collections.EMPTY_LIST;
-            
-            criteria.andConnection_group_idIn(allConnectionGroupIDs);
-        }
-                                              
-        example.setDistinct(true);
-        List<ConnectionGroupPermissionKey> connectionGroupPermissions =
-                connectionGroupPermissionDAO.selectByExample(example);
-
-        // Convert result into list of IDs
-        List<Integer> connectionGroupIDs = new ArrayList<Integer>(connectionGroupPermissions.size());
-        for(ConnectionGroupPermissionKey permission : connectionGroupPermissions)
-            connectionGroupIDs.add(permission.getConnection_group_id());
-        
-        // All users have implicit access to read and update the root group
-        if(MySQLConstants.CONNECTION_GROUP_READ.equals(permissionType)
-                && MySQLConstants.CONNECTION_GROUP_UPDATE.equals(permissionType)
-                && !checkParentID)
-            connectionGroupIDs.add(null);
-
-        return connectionGroupIDs;
-
-    }
-
-    /**
-     * Retrieve all existing usernames that the given user has permission to
-     * perform the given operation upon.
-     *
-     * @param currentUser
-     *     The user whose permissions should be checked.
-     *
-     * @param permissionType
-     *     The permission to check.
-     *
-     * @return
-     *     A set of all usernames for which the given user has the given
-     *     permission.
-     */
-    public Set<String> retrieveUsernames(AuthenticatedUser currentUser, String permissionType) {
-
-        // A system administrator has access to all users.
-        if(checkSystemAdministratorAccess(currentUser))
-            return userService.getAllUsernames();
-
-        // List of all user IDs for which this user has read access
-        List<Integer> currentUsers =
-                retrieveUserIDs(currentUser, MySQLConstants.USER_READ);
-
-        // Query all associated users
-        return userService.translateUsernames(currentUsers).keySet();
-
-    }
-
-    /**
-     * Retrieve all existing connection identifiers that the given user has 
-     * permission to perform the given operation upon.
-     *
-     * @param currentUser
-     *     The user whose permissions should be checked.
-     *
-     * @param permissionType
-     *     The permission to check.
-     *
-     * @param parentID
-     *     The parent connection group.
-     *
-     * @return
-     *     A set of all connection identifiers for which the given user has the
-     *     given permission.
-     */
-    public Set<String> retrieveConnectionIdentifiers(AuthenticatedUser currentUser, Integer parentID,
-            String permissionType) {
-
-        // A system administrator has access to all connections.
-        if(checkSystemAdministratorAccess(currentUser))
-            return connectionService.getAllConnectionIdentifiers(parentID);
-
-        // List of all connection IDs for which this user has access
-        List<Integer> connectionIDs =
-                retrieveConnectionIDs(currentUser, parentID, permissionType);
-        
-        // Unique Identifiers for MySQLConnections are the database IDs
-        Set<String> connectionIdentifiers = new HashSet<String>();
-        
-        for(Integer connectionID : connectionIDs)
-            connectionIdentifiers.add(Integer.toString(connectionID));
-
-        return connectionIdentifiers;
-    }
-
-    /**
-     * Retrieve all existing connection group identifiers that the given user 
-     * has permission to perform the given operation upon.
-     *
-     * @param currentUser
-     *     The user whose permissions should be checked.
-     *
-     * @param permissionType
-     *     The permission to check.
-     *
-     * @param parentID
-     *     The parent connection group.
-     *
-     * @return
-     *     A set of all connection group identifiers for which the given user
-     *     has the given permission.
-     */
-    public Set<String> retrieveConnectionGroupIdentifiers(AuthenticatedUser currentUser, Integer parentID,
-            String permissionType) {
-
-        // A system administrator has access to all connections.
-        if(checkSystemAdministratorAccess(currentUser))
-            return connectionGroupService.getAllConnectionGroupIdentifiers(parentID);
-
-        // List of all connection group IDs for which this user has access
-        List<Integer> connectionGroupIDs =
-                retrieveConnectionGroupIDs(currentUser, parentID, permissionType);
-        
-        // Unique Identifiers for MySQLConnectionGroups are the database IDs
-        Set<String> connectionGroupIdentifiers = new HashSet<String>();
-        
-        for(Integer connectionGroupID : connectionGroupIDs)
-            connectionGroupIdentifiers.add(Integer.toString(connectionGroupID));
-
-        return connectionGroupIdentifiers;
-    }
-
-    /**
-     * Retrieves all user permissions granted to the user having the given ID.
-     *
-     * @param userID The ID of the user to retrieve permissions of.
-     * @return A set of all user permissions granted to the user having the
-     *         given ID.
-     */
-    public Set<UserPermission> retrieveUserPermissions(int userID) {
-
-        // Set of all permissions
-        Set<UserPermission> permissions = new HashSet<UserPermission>();
-
-        // Query all user permissions
-        UserPermissionExample userPermissionExample = new UserPermissionExample();
-        userPermissionExample.createCriteria().andUser_idEqualTo(userID);
-        List<UserPermissionKey> userPermissions =
-                userPermissionDAO.selectByExample(userPermissionExample);
-
-        // Get list of affected user IDs
-        List<Integer> affectedUserIDs = new ArrayList<Integer>();
-        for(UserPermissionKey userPermission : userPermissions)
-            affectedUserIDs.add(userPermission.getAffected_user_id());
-
-        // Get corresponding usernames
-        Map<Integer, String> affectedUsers =
-                userService.retrieveUsernames(affectedUserIDs);
-
-        // Add user permissions
-        for(UserPermissionKey userPermission : userPermissions) {
-
-            // Construct permission from data
-            UserPermission permission = new UserPermission(
-                UserPermission.Type.valueOf(userPermission.getPermission()),
-                affectedUsers.get(userPermission.getAffected_user_id())
-            );
-
-            // Add to set
-            permissions.add(permission);
-
-        }
-
-        return permissions;
-
-    }
-
-    /**
-     * Retrieves all connection permissions granted to the user having the
-     * given ID.
-     *
-     * @param userID The ID of the user to retrieve permissions of.
-     * @return A set of all connection permissions granted to the user having
-     *         the given ID.
-     */
-    public Set<ConnectionPermission> retrieveConnectionPermissions(int userID) {
-
-        // Set of all permissions
-        Set<ConnectionPermission> permissions = new HashSet<ConnectionPermission>();
-
-        // Query all connection permissions
-        ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample();
-        connectionPermissionExample.createCriteria().andUser_idEqualTo(userID);
-        List<ConnectionPermissionKey> connectionPermissions =
-                connectionPermissionDAO.selectByExample(connectionPermissionExample);
-
-        // Add connection permissions
-        for(ConnectionPermissionKey connectionPermission : connectionPermissions) {
-
-            // Construct permission from data
-            ConnectionPermission permission = new ConnectionPermission(
-                ConnectionPermission.Type.valueOf(connectionPermission.getPermission()),
-                String.valueOf(connectionPermission.getConnection_id())
-            );
-
-            // Add to set
-            permissions.add(permission);
-
-        }
-
-        return permissions;
-
-    }
-
-    /**
-     * Retrieves all connection group permissions granted to the user having the
-     * given ID.
-     *
-     * @param userID The ID of the user to retrieve permissions of.
-     * @return A set of all connection group permissions granted to the user having
-     *         the given ID.
-     */
-    public Set<ConnectionGroupPermission> retrieveConnectionGroupPermissions(int userID) {
-
-        // Set of all permissions
-        Set<ConnectionGroupPermission> permissions = new HashSet<ConnectionGroupPermission>();
-
-        // Query all connection permissions
-        ConnectionGroupPermissionExample connectionGroupPermissionExample = new ConnectionGroupPermissionExample();
-        connectionGroupPermissionExample.createCriteria().andUser_idEqualTo(userID);
-        List<ConnectionGroupPermissionKey> connectionGroupPermissions =
-                connectionGroupPermissionDAO.selectByExample(connectionGroupPermissionExample);
-
-        // Add connection permissions
-        for(ConnectionGroupPermissionKey connectionGroupPermission : connectionGroupPermissions) {
-
-            // Construct permission from data
-            ConnectionGroupPermission permission = new ConnectionGroupPermission(
-                ConnectionGroupPermission.Type.valueOf(connectionGroupPermission.getPermission()),
-                String.valueOf(connectionGroupPermission.getConnection_group_id())
-            );
-
-            // Add to set
-            permissions.add(permission);
-
-        }
-        
-        // All users have implict access to read the root connection group
-        permissions.add(new ConnectionGroupPermission(
-            ConnectionGroupPermission.Type.READ,
-            MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER
-        ));
-        
-        // All users have implict access to update the root connection group
-        permissions.add(new ConnectionGroupPermission(
-            ConnectionGroupPermission.Type.UPDATE,
-            MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER
-        ));
-
-        return permissions;
-
-    }
-
-    /**
-     * Retrieves all system permissions granted to the user having the
-     * given ID.
-     *
-     * @param userID The ID of the user to retrieve permissions of.
-     * @return A set of all system permissions granted to the user having the
-     *         given ID.
-     */
-    public Set<SystemPermission> retrieveSystemPermissions(int userID) {
-
-        // Set of all permissions
-        Set<SystemPermission> permissions = new HashSet<SystemPermission>();
-
-        // And finally, system permissions
-        SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
-        systemPermissionExample.createCriteria().andUser_idEqualTo(userID);
-        List<SystemPermissionKey> systemPermissions =
-                systemPermissionDAO.selectByExample(systemPermissionExample);
-        for(SystemPermissionKey systemPermission : systemPermissions) {
-
-            // User creation permission
-            if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
-                permissions.add(new SystemPermission(SystemPermission.Type.CREATE_USER));
-
-            // System creation permission
-            else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
-                permissions.add(new SystemPermission(SystemPermission.Type.CREATE_CONNECTION));
-
-            // System creation permission
-            else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_GROUP_CREATE))
-                permissions.add(new SystemPermission(SystemPermission.Type.CREATE_CONNECTION_GROUP));
-
-            // System administration permission
-            else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_ADMINISTER))
-                permissions.add(new SystemPermission(SystemPermission.Type.ADMINISTER));
-
-        }
-
-        return permissions;
-
-    }
-
-    /**
-     * Retrieves all permissions granted to the user having the given ID.
-     *
-     * @param userID The ID of the user to retrieve permissions of.
-     * @return A set of all permissions granted to the user having the given
-     *         ID.
-     */
-    public Set<Permission> retrieveAllPermissions(int userID) {
-
-        // Set which will contain all permissions
-        Set<Permission> allPermissions = new HashSet<Permission>();
-
-        // Add user permissions
-        allPermissions.addAll(retrieveUserPermissions(userID));
-
-        // Add connection permissions
-        allPermissions.addAll(retrieveConnectionPermissions(userID));
-        
-        // add connection group permissions
-        allPermissions.addAll(retrieveConnectionGroupPermissions(userID));
-
-        // Add system permissions
-        allPermissions.addAll(retrieveSystemPermissions(userID));
-
-        return allPermissions;
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java
index aa3043805..78f0cef65 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java
@@ -25,7 +25,6 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.util.Arrays;
 import javax.xml.bind.DatatypeConverter;
 
 /**
@@ -34,16 +33,6 @@ import javax.xml.bind.DatatypeConverter;
  */
 public class SHA256PasswordEncryptionService implements PasswordEncryptionService {
 
-    @Override
-    public boolean checkPassword(String password, byte[] hashedPassword,
-        byte[] salt) {
-
-        // Compare bytes of password in credentials against hashed password
-        byte[] passwordBytes = createPasswordHash(password, salt);
-        return Arrays.equals(passwordBytes, hashedPassword);
-
-    }
-
     @Override
     public byte[] createPasswordHash(String password, byte[] salt) {
 
@@ -72,4 +61,5 @@ public class SHA256PasswordEncryptionService implements PasswordEncryptionServic
         }
 
     }
+
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
index 9338fbdcb..453a4c6e2 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
@@ -22,24 +22,13 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
-import com.google.common.collect.Lists;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
+import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.User;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserExample;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -47,13 +36,13 @@ import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class UserService {
+public class UserService extends DirectoryObjectService<MySQLUser, UserModel> {
 
     /**
-     * DAO for accessing users.
+     * Mapper for accessing users.
      */
     @Inject
-    private UserMapper userDAO;
+    private UserMapper userMapper;
 
     /**
      * Provider for creating users.
@@ -61,106 +50,16 @@ public class UserService {
     @Inject
     private Provider<MySQLUser> mySQLUserProvider;
 
-    /**
-     * Service for checking permissions.
-     */
-    @Inject
-    private PermissionCheckService permissionCheckService;
-
-    /**
-     * Service for encrypting passwords.
-     */
-    @Inject
-    private PasswordEncryptionService passwordService;
-
-    /**
-     * Service for generating random salts.
-     */
-    @Inject
-    private SaltService saltService;
-
-    /**
-     * Create a new MySQLUser based on the provided User.
-     *
-     * @param user The User to use when populating the data of the given
-     *             MySQLUser.
-     * @return A new MySQLUser object, populated with the data of the given
-     *         user.
-     *
-     * @throws GuacamoleException If an error occurs while reading the data
-     *                            of the provided User.
-     */
-    public MySQLUser toMySQLUser(org.glyptodon.guacamole.net.auth.User user) throws GuacamoleException {
-        MySQLUser mySQLUser = mySQLUserProvider.get();
-        mySQLUser.init(user);
-        return mySQLUser;
+    @Override
+    protected DirectoryObjectMapper<UserModel> getObjectMapper() {
+        return userMapper;
     }
 
-    /**
-     * Create a new MySQLUser based on the provided database record.
-     *
-     * @param user The database record describing the user.
-     * @return A new MySQLUser object, populated with the data of the given
-     *         database record.
-     */
-    private MySQLUser toMySQLUser(UserWithBLOBs user) {
-
-        // Retrieve user from provider
-        MySQLUser mySQLUser = mySQLUserProvider.get();
-
-        // Init with data from given database user
-        mySQLUser.init(
-            user.getUser_id(),
-            user.getUsername(),
-            null,
-            permissionCheckService.retrieveAllPermissions(user.getUser_id())
-        );
-
-        // Return new user
-        return mySQLUser;
-
-    }
-
-    /**
-     * Retrieves the user having the given ID from the database.
-     *
-     * @param id The ID of the user to retrieve.
-     * @return The existing MySQLUser object if found, null otherwise.
-     */
-    public MySQLUser retrieveUser(int id) {
-
-        // Query user by ID
-        UserWithBLOBs user = userDAO.selectByPrimaryKey(id);
-
-        // If no user found, return null
-        if(user == null)
-            return null;
-
-        // Otherwise, return found user
-        return toMySQLUser(user);
-
-    }
-
-    /**
-     * Retrieves the user having the given username from the database.
-     *
-     * @param name The username of the user to retrieve.
-     * @return The existing MySQLUser object if found, null otherwise.
-     */
-    public MySQLUser retrieveUser(String name) {
-
-        // Query user by ID
-        UserExample example = new UserExample();
-        example.createCriteria().andUsernameEqualTo(name);
-        List<UserWithBLOBs> users = userDAO.selectByExampleWithBLOBs(example);
-
-        // If no user found, return null
-        if(users.isEmpty())
-            return null;
-
-        // Otherwise, return found user
-        return toMySQLUser(users.get(0));
-
+    @Override
+    protected MySQLUser getObjectInstance(UserModel model) {
+        MySQLUser user = mySQLUserProvider.get();
+        user.setModel(model);
+        return user;
     }
 
     /**
@@ -173,194 +72,18 @@ public class UserService {
      */
     public MySQLUser retrieveUser(Credentials credentials) {
 
-        // No null users in database
-        if (credentials.getUsername() == null)
+        // Get username and password
+        String username = credentials.getUsername();
+        String password = credentials.getPassword();
+
+        // Retrieve user model, if the user exists
+        UserModel userModel = userMapper.selectByCredentials(username, password);
+        if (userModel == null)
             return null;
 
-        // Query user
-        UserExample userExample = new UserExample();
-        userExample.createCriteria().andUsernameEqualTo(credentials.getUsername());
-        List<UserWithBLOBs> users = userDAO.selectByExampleWithBLOBs(userExample);
-
-        // Check that a user was found
-        if (users.isEmpty())
-            return null;
-
-        // Assert only one user found
-        assert users.size() == 1 : "Multiple users with same username.";
-
-        // Get first (and only) user
-        UserWithBLOBs user = users.get(0);
-
-        // Check password, if invalid return null
-        if (!passwordService.checkPassword(credentials.getPassword(),
-                user.getPassword_hash(), user.getPassword_salt()))
-            return null;
-
-        // Return found user
-        return toMySQLUser(user);
-
-    }
-
-    /**
-     * Retrieves a translation map of usernames to their corresponding IDs.
-     *
-     * @param ids The IDs of the users to retrieve the usernames of.
-     * @return A map containing the names of all users and their corresponding
-     *         IDs.
-     */
-    public Map<String, Integer> translateUsernames(List<Integer> ids) {
-
-        // If no IDs given, just return empty map
-        if (ids.isEmpty())
-            return Collections.EMPTY_MAP;
-
-        // Map of all names onto their corresponding IDs
-        Map<String, Integer> names = new HashMap<String, Integer>();
-
-        // Get all users having the given IDs
-        UserExample example = new UserExample();
-        example.createCriteria().andUser_idIn(ids);
-        List<User> users =
-                userDAO.selectByExample(example);
-
-        // Produce set of names
-        for (User user : users)
-            names.put(user.getUsername(), user.getUser_id());
-
-        return names;
-
-    }
-
-    /**
-     * Retrieves a map of all usernames for the given IDs.
-     *
-     * @param ids The IDs of the users to retrieve the usernames of.
-     * @return A map containing the names of all users and their corresponding
-     *         IDs.
-     */
-    public Map<Integer, String> retrieveUsernames(Collection<Integer> ids) {
-
-        // If no IDs given, just return empty map
-        if (ids.isEmpty())
-            return Collections.EMPTY_MAP;
-
-        // Map of all names onto their corresponding IDs
-        Map<Integer, String> names = new HashMap<Integer, String>();
-
-        // Get all users having the given IDs
-        UserExample example = new UserExample();
-        example.createCriteria().andUser_idIn(Lists.newArrayList(ids));
-        List<User> users =
-                userDAO.selectByExample(example);
-
-        // Produce set of names
-        for (User user : users)
-            names.put(user.getUser_id(), user.getUsername());
-
-        return names;
-
-    }
-
-    /**
-     * Creates a new user having the given username and password.
-     *
-     * @param username The username to assign to the new user.
-     * @param password The password to assign to the new user.
-     * @return A new MySQLUser containing the data of the newly created
-     *         user.
-     */
-    public MySQLUser createUser(String username, String password) {
-
-        // Initialize database user
-        UserWithBLOBs user = new UserWithBLOBs();
-        user.setUsername(username);
-
-        // Set password if specified
-        if (password != null) {
-            byte[] salt = saltService.generateSalt();
-            user.setPassword_salt(salt);
-            user.setPassword_hash(
-                passwordService.createPasswordHash(password, salt));
-        }
-
-        // Create user
-        userDAO.insert(user);
-        return toMySQLUser(user);
-
-    }
-
-    /**
-     * Deletes the user having the given ID from the database.
-     * @param user_id The ID of the user to delete.
-     */
-    public void deleteUser(int user_id) {
-        userDAO.deleteByPrimaryKey(user_id);
-    }
-
-    /**
-     * Updates the user in the database corresponding to the given MySQLUser.
-     *
-     * @param mySQLUser The MySQLUser to update (save) to the database. This
-     *                  user must already exist.
-     */
-    public void updateUser(MySQLUser mySQLUser) {
-
-        UserWithBLOBs user = new UserWithBLOBs();
-        user.setUser_id(mySQLUser.getUserID());
-        user.setUsername(mySQLUser.getUsername());
-
-        // Set password if specified
-        if (mySQLUser.getPassword() != null) {
-            byte[] salt = saltService.generateSalt();
-            user.setPassword_salt(salt);
-            user.setPassword_hash(
-                passwordService.createPasswordHash(mySQLUser.getPassword(), salt));
-        }
-
-        // Update the user in the database
-        userDAO.updateByPrimaryKeySelective(user);
-
-    }
-
-    /**
-     * Get the usernames of all the users defined in the system.
-     *
-     * @return A Set of usernames of all the users defined in the system.
-     */
-    public Set<String> getAllUsernames() {
-
-        // Set of all present usernames
-        Set<String> usernames = new HashSet<String>();
-
-        // Query all usernames
-        List<User> users =
-                userDAO.selectByExample(new UserExample());
-        for (User user : users)
-            usernames.add(user.getUsername());
-
-        return usernames;
-
-    }
-
-    /**
-     * Get the user IDs of all the users defined in the system.
-     *
-     * @return A list of user IDs of all the users defined in the system.
-     */
-    public List<Integer> getAllUserIDs() {
-
-        // Set of all present user IDs
-        List<Integer> userIDs = new ArrayList<Integer>();
-
-        // Query all user IDs
-        List<User> users =
-                userDAO.selectByExample(new UserExample());
-        for (User user : users)
-            userIDs.add(user.getUser_id());
-
-        return userIDs;
-
+        // Return corresponding user
+        return getObjectInstance(userModel);
+        
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/generatorConfig.xml b/extensions/guacamole-auth-mysql/src/main/resources/generatorConfig.xml
deleted file mode 100644
index fca4e00d6..000000000
--- a/extensions/guacamole-auth-mysql/src/main/resources/generatorConfig.xml
+++ /dev/null
@@ -1,136 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE generatorConfiguration
-    PUBLIC "-//mybatis.org//DTD MyBatis Generator Configuration 1.0//EN"
-    "http://mybatis.org/dtd/mybatis-generator-config_1_0.dtd">
-
-<!--
-   Copyright (C) 2013 Glyptodon LLC
-
-   Permission is hereby granted, free of charge, to any person obtaining a copy
-   of this software and associated documentation files (the "Software"), to deal
-   in the Software without restriction, including without limitation the rights
-   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-   copies of the Software, and to permit persons to whom the Software is
-   furnished to do so, subject to the following conditions:
-
-   The above copyright notice and this permission notice shall be included in
-   all copies or substantial portions of the Software.
-
-   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-   THE SOFTWARE.
--->
-
-<generatorConfiguration>
-    <context id="guacamoleTables" targetRuntime="MyBatis3">
-
-        <!-- Allow selectByExample with RowBounds -->
-        <plugin type="org.mybatis.generator.plugins.RowBoundsPlugin"/>
-
-        <!-- MySQL JDBC driver class. -->
-        <jdbcConnection driverClass="com.mysql.jdbc.Driver"
-            connectionURL="jdbc:mysql://127.0.0.1:3306"
-            userId="${guacamole.database.user}"
-            password="${guacamole.database.password}"/>
-
-        <javaModelGenerator
-            targetPackage="net.sourceforge.guacamole.net.auth.mysql.model"
-            targetProject="MAVEN"/>
-
-        <sqlMapGenerator
-            targetPackage="net.sourceforge.guacamole.net.auth.mysql.dao"
-            targetProject="MAVEN"/>
-
-        <javaClientGenerator type="XMLMAPPER"
-            targetPackage="net.sourceforge.guacamole.net.auth.mysql.dao"
-            targetProject="MAVEN"/>
-
-        <!-- TABLES -->
-
-        <table tableName="guacamole_connection"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="Connection" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-            <generatedKey column="connection_id" identity="true"
-                sqlStatement="SELECT LAST_INSERT_ID()"/>
-        </table>
-
-        <table tableName="guacamole_connection_group"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="ConnectionGroup" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-            <generatedKey column="connection_group_id" identity="true"
-                sqlStatement="SELECT LAST_INSERT_ID()"/>
-        </table>
-
-        <table tableName="guacamole_connection_parameter"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="ConnectionParameter" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-        </table>
-
-        <table tableName="guacamole_connection_permission"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="ConnectionPermission" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-        </table>
-
-        <table tableName="guacamole_connection_group_permission"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="ConnectionGroupPermission" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-        </table>
-
-        <table tableName="guacamole_system_permission"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="SystemPermission" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-        </table>
-
-        <table tableName="guacamole_user"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="User" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-            <generatedKey column="user_id" identity="true"
-                sqlStatement="SELECT LAST_INSERT_ID()"/>
-        </table>
-
-        <table tableName="guacamole_user_permission"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="UserPermission" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-        </table>
-
-        <table tableName="guacamole_connection_history"
-            catalog="${guacamole.database.catalog}"
-            schema="${guacamole.database.schema}"
-            domainObjectName="ConnectionHistory" >
-            <property name="useActualColumnNames" value="true"/>
-            <property name="ignoreQualifiersAtRuntime" value="true"/>
-            <generatedKey column="history_id" identity="true"
-                sqlStatement="SELECT LAST_INSERT_ID()"/>
-        </table>
-
-    </context>
-</generatorConfiguration>
-
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
new file mode 100644
index 000000000..695e1956b
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper" >
+
+    <!-- Result mapper for user objects -->
+    <resultMap id="UserResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.UserModel" >
+        <id     column="user_id"       property="userID"       jdbcType="INTEGER"/>
+        <result column="username"      property="username"     jdbcType="VARCHAR"/>
+        <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
+        <result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
+    </resultMap>
+
+    <!-- Select all usernames -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT username
+        FROM guacamole_user
+    </select>
+
+    <!-- Select multiple users by username -->
+    <select id="select" resultMap="UserResultMap">
+
+        SELECT
+            user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        WHERE username IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <select id="selectByCredentials" resultMap="UserResultMap">
+        SELECT
+            user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        WHERE
+                username      = #{username,jdbcType=VARCHAR}
+            AND password_hash = UNHEX(SHA2(CONCAT(#{password,jdbcType=VARCHAR}, HEX(password_salt)), 256))
+    </select>
+
+    <!-- Delete single user by username -->
+    <delete id="delete">
+        DELETE FROM guacamole_user
+        WHERE username = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single user -->
+    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
+
+        INSERT INTO guacamole_user (
+            username,
+            password_hash,
+            password_salt
+        )
+        VALUES (
+            #{username,jdbcType=VARCHAR},
+            #{passwordHash,jdbcType=BINARY},
+            #{passwordSalt,jdbcType=BINARY}
+        )
+
+        <selectKey resultType="java.lang.Integer" keyProperty="userID" order="AFTER">
+            SELECT LAST_INSERT_ID()
+        </selectKey>
+
+    </insert>
+
+    <!-- Update single user -->
+    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
+        UPDATE guacamole_user
+        SET password_hash = #{passwordHash,jdbcType=BINARY},
+            password_salt = #{passwordSalt,jdbcType=BINARY}
+        WHERE user_id = #{userID,jdbcType=VARCHAR}
+    </update>
+
+</mapper>
\ No newline at end of file

From b514fc910dbd8962ecf1cabe4c2795a1abc964a8 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 12 Feb 2015 20:48:57 -0800
Subject: [PATCH 02/60] GUAC-1101: Modify base interfaces/classes to support
 permissions.

---
 .../net/auth/mysql/AuthenticatedUser.java     | 27 +++++----
 .../mysql/MySQLAuthenticationProvider.java    |  7 ++-
 .../net/auth/mysql/MySQLUserContext.java      |  7 ++-
 .../net/auth/mysql/UserDirectory.java         | 34 +++++++----
 .../mysql/service/DirectoryObjectService.java | 58 ++++++++++++++++---
 5 files changed, 95 insertions(+), 38 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java
index a6aab2b15..beaca0166 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java
@@ -25,17 +25,16 @@ package net.sourceforge.guacamole.net.auth.mysql;
 import org.glyptodon.guacamole.net.auth.Credentials;
 
 /**
- * Represents an authenticated user via their database ID and corresponding
- * credentials.
+ * Associates a user with the credentials they used to authenticate.
  *
  * @author Michael Jumper 
  */
 public class AuthenticatedUser {
 
     /**
-     * The database ID of this user.
+     * The user that authenticated.
      */
-    private final int userID;
+    private final MySQLUser user;
 
     /**
      * The credentials given when this user authenticated.
@@ -43,28 +42,28 @@ public class AuthenticatedUser {
     private final Credentials credentials;
 
     /**
-     * Creates a new AuthenticatedUser associated with the given database ID
-     * and credentials.
+     * Creates a new AuthenticatedUser associating the given user with their
+     * corresponding credentials.
      *
-     * @param userID
-     *     The database ID of the user this object should represent.
+     * @param user
+     *     The user this object should represent.
      *
      * @param credentials 
      *     The credentials given by the user when they authenticated.
      */
-    public AuthenticatedUser(int userID, Credentials credentials) {
-        this.userID = userID;
+    public AuthenticatedUser(MySQLUser user, Credentials credentials) {
+        this.user = user;
         this.credentials = credentials;
     }
 
     /**
-     * Returns the ID of this user.
+     * Returns the user that authenticated.
      *
      * @return 
-     *     The ID of this user.
+     *     The user that authenticated.
      */
-    public int getUserID() {
-        return userID;
+    public MySQLUser getUser() {
+        return user;
     }
 
     /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index ece180551..10c706c87 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -66,12 +66,15 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
         // Get user service
         UserService userService = injector.getInstance(UserService.class);
 
-        // Get user
+        // Authenticate user
         MySQLUser user = userService.retrieveUser(credentials);
         if (user != null) {
+
+            // Upon successful authentication, return new user context
             MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
-            context.init(user);
+            context.init(new AuthenticatedUser(user, credentials));
             return context;
+
         }
 
         // Otherwise, unauthorized
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index 55766260d..12374f426 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -43,7 +43,7 @@ public class MySQLUserContext implements UserContext {
     /**
      * The the user owning this context.
      */
-    private MySQLUser currentUser;
+    private AuthenticatedUser currentUser;
 
     /**
      * User directory restricted by the permissions of the user associated
@@ -58,13 +58,14 @@ public class MySQLUserContext implements UserContext {
      * @param currentUser
      *     The user owning this context.
      */
-    public void init(MySQLUser currentUser) {
+    public void init(AuthenticatedUser currentUser) {
         this.currentUser = currentUser;
+        userDirectory.init(currentUser);
     }
 
     @Override
     public User self() {
-        return currentUser;
+        return currentUser.getUser();
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index 9014c7238..d8bbbf32c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -42,12 +42,29 @@ import org.mybatis.guice.transactional.Transactional;
  */
 public class UserDirectory implements Directory<String, User> {
 
+    /**
+     * The user this user directory belongs to. Access is based on his/her
+     * permission settings.
+     */
+    private AuthenticatedUser currentUser;
+    
     /**
      * Service for managing user objects.
      */
     @Inject
     private UserService userService;
 
+    /**
+     * Set the user for this directory.
+     *
+     * @param currentUser
+     *     The user whose permissions define the visibility of other users in
+     *     this directory.
+     */
+    public void init(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+    
     @Override
     public void move(String identifier, Directory<String, User> groupIdentifier) 
             throws GuacamoleException {
@@ -56,43 +73,40 @@ public class UserDirectory implements Directory<String, User> {
 
     @Override
     public User get(String identifier) throws GuacamoleException {
-        return userService.retrieveObject(identifier);
+        return userService.retrieveObject(currentUser, identifier);
     }
 
     @Override
     @Transactional
     public Collection<User> getAll(Collection<String> identifiers) throws GuacamoleException {
-        return Collections.<User>unmodifiableCollection(userService.retrieveObjects(identifiers));
+        Collection<MySQLUser> objects = userService.retrieveObjects(currentUser, identifiers);
+        return Collections.<User>unmodifiableCollection(objects);
     }
 
     @Override
     @Transactional
     public Set<String> getIdentifiers() throws GuacamoleException {
-        // STUB
-        return userService.getIdentifiers();
+        return userService.getIdentifiers(currentUser);
     }
 
     @Override
     @Transactional
     public void add(User object) throws GuacamoleException {
-        // STUB
         MySQLUser user = (MySQLUser) object;
-        userService.createObject(user);
+        userService.createObject(currentUser, user);
     }
 
     @Override
     @Transactional
     public void update(User object) throws GuacamoleException {
-        // STUB
         MySQLUser user = (MySQLUser) object;
-        userService.updateObject(user);
+        userService.updateObject(currentUser, user);
     }
 
     @Override
     @Transactional
     public void remove(String identifier) throws GuacamoleException {
-        // STUB
-        userService.deleteObject(identifier);
+        userService.deleteObject(currentUser, identifier);
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index f33744d25..933551009 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -26,8 +26,10 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.DirectoryObject;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+import org.glyptodon.guacamole.GuacamoleException;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -89,7 +91,11 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
     }
 
     /**
-     * Retrieves the single object that has the given identifier, if it exists.
+     * Retrieves the single object that has the given identifier, if it exists
+     * and the user has permission to read it.
+     *
+     * @param user
+     *     The user retrieving the object.
      *
      * @param identifier
      *     The identifier of the object to retrieve.
@@ -98,10 +104,11 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *     The object having the given identifier, or null if no such object
      *     exists.
      */
-    public ObjectType retrieveObject(String identifier) {
+    public ObjectType retrieveObject(AuthenticatedUser user,
+            String identifier) {
 
         // Pull objects having given identifier
-        Collection<ObjectType> objects = retrieveObjects(Collections.singleton(identifier));
+        Collection<ObjectType> objects = retrieveObjects(user, Collections.singleton(identifier));
 
         // If no such object, return null
         if (objects.isEmpty())
@@ -118,6 +125,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
     
     /**
      * Retrieves all objects that have the identifiers in the given collection.
+     * Only objects that the user has permission to read will be returned.
+     *
+     * @param user
+     *     The user retrieving the objects.
      *
      * @param identifiers
      *     The identifiers of the objects to retrieve.
@@ -125,7 +136,8 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * @return
      *     The objects having the given identifiers.
      */
-    public Collection<ObjectType> retrieveObjects(Collection<String> identifiers) {
+    public Collection<ObjectType> retrieveObjects(AuthenticatedUser user,
+            Collection<String> identifiers) {
 
         // Do not query if no identifiers given
         if (identifiers.isEmpty())
@@ -141,10 +153,18 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * exists, an error will be thrown. The internal model object will be
      * updated appropriately to contain the new database ID.
      *
+     * @param user
+     *     The user creating the object.
+     *
      * @param object
      *     The object to create.
+     *
+     * @throws GuacamoleException
+     *     If the user lacks permission to create the object, or an error
+     *     occurs while creating the object.
      */
-    public void createObject(ObjectType object) {
+    public void createObject(AuthenticatedUser user, ObjectType object)
+        throws GuacamoleException {
         getObjectMapper().insert(object.getModel());
     }
 
@@ -152,10 +172,18 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * Deletes the object having the given identifier. If no such object
      * exists, this function has no effect.
      *
+     * @param user
+     *     The user deleting the object.
+     *
      * @param identifier
      *     The identifier of the object to delete.
+     *
+     * @throws GuacamoleException
+     *     If the user lacks permission to delete the object, or an error
+     *     occurs while deleting the object.
      */
-    public void deleteObject(String identifier) {
+    public void deleteObject(AuthenticatedUser user, String identifier)
+        throws GuacamoleException {
         getObjectMapper().delete(identifier);
     }
 
@@ -163,20 +191,32 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * Updates the given object in the database, applying any changes that have
      * been made. If no such object exists, this function has no effect.
      *
+     * @param user
+     *     The user updating the object.
+     *
      * @param object
      *     The object to update.
+     *
+     * @throws GuacamoleException
+     *     If the user lacks permission to update the object, or an error
+     *     occurs while updating the object.
      */
-    public void updateObject(ObjectType object) {
+    public void updateObject(AuthenticatedUser user, ObjectType object)
+        throws GuacamoleException {
         getObjectMapper().update(object.getModel());
     }
 
     /**
-     * Returns the set of all identifiers for all objects in the database.
+     * Returns the set of all identifiers for all objects in the database that
+     * the user has read access to.
+     *
+     * @param user
+     *     The user retrieving the identifiers.
      *
      * @return
      *     The set of all identifiers for all objects in the database.
      */
-    public Set<String> getIdentifiers() {
+    public Set<String> getIdentifiers(AuthenticatedUser user) {
         return getObjectMapper().selectIdentifiers();
     }
 

From 0e38acbd594d76fd4d5b775cb120fbdd3ce84810 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 12 Feb 2015 21:29:58 -0800
Subject: [PATCH 03/60] GUAC-1101: Limit results of retrieval operations by
 read permissions, unless user is a sysadmin.

---
 .../guacamole/net/auth/mysql/MySQLUser.java   | 17 ++++++
 .../auth/mysql/dao/DirectoryObjectMapper.java | 57 ++++++++++++++++---
 .../mysql/service/DirectoryObjectService.java | 38 +++++++++++--
 .../net/auth/mysql/dao/UserMapper.xml         | 31 ++++++++++
 4 files changed, 131 insertions(+), 12 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index 36d159afe..c1c2cd1ef 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -29,6 +29,7 @@ import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
 import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.simple.SimpleSystemPermissionSet;
@@ -126,6 +127,22 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
 
     }
 
+    /**
+     * Returns whether this user is a system administrator, and thus is not
+     * restricted by permissions.
+     *
+     * @return
+     *    true if this user is a system administrator, false otherwise.
+     *
+     * @throws GuacamoleException 
+     *    If an error occurs while determining the user's system administrator
+     *    status.
+     */
+    public boolean isAdministrator() throws GuacamoleException {
+        SystemPermissionSet systemPermissionSet = getSystemPermissions();
+        return systemPermissionSet.hasPermission(SystemPermission.Type.ADMINISTER);
+    }
+    
     @Override
     public SystemPermissionSet getSystemPermissions()
             throws GuacamoleException {
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
index 3687b95c3..69ffa133a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
@@ -24,6 +24,7 @@ package net.sourceforge.guacamole.net.auth.mysql.dao;
 
 import java.util.Collection;
 import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
@@ -32,23 +33,45 @@ import org.apache.ibatis.annotations.Param;
  * to fulfill the needs of the Directory class.
  *
  * @author Michael Jumper
- * @param <T>
+ * @param <ModelType>
  *     The type of object contained within the directory whose objects are
  *     mapped by this mapper.
  */
-public interface DirectoryObjectMapper<T> {
+public interface DirectoryObjectMapper<ModelType> {
 
     /**
-     * Selects the identifiers of all objects.
+     * Selects the identifiers of all objects, regardless of whether they
+     * are readable by any particular user. This should only be called on
+     * behalf of a system administrator. If identifiers are needed by a non-
+     * administrative user who must have explicit read rights, use
+     * selectReadableIdentifiers() instead.
      *
      * @return
      *     A Set containing all identifiers of all objects.
      */
     Set<String> selectIdentifiers();
     
+    /**
+     * Selects the identifiers of all objects that are explicitly readable by
+     * the given user. If identifiers are needed by a system administrator
+     * (who, by definition, does not need explicit read rights), use
+     * selectIdentifiers() instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether an identifier
+     *    is returned.
+     *
+     * @return
+     *     A Set containing all identifiers of all readable objects.
+     */
+    Set<String> selectReadableIdentifiers(@Param("user") UserModel user);
+    
     /**
      * Selects all objects which have the given identifiers. If an identifier
-     * has no corresponding object, it will be ignored.
+     * has no corresponding object, it will be ignored. This should only be
+     * called on behalf of a system administrator. If objects are needed by a
+     * non-administrative user who must have explicit read rights, use
+     * selectReadable() instead.
      *
      * @param identifiers
      *     The identifiers of the objects to return.
@@ -56,7 +79,27 @@ public interface DirectoryObjectMapper<T> {
      * @return 
      *     A Collection of all objects having the given identifiers.
      */
-    Collection<T> select(@Param("identifiers") Collection<String> identifiers);
+    Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers);
+
+    /**
+     * Selects all objects which have the given identifiers and are explicitly
+     * readably by the given user. If an identifier has no corresponding
+     * object, or the corresponding object is unreadable, it will be ignored.
+     * If objects are needed by a system administrator (who, by definition,
+     * does not need explicit read rights), use select() instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether an object 
+     *    is returned.
+     *
+     * @param identifiers
+     *     The identifiers of the objects to return.
+     *
+     * @return 
+     *     A Collection of all objects having the given identifiers.
+     */
+    Collection<ModelType> selectReadable(@Param("user") UserModel user,
+            @Param("identifiers") Collection<String> identifiers);
 
     /**
      * Inserts the given object into the database. If the object already
@@ -68,7 +111,7 @@ public interface DirectoryObjectMapper<T> {
      * @return
      *     The number of rows inserted.
      */
-    int insert(@Param("object") T object);
+    int insert(@Param("object") ModelType object);
 
     /**
      * Deletes the given object into the database. If the object does not 
@@ -92,6 +135,6 @@ public interface DirectoryObjectMapper<T> {
      * @return
      *     The number of rows updated.
      */
-    int update(@Param("object") T object);
+    int update(@Param("object") ModelType object);
     
 }
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 933551009..a44df1e2d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -103,9 +103,12 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * @return
      *     The object having the given identifier, or null if no such object
      *     exists.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested object.
      */
     public ObjectType retrieveObject(AuthenticatedUser user,
-            String identifier) {
+            String identifier) throws GuacamoleException {
 
         // Pull objects having given identifier
         Collection<ObjectType> objects = retrieveObjects(user, Collections.singleton(identifier));
@@ -135,16 +138,29 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *
      * @return
      *     The objects having the given identifiers.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested objects.
      */
     public Collection<ObjectType> retrieveObjects(AuthenticatedUser user,
-            Collection<String> identifiers) {
+            Collection<String> identifiers) throws GuacamoleException {
 
         // Do not query if no identifiers given
         if (identifiers.isEmpty())
             return Collections.EMPTY_LIST;
 
+        Collection<ModelType> objects;
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            objects = getObjectMapper().select(identifiers);
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            objects = getObjectMapper().selectReadable(user.getUser().getModel(), identifiers);
+        
         // Return collection of requested objects
-        return getObjectInstances(getObjectMapper().select(identifiers));
+        return getObjectInstances(objects);
         
     }
 
@@ -215,9 +231,21 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *
      * @return
      *     The set of all identifiers for all objects in the database.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while reading identifiers.
      */
-    public Set<String> getIdentifiers(AuthenticatedUser user) {
-        return getObjectMapper().selectIdentifiers();
+    public Set<String> getIdentifiers(AuthenticatedUser user)
+        throws GuacamoleException {
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            return getObjectMapper().selectIdentifiers();
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel());
+
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
index 695e1956b..32fa591fc 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
@@ -40,6 +40,16 @@
         FROM guacamole_user
     </select>
 
+    <!-- Select usernames of all readable users -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT username
+        FROM guacamole_user
+        JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'read'
+    </select>
+
     <!-- Select multiple users by username -->
     <select id="select" resultMap="UserResultMap">
 
@@ -57,6 +67,27 @@
 
     </select>
 
+    <!-- Select multiple users by username only if readable -->
+    <select id="selectReadable" resultMap="UserResultMap">
+
+        SELECT
+            guacamole_user.user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
+        WHERE username IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND guacamole_user_permission.user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'read'
+
+    </select>
+
+
     <select id="selectByCredentials" resultMap="UserResultMap">
         SELECT
             user_id,

From 7a6af903fbe3b84dcb7a7c6259d5fe5f8bc4a33d Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 12 Feb 2015 23:36:51 -0800
Subject: [PATCH 04/60] GUAC-1101: Restrict object manipulation depending on
 create/update/delete permission.

---
 .../net/auth/mysql/DirectoryObject.java       |  4 +-
 .../guacamole/net/auth/mysql/MySQLUser.java   | 16 ++--
 .../net/auth/mysql/MySQLUserContext.java      |  2 +-
 .../net/auth/mysql/UserDirectory.java         |  4 +-
 .../mysql/service/DirectoryObjectService.java | 73 ++++++++++++++++++-
 .../net/auth/mysql/service/UserService.java   | 24 ++++++
 6 files changed, 108 insertions(+), 15 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
index cae34ea43..2f8c44686 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
@@ -22,6 +22,8 @@
 
 package net.sourceforge.guacamole.net.auth.mysql;
 
+import org.glyptodon.guacamole.net.auth.Identifiable;
+
 /**
  * Common interface for objects that will ultimately be made available through
  * the Directory class. All such objects will need the same base set of queries
@@ -32,7 +34,7 @@ package net.sourceforge.guacamole.net.auth.mysql;
  *     The type of object contained within the directory whose objects are
  *     mapped by this mapper.
  */
-public interface DirectoryObject<ModelType> {
+public interface DirectoryObject<ModelType> extends Identifiable {
 
     /**
      * Returns the backing model object. Changes to the model object will
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index c1c2cd1ef..ce8339d8b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -97,12 +97,12 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     }
 
     @Override
-    public String getUsername() {
+    public String getIdentifier() {
         return userModel.getUsername();
     }
 
     @Override
-    public void setUsername(String username) {
+    public void setIdentifier(String username) {
         userModel.setUsername(username);
     }
 
@@ -151,24 +151,24 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     }
 
     @Override
-    public ObjectPermissionSet<String> getConnectionPermissions()
+    public ObjectPermissionSet getConnectionPermissions()
             throws GuacamoleException {
         // STUB
-        return new SimpleObjectPermissionSet<String>();
+        return new SimpleObjectPermissionSet();
     }
 
     @Override
-    public ObjectPermissionSet<String> getConnectionGroupPermissions()
+    public ObjectPermissionSet getConnectionGroupPermissions()
             throws GuacamoleException {
         // STUB
-        return new SimpleObjectPermissionSet<String>();
+        return new SimpleObjectPermissionSet();
     }
 
     @Override
-    public ObjectPermissionSet<String> getUserPermissions()
+    public ObjectPermissionSet getUserPermissions()
             throws GuacamoleException {
         // STUB
-        return new SimpleObjectPermissionSet<String>();
+        return new SimpleObjectPermissionSet();
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index 12374f426..c756fc4b1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -69,7 +69,7 @@ public class MySQLUserContext implements UserContext {
     }
 
     @Override
-    public Directory<String, User> getUserDirectory() throws GuacamoleException {
+    public Directory<User> getUserDirectory() throws GuacamoleException {
         return userDirectory;
     }
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index d8bbbf32c..3b3e30882 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -40,7 +40,7 @@ import org.mybatis.guice.transactional.Transactional;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class UserDirectory implements Directory<String, User> {
+public class UserDirectory implements Directory<User> {
 
     /**
      * The user this user directory belongs to. Access is based on his/her
@@ -66,7 +66,7 @@ public class UserDirectory implements Directory<String, User> {
     }
     
     @Override
-    public void move(String identifier, Directory<String, User> groupIdentifier) 
+    public void move(String identifier, Directory<User> groupIdentifier) 
             throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index a44df1e2d..115756f2f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -30,6 +30,9 @@ import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.DirectoryObject;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -67,6 +70,41 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      */
     protected abstract ObjectType getObjectInstance(ModelType model);
 
+    /**
+     * Returns whether the given user has permission to create the type of
+     * objects that this directory object service manages.
+     *
+     * @param user
+     *     The user being checked.
+     *
+     * @return
+     *     true if the user has object creation permission relevant to this
+     *     directory object service, false otherwise.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected abstract boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException;
+
+    /**
+     * Returns the permission set associated with the given user and related
+     * to the type of objects handled by this directory object service.
+     *
+     * @param user
+     *     The user whose permissions are being retrieved.
+     *
+     * @return
+     *     A permission set which contains the permissions associated with the
+     *     given user and related to the type of objects handled by this
+     *     directory object service.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected abstract ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException;
+
     /**
      * Returns a collection of objects which are backed by the models in the
      * given collection.
@@ -181,7 +219,14 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      */
     public void createObject(AuthenticatedUser user, ObjectType object)
         throws GuacamoleException {
-        getObjectMapper().insert(object.getModel());
+
+        // Only create object if user has permission to do so
+        if (user.getUser().isAdministrator() || hasCreatePermission(user))
+            getObjectMapper().insert(object.getModel());
+
+        // User lacks permission to create 
+        throw new GuacamoleSecurityException("Permission denied.");
+
     }
 
     /**
@@ -200,7 +245,18 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      */
     public void deleteObject(AuthenticatedUser user, String identifier)
         throws GuacamoleException {
-        getObjectMapper().delete(identifier);
+
+        // Get object permissions
+        ObjectPermissionSet permissionSet = getPermissionSet(user);
+        
+        // Only delete object if user has permission to do so
+        if (user.getUser().isAdministrator()
+                || permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier))
+            getObjectMapper().delete(identifier);
+
+        // User lacks permission to delete 
+        throw new GuacamoleSecurityException("Permission denied.");
+
     }
 
     /**
@@ -219,7 +275,18 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      */
     public void updateObject(AuthenticatedUser user, ObjectType object)
         throws GuacamoleException {
-        getObjectMapper().update(object.getModel());
+
+        // Get object permissions
+        ObjectPermissionSet permissionSet = getPermissionSet(user);
+        
+        // Only update object if user has permission to do so
+        if (user.getUser().isAdministrator()
+                || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier()))
+            getObjectMapper().update(object.getModel());
+
+        // User lacks permission to update
+        throw new GuacamoleSecurityException("Permission denied.");
+
     }
 
     /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
index 453a4c6e2..08a80d339 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
@@ -24,11 +24,16 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -62,6 +67,25 @@ public class UserService extends DirectoryObjectService<MySQLUser, UserModel> {
         return user;
     }
 
+    @Override
+    protected boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return whether user has explicit user creation permission
+        SystemPermissionSet permissionSet = user.getUser().getSystemPermissions();
+        return permissionSet.hasPermission(SystemPermission.Type.CREATE_USER);
+
+    }
+
+    @Override
+    protected ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return permissions related to users
+        return user.getUser().getUserPermissions();
+
+    }
+
     /**
      * Retrieves the user corresponding to the given credentials from the
      * database.

From 4e852aa61a4170f99fcf7f502f82b3954e85a805 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 00:05:26 -0800
Subject: [PATCH 05/60] GUAC-1101: Update documentation to reflect changes in
 build process (no generator).

---
 extensions/guacamole-auth-mysql/README        | 75 +------------------
 .../doc/example/settings.xml                  | 21 ------
 2 files changed, 1 insertion(+), 95 deletions(-)
 delete mode 100644 extensions/guacamole-auth-mysql/doc/example/settings.xml

diff --git a/extensions/guacamole-auth-mysql/README b/extensions/guacamole-auth-mysql/README
index 5543c124f..733e369dd 100644
--- a/extensions/guacamole-auth-mysql/README
+++ b/extensions/guacamole-auth-mysql/README
@@ -41,77 +41,7 @@ compiles all classes and packages them into a redistributable .jar file. This
 .jar file can be installed in the library directory configured in
 guacamole.properties such that the authentication provider is available.
 
-1) Set up a MySQL database with the Guacamole schema.
-
-    When guacamole-auth-mysql is compiling, it needs to generate source
-    based on a database schema. Because the source generator uses a
-    connection to an actual database to do this, you must have a MySQL
-    database running with the Guacamole schema set up.
-
-    First, create a database. For the sake of these instructions, we will
-    call the database "guacamole", and will run all scripts as the root user:
-
-    $ mysql -u root -p
-    Enter password:
-    mysql> CREATE DATABASE guacamole;
-    Query OK, 1 row affected (0.00 sec)
-
-    mysql> exit
-    Bye
-
-    The schema files are in the schema/ subdirectory of the source. If run
-    in order, they will create the schema and a default user:
-
-    $ cat schema/*.sql | mysql -u root -p guacamole
-
-2) Set up your ~/.m2/settings.xml
-
-    Once the database is set up, Maven will need to have the credentials
-    required to connect to it and query the schema. This information is
-    specified in properties inside your ~/.m2/settings.xml file. If this
-    file does not exist yet, simply create it.
-
-    For ease of compilation, we've included an example settings.xml
-    defining the required properties in doc/example/settings.xml. You can
-    simply copy this file into ~/.m2 and edit as necessary.
-
-    If you wish to write the file yourself, the file should look like this in
-    general:
-
-    <settings>
-        <profiles>
-            ...profiles...
-        </profiles>
-    </settings>
-
-    We need to add a profile which defines the required properties by
-    placing a section like the following within the "profiles" section of your
-    settings.xml:
-
-    <profile>
-        <id>guacamole-mybatis</id>
-        <properties>
-            <guacamole.database.catalog>DATABASE</guacamole.database.catalog>
-            <guacamole.database.user>USERNAME</guacamole.database.user>
-            <guacamole.database.password>PASSWORD</guacamole.database.password>
-        </properties>
-    </profile>
-
-    Obviously, the DATABASE, USERNAME, and PASSWORD placeholders above must
-    be replaced with the appropriate values for your system.
-
-    Finally, to make the profile available to the build, it must be activated.
-    Place a section like the following at the bottom of your settings.xml,
-    right after the profiles section:
-
-    <activeProfiles>
-        <activeProfile>guacamole-mybatis</activeProfile>
-    </activeProfiles>
-
-    Maven's documentation has more details on writing the settings.xml file
-    if you have different needs or the above directions are not clear.
-
-3) Run mvn package
+1) Run mvn package
 
     $ mvn package
 
@@ -119,9 +49,6 @@ guacamole.properties such that the authentication provider is available.
     Once all dependencies have been downloaded, the .jar file will be
     created in the target/ subdirectory of the current directory.
 
-    If this process fails, check the build errors, and verify that the
-    contents of your settings.xml file is correct.
-
 4) Extract the .tar.gz file now present in the target/ directory, and
    place the .jar files in the extracted lib/ subdirectory in the library 
    directory specified in guacamole.properties.
diff --git a/extensions/guacamole-auth-mysql/doc/example/settings.xml b/extensions/guacamole-auth-mysql/doc/example/settings.xml
deleted file mode 100644
index d0fb6d5bd..000000000
--- a/extensions/guacamole-auth-mysql/doc/example/settings.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<settings>
-
-    <!-- Profile defining the properties required for a MyBatis build -->
-    <profiles>
-        <profile>
-            <id>guacamole-mybatis</id>
-            <properties>
-                <guacamole.database.catalog>SCHEMA</guacamole.database.catalog>
-                <guacamole.database.schema>DATABASE</guacamole.database.schema>
-                <guacamole.database.user>USER</guacamole.database.user>
-                <guacamole.database.password>PASS</guacamole.database.password>
-            </properties>
-        </profile>
-    </profiles>
-
-    <!-- Activate by default -->
-    <activeProfiles>
-        <activeProfile>guacamole-mybatis</activeProfile>
-    </activeProfiles>
-
-</settings>

From b1ae37adb3360d6371a804d86a7dd167613f55a7 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 00:31:52 -0800
Subject: [PATCH 06/60] GUAC-1101: Add permission model classes and mapper
 interfaces (no corresponding XML, though).

---
 .../mysql/dao/ObjectPermissionMapper.java     |  33 ++++++
 .../net/auth/mysql/dao/PermissionMapper.java  |  73 ++++++++++++
 .../mysql/dao/SystemPermissionMapper.java     |  33 ++++++
 .../mysql/model/ObjectPermissionModel.java    |  91 +++++++++++++++
 .../net/auth/mysql/model/PermissionModel.java | 110 ++++++++++++++++++
 .../mysql/model/SystemPermissionModel.java    |  41 +++++++
 6 files changed, 381 insertions(+)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java
new file mode 100644
index 000000000..8764afba0
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import net.sourceforge.guacamole.net.auth.mysql.model.ObjectPermissionModel;
+
+/**
+ * Mapper for object-related permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissionModel> {
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java
new file mode 100644
index 000000000..fad022fcf
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.Collection;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Generic base for mappers which handle permissions.
+ *
+ * @author Michael Jumper
+ * @param <PermissionType>
+ *     The type of permission model object handled by this mapper.
+ */
+public interface PermissionMapper<PermissionType> {
+
+    /**
+     * Retrieves all permissions associated with the given user.
+     *
+     * @param user
+     *     The user to retrieve permissions for.
+     *
+     * @return
+     *     All permissions associated with the given user.
+     */
+    Collection<PermissionType> select(@Param("user") UserModel user);
+
+    /**
+     * Inserts the given permissions into the database. If any permissions
+     * already exist, they will be ignored.
+     *
+     * @param permissions 
+     *     The permissions to insert.
+     *
+     * @return
+     *     The number of rows inserted.
+     */
+    int insert(@Param("permissions") Collection<PermissionType> permissions);
+
+    /**
+     * Deletes the given permissions from the database. If any permissions do
+     * not exist, they will be ignored.
+     *
+     * @param permissions
+     *     The permissions to delete.
+     *
+     * @return
+     *     The number of rows deleted.
+     */
+    int delete(@Param("permissions") Collection<PermissionType> permissions);
+
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
new file mode 100644
index 000000000..e1ff02019
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
+
+/**
+ * Mapper for system-level permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface SystemPermissionMapper extends PermissionMapper<SystemPermissionModel> {
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java
new file mode 100644
index 000000000..4194e216a
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+
+/**
+ * Object representation of an object-related Guacamole permission, as
+ * represented in the database.
+ *
+ * @author Michael Jumper
+ */
+public class ObjectPermissionModel extends PermissionModel<ObjectPermission.Type> {
+
+    /**
+     * The database ID of the object affected by this permission.
+     */
+    private Integer affectedID;
+
+    /**
+     * The unique identifier of the object affected by this permission.
+     */
+    private String affectedIdentifier;
+
+    /**
+     * Creates a new, empty object permission.
+     */
+    public ObjectPermissionModel() {
+    }
+
+    /**
+     * Returns the database ID of the object affected by this permission.
+     *
+     * @return
+     *     The database ID of the object affected by this permission.
+     */
+    public Integer getAffectedID() {
+        return affectedID;
+    }
+
+    /**
+     * Sets the database ID of the object affected by this permission.
+     *
+     * @param affectedID 
+     *     The database ID of the object affected by this permission.
+     */
+    public void setAffectedID(Integer affectedID) {
+        this.affectedID = affectedID;
+    }
+
+    /**
+     * Returns the unique identifier of the object affected by this permission.
+     *
+     * @return
+     *     The unique identifier of the object affected by this permission.
+     */
+    public String getAffectedIdentifier() {
+        return affectedIdentifier;
+    }
+
+    /**
+     * Sets the unique identifier of the object affected by this permission.
+     *
+     * @param affectedIdentifier 
+     *     The unique identifier of the object affected by this permission.
+     */
+    public void setAffectedIdentifier(String affectedIdentifier) {
+        this.affectedIdentifier = affectedIdentifier;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java
new file mode 100644
index 000000000..d5242b7d5
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+/**
+ * Generic base permission model which grants a permission of a particular type
+ * to a specific user.
+ *
+ * @author Michael Jumper
+ * @param <PermissionType>
+ *     The type of permissions allowed within this model.
+ */
+public abstract class PermissionModel<PermissionType> {
+
+    /**
+     * The database ID of the user to whom this permission is granted.
+     */
+    private Integer userID;
+
+    /**
+     * The username of the user to whom this permission is granted.
+     */
+    private String username;
+
+    /**
+     * The type of action granted by this permission.
+     */
+    private PermissionType type;
+    
+    /**
+     * Returns the database ID of the user to whom this permission is granted.
+     * 
+     * @return
+     *     The database ID of the user to whom this permission is granted.
+     */
+    public Integer getUserID() {
+        return userID;
+    }
+
+    /**
+     * Sets the database ID of the user to whom this permission is granted.
+     *
+     * @param userID
+     *     The database ID of the user to whom this permission is granted.
+     */
+    public void setUserID(Integer userID) {
+        this.userID = userID;
+    }
+
+    /**
+     * Returns the username of the user to whom this permission is granted.
+     * 
+     * @return
+     *     The username of the user to whom this permission is granted.
+     */
+    public String getUsername() {
+        return username;
+    }
+
+    /**
+     * Sets the username of the user to whom this permission is granted.
+     *
+     * @param username
+     *     The username of the user to whom this permission is granted.
+     */
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    /**
+     * Returns the type of action granted by this permission.
+     *
+     * @return
+     *     The type of action granted by this permission.
+     */
+    public PermissionType getType() {
+        return type;
+    }
+
+    /**
+     * Sets the type of action granted by this permission.
+     *
+     * @param type
+     *     The type of action granted by this permission.
+     */
+    public void setType(PermissionType type) {
+        this.type = type;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java
new file mode 100644
index 000000000..712bcab2d
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+
+/**
+ * Object representation of an system-level Guacamole permission, as
+ * represented in the database.
+ *
+ * @author Michael Jumper
+ */
+public class SystemPermissionModel extends PermissionModel<SystemPermission.Type> {
+
+    /**
+     * Creates a new, empty System permission.
+     */
+    public SystemPermissionModel() {
+    }
+
+}

From 57d252c463714c7600cf6ab7802d206a407fb865 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 01:27:38 -0800
Subject: [PATCH 07/60] GUAC-1101: Add permission service classes.

---
 .../service/ObjectPermissionService.java      |  74 +++++++++
 .../auth/mysql/service/PermissionService.java | 156 ++++++++++++++++++
 2 files changed, 230 insertions(+)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
new file mode 100644
index 000000000..e9aa87163
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
+import net.sourceforge.guacamole.net.auth.mysql.dao.PermissionMapper;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.Permission;
+import org.glyptodon.guacamole.net.auth.permission.PermissionSet;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting object permissions.
+ *
+ * @author Michael Jumper
+ * @param <ObjectPermissionType>
+ *     The type of object permission this service provides access to.
+ *
+ * @param <ModelType>
+ *     The underlying model object used to represent PermissionType in the
+ *     database.
+ */
+public abstract class ObjectPermissionService<ObjectPermissionType extends ObjectPermission, ModelType>
+    extends PermissionService<ObjectPermissionType, ModelType> {
+
+    /**
+     * Returns the permission set associated with the given user and related
+     * to the type of objects affected the permissions handled by this
+     * permission service.
+     *
+     * @param user
+     *     The user whose permissions are being retrieved.
+     *
+     * @return
+     *     A permission set which contains the permissions associated with the
+     *     given user and related to the type of objects handled by this
+     *     directory object service.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected abstract PermissionSet<ObjectPermissionType> getAffectedPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException;
+
+    /* TODO: Override create/delete testing permissions for affected objects */
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
new file mode 100644
index 000000000..d5be7d234
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
+import net.sourceforge.guacamole.net.auth.mysql.dao.PermissionMapper;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.net.auth.permission.Permission;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting permissions.
+ *
+ * @author Michael Jumper
+ * @param <PermissionType>
+ *     The type of permission this service provides access to.
+ *
+ * @param <ModelType>
+ *     The underlying model object used to represent PermissionType in the
+ *     database.
+ */
+public abstract class PermissionService<PermissionType extends Permission, ModelType> {
+
+    /**
+     * Returns an instance of a mapper for the type of permission used by this
+     * service.
+     *
+     * @return
+     *     A mapper which provides access to the model objects associated with
+     *     the permissions used by this service.
+     */
+    protected abstract PermissionMapper<ModelType> getPermissionMapper();
+
+    /**
+     * Returns an instance of a permission which is backed by the given model
+     * object.
+     *
+     * @param model
+     *     The model object to use to back the returned permission.
+     *
+     * @return
+     *     A permission which is backed by the given model object.
+     */
+    protected abstract PermissionType getPermissionInstance(ModelType model);
+
+    /**
+     * Returns a collection of permissions which are backed by the models in
+     * the given collection.
+     *
+     * @param models
+     *     The model objects to use to back the permissions within the returned
+     *     set.
+     *
+     * @return
+     *     A set of permissions which are backed by the models in the given
+     *     collection.
+     */
+    protected Set<PermissionType> getPermissionInstances(Collection<ModelType> models) {
+
+        // Create new collection of permissions by manually converting each model
+        Set<PermissionType> permissions = new HashSet<PermissionType>(models.size());
+        for (ModelType model : models)
+            permissions.add(getPermissionInstance(model));
+
+        return permissions;
+        
+    }
+
+    /**
+     * Retrieves all permissions associated with the given user.
+     *
+     * @param user
+     *     The user retrieving the permissions.
+     *
+     * @param targetUser
+     *     The user associated with the permissions to be retrieved.
+     *
+     * @return
+     *     The permissions associated with the given user.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested permissions.
+     */
+    public Set<PermissionType> retrievePermissions(AuthenticatedUser user,
+            MySQLUser targetUser) throws GuacamoleException {
+
+        // Only an admin can read permissions that aren't his own
+        if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
+                || user.getUser().isAdministrator())
+            return getPermissionInstances(getPermissionMapper().select(targetUser.getModel()));
+
+        // User cannot read this user's permissions
+        throw new GuacamoleSecurityException("Permision denied.");
+        
+    }
+
+    /**
+     * Creates the given permissions within the database. If any permissions
+     * already exist, they will be ignored.
+     *
+     * @param user
+     *     The user creating the permissions.
+     *
+     * @param permissions 
+     *     The permissions to create.
+     *
+     * @throws GuacamoleException
+     *     If the user lacks permission to create the permissions, or an error
+     *     occurs while creating the permissions.
+     */
+    public abstract void createPermissions(AuthenticatedUser user,
+            Collection<PermissionType> permissions) throws GuacamoleException;
+
+    /**
+     * Deletes the given permissions. If any permissions do not exist, they
+     * will be ignored.
+     *
+     * @param user
+     *     The user deleting the permissions.
+     *
+     * @param permissions
+     *     The permissions to delete.
+     *
+     * @throws GuacamoleException
+     *     If the user lacks permission to delete the permissions, or an error
+     *     occurs while deleting the permissions.
+     */
+    public abstract void deletePermissions(AuthenticatedUser user,
+            Collection<PermissionType> permissions) throws GuacamoleException;
+
+}

From 2614ba704117569e9019574f19756c102ac36bb3 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 02:19:28 -0800
Subject: [PATCH 08/60] GUAC-1101: Implement/stub retrieval and mapping of
 system permissions.

---
 .../net/auth/mysql/DirectoryObject.java       | 32 ++++++++
 .../mysql/MySQLAuthenticationProvider.java    |  6 +-
 .../guacamole/net/auth/mysql/MySQLUser.java   | 39 ++++++---
 .../mysql/service/DirectoryObjectService.java | 16 +++-
 .../service/SystemPermissionService.java      | 72 +++++++++++++++++
 .../net/auth/mysql/service/UserService.java   | 13 +--
 .../auth/mysql/dao/SystemPermissionMapper.xml | 79 +++++++++++++++++++
 7 files changed, 236 insertions(+), 21 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
index 2f8c44686..836d29f44 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
@@ -36,6 +36,38 @@ import org.glyptodon.guacamole.net.auth.Identifiable;
  */
 public interface DirectoryObject<ModelType> extends Identifiable {
 
+    /**
+     * Initializes this object, associating it with the current authenticated
+     * user and populating it with data from the given model object
+     *
+     * @param currentUser
+     *     The user that created or retrieved this object.
+     *
+     * @param model 
+     *     The backing model object.
+     */
+    public void init(AuthenticatedUser currentUser, ModelType model);
+
+    /**
+     * Returns the user that created or queried this object. This user's
+     * permissions dictate what operations can be performed on or through this
+     * object.
+     *
+     * @return
+     *     The user that created or queried this object.
+     */
+    public AuthenticatedUser getCurrentUser();
+
+    /**
+     * Sets the user that created or queried this object. This user's
+     * permissions dictate what operations can be performed on or through this
+     * object.
+     *
+     * @param currentUser 
+     *     The user that created or queried this object.
+     */
+    public void setCurrentUser(AuthenticatedUser currentUser);
+
     /**
      * Returns the backing model object. Changes to the model object will
      * affect this object, and changes to this object will affect the model
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 10c706c87..68c26ee24 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -29,6 +29,7 @@ import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
+import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
 import org.glyptodon.guacamole.net.auth.Credentials;
@@ -39,6 +40,7 @@ import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionServic
 import net.sourceforge.guacamole.net.auth.mysql.service.SHA256PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SecureRandomSaltService;
+import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
 import org.glyptodon.guacamole.properties.GuacamoleProperties;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
@@ -72,7 +74,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
             // Upon successful authentication, return new user context
             MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
-            context.init(new AuthenticatedUser(user, credentials));
+            context.init(user.getCurrentUser());
             return context;
 
         }
@@ -132,6 +134,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bindTransactionFactoryType(JdbcTransactionFactory.class);
 
                     // Add MyBatis mappers
+                    addMapperClass(SystemPermissionMapper.class);
                     addMapperClass(UserMapper.class);
 
                     // Bind interfaces
@@ -139,6 +142,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bind(MySQLUserContext.class);
                     bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
                     bind(SaltService.class).to(SecureRandomSaltService.class);
+                    bind(SystemPermissionService.class);
                     bind(UserDirectory.class);
                     bind(UserService.class);
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index ce8339d8b..a2e0f2cfb 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -26,6 +26,7 @@ import com.google.inject.Inject;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
 import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
+import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -40,6 +41,12 @@ import org.glyptodon.guacamole.net.auth.simple.SimpleSystemPermissionSet;
  */
 public class MySQLUser implements User, DirectoryObject<UserModel> {
 
+    /**
+     * The user this user belongs to. Access is based on his/her permission
+     * settings.
+     */
+    private AuthenticatedUser currentUser;
+
     /**
      * Service for hashing passwords.
      */
@@ -51,6 +58,12 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
      */
     @Inject
     private SaltService saltService;
+
+    /**
+     * Service for retrieving system permissions.
+     */
+    @Inject
+    private SystemPermissionService systemPermissionService;
     
     /**
      * The internal model object containing the values which represent this
@@ -73,16 +86,20 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     public MySQLUser() {
     }
 
-    /**
-     * Creates a new MySQLUser backed by the given user model object. Changes
-     * to this model object will affect the new MySQLUser even after creation,
-     * and changes to the new MySQLUser will affect this model object.
-     * 
-     * @param userModel
-     *     The user model object to use to back this MySQLUser.
-     */
-    public MySQLUser(UserModel userModel) {
-        this.userModel = userModel;
+    @Override
+    public void init(AuthenticatedUser currentUser, UserModel userModel) {
+        this.currentUser = currentUser;
+        setModel(userModel);
+    }
+
+    @Override
+    public AuthenticatedUser getCurrentUser() {
+        return currentUser;
+    }
+
+    @Override
+    public void setCurrentUser(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
     }
 
     @Override
@@ -147,7 +164,7 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     public SystemPermissionSet getSystemPermissions()
             throws GuacamoleException {
         // STUB
-        return new SimpleSystemPermissionSet();
+        return new SimpleSystemPermissionSet(systemPermissionService.retrievePermissions(getCurrentUser(), this));
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 115756f2f..0965be35b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -62,13 +62,17 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * Returns an instance of an object which is backed by the given model
      * object.
      *
+     * @param currentUser
+     *     The user for whom this object is being created.
+     *
      * @param model
      *     The model object to use to back the returned object.
      *
      * @return
      *     An object which is backed by the given model object.
      */
-    protected abstract ObjectType getObjectInstance(ModelType model);
+    protected abstract ObjectType getObjectInstance(AuthenticatedUser currentUser,
+            ModelType model);
 
     /**
      * Returns whether the given user has permission to create the type of
@@ -109,6 +113,9 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * Returns a collection of objects which are backed by the models in the
      * given collection.
      *
+     * @param currentUser
+     *     The user for whom these objects are being created.
+     *
      * @param models
      *     The model objects to use to back the objects within the returned
      *     collection.
@@ -117,12 +124,13 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *     A collection of objects which are backed by the models in the given
      *     collection.
      */
-    protected Collection<ObjectType> getObjectInstances(Collection<ModelType> models) {
+    protected Collection<ObjectType> getObjectInstances(AuthenticatedUser currentUser,
+            Collection<ModelType> models) {
 
         // Create new collection of objects by manually converting each model
         Collection<ObjectType> objects = new ArrayList<ObjectType>(models.size());
         for (ModelType model : models)
-            objects.add(getObjectInstance(model));
+            objects.add(getObjectInstance(currentUser, model));
 
         return objects;
         
@@ -198,7 +206,7 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
             objects = getObjectMapper().selectReadable(user.getUser().getModel(), identifiers);
         
         // Return collection of requested objects
-        return getObjectInstances(objects);
+        return getObjectInstances(user, objects);
         
     }
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
new file mode 100644
index 000000000..4e0579111
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting system permissions.
+ *
+ * @author Michael Jumper
+ */
+public class SystemPermissionService
+    extends PermissionService<SystemPermission, SystemPermissionModel> {
+
+    /**
+     * Mapper for system-level permissions.
+     */
+    @Inject
+    private SystemPermissionMapper systemPermissionMapper;
+    
+    @Override
+    protected SystemPermissionMapper getPermissionMapper() {
+        return systemPermissionMapper;
+    }
+
+    @Override
+    protected SystemPermission getPermissionInstance(SystemPermissionModel model) {
+        // TODO: Will need an implementation-specific SystemPermission, but this
+        // will suffice for testing
+        return new SystemPermission(model.getType());
+    }
+
+    @Override
+    public void createPermissions(AuthenticatedUser user,
+            Collection<SystemPermission> permissions) throws GuacamoleException {
+        // TODO: Implement, including perm checks
+    }
+
+    @Override
+    public void deletePermissions(AuthenticatedUser user,
+            Collection<SystemPermission> permissions) throws GuacamoleException {
+        // TODO: Implement, including perm checks
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
index 08a80d339..cbd564b1b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
@@ -61,9 +61,10 @@ public class UserService extends DirectoryObjectService<MySQLUser, UserModel> {
     }
 
     @Override
-    protected MySQLUser getObjectInstance(UserModel model) {
+    protected MySQLUser getObjectInstance(AuthenticatedUser currentUser,
+            UserModel model) {
         MySQLUser user = mySQLUserProvider.get();
-        user.setModel(model);
+        user.init(currentUser, model);
         return user;
     }
 
@@ -105,9 +106,11 @@ public class UserService extends DirectoryObjectService<MySQLUser, UserModel> {
         if (userModel == null)
             return null;
 
-        // Return corresponding user
-        return getObjectInstance(userModel);
-        
+        // Return corresponding user, set up cyclic reference
+        MySQLUser user = getObjectInstance(null, userModel);
+        user.setCurrentUser(new AuthenticatedUser(user, credentials));
+        return user;
+
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
new file mode 100644
index 000000000..5e82c2e0f
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper" >
+
+    <!-- Result mapper for system permissions -->
+    <resultMap id="SystemPermissionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
+        <result column="user_id"    property="userID"   jdbcType="INTEGER"/>
+        <result column="username"   property="username" jdbcType="VARCHAR"/>
+        <result column="permission" property="type"     jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.SystemPermission$Type"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="SystemPermissionResultMap">
+
+        SELECT
+            guacamole_system_permission.user_id,
+            username,
+            permission
+        FROM guacamole_system_permission
+        JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_system_permission.user_id = #{user.userID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
+
+        DELETE FROM guacamole_system_permission
+        WHERE (user_id, permission) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
+
+        INSERT INTO guacamole_system_permission (
+            user_id,
+            permission
+        )
+        VALUES
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>
\ No newline at end of file

From e6f3da057bc991add56424756d3c28e8c81d93ac Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 11:08:26 -0800
Subject: [PATCH 09/60] GUAC-1101: Ignore duplicate perms on creation (but
 still warn).

---
 .../guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
index 5e82c2e0f..1164e2b6b 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
@@ -63,7 +63,7 @@
     <!-- Insert all given permissions -->
     <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
 
-        INSERT INTO guacamole_system_permission (
+        INSERT IGNORE INTO guacamole_system_permission (
             user_id,
             permission
         )

From 107367731a828c268e173e16db60768dce4af3ef Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 11:59:26 -0800
Subject: [PATCH 10/60] GUAC-1101: Implement system permission
 creation/deletion.

---
 .../mysql/service/DirectoryObjectService.java | 12 ++-
 .../auth/mysql/service/PermissionService.java | 68 ++++++++++++--
 .../service/SystemPermissionService.java      | 90 +++++++++++++++++--
 3 files changed, 152 insertions(+), 18 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 0965be35b..bb6c6d8bd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -229,8 +229,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
         throws GuacamoleException {
 
         // Only create object if user has permission to do so
-        if (user.getUser().isAdministrator() || hasCreatePermission(user))
+        if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
             getObjectMapper().insert(object.getModel());
+            return;
+        }
 
         // User lacks permission to create 
         throw new GuacamoleSecurityException("Permission denied.");
@@ -259,8 +261,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
         
         // Only delete object if user has permission to do so
         if (user.getUser().isAdministrator()
-                || permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier))
+                || permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier)) {
             getObjectMapper().delete(identifier);
+            return;
+        }
 
         // User lacks permission to delete 
         throw new GuacamoleSecurityException("Permission denied.");
@@ -289,8 +293,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
         
         // Only update object if user has permission to do so
         if (user.getUser().isAdministrator()
-                || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier()))
+                || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier())) {
             getObjectMapper().update(object.getModel());
+            return;
+        }
 
         // User lacks permission to update
         throw new GuacamoleSecurityException("Permission denied.");
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
index d5be7d234..fa4f4d375 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
@@ -22,6 +22,7 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
@@ -57,27 +58,27 @@ public abstract class PermissionService<PermissionType extends Permission, Model
     protected abstract PermissionMapper<ModelType> getPermissionMapper();
 
     /**
-     * Returns an instance of a permission which is backed by the given model
+     * Returns an instance of a permission which is based on the given model
      * object.
      *
      * @param model
-     *     The model object to use to back the returned permission.
+     *     The model object to use to produce the returned permission.
      *
      * @return
-     *     A permission which is backed by the given model object.
+     *     A permission which is based on the given model object.
      */
     protected abstract PermissionType getPermissionInstance(ModelType model);
 
     /**
-     * Returns a collection of permissions which are backed by the models in
+     * Returns a collection of permissions which are based on the models in
      * the given collection.
      *
      * @param models
-     *     The model objects to use to back the permissions within the returned
-     *     set.
+     *     The model objects to use to produce the permissions within the
+     *     returned set.
      *
      * @return
-     *     A set of permissions which are backed by the models in the given
+     *     A set of permissions which are based on the models in the given
      *     collection.
      */
     protected Set<PermissionType> getPermissionInstances(Collection<ModelType> models) {
@@ -91,6 +92,49 @@ public abstract class PermissionService<PermissionType extends Permission, Model
         
     }
 
+    /**
+     * Returns an instance of a model object which is based on the given
+     * permission and target user.
+     *
+     * @param targetUser
+     *     The user to whom this permission is granted.
+     *
+     * @param permission
+     *     The permission to use to produce the returned model object.
+     *
+     * @return
+     *     A model object which is based on the given permission and target
+     *     user.
+     */
+    protected abstract ModelType getModelInstance(MySQLUser targetUser,
+            PermissionType permission);
+    
+    /**
+     * Returns a collection of model objects which are based on the given
+     * permissions and target user.
+     *
+     * @param targetUser
+     *     The user to whom this permission is granted.
+     *
+     * @param permissions
+     *     The permissions to use to produce the returned model objects.
+     *
+     * @return
+     *     A collection of model objects which are based on the given
+     *     permissions and target user.
+     */
+    protected Collection<ModelType> getModelInstances(MySQLUser targetUser,
+            Collection<PermissionType> permissions) {
+
+        // Create new collection of models by manually converting each permission 
+        Collection<ModelType> models = new ArrayList<ModelType>(permissions.size());
+        for (PermissionType permission : permissions)
+            models.add(getModelInstance(targetUser, permission));
+
+        return models;
+
+    }
+    
     /**
      * Retrieves all permissions associated with the given user.
      *
@@ -115,7 +159,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
             return getPermissionInstances(getPermissionMapper().select(targetUser.getModel()));
 
         // User cannot read this user's permissions
-        throw new GuacamoleSecurityException("Permision denied.");
+        throw new GuacamoleSecurityException("Permission denied.");
         
     }
 
@@ -126,6 +170,9 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      * @param user
      *     The user creating the permissions.
      *
+     * @param targetUser
+     *     The user associated with the permissions to be created.
+     *
      * @param permissions 
      *     The permissions to create.
      *
@@ -134,6 +181,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      *     occurs while creating the permissions.
      */
     public abstract void createPermissions(AuthenticatedUser user,
+            MySQLUser targetUser,
             Collection<PermissionType> permissions) throws GuacamoleException;
 
     /**
@@ -143,6 +191,9 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      * @param user
      *     The user deleting the permissions.
      *
+     * @param targetUser
+     *     The user associated with the permissions to be deleted.
+     *
      * @param permissions
      *     The permissions to delete.
      *
@@ -151,6 +202,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
      *     occurs while deleting the permissions.
      */
     public abstract void deletePermissions(AuthenticatedUser user,
+            MySQLUser targetUser,
             Collection<PermissionType> permissions) throws GuacamoleException;
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
index 4e0579111..5680568fd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -25,9 +25,11 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 import com.google.inject.Inject;
 import java.util.Collection;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
 /**
@@ -52,21 +54,95 @@ public class SystemPermissionService
 
     @Override
     protected SystemPermission getPermissionInstance(SystemPermissionModel model) {
-        // TODO: Will need an implementation-specific SystemPermission, but this
-        // will suffice for testing
         return new SystemPermission(model.getType());
     }
 
     @Override
-    public void createPermissions(AuthenticatedUser user,
-            Collection<SystemPermission> permissions) throws GuacamoleException {
-        // TODO: Implement, including perm checks
+    protected SystemPermissionModel getModelInstance(final MySQLUser targetUser,
+            final SystemPermission permission) {
+
+        // Populate and return model object
+        return new SystemPermissionModel() {
+
+            /**
+             * The ID of the user to whom this permission is granted.
+             */
+            private Integer userID = targetUser.getModel().getUserID();
+
+            /**
+             * The username of the user to whom this permission is granted.
+             */
+            private String username = targetUser.getModel().getUsername();
+
+            /**
+             * The type of action granted by this permission.
+             */
+            private SystemPermission.Type type = permission.getType();
+            
+            @Override
+            public Integer getUserID() {
+                return userID;
+            }
+
+            @Override
+            public void setUserID(Integer userID) {
+                this.userID = userID;
+            }
+
+            @Override
+            public String getUsername() {
+                return username;
+            }
+
+            @Override
+            public void setUsername(String username) {
+                this.username = username;
+            }
+
+            @Override
+            public SystemPermission.Type getType() {
+                return type;
+            }
+
+            @Override
+            public void setType(SystemPermission.Type type) {
+                this.type = type;
+            }
+
+        };
+        
     }
 
     @Override
-    public void deletePermissions(AuthenticatedUser user,
+    public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
             Collection<SystemPermission> permissions) throws GuacamoleException {
-        // TODO: Implement, including perm checks
+
+        // Only an admin can create system permissions
+        if (user.getUser().isAdministrator()) {
+            Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
+            systemPermissionMapper.insert(models);
+            return;
+        }
+
+        // User lacks permission to create system permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+        
+    }
+
+    @Override
+    public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
+            Collection<SystemPermission> permissions) throws GuacamoleException {
+
+        // Only an admin can delete system permissions
+        if (user.getUser().isAdministrator()) {
+            Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
+            systemPermissionMapper.delete(models);
+            return;
+        }
+
+        // User lacks permission to delete system permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+        
     }
 
 }

From 479062462057d22f6b56124b15d85140758e0223 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 12:21:24 -0800
Subject: [PATCH 11/60] GUAC-1101: Note the permission-enforcing nature of each
 service.

---
 .../auth/mysql/service/DirectoryObjectService.java    |  3 ++-
 .../auth/mysql/service/ObjectPermissionService.java   | 11 ++---------
 .../net/auth/mysql/service/PermissionService.java     |  3 ++-
 .../auth/mysql/service/SystemPermissionService.java   |  3 ++-
 4 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index bb6c6d8bd..016adb54a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -36,7 +36,8 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
- * manipulating users.
+ * manipulating users. This service will automatically enforce the
+ * permissions of the current user.
  *
  * @author Michael Jumper
  * @param <ObjectType>
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
index e9aa87163..22269b62d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
@@ -22,22 +22,15 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
-import net.sourceforge.guacamole.net.auth.mysql.dao.PermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
-import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
-import org.glyptodon.guacamole.net.auth.permission.Permission;
 import org.glyptodon.guacamole.net.auth.permission.PermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
- * deleting object permissions.
+ * deleting object permissions. This service will automatically enforce the
+ * permissions of the current user.
  *
  * @author Michael Jumper
  * @param <ObjectPermissionType>
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
index fa4f4d375..926db0ee2 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
@@ -35,7 +35,8 @@ import org.glyptodon.guacamole.net.auth.permission.Permission;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
- * deleting permissions.
+ * deleting permissions. This service will automatically enforce the
+ * permissions of the current user.
  *
  * @author Michael Jumper
  * @param <PermissionType>
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
index 5680568fd..ff622197a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -34,7 +34,8 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
- * deleting system permissions.
+ * deleting system permissions. This service will automatically enforce
+ * the permissions of the current user.
  *
  * @author Michael Jumper
  */

From f71e33c39fae01f279735cf8a957396b87ad83d4 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 12:46:37 -0800
Subject: [PATCH 12/60] GUAC-1101: Implement object permission create/delete
 permission checks.

---
 .../service/ObjectPermissionService.java      | 101 +++++++++++++++++-
 1 file changed, 98 insertions(+), 3 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
index 22269b62d..0132e4871 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
@@ -22,10 +22,15 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
-import org.glyptodon.guacamole.net.auth.permission.PermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -59,9 +64,99 @@ public abstract class ObjectPermissionService<ObjectPermissionType extends Objec
      * @throws GuacamoleException
      *     If permission to read the user's permissions is denied.
      */
-    protected abstract PermissionSet<ObjectPermissionType> getAffectedPermissionSet(AuthenticatedUser user)
+    protected abstract ObjectPermissionSet getAffectedPermissionSet(AuthenticatedUser user)
             throws GuacamoleException;
 
-    /* TODO: Override create/delete testing permissions for affected objects */
+    /**
+     * Determines whether the current user has permission to update the given
+     * target user, adding or removing the given permissions. Such permission
+     * depends on whether the current user is a system administrator, whether
+     * they have explicit UPDATE permission on the target user, and whether
+     * they have explicit ADMINISTER permission on all affected objects.
+     *
+     * @param user
+     *     The user who is changing permissions.
+     *
+     * @param targetUser
+     *     The user whose permissions are being changed.
+     *
+     * @param permissions
+     *     The permissions that are being added or removed from the target
+     *     user.
+     *
+     * @return
+     *     true if the user has permission to change the target users
+     *     permissions as specified, false otherwise.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while checking permission status, or if
+     *     permission is denied to read the current user's permissions.
+     */
+    protected boolean canAlterPermissions(AuthenticatedUser user, MySQLUser targetUser,
+            Collection<ObjectPermissionType> permissions)
+            throws GuacamoleException {
+
+        // A system adminstrator can do anything
+        if (user.getUser().isAdministrator())
+            return true;
+        
+        // Verify user has update permission on the target user
+        ObjectPermissionSet userPermissionSet = user.getUser().getUserPermissions();
+        if (!userPermissionSet.hasPermission(ObjectPermission.Type.UPDATE, targetUser.getIdentifier()))
+            return false;
+
+        // Produce collection of affected identifiers
+        Collection<String> affectedIdentifiers = new HashSet(permissions.size());
+        for (ObjectPermissionType permission : permissions)
+            affectedIdentifiers.add(permission.getObjectIdentifier());
+
+        // Determine subset of affected identifiers that we have admin access to
+        ObjectPermissionSet affectedPermissionSet = getAffectedPermissionSet(user);
+        Collection<String> allowedSubset = affectedPermissionSet.getAccessibleObjects(
+            Collections.singleton(ObjectPermission.Type.ADMINISTER),
+            affectedIdentifiers
+        );
+
+        // The permissions can be altered if and only if the set of objects we
+        // are allowed to administer is equal to the set of objects we will be
+        // affecting.
+
+        return affectedIdentifiers.size() == allowedSubset.size();
+        
+    }
+    
+    @Override
+    public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
+            Collection<ObjectPermissionType> permissions)
+            throws GuacamoleException {
+
+        // Create permissions only if user has permission to do so
+        if (canAlterPermissions(user, targetUser, permissions)) {
+            Collection<ModelType> models = getModelInstances(targetUser, permissions);
+            getPermissionMapper().insert(models);
+            return;
+        }
+        
+        // User lacks permission to create object permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+    @Override
+    public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
+            Collection<ObjectPermissionType> permissions)
+            throws GuacamoleException {
+
+        // Delete permissions only if user has permission to do so
+        if (canAlterPermissions(user, targetUser, permissions)) {
+            Collection<ModelType> models = getModelInstances(targetUser, permissions);
+            getPermissionMapper().delete(models);
+            return;
+        }
+        
+        // User lacks permission to delete object permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
 
 }

From 304f7a181de19b36a95463bf0437f46995719de6 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 13 Feb 2015 22:18:41 -0800
Subject: [PATCH 13/60] GUAC-1101: Implement system permission set.

---
 .../mysql/MySQLAuthenticationProvider.java    |   1 +
 .../auth/mysql/MySQLSystemPermissionSet.java  | 119 ++++++++++++++++++
 .../guacamole/net/auth/mysql/MySQLUser.java   |   3 +-
 .../mysql/dao/SystemPermissionMapper.java     |  21 ++++
 .../service/ObjectPermissionService.java      |  15 +--
 .../auth/mysql/service/PermissionService.java |  38 +++++-
 .../service/SystemPermissionService.java      |  59 ++++++++-
 .../auth/mysql/dao/SystemPermissionMapper.xml |  15 +++
 8 files changed, 253 insertions(+), 18 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 68c26ee24..294752ea0 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -140,6 +140,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     // Bind interfaces
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
+                    bind(MySQLSystemPermissionSet.class);
                     bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
                     bind(SaltService.class).to(SecureRandomSaltService.class);
                     bind(SystemPermissionService.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java
new file mode 100644
index 000000000..5343feffb
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import com.google.inject.Inject;
+import java.util.Collections;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+
+/**
+ * A database implementation of SystemPermissionSet which uses an injected
+ * service to query and manipulate the system permissions associated with a
+ * particular user.
+ *
+ * @author Michael Jumper
+ */
+public class MySQLSystemPermissionSet implements SystemPermissionSet {
+
+    /**
+     * The user that queried this permission set. Access is based on his/her
+     * permission settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * The user associated with this permission set. Each of the permissions in
+     * this permission set is granted to this user.
+     */
+    private MySQLUser user;
+
+    /**
+     * Service for reading and manipulating system permissions.
+     */
+    @Inject
+    private SystemPermissionService systemPermissionService;
+    
+    /**
+     * Creates a new MySQLSystemPermissionSet. The resulting permission set
+     * must still be initialized by a call to init(), or the information
+     * necessary to read and modify this set will be missing.
+     */
+    public MySQLSystemPermissionSet() {
+    }
+
+    /**
+     * Initializes this permission set with the current user and the user
+     * to whom the permissions in this set are granted.
+     *
+     * @param currentUser
+     *     The user who queried this permission set, and whose permissions
+     *     dictate the access level of all operations performed on this set.
+     *
+     * @param user
+     *     The user to whom the permissions in this set are granted.
+     */
+    public void init(AuthenticatedUser currentUser, MySQLUser user) {
+        this.currentUser = currentUser;
+        this.user = user;
+    }
+
+    @Override
+    public Set<SystemPermission> getPermissions() throws GuacamoleException {
+        return systemPermissionService.retrievePermissions(currentUser, user);
+    }
+
+    @Override
+    public boolean hasPermission(SystemPermission.Type permission)
+            throws GuacamoleException {
+        return systemPermissionService.retrievePermission(currentUser, user, permission) != null;
+    }
+
+    @Override
+    public void addPermission(SystemPermission.Type permission)
+            throws GuacamoleException {
+        addPermissions(Collections.singleton(new SystemPermission(permission)));
+    }
+
+    @Override
+    public void removePermission(SystemPermission.Type permission)
+            throws GuacamoleException {
+        removePermissions(Collections.singleton(new SystemPermission(permission)));
+    }
+
+    @Override
+    public void addPermissions(Set<SystemPermission> permissions)
+            throws GuacamoleException {
+        systemPermissionService.createPermissions(currentUser, user, permissions);
+    }
+
+    @Override
+    public void removePermissions(Set<SystemPermission> permissions)
+            throws GuacamoleException {
+        systemPermissionService.deletePermissions(currentUser, user, permissions);
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index a2e0f2cfb..fd8d8fa49 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -163,8 +163,7 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     @Override
     public SystemPermissionSet getSystemPermissions()
             throws GuacamoleException {
-        // STUB
-        return new SimpleSystemPermissionSet(systemPermissionService.retrievePermissions(getCurrentUser(), this));
+        return systemPermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
index e1ff02019..8646a3774 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
@@ -23,6 +23,9 @@
 package net.sourceforge.guacamole.net.auth.mysql.dao;
 
 import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.apache.ibatis.annotations.Param;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
 /**
  * Mapper for system-level permissions.
@@ -30,4 +33,22 @@ import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
  * @author Michael Jumper
  */
 public interface SystemPermissionMapper extends PermissionMapper<SystemPermissionModel> {
+
+    /**
+     * Retrieve the permission of the given type associated with the given
+     * user, if it exists. If no such permission exists, null is returned.
+     *
+     * @param user
+     *     The user to retrieve permissions for.
+     * 
+     * @param type
+     *     The type of permission to return.
+     *
+     * @return
+     *     The requested permission, or null if no such permission is granted
+     *     to the given user.
+     */
+    SystemPermissionModel selectOne(@Param("user") UserModel user,
+            @Param("type") SystemPermission.Type type);
+
 }
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
index 0132e4871..9a6290504 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
@@ -38,15 +38,12 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
  * permissions of the current user.
  *
  * @author Michael Jumper
- * @param <ObjectPermissionType>
- *     The type of object permission this service provides access to.
- *
  * @param <ModelType>
  *     The underlying model object used to represent PermissionType in the
  *     database.
  */
-public abstract class ObjectPermissionService<ObjectPermissionType extends ObjectPermission, ModelType>
-    extends PermissionService<ObjectPermissionType, ModelType> {
+public abstract class ObjectPermissionService<ModelType>
+    extends PermissionService<ObjectPermissionSet, ObjectPermission, ModelType> {
 
     /**
      * Returns the permission set associated with the given user and related
@@ -93,7 +90,7 @@ public abstract class ObjectPermissionService<ObjectPermissionType extends Objec
      *     permission is denied to read the current user's permissions.
      */
     protected boolean canAlterPermissions(AuthenticatedUser user, MySQLUser targetUser,
-            Collection<ObjectPermissionType> permissions)
+            Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
         // A system adminstrator can do anything
@@ -107,7 +104,7 @@ public abstract class ObjectPermissionService<ObjectPermissionType extends Objec
 
         // Produce collection of affected identifiers
         Collection<String> affectedIdentifiers = new HashSet(permissions.size());
-        for (ObjectPermissionType permission : permissions)
+        for (ObjectPermission permission : permissions)
             affectedIdentifiers.add(permission.getObjectIdentifier());
 
         // Determine subset of affected identifiers that we have admin access to
@@ -127,7 +124,7 @@ public abstract class ObjectPermissionService<ObjectPermissionType extends Objec
     
     @Override
     public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
-            Collection<ObjectPermissionType> permissions)
+            Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
         // Create permissions only if user has permission to do so
@@ -144,7 +141,7 @@ public abstract class ObjectPermissionService<ObjectPermissionType extends Objec
 
     @Override
     public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
-            Collection<ObjectPermissionType> permissions)
+            Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
         // Delete permissions only if user has permission to do so
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
index 926db0ee2..ef3cf07ca 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
@@ -32,13 +32,18 @@ import net.sourceforge.guacamole.net.auth.mysql.dao.PermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.Permission;
+import org.glyptodon.guacamole.net.auth.permission.PermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
- * deleting permissions. This service will automatically enforce the
- * permissions of the current user.
+ * deleting permissions, and for obtaining the permission sets that contain
+ * these permissions. This service will automatically enforce the permissions
+ * of the current user.
  *
  * @author Michael Jumper
+ * @param <PermissionSetType>
+ *     The type of permission sets this service provides access to.
+ *
  * @param <PermissionType>
  *     The type of permission this service provides access to.
  *
@@ -46,7 +51,8 @@ import org.glyptodon.guacamole.net.auth.permission.Permission;
  *     The underlying model object used to represent PermissionType in the
  *     database.
  */
-public abstract class PermissionService<PermissionType extends Permission, ModelType> {
+public abstract class PermissionService<PermissionSetType extends PermissionSet<PermissionType>,
+        PermissionType extends Permission, ModelType> {
 
     /**
      * Returns an instance of a mapper for the type of permission used by this
@@ -135,7 +141,31 @@ public abstract class PermissionService<PermissionType extends Permission, Model
         return models;
 
     }
-    
+
+    /**
+     * Returns a permission set that can be used to retrieve and manipulate the
+     * permissions of the given user.
+     *
+     * @param user
+     *     The user who will be retrieving or manipulating permissions through
+     *     the returned permission set.
+     *
+     * @param targetUser
+     *     The user to whom the permissions in the returned permission set are
+     *     granted.
+     *
+     * @return
+     *     A permission set that contains all permissions associated with the
+     *     given user, and can be used to manipulate that user's permissions.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the permissions of the given
+     *     user, or if permission to retrieve the permissions of the given
+     *     user is denied.
+     */
+    public abstract PermissionSetType getPermissionSet(AuthenticatedUser user,
+            MySQLUser targetUser) throws GuacamoleException;
+
     /**
      * Retrieves all permissions associated with the given user.
      *
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
index ff622197a..a59e616dd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -23,8 +23,10 @@
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import java.util.Collection;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLSystemPermissionSet;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
@@ -40,19 +42,25 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
  * @author Michael Jumper
  */
 public class SystemPermissionService
-    extends PermissionService<SystemPermission, SystemPermissionModel> {
+    extends PermissionService<MySQLSystemPermissionSet, SystemPermission, SystemPermissionModel> {
 
     /**
      * Mapper for system-level permissions.
      */
     @Inject
     private SystemPermissionMapper systemPermissionMapper;
-    
+
+    /**
+     * Provider for creating system permission sets.
+     */
+    @Inject
+    private Provider<MySQLSystemPermissionSet> systemPermissionSetProvider;
+
     @Override
     protected SystemPermissionMapper getPermissionMapper() {
         return systemPermissionMapper;
     }
-
+    
     @Override
     protected SystemPermission getPermissionInstance(SystemPermissionModel model) {
         return new SystemPermission(model.getType());
@@ -114,6 +122,18 @@ public class SystemPermissionService
         
     }
 
+    @Override
+    public MySQLSystemPermissionSet getPermissionSet(AuthenticatedUser user,
+            MySQLUser targetUser) throws GuacamoleException {
+
+        // Create permission set for requested user
+        MySQLSystemPermissionSet permissionSet = systemPermissionSetProvider.get();
+        permissionSet.init(user, targetUser);
+
+        return permissionSet;
+        
+    }
+    
     @Override
     public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
             Collection<SystemPermission> permissions) throws GuacamoleException {
@@ -146,4 +166,37 @@ public class SystemPermissionService
         
     }
 
+    /**
+     * Retrieves the permission of the given type associated with the given
+     * user, if it exists. If no such permission exists, null is returned.
+     *
+     * @param user
+     *     The user retrieving the permission.
+     *
+     * @param targetUser
+     *     The user associated with the permission to be retrieved.
+     * 
+     * @param type
+     *     The type of permission to retrieve.
+     *
+     * @return
+     *     The permission of the given type associated with the given user, or
+     *     null if no such permission exists.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested permission.
+     */
+    public SystemPermission retrievePermission(AuthenticatedUser user,
+            MySQLUser targetUser, SystemPermission.Type type) throws GuacamoleException {
+
+        // Only an admin can read permissions that aren't his own
+        if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
+                || user.getUser().isAdministrator())
+            return getPermissionInstance(getPermissionMapper().selectOne(targetUser.getModel(), type));
+
+        // User cannot read this user's permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+        
+    }
+
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
index 1164e2b6b..ae80c70be 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
@@ -47,6 +47,21 @@
 
     </select>
 
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="SystemPermissionResultMap">
+
+        SELECT
+            guacamole_system_permission.user_id,
+            username,
+            permission
+        FROM guacamole_system_permission
+        JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_system_permission.user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+
+    </select>
+
     <!-- Delete all given permissions -->
     <delete id="delete" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
 

From 0bf7b975589544d46116af87c57368fea8f6ba54 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 14 Feb 2015 00:11:43 -0800
Subject: [PATCH 14/60] GUAC-1101: User creation permission is sufficient for
 access to management screen.

---
 guacamole/src/main/webapp/app/home/controllers/homeController.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/guacamole/src/main/webapp/app/home/controllers/homeController.js b/guacamole/src/main/webapp/app/home/controllers/homeController.js
index 728b29923..70051971c 100644
--- a/guacamole/src/main/webapp/app/home/controllers/homeController.js
+++ b/guacamole/src/main/webapp/app/home/controllers/homeController.js
@@ -84,6 +84,7 @@ angular.module('home').controller('homeController', ['$scope', '$injector',
 
                 // System permissions
                    PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+                || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER)
                 || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION)
                 || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION_GROUP)
 

From c1ef4bfdd2c544502f4409542fef97d300b5b584 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 14 Feb 2015 00:14:26 -0800
Subject: [PATCH 15/60] GUAC-1101: Fix user creation/deletion. Fix system
 permission modification.

---
 .../guacamole/net/auth/mysql/MySQLUser.java   | 22 +++++--
 .../net/auth/mysql/UserDirectory.java         |  3 +-
 .../mysql/service/DirectoryObjectService.java | 48 ++++++++++----
 .../service/SystemPermissionService.java      | 65 +++++--------------
 .../net/auth/mysql/service/UserService.java   | 19 +++++-
 .../auth/mysql/dao/SystemPermissionMapper.xml |  3 +-
 .../net/auth/mysql/dao/UserMapper.xml         | 12 ++--
 7 files changed, 92 insertions(+), 80 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index fd8d8fa49..2a0cdf377 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -133,14 +133,22 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
 
         // Store plaintext password internally
         this.password = password;
-        
-        // Generate new salt and hash given password using newly-generated salt
-        byte[] salt = saltService.generateSalt();
-        byte[] hash = encryptionService.createPasswordHash(password, salt);
 
-        // Set stored salt and hash
-        userModel.setPasswordSalt(salt);
-        userModel.setPasswordHash(hash);
+        // If no password provided, clear password salt and hash
+        if (password == null) {
+            userModel.setPasswordSalt(null);
+            userModel.setPasswordHash(null);
+        }
+
+        // Otherwise generate new salt and hash given password using newly-generated salt
+        else {
+            byte[] salt = saltService.generateSalt();
+            byte[] hash = encryptionService.createPasswordHash(password, salt);
+
+            // Set stored salt and hash
+            userModel.setPasswordSalt(salt);
+            userModel.setPasswordHash(hash);
+        }
 
     }
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index 3b3e30882..542f5e8d8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -92,8 +92,7 @@ public class UserDirectory implements Directory<User> {
     @Override
     @Transactional
     public void add(User object) throws GuacamoleException {
-        MySQLUser user = (MySQLUser) object;
-        userService.createObject(currentUser, user);
+        userService.createObject(currentUser, object);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 016adb54a..8bbc6b360 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -40,14 +40,20 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
  * permissions of the current user.
  *
  * @author Michael Jumper
- * @param <ObjectType>
- *     The type of object this service provides access to.
+ * @param <InternalType>
+ *     The specific internal implementation of the type of object this service
+ *     provides access to.
+ *
+ * @param <ExternalType>
+ *     The external interface or implementation of the type of object this
+ *     service provides access to, as defined by the guacamole-ext API.
  *
  * @param <ModelType>
- *     The underlying model object used to represent ObjectType in the
+ *     The underlying model object used to represent InternalType in the
  *     database.
  */
-public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<ModelType>, ModelType> {
+public abstract class DirectoryObjectService<InternalType extends DirectoryObject<ModelType>,
+        ExternalType, ModelType> {
 
     /**
      * Returns an instance of a mapper for the type of object used by this
@@ -72,9 +78,25 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * @return
      *     An object which is backed by the given model object.
      */
-    protected abstract ObjectType getObjectInstance(AuthenticatedUser currentUser,
+    protected abstract InternalType getObjectInstance(AuthenticatedUser currentUser,
             ModelType model);
 
+    /**
+     * Returns an instance of a model object which is based on the given
+     * object.
+     *
+     * @param currentUser
+     *     The user for whom this model object is being created.
+     *
+     * @param object 
+     *     The object to use to produce the returned model object.
+     *
+     * @return
+     *     A model object which is based on the given object.
+     */
+    protected abstract ModelType getModelInstance(AuthenticatedUser currentUser,
+            ExternalType object);
+
     /**
      * Returns whether the given user has permission to create the type of
      * objects that this directory object service manages.
@@ -125,11 +147,11 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *     A collection of objects which are backed by the models in the given
      *     collection.
      */
-    protected Collection<ObjectType> getObjectInstances(AuthenticatedUser currentUser,
+    protected Collection<InternalType> getObjectInstances(AuthenticatedUser currentUser,
             Collection<ModelType> models) {
 
         // Create new collection of objects by manually converting each model
-        Collection<ObjectType> objects = new ArrayList<ObjectType>(models.size());
+        Collection<InternalType> objects = new ArrayList<InternalType>(models.size());
         for (ModelType model : models)
             objects.add(getObjectInstance(currentUser, model));
 
@@ -154,11 +176,11 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * @throws GuacamoleException
      *     If an error occurs while retrieving the requested object.
      */
-    public ObjectType retrieveObject(AuthenticatedUser user,
+    public InternalType retrieveObject(AuthenticatedUser user,
             String identifier) throws GuacamoleException {
 
         // Pull objects having given identifier
-        Collection<ObjectType> objects = retrieveObjects(user, Collections.singleton(identifier));
+        Collection<InternalType> objects = retrieveObjects(user, Collections.singleton(identifier));
 
         // If no such object, return null
         if (objects.isEmpty())
@@ -189,7 +211,7 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      * @throws GuacamoleException
      *     If an error occurs while retrieving the requested objects.
      */
-    public Collection<ObjectType> retrieveObjects(AuthenticatedUser user,
+    public Collection<InternalType> retrieveObjects(AuthenticatedUser user,
             Collection<String> identifiers) throws GuacamoleException {
 
         // Do not query if no identifiers given
@@ -226,12 +248,12 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *     If the user lacks permission to create the object, or an error
      *     occurs while creating the object.
      */
-    public void createObject(AuthenticatedUser user, ObjectType object)
+    public void createObject(AuthenticatedUser user, ExternalType object)
         throws GuacamoleException {
 
         // Only create object if user has permission to do so
         if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
-            getObjectMapper().insert(object.getModel());
+            getObjectMapper().insert(getModelInstance(user, object));
             return;
         }
 
@@ -286,7 +308,7 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
      *     If the user lacks permission to update the object, or an error
      *     occurs while updating the object.
      */
-    public void updateObject(AuthenticatedUser user, ObjectType object)
+    public void updateObject(AuthenticatedUser user, InternalType object)
         throws GuacamoleException {
 
         // Get object permissions
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
index a59e616dd..6c025c0d1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -70,55 +70,14 @@ public class SystemPermissionService
     protected SystemPermissionModel getModelInstance(final MySQLUser targetUser,
             final SystemPermission permission) {
 
-        // Populate and return model object
-        return new SystemPermissionModel() {
+        SystemPermissionModel model = new SystemPermissionModel();
 
-            /**
-             * The ID of the user to whom this permission is granted.
-             */
-            private Integer userID = targetUser.getModel().getUserID();
+        // Populate model object with data from user and permission
+        model.setUserID(targetUser.getModel().getUserID());
+        model.setUsername(targetUser.getModel().getUsername());
+        model.setType(permission.getType());
 
-            /**
-             * The username of the user to whom this permission is granted.
-             */
-            private String username = targetUser.getModel().getUsername();
-
-            /**
-             * The type of action granted by this permission.
-             */
-            private SystemPermission.Type type = permission.getType();
-            
-            @Override
-            public Integer getUserID() {
-                return userID;
-            }
-
-            @Override
-            public void setUserID(Integer userID) {
-                this.userID = userID;
-            }
-
-            @Override
-            public String getUsername() {
-                return username;
-            }
-
-            @Override
-            public void setUsername(String username) {
-                this.username = username;
-            }
-
-            @Override
-            public SystemPermission.Type getType() {
-                return type;
-            }
-
-            @Override
-            public void setType(SystemPermission.Type type) {
-                this.type = type;
-            }
-
-        };
+        return model;
         
     }
 
@@ -191,8 +150,16 @@ public class SystemPermissionService
 
         // Only an admin can read permissions that aren't his own
         if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
-                || user.getUser().isAdministrator())
-            return getPermissionInstance(getPermissionMapper().selectOne(targetUser.getModel(), type));
+                || user.getUser().isAdministrator()) {
+
+            // Read permission from database, return null if not found
+            SystemPermissionModel model = getPermissionMapper().selectOne(targetUser.getModel(), type);
+            if (model == null)
+                return null;
+
+            return getPermissionInstance(model);
+
+        }
 
         // User cannot read this user's permissions
         throw new GuacamoleSecurityException("Permission denied.");
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
index cbd564b1b..3d9ae365d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
@@ -31,6 +31,7 @@ import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
@@ -41,7 +42,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class UserService extends DirectoryObjectService<MySQLUser, UserModel> {
+public class UserService extends DirectoryObjectService<MySQLUser, User, UserModel> {
 
     /**
      * Mapper for accessing users.
@@ -68,6 +69,22 @@ public class UserService extends DirectoryObjectService<MySQLUser, UserModel> {
         return user;
     }
 
+    @Override
+    protected UserModel getModelInstance(AuthenticatedUser currentUser,
+            final User object) {
+
+        // Create new MySQLUser backed by blank model
+        UserModel model = new UserModel();
+        MySQLUser user = getObjectInstance(currentUser, model);
+
+        // Set model contents through MySQLUser, copying the provided user
+        user.setIdentifier(object.getIdentifier());
+        user.setPassword(object.getPassword());
+
+        return model;
+        
+    }
+
     @Override
     protected boolean hasCreatePermission(AuthenticatedUser user)
             throws GuacamoleException {
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
index ae80c70be..8b8e0f8eb 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
@@ -83,8 +83,7 @@
             permission
         )
         VALUES
-            <foreach collection="permissions" item="permission"
-                     open="(" separator="," close=")">
+            <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR})
             </foreach>
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
index 32fa591fc..fe149f1ac 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
@@ -115,9 +115,9 @@
             password_salt
         )
         VALUES (
-            #{username,jdbcType=VARCHAR},
-            #{passwordHash,jdbcType=BINARY},
-            #{passwordSalt,jdbcType=BINARY}
+            #{object.username,jdbcType=VARCHAR},
+            #{object.passwordHash,jdbcType=BINARY},
+            #{object.passwordSalt,jdbcType=BINARY}
         )
 
         <selectKey resultType="java.lang.Integer" keyProperty="userID" order="AFTER">
@@ -129,9 +129,9 @@
     <!-- Update single user -->
     <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
         UPDATE guacamole_user
-        SET password_hash = #{passwordHash,jdbcType=BINARY},
-            password_salt = #{passwordSalt,jdbcType=BINARY}
-        WHERE user_id = #{userID,jdbcType=VARCHAR}
+        SET password_hash = #{object.passwordHash,jdbcType=BINARY},
+            password_salt = #{object.passwordSalt,jdbcType=BINARY}
+        WHERE user_id = #{object.userID,jdbcType=VARCHAR}
     </update>
 
 </mapper>
\ No newline at end of file

From c406ceb33140b060816419cd1d8cc23254daa5a5 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 14 Feb 2015 00:15:55 -0800
Subject: [PATCH 16/60] GUAC-1101: Add note regarding missing permission
 creation.

---
 .../guacamole/net/auth/mysql/service/DirectoryObjectService.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 8bbc6b360..b512d7562 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -254,6 +254,7 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
         // Only create object if user has permission to do so
         if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
             getObjectMapper().insert(getModelInstance(user, object));
+            // FIXME: Insert implicit object permissions, too.
             return;
         }
 

From 9c161c9fc6580bbefe2b0dd57a7c345d79729c8c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sun, 15 Feb 2015 14:06:20 -0800
Subject: [PATCH 17/60] GUAC-1101: Allow implementations to validate objects
 prior to create/update.

---
 .../mysql/service/DirectoryObjectService.java | 60 +++++++++++++++++++
 .../net/auth/mysql/service/UserService.java   | 41 +++++++++++++
 2 files changed, 101 insertions(+)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index b512d7562..8afef0220 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -159,6 +159,55 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
         
     }
 
+    /**
+     * Returns whether the given object is valid and can be created as-is. The
+     * object does not yet exist in the database, but the user desires to
+     * create a new object with the given values. This function will be called
+     * prior to any creation operation, and provides a means for the
+     * implementation to abort prior to completion. The default implementation
+     * does nothing.
+     *
+     * @param user
+     *     The user creating the object.
+     *
+     * @param object
+     *     The object to validate.
+     *
+     * @throws GuacamoleException
+     *     If the object is invalid, or an error prevents validating the given
+     *     object.
+     */
+    protected void validateNewObject(AuthenticatedUser user,
+            ExternalType object) throws GuacamoleException {
+
+        // By default, do nothing.
+
+    }
+
+    /**
+     * Returns whether the given object is valid and can updated as-is. The
+     * object already exists in the database, but the user desires to update
+     * the object to the given values. This function will be called prior to
+     * update operation, and provides a means for the implementation to abort
+     * prior to completion. The default implementation does nothing.
+     *
+     * @param user
+     *     The user updating the existing object.
+     *
+     * @param object 
+     *     The object to validate.
+     *
+     * @throws GuacamoleException
+     *     If the object is invalid, or an error prevents validating the given
+     *     object.
+     */
+    protected void validateExistingObject(AuthenticatedUser user,
+            InternalType object) throws GuacamoleException {
+
+        // By default, do nothing.
+
+    }
+
     /**
      * Retrieves the single object that has the given identifier, if it exists
      * and the user has permission to read it.
@@ -253,7 +302,13 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
 
         // Only create object if user has permission to do so
         if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
+
+            // Validate object prior to creation
+            validateNewObject(user, object);
+
+            // Create object
             getObjectMapper().insert(getModelInstance(user, object));
+
             // FIXME: Insert implicit object permissions, too.
             return;
         }
@@ -318,6 +373,11 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
         // Only update object if user has permission to do so
         if (user.getUser().isAdministrator()
                 || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier())) {
+
+            // Validate object prior to creation
+            validateExistingObject(user, object);
+
+            // Update object
             getObjectMapper().update(object.getModel());
             return;
         }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
index 3d9ae365d..008db8480 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
@@ -24,12 +24,15 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import java.util.Collection;
+import java.util.Collections;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -104,6 +107,44 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
 
     }
 
+    @Override
+    protected void validateNewObject(AuthenticatedUser user, User object)
+            throws GuacamoleException {
+
+        // Username must not be blank
+        if (object.getIdentifier().trim().isEmpty())
+            throw new GuacamoleClientException("The username must not be blank.");
+        
+        // Do not create duplicate users
+        Collection<UserModel> existing = userMapper.select(Collections.singleton(object.getIdentifier()));
+        if (!existing.isEmpty())
+            throw new GuacamoleClientException("User \"" + object.getIdentifier() + "\" already exists.");
+
+    }
+
+    @Override
+    protected void validateExistingObject(AuthenticatedUser user,
+            MySQLUser object) throws GuacamoleException {
+
+        // Username must not be blank
+        if (object.getIdentifier().trim().isEmpty())
+            throw new GuacamoleClientException("The username must not be blank.");
+        
+        // Check whether such a user is already present
+        MySQLUser existing = retrieveObject(user, object.getIdentifier());
+        if (existing != null) {
+
+            UserModel existingModel = existing.getModel();
+            UserModel updatedModel = object.getModel();
+
+            // Do not rename to existing user
+            if (!existingModel.getUserID().equals(updatedModel.getUserID()))
+                throw new GuacamoleClientException("User \"" + object.getIdentifier() + "\" already exists.");
+            
+        }
+        
+    }
+
     /**
      * Retrieves the user corresponding to the given credentials from the
      * database.

From f78281e3c83687e89c212d1cd412e6153c3cb089 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 23 Feb 2015 13:23:33 -0800
Subject: [PATCH 18/60] GUAC-1101: Migrate to recent API changes on
 batch-directory branch.

---
 .../net/auth/mysql/MySQLUserContext.java      | 21 ++++++++++++++++---
 .../net/auth/mysql/UserDirectory.java         |  6 ------
 2 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index c756fc4b1..6de6b66bf 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -26,6 +26,7 @@ package net.sourceforge.guacamole.net.auth.mysql;
 import com.google.inject.Inject;
 import java.util.Collections;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
@@ -73,12 +74,26 @@ public class MySQLUserContext implements UserContext {
         return userDirectory;
     }
 
+    @Override
+    public Directory<Connection> getConnectionDirectory() throws GuacamoleException {
+        /* STUB */
+        return new SimpleConnectionDirectory(Collections.EMPTY_LIST);
+    }
+
+    @Override
+    public Directory<ConnectionGroup> getConnectionGroupDirectory() throws GuacamoleException {
+        /* STUB */
+        return new SimpleConnectionGroupDirectory(Collections.EMPTY_LIST);
+    }
+
     @Override
     public ConnectionGroup getRootConnectionGroup() throws GuacamoleException {
         /* STUB */
-        return new SimpleConnectionGroup("ROOT", "ROOT",
-            new SimpleConnectionDirectory(Collections.EMPTY_MAP),
-            new SimpleConnectionGroupDirectory(Collections.EMPTY_LIST)
+        return new SimpleConnectionGroup(
+            MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
+            MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
+            Collections.EMPTY_LIST,
+            Collections.EMPTY_LIST
         );
     }
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index 542f5e8d8..406d33747 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -65,12 +65,6 @@ public class UserDirectory implements Directory<User> {
         this.currentUser = currentUser;
     }
     
-    @Override
-    public void move(String identifier, Directory<User> groupIdentifier) 
-            throws GuacamoleException {
-        throw new GuacamoleSecurityException("Permission denied.");
-    }
-
     @Override
     public User get(String identifier) throws GuacamoleException {
         return userService.retrieveObject(currentUser, identifier);

From 85e84b6d3e045320475c1704608373e89764f81c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 23 Feb 2015 15:12:56 -0800
Subject: [PATCH 19/60] GUAC-1101: Map connections (but not parameters or
 history). Add ConnectionDirectory.

---
 .../net/auth/mysql/ConnectionDirectory.java   | 104 ++++++++++++
 .../mysql/MySQLAuthenticationProvider.java    |   6 +
 .../net/auth/mysql/MySQLConnection.java       | 155 ++++++++++++++++++
 .../net/auth/mysql/MySQLUserContext.java      |  17 +-
 .../net/auth/mysql/dao/ConnectionMapper.java  |  75 +++++++++
 .../net/auth/mysql/model/ConnectionModel.java | 145 ++++++++++++++++
 .../auth/mysql/service/ConnectionService.java | 133 +++++++++++++++
 .../net/auth/mysql/dao/ConnectionMapper.xml   | 145 ++++++++++++++++
 8 files changed, 776 insertions(+), 4 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
new file mode 100644
index 000000000..a7cff5617
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.Directory;
+import org.mybatis.guice.transactional.Transactional;
+
+/**
+ * A MySQL based implementation of the Connection Directory.
+ *
+ * @author James Muehlner
+ * @author Michael Jumper
+ */
+public class ConnectionDirectory implements Directory<Connection> {
+
+    /**
+     * The user this user directory belongs to. Access is based on his/her
+     * permission settings.
+     */
+    private AuthenticatedUser currentUser;
+    
+    /**
+     * Service for managing connection objects.
+     */
+    @Inject
+    private ConnectionService connectionService;
+
+    /**
+     * Set the user for this directory.
+     *
+     * @param currentUser
+     *     The user whose permissions define the visibility of connections in
+     *     this directory.
+     */
+    public void init(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+    
+    @Override
+    public Connection get(String identifier) throws GuacamoleException {
+        return connectionService.retrieveObject(currentUser, identifier);
+    }
+
+    @Override
+    @Transactional
+    public Collection<Connection> getAll(Collection<String> identifiers) throws GuacamoleException {
+        Collection<MySQLConnection> objects = connectionService.retrieveObjects(currentUser, identifiers);
+        return Collections.<Connection>unmodifiableCollection(objects);
+    }
+
+    @Override
+    @Transactional
+    public Set<String> getIdentifiers() throws GuacamoleException {
+        return connectionService.getIdentifiers(currentUser);
+    }
+
+    @Override
+    @Transactional
+    public void add(Connection object) throws GuacamoleException {
+        connectionService.createObject(currentUser, object);
+    }
+
+    @Override
+    @Transactional
+    public void update(Connection object) throws GuacamoleException {
+        MySQLConnection connection = (MySQLConnection) object;
+        connectionService.updateObject(currentUser, connection);
+    }
+
+    @Override
+    @Transactional
+    public void remove(String identifier) throws GuacamoleException {
+        connectionService.deleteObject(currentUser, identifier);
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 294752ea0..7d19cfe9a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -29,6 +29,7 @@ import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
@@ -36,6 +37,7 @@ import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.UserContext;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SHA256PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
@@ -134,10 +136,14 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bindTransactionFactoryType(JdbcTransactionFactory.class);
 
                     // Add MyBatis mappers
+                    addMapperClass(ConnectionMapper.class);
                     addMapperClass(SystemPermissionMapper.class);
                     addMapperClass(UserMapper.class);
 
                     // Bind interfaces
+                    bind(ConnectionDirectory.class);
+                    bind(ConnectionService.class);
+                    bind(MySQLConnection.class);
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
                     bind(MySQLSystemPermissionSet.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
new file mode 100644
index 000000000..177517805
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import java.util.Collections;
+import java.util.List;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleUnsupportedException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionRecord;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
+
+/**
+ * A MySQL based implementation of the Connection object.
+ * @author James Muehlner
+ */
+public class MySQLConnection implements Connection, DirectoryObject<ConnectionModel> {
+
+    /**
+     * The user this connection belongs to. Access is based on his/her permission
+     * settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * The internal model object containing the values which represent this
+     * connection in the database.
+     */
+    private ConnectionModel connectionModel;
+
+    /**
+     * Creates a new, empty MySQLConnection.
+     */
+    public MySQLConnection() {
+    }
+
+    @Override
+    public void init(AuthenticatedUser currentUser, ConnectionModel connectionModel) {
+        this.currentUser = currentUser;
+        setModel(connectionModel);
+    }
+
+    @Override
+    public AuthenticatedUser getCurrentUser() {
+        return currentUser;
+    }
+
+    @Override
+    public void setCurrentUser(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+
+    @Override
+    public ConnectionModel getModel() {
+        return connectionModel;
+    }
+
+    @Override
+    public void setModel(ConnectionModel userModel) {
+        this.connectionModel = userModel;
+    }
+
+    @Override
+    public String getIdentifier() {
+        return connectionModel.getIdentifier();
+    }
+
+    @Override
+    public void setIdentifier(String identifier) {
+        connectionModel.setIdentifier(identifier);
+    }
+
+    @Override
+    public String getName() {
+        return connectionModel.getName();
+    }
+
+    @Override
+    public void setName(String name) {
+        connectionModel.setName(name);
+    }
+
+    @Override
+    public String getParentIdentifier() {
+        return connectionModel.getParentIdentifier();
+    }
+
+    @Override
+    public void setParentIdentifier(String parentIdentifier) {
+        connectionModel.setParentID(parentIdentifier);
+    }
+
+    @Override
+    public GuacamoleConfiguration getConfiguration() {
+
+        GuacamoleConfiguration config = new GuacamoleConfiguration();
+        config.setProtocol(connectionModel.getProtocol());
+
+        /* FIXME: Set parameters, if available */
+
+        return config;
+        
+    }
+
+    @Override
+    public void setConfiguration(GuacamoleConfiguration config) {
+
+        /* FIXME: Set parameters, if available */
+
+        connectionModel.setProtocol(config.getProtocol());
+        
+    }
+
+    @Override
+    public List<? extends ConnectionRecord> getHistory() throws GuacamoleException {
+        /* STUB */
+        return Collections.EMPTY_LIST;
+    }
+
+    @Override
+    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
+        /* STUB */
+        throw new GuacamoleUnsupportedException("STUB - connecting not implemented at the moment");
+    }
+
+    @Override
+    public int getActiveConnections() {
+        /* STUB */
+        return 0;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index 6de6b66bf..60353bcce 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -31,7 +31,6 @@ import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
-import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionDirectory;
 import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroup;
 import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroupDirectory;
 
@@ -52,6 +51,13 @@ public class MySQLUserContext implements UserContext {
      */
     @Inject
     private UserDirectory userDirectory;
+ 
+    /**
+     * Connection directory restricted by the permissions of the user
+     * associated with this context.
+     */
+    @Inject
+    private ConnectionDirectory connectionDirectory;
     
     /**
      * Initializes the user and directories associated with this context.
@@ -60,8 +66,12 @@ public class MySQLUserContext implements UserContext {
      *     The user owning this context.
      */
     public void init(AuthenticatedUser currentUser) {
+
         this.currentUser = currentUser;
+
         userDirectory.init(currentUser);
+        connectionDirectory.init(currentUser);
+
     }
 
     @Override
@@ -76,14 +86,13 @@ public class MySQLUserContext implements UserContext {
 
     @Override
     public Directory<Connection> getConnectionDirectory() throws GuacamoleException {
-        /* STUB */
-        return new SimpleConnectionDirectory(Collections.EMPTY_LIST);
+        return connectionDirectory;
     }
 
     @Override
     public Directory<ConnectionGroup> getConnectionGroupDirectory() throws GuacamoleException {
         /* STUB */
-        return new SimpleConnectionGroupDirectory(Collections.EMPTY_LIST);
+        return new SimpleConnectionGroupDirectory(Collections.singleton(getRootConnectionGroup()));
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
new file mode 100644
index 000000000..4890361aa
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for connection objects.
+ *
+ * @author Michael Jumper
+ */
+public interface ConnectionMapper extends DirectoryObjectMapper<ConnectionModel> {
+
+    /**
+     * Selects the identifiers of all connections within the given parent
+     * connection group, regardless of whether they are readable by any
+     * particular user. This should only be called on behalf of a system
+     * administrator. If identifiers are needed by a non-administrative user
+     * who must have explicit read rights, use
+     * selectReadableIdentifiersWithin() instead.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the root
+     *     connection group is to be queried.
+     *
+     * @return
+     *     A Set containing all identifiers of all objects.
+     */
+    Set<String> selectIdentifiersWithin(@Param("parentIdentifier") String parentIdentifier);
+    
+    /**
+     * Selects the identifiers of all connections within the given parent
+     * connection group that are explicitly readable by the given user. If
+     * identifiers are needed by a system administrator (who, by definition,
+     * does not need explicit read rights), use selectIdentifiersWithin()
+     * instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether an identifier
+     *    is returned.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the root
+     *     connection group is to be queried.
+     *
+     * @return
+     *     A Set containing all identifiers of all readable objects.
+     */
+    Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
+            @Param("parentIdentifier") String parentIdentifier);
+    
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
new file mode 100644
index 000000000..e65258a24
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+/**
+ * Object representation of a Guacamole connection, as represented in the
+ * database.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionModel {
+
+    /**
+     * The identifier of this connection in the database, if any.
+     */
+    private String identifier;
+
+    /**
+     * The identifier of the parent connection group in the database, or null
+     * if the parent connection group is the root group.
+     */
+    private String parentIdentifier;
+    
+    /**
+     * The human-readable name associated with this connection.
+     */
+    private String name;
+
+    /**
+     * The name of the protocol to use when connecting to this connection.
+     */
+    private String protocol;
+    
+    /**
+     * Creates a new, empty connection.
+     */
+    public ConnectionModel() {
+    }
+
+    /**
+     * Returns the name associated with this connection.
+     *
+     * @return
+     *     The name associated with this connection.
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Sets the name associated with this connection.
+     *
+     * @param name
+     *     The name to associate with this connection.
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Returns the name of the protocol to use when connecting to this
+     * connection.
+     *
+     * @return
+     *     The name of the protocol to use when connecting to this connection.
+     */
+    public String getProtocol() {
+        return protocol;
+    }
+
+    /**
+     * Sets the name of the protocol to use when connecting to this connection.
+     *
+     * @param protocol
+     *     The name of the protocol to use when connecting to this connection.
+     */
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    /**
+     * Returns the identifier of the parent connection group, or null if the
+     * parent connection group is the root connection group.
+     *
+     * @return 
+     *     The identifier of the parent connection group, or null if the parent
+     *     connection group is the root connection group.
+     */
+    public String getParentIdentifier() {
+        return parentIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the parent connection group.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the parent
+     *     connection group is the root connection group.
+     */
+    public void setParentID(String parentIdentifier) {
+        this.parentIdentifier = parentIdentifier;
+    }
+
+    /**
+     * Returns the identifier of this connection in the database, if it exists.
+     *
+     * @return
+     *     The identifier of this connection in the database, or null if this
+     *     connection was not retrieved from the database.
+     */
+    public String getIdentifier() {
+        return identifier;
+    }
+
+    /**
+     * Sets the identifier of this connection to the given value.
+     *
+     * @param identifier 
+     *     The identifier to assign to this connection.
+     */
+    public void setIdentifier(String identifier) {
+        this.identifier = identifier;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
new file mode 100644
index 000000000..4ddd9578f
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import org.glyptodon.guacamole.GuacamoleClientException;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating connections.
+ *
+ * @author Michael Jumper, James Muehlner
+ */
+public class ConnectionService extends DirectoryObjectService<MySQLConnection, Connection, ConnectionModel> {
+
+    /**
+     * Mapper for accessing connections.
+     */
+    @Inject
+    private ConnectionMapper connectionMapper;
+
+    /**
+     * Provider for creating connections.
+     */
+    @Inject
+    private Provider<MySQLConnection> mySQLConnectionProvider;
+
+    @Override
+    protected DirectoryObjectMapper<ConnectionModel> getObjectMapper() {
+        return connectionMapper;
+    }
+
+    @Override
+    protected MySQLConnection getObjectInstance(AuthenticatedUser currentUser,
+            ConnectionModel model) {
+        MySQLConnection connection = mySQLConnectionProvider.get();
+        connection.init(currentUser, model);
+        return connection;
+    }
+
+    @Override
+    protected ConnectionModel getModelInstance(AuthenticatedUser currentUser,
+            final Connection object) {
+
+        // Create new MySQLConnection backed by blank model
+        ConnectionModel model = new ConnectionModel();
+        MySQLConnection connection = getObjectInstance(currentUser, model);
+
+        // Set model contents through MySQLConnection, copying the provided connection
+        connection.setIdentifier(object.getIdentifier());
+        connection.setParentIdentifier(object.getParentIdentifier());
+        connection.setName(object.getName());
+        connection.setConfiguration(object.getConfiguration());
+
+        return model;
+        
+    }
+
+    @Override
+    protected boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return whether user has explicit user creation permission
+        SystemPermissionSet permissionSet = user.getUser().getSystemPermissions();
+        return permissionSet.hasPermission(SystemPermission.Type.CREATE_CONNECTION);
+
+    }
+
+    @Override
+    protected ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return permissions related to connections 
+        return user.getUser().getConnectionPermissions();
+
+    }
+
+    @Override
+    protected void validateNewObject(AuthenticatedUser user, Connection object)
+            throws GuacamoleException {
+
+        // Name must not be blank
+        if (object.getIdentifier().trim().isEmpty())
+            throw new GuacamoleClientException("Connection names must not be blank.");
+        
+        // FIXME: Do not attempt to create duplicate connections
+
+    }
+
+    @Override
+    protected void validateExistingObject(AuthenticatedUser user,
+            MySQLConnection object) throws GuacamoleException {
+
+        // Name must not be blank
+        if (object.getIdentifier().trim().isEmpty())
+            throw new GuacamoleClientException("Connection names must not be blank.");
+        
+        // FIXME: Check whether such a connection is already present
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
new file mode 100644
index 000000000..21b992427
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper" >
+
+    <!-- Result mapper for connection objects -->
+    <resultMap id="ConnectionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel" >
+        <id     column="connection_id" property="identifier"       jdbcType="INTEGER"/>
+        <result column="name"          property="name"             jdbcType="VARCHAR"/>
+        <result column="parent_id"     property="parentIdentifier" jdbcType="INTEGER"/>
+        <result column="protocol"      property="protocol"         jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all connection identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT connection_id 
+        FROM guacamole_connection
+    </select>
+
+    <!-- Select identifiers of all readable connections -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT connection_id
+        FROM guacamole_connection_permission
+        WHERE
+            user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all connection identifiers within a particular connection group -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT connection_id 
+        FROM guacamole_connection
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+    </select>
+
+    <!-- Select identifiers of all readable connections within a particular connection group -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT guacamole_connection.connection_id
+        FROM guacamole_connection
+        JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple connections by identifier -->
+    <select id="select" resultMap="ConnectionResultMap">
+
+        SELECT
+            connection_id,
+            name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        WHERE connection_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple connections by identifier only if readable -->
+    <select id="selectReadable" resultMap="ConnectionResultMap">
+
+        SELECT
+            guacamole_connection.connection_id,
+            name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
+        WHERE guacamole_connection.connection_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND user_id = #{user.userID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Delete single connection by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection
+        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single connection -->
+    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+
+        INSERT INTO guacamole_connection (
+            name,
+            parent_id,
+            protocol 
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.protocol,jdbcType=VARCHAR}
+        )
+
+        <selectKey resultType="java.lang.String" keyProperty="identifier" order="AFTER">
+            SELECT LAST_INSERT_ID()
+        </selectKey>
+
+    </insert>
+
+    <!-- Update single connection -->
+    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+        UPDATE guacamole_connection
+        SET name      = #{object.name,jdbcType=VARCHAR},
+            parent_id = #{object.parentIdentifier,jdbcType=VARCHAR},
+            protocol  = #{object.protocol,jdbcType=VARCHAR}
+        WHERE connection_id = #{object.identifier,jdbcType=VARCHAR}
+    </update>
+
+</mapper>
\ No newline at end of file

From 9316689cff5f51f83b42a1626b9f99fe7a61e9eb Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 23 Feb 2015 15:40:08 -0800
Subject: [PATCH 20/60] GUAC-1101: Implement root connection group.

---
 .../mysql/MySQLAuthenticationProvider.java    |   1 +
 .../auth/mysql/MySQLRootConnectionGroup.java  | 135 ++++++++++++++++++
 .../net/auth/mysql/MySQLUserContext.java      |  23 +--
 .../auth/mysql/service/ConnectionService.java |  27 ++++
 4 files changed, 178 insertions(+), 8 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 7d19cfe9a..52487acb8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -146,6 +146,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bind(MySQLConnection.class);
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
+                    bind(MySQLRootConnectionGroup.class);
                     bind(MySQLSystemPermissionSet.class);
                     bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
                     bind(SaltService.class).to(SecureRandomSaltService.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
new file mode 100644
index 000000000..167b71414
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import com.google.inject.Inject;
+import java.util.Collections;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+
+/**
+ * The root connection group, here represented as its own dedicated object as
+ * the database does not contain an actual root group.
+ *
+ * @author Michael Jumper
+ */
+public class MySQLRootConnectionGroup implements ConnectionGroup {
+
+    /**
+     * The user this group belongs to. Access is based on his/her permission
+     * settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * Service for managing connection objects.
+     */
+    @Inject
+    private ConnectionService connectionService;
+    
+    /**
+     * Creates a new, empty MySQLRootConnectionGroup.
+     */
+    public MySQLRootConnectionGroup() {
+    }
+
+    /**
+     * Initializes this root connection group, associating it with the current
+     * authenticated user.
+     *
+     * @param currentUser
+     *     The user that created or retrieved this object.
+     */
+    public void init(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+
+    @Override
+    public String getName() {
+        return MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER;
+    }
+
+    @Override
+    public void setName(String name) {
+        throw new UnsupportedOperationException("The root connection group cannot be modified.");
+    }
+
+    @Override
+    public String getParentIdentifier() {
+        return null;
+    }
+
+    @Override
+    public void setParentIdentifier(String parentIdentifier) {
+        throw new UnsupportedOperationException("The root connection group cannot be modified.");
+    }
+
+    @Override
+    public Type getType() {
+        return ConnectionGroup.Type.ORGANIZATIONAL;
+    }
+
+    @Override
+    public void setType(Type type) {
+        throw new UnsupportedOperationException("The root connection group cannot be modified.");
+    }
+
+    @Override
+    public Set<String> getConnectionIdentifiers() throws GuacamoleException {
+        return connectionService.getRootIdentifiers(currentUser);
+    }
+
+    @Override
+    public Set<String> getConnectionGroupIdentifiers()
+            throws GuacamoleException {
+        /* STUB */
+        return Collections.EMPTY_SET;
+    }
+
+    @Override
+    public String getIdentifier() {
+        return MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER;
+    }
+
+    @Override
+    public void setIdentifier(String identifier) {
+        throw new UnsupportedOperationException("The root connection group cannot be modified.");
+    }
+
+    @Override
+    public GuacamoleSocket connect(GuacamoleClientInformation info)
+            throws GuacamoleException {
+        throw new GuacamoleSecurityException("Permission denied.");
+    }
+
+    @Override
+    public int getActiveConnections() {
+        return 0;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index 60353bcce..c5877d592 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -24,6 +24,7 @@ package net.sourceforge.guacamole.net.auth.mysql;
 
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import java.util.Collections;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.Connection;
@@ -58,7 +59,13 @@ public class MySQLUserContext implements UserContext {
      */
     @Inject
     private ConnectionDirectory connectionDirectory;
-    
+
+    /**
+     * Provider for creating the root group.
+     */
+    @Inject
+    private Provider<MySQLRootConnectionGroup> rootGroupProvider;
+
     /**
      * Initializes the user and directories associated with this context.
      *
@@ -69,6 +76,7 @@ public class MySQLUserContext implements UserContext {
 
         this.currentUser = currentUser;
 
+        // Init directories
         userDirectory.init(currentUser);
         connectionDirectory.init(currentUser);
 
@@ -97,13 +105,12 @@ public class MySQLUserContext implements UserContext {
 
     @Override
     public ConnectionGroup getRootConnectionGroup() throws GuacamoleException {
-        /* STUB */
-        return new SimpleConnectionGroup(
-            MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
-            MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, 
-            Collections.EMPTY_LIST,
-            Collections.EMPTY_LIST
-        );
+
+        // Build and return a root group for the current user
+        MySQLRootConnectionGroup rootGroup = rootGroupProvider.get();
+        rootGroup.init(currentUser);
+        return rootGroup;
+
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index 4ddd9578f..a5bd28d28 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -24,6 +24,7 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import java.util.Set;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
@@ -130,4 +131,30 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
         
     }
 
+    /**
+     * Returns the set of all identifiers for all connections within the root
+     * connection group that the user has read access to.
+     *
+     * @param user
+     *     The user retrieving the identifiers.
+     *
+     * @return
+     *     The set of all identifiers for all connections in the root
+     *     connection group that the user has read access to.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while reading identifiers.
+     */
+    public Set<String> getRootIdentifiers(AuthenticatedUser user) throws GuacamoleException {
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            return connectionMapper.selectIdentifiersWithin(null);
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            return connectionMapper.selectReadableIdentifiersWithin(user.getUser().getModel(), null);
+
+    }
+
 }

From 0e4507f3d112697781d266863a1a315ad2ee88a8 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 23 Feb 2015 15:53:48 -0800
Subject: [PATCH 21/60] GUAC-1101: The connection name is stored in
 "connection_name", not "name".

---
 .../net/auth/mysql/dao/ConnectionMapper.xml   | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
index 21b992427..75e4c4c44 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
@@ -28,10 +28,10 @@
 
     <!-- Result mapper for connection objects -->
     <resultMap id="ConnectionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel" >
-        <id     column="connection_id" property="identifier"       jdbcType="INTEGER"/>
-        <result column="name"          property="name"             jdbcType="VARCHAR"/>
-        <result column="parent_id"     property="parentIdentifier" jdbcType="INTEGER"/>
-        <result column="protocol"      property="protocol"         jdbcType="VARCHAR"/>
+        <id     column="connection_id"   property="identifier"       jdbcType="INTEGER"/>
+        <result column="connection_name" property="name"             jdbcType="VARCHAR"/>
+        <result column="parent_id"       property="parentIdentifier" jdbcType="INTEGER"/>
+        <result column="protocol"        property="protocol"         jdbcType="VARCHAR"/>
     </resultMap>
 
     <!-- Select all connection identifiers -->
@@ -75,7 +75,7 @@
 
         SELECT
             connection_id,
-            name,
+            connection_name,
             parent_id,
             protocol 
         FROM guacamole_connection
@@ -92,7 +92,7 @@
 
         SELECT
             guacamole_connection.connection_id,
-            name,
+            connection_name,
             parent_id,
             protocol 
         FROM guacamole_connection
@@ -117,7 +117,7 @@
     <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
 
         INSERT INTO guacamole_connection (
-            name,
+            connection_name,
             parent_id,
             protocol 
         )
@@ -136,9 +136,9 @@
     <!-- Update single connection -->
     <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
         UPDATE guacamole_connection
-        SET name      = #{object.name,jdbcType=VARCHAR},
-            parent_id = #{object.parentIdentifier,jdbcType=VARCHAR},
-            protocol  = #{object.protocol,jdbcType=VARCHAR}
+        SET connection_name = #{object.name,jdbcType=VARCHAR},
+            parent_id       = #{object.parentIdentifier,jdbcType=VARCHAR},
+            protocol        = #{object.protocol,jdbcType=VARCHAR}
         WHERE connection_id = #{object.identifier,jdbcType=VARCHAR}
     </update>
 

From ee3f817bbd568677cbb2b298dda6444163bc59b8 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 23 Feb 2015 15:54:20 -0800
Subject: [PATCH 22/60] GUAC-1101: Properly translate to/from NULL parent using
 the root identifier.

---
 .../net/auth/mysql/MySQLConnection.java          | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index 177517805..57a2a5fc9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -105,12 +105,26 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
     @Override
     public String getParentIdentifier() {
-        return connectionModel.getParentIdentifier();
+
+        // Translate null parent to proper identifier
+        String parentIdentifier = connectionModel.getParentIdentifier();
+        if (parentIdentifier == null)
+            return MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER;
+
+        return parentIdentifier;
+        
     }
 
     @Override
     public void setParentIdentifier(String parentIdentifier) {
+
+        // Translate root identifier back into null
+        if (parentIdentifier != null
+                && parentIdentifier.equals(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER))
+            parentIdentifier = null;
+
         connectionModel.setParentID(parentIdentifier);
+
     }
 
     @Override

From 925687fc909de930c025214fe1d2c5a891253f7b Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 12:18:15 -0800
Subject: [PATCH 23/60] GUAC-1101: Add permission check upon connect. Move
 connection stub into connection service. Add hasObjectPermission() utility
 function.

---
 .../net/auth/mysql/MySQLConnection.java       | 12 +++--
 .../auth/mysql/service/ConnectionService.java | 41 +++++++++++++++++
 .../mysql/service/DirectoryObjectService.java | 45 ++++++++++++++-----
 3 files changed, 85 insertions(+), 13 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index 57a2a5fc9..aa33e0b68 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -22,11 +22,12 @@
 
 package net.sourceforge.guacamole.net.auth.mysql;
 
+import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.List;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.GuacamoleUnsupportedException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -51,6 +52,12 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
      */
     private ConnectionModel connectionModel;
 
+    /**
+     * Service for managing connections.
+     */
+    @Inject
+    private ConnectionService connectionService;
+    
     /**
      * Creates a new, empty MySQLConnection.
      */
@@ -156,8 +163,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
     @Override
     public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
-        /* STUB */
-        throw new GuacamoleUnsupportedException("STUB - connecting not implemented at the moment");
+        return connectionService.connect(currentUser, this, info);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index a5bd28d28..fe73f6145 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -32,10 +32,15 @@ import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.GuacamoleUnsupportedException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -157,4 +162,40 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
 
     }
 
+    /**
+     * Connects to the given connection as the given user, using the given
+     * client information. If the user does not have permission to read the
+     * connection, permission will be denied.
+     *
+     * @param user
+     *     The user connecting to the connection.
+     *
+     * @param connection
+     *     The connection being connected to.
+     *
+     * @param info
+     *     Information associated with the connecting client.
+     *
+     * @return
+     *     A connected GuacamoleSocket associated with a newly-established
+     *     connection.
+     *
+     * @throws GuacamoleException
+     *     If permission to connect to this connection is denied.
+     */
+    public GuacamoleSocket connect(AuthenticatedUser user,
+            MySQLConnection connection, GuacamoleClientInformation info)
+            throws GuacamoleException {
+
+        // Connect only if READ permission is granted
+        if (hasObjectPermission(user, connection.getIdentifier(), ObjectPermission.Type.READ)) {
+            // STUB
+            throw new GuacamoleUnsupportedException("STUB - connecting not implemented at the moment");
+        }
+
+        // The user does not have permission to connect
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+    
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 8afef0220..6d5ebdac7 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -114,6 +114,39 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
     protected abstract boolean hasCreatePermission(AuthenticatedUser user)
             throws GuacamoleException;
 
+    /**
+     * Returns whether the given user has permission to perform a certain
+     * action on a specific object managed by this directory object service.
+     *
+     * @param user
+     *     The user being checked.
+     *
+     * @param identifier
+     *     The identifier of the object to check.
+     *
+     * @param type
+     *     The type of action that will be performed.
+     *
+     * @return
+     *     true if the user has object permission relevant described, false
+     *     otherwise.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected boolean hasObjectPermission(AuthenticatedUser user,
+            String identifier, ObjectPermission.Type type)
+            throws GuacamoleException {
+
+        // Get object permissions
+        ObjectPermissionSet permissionSet = getPermissionSet(user);
+        
+        // Return whether permission is granted
+        return user.getUser().isAdministrator()
+            || permissionSet.hasPermission(type, identifier);
+
+    }
+ 
     /**
      * Returns the permission set associated with the given user and related
      * to the type of objects handled by this directory object service.
@@ -335,12 +368,8 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
     public void deleteObject(AuthenticatedUser user, String identifier)
         throws GuacamoleException {
 
-        // Get object permissions
-        ObjectPermissionSet permissionSet = getPermissionSet(user);
-        
         // Only delete object if user has permission to do so
-        if (user.getUser().isAdministrator()
-                || permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier)) {
+        if (hasObjectPermission(user, identifier, ObjectPermission.Type.DELETE)) {
             getObjectMapper().delete(identifier);
             return;
         }
@@ -367,12 +396,8 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
     public void updateObject(AuthenticatedUser user, InternalType object)
         throws GuacamoleException {
 
-        // Get object permissions
-        ObjectPermissionSet permissionSet = getPermissionSet(user);
-        
         // Only update object if user has permission to do so
-        if (user.getUser().isAdministrator()
-                || permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier())) {
+        if (hasObjectPermission(user, object.getIdentifier(), ObjectPermission.Type.UPDATE)) {
 
             // Validate object prior to creation
             validateExistingObject(user, object);

From 5f8e67cddbb7d97c30c74ac7a9378d311b6c60fa Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 15:05:59 -0800
Subject: [PATCH 24/60] GUAC-1101: Map parameters. Implement connect() on
 connection.

---
 .../mysql/MySQLAuthenticationProvider.java    |  26 +++--
 .../net/auth/mysql/dao/ParameterMapper.java   |  51 +++++++++
 .../net/auth/mysql/model/ParameterModel.java  | 107 ++++++++++++++++++
 .../auth/mysql/service/ConnectionService.java |  48 +++++++-
 .../net/auth/mysql/dao/ParameterMapper.xml    |  47 ++++++++
 5 files changed, 267 insertions(+), 12 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 52487acb8..975e42bee 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -30,6 +30,7 @@ import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
@@ -46,6 +47,8 @@ import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
 import org.glyptodon.guacamole.properties.GuacamoleProperties;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
+import org.glyptodon.guacamole.environment.Environment;
+import org.glyptodon.guacamole.environment.LocalEnvironment;
 import org.mybatis.guice.MyBatisModule;
 import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
 import org.mybatis.guice.datasource.helper.JdbcHelper;
@@ -96,16 +99,19 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
      */
     public MySQLAuthenticationProvider() throws GuacamoleException {
 
+        // Get local environment
+        final Environment environment = new LocalEnvironment();
+        
         final Properties myBatisProperties = new Properties();
         final Properties driverProperties = new Properties();
 
         // Set the mysql properties for MyBatis.
         myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
-        myBatisProperties.setProperty("JDBC.host", GuacamoleProperties.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_HOSTNAME));
-        myBatisProperties.setProperty("JDBC.port", String.valueOf(GuacamoleProperties.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PORT)));
-        myBatisProperties.setProperty("JDBC.schema", GuacamoleProperties.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE));
-        myBatisProperties.setProperty("JDBC.username", GuacamoleProperties.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME));
-        myBatisProperties.setProperty("JDBC.password", GuacamoleProperties.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD));
+        myBatisProperties.setProperty("JDBC.host", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_HOSTNAME));
+        myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PORT)));
+        myBatisProperties.setProperty("JDBC.schema", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE));
+        myBatisProperties.setProperty("JDBC.username", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME));
+        myBatisProperties.setProperty("JDBC.password", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD));
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
         myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
@@ -137,21 +143,25 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
                     // Add MyBatis mappers
                     addMapperClass(ConnectionMapper.class);
+                    addMapperClass(ParameterMapper.class);
                     addMapperClass(SystemPermissionMapper.class);
                     addMapperClass(UserMapper.class);
 
-                    // Bind interfaces
+                    // Bind core implementations of guacamole-ext classes
+                    bind(Environment.class).toInstance(environment);
                     bind(ConnectionDirectory.class);
-                    bind(ConnectionService.class);
                     bind(MySQLConnection.class);
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
                     bind(MySQLRootConnectionGroup.class);
                     bind(MySQLSystemPermissionSet.class);
+                    bind(UserDirectory.class);
+
+                    // Bind services
+                    bind(ConnectionService.class);
                     bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
                     bind(SaltService.class).to(SecureRandomSaltService.class);
                     bind(SystemPermissionService.class);
-                    bind(UserDirectory.class);
                     bind(UserService.class);
 
                 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
new file mode 100644
index 000000000..9e40608c3
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.Collection;
+import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for connection parameter objects.
+ *
+ * @author Michael Jumper
+ */
+public interface ParameterMapper {
+
+    /**
+     * Returns a collection of all parameters associated with the connection
+     * having the given identifier.
+     *
+     * @param identifier
+     *     The identifier of the connection whose parameters are to be
+     *     retrieved.
+     *
+     * @return
+     *     A collection of all parameters associated with the connection
+     *     having the given identifier. This collection will be empty if no
+     *     such connection exists.
+     */
+    Collection<ParameterModel> select(@Param("identifier") String identifier);
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java
new file mode 100644
index 000000000..6764269c5
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java
@@ -0,0 +1,107 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+/**
+ * A single parameter name/value pair belonging to a connection.
+ *
+ * @author Michael Jumper
+ */
+public class ParameterModel {
+
+    /**
+     * The identifier of the connection associated with this parameter.
+     */
+    private String connectionIdentifier;
+
+    /**
+     * The name of the parameter.
+     */
+    private String name;
+
+    /**
+     * The value the parameter is set to.
+     */
+    private String value;
+
+    /**
+     * Returns the identifier of the connection associated with this parameter.
+     *
+     * @return
+     *     The identifier of the connection associated with this parameter.
+     */
+    public String getConnectionIdentifier() {
+        return connectionIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the connection associated with this parameter.
+     *
+     * @param connectionIdentifier
+     *     The identifier of the connection to associate with this parameter.
+     */
+    public void setConnectionIdentifier(String connectionIdentifier) {
+        this.connectionIdentifier = connectionIdentifier;
+    }
+
+    /**
+     * Returns the name of this parameter.
+     *
+     * @return
+     *     The name of this parameter.
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Sets the name of this parameter.
+     *
+     * @param name
+     *     The name of this parameter.
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Returns the value of this parameter.
+     *
+     * @return
+     *     The value of this parameter.
+     */
+    public String getValue() {
+        return value;
+    }
+
+    /**
+     * Sets the value of this parameter.
+     *
+     * @param value
+     *     The value of this parameter.
+     */
+    public void setValue(String value) {
+        this.value = value;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index fe73f6145..ecc450b99 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -24,23 +24,29 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import java.util.Collection;
 import java.util.Set;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
-import org.glyptodon.guacamole.GuacamoleUnsupportedException;
+import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.InetGuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -50,12 +56,24 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  */
 public class ConnectionService extends DirectoryObjectService<MySQLConnection, Connection, ConnectionModel> {
 
+    /**
+     * The environment of the Guacamole server.
+     */
+    @Inject
+    private Environment environment;
+    
     /**
      * Mapper for accessing connections.
      */
     @Inject
     private ConnectionMapper connectionMapper;
 
+    /**
+     * Mapper for accessing connection parameters.
+     */
+    @Inject
+    private ParameterMapper parameterMapper;
+
     /**
      * Provider for creating connections.
      */
@@ -187,10 +205,32 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
             MySQLConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
+        String identifier = connection.getIdentifier();
+        
         // Connect only if READ permission is granted
-        if (hasObjectPermission(user, connection.getIdentifier(), ObjectPermission.Type.READ)) {
-            // STUB
-            throw new GuacamoleUnsupportedException("STUB - connecting not implemented at the moment");
+        if (hasObjectPermission(user, identifier, ObjectPermission.Type.READ)) {
+
+            // Generate configuration from available data
+            GuacamoleConfiguration config = new GuacamoleConfiguration();
+
+            // Set protocol from connection
+            ConnectionModel model = connection.getModel();
+            config.setProtocol(model.getProtocol());
+
+            // Set parameters from associated data
+            Collection<ParameterModel> parameters = parameterMapper.select(identifier);
+            for (ParameterModel parameter : parameters)
+                config.setParameter(parameter.getName(), parameter.getValue());
+
+            // Return new socket
+            return new ConfiguredGuacamoleSocket(
+                new InetGuacamoleSocket(
+                    environment.getRequiredProperty(Environment.GUACD_HOSTNAME),
+                    environment.getRequiredProperty(Environment.GUACD_PORT)
+                ),
+                config
+            );
+
         }
 
         // The user does not have permission to connect
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
new file mode 100644
index 000000000..05d48b54a
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper">
+
+    <!-- Result mapper for connection parameters -->
+    <resultMap id="ParameterResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel">
+        <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
+        <result column="parameter_name"  property="name"                 jdbcType="VARCHAR"/>
+        <result column="parameter_value" property="value"                jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all parameters of a given connection -->
+    <select id="select" resultMap="ParameterResultMap">
+        SELECT
+            connection_id,
+            parameter_name,
+            parameter_value
+        FROM guacamole_connection_parameter
+        WHERE
+            connection_id = #{identifier,jdbcType=VARCHAR}
+    </select>
+
+</mapper>
\ No newline at end of file

From 14ebda6b37a2125f3bd689112636fcb795a0ab64 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 17:11:28 -0800
Subject: [PATCH 25/60] GUAC-1101: Remove unnecessary import.

---
 .../java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java | 1 -
 1 file changed, 1 deletion(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index 2a0cdf377..aaa3b817f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -33,7 +33,6 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
 import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
-import org.glyptodon.guacamole.net.auth.simple.SimpleSystemPermissionSet;
 
 /**
  * A MySQL based implementation of the User object.

From e584447a6973ec24aefa0fae57eef6dc5d00b5dd Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 17:29:39 -0800
Subject: [PATCH 26/60] GUAC-1101: Load connection parameters upon request.

---
 .../mysql/MySQLAuthenticationProvider.java    |   2 +-
 .../net/auth/mysql/MySQLConnection.java       |  33 +++--
 .../mysql/MySQLGuacamoleConfiguration.java    | 131 ++++++++++++++++++
 .../auth/mysql/service/ConnectionService.java |  35 +++++
 4 files changed, 192 insertions(+), 9 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 975e42bee..c2e75c7fa 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -45,7 +45,6 @@ import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SecureRandomSaltService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
-import org.glyptodon.guacamole.properties.GuacamoleProperties;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.environment.LocalEnvironment;
@@ -151,6 +150,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bind(Environment.class).toInstance(environment);
                     bind(ConnectionDirectory.class);
                     bind(MySQLConnection.class);
+                    bind(MySQLGuacamoleConfiguration.class);
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
                     bind(MySQLRootConnectionGroup.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index aa33e0b68..d1d713ae5 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -23,6 +23,7 @@
 package net.sourceforge.guacamole.net.auth.mysql;
 
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import java.util.Collections;
 import java.util.List;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
@@ -57,6 +58,17 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
      */
     @Inject
     private ConnectionService connectionService;
+
+    /**
+     * Provider for lazy-loaded, permission-controlled configurations.
+     */
+    @Inject
+    private Provider<MySQLGuacamoleConfiguration> configProvider;
+    
+    /**
+     * The manually-set GuacamoleConfiguration, if any.
+     */
+    private GuacamoleConfiguration config = null;
     
     /**
      * Creates a new, empty MySQLConnection.
@@ -86,8 +98,9 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
     }
 
     @Override
-    public void setModel(ConnectionModel userModel) {
-        this.connectionModel = userModel;
+    public void setModel(ConnectionModel connectionModel) {
+        this.connectionModel = connectionModel;
+        this.config = null;
     }
 
     @Override
@@ -137,20 +150,24 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
     @Override
     public GuacamoleConfiguration getConfiguration() {
 
-        GuacamoleConfiguration config = new GuacamoleConfiguration();
-        config.setProtocol(connectionModel.getProtocol());
+        // If configuration has been manually set, return that
+        if (config != null)
+            return config;
 
-        /* FIXME: Set parameters, if available */
+        // Otherwise, return permission-controlled configuration
+        MySQLGuacamoleConfiguration restrictedConfig = configProvider.get();
+        restrictedConfig.init(currentUser, connectionModel);
+        return restrictedConfig;
 
-        return config;
-        
     }
 
     @Override
     public void setConfiguration(GuacamoleConfiguration config) {
 
-        /* FIXME: Set parameters, if available */
+        // Store manually-set configuration internally
+        this.config = config;
 
+        // Update model
         connectionModel.setProtocol(config.getProtocol());
         
     }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
new file mode 100644
index 000000000..487615874
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import com.google.inject.Inject;
+import java.util.Map;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
+
+/**
+ * Implementation of GuacamoleConfiguration which loads parameter values only
+ * if necessary, and only if allowed.
+ *
+ * @author Michael Jumper
+ */
+public class MySQLGuacamoleConfiguration extends GuacamoleConfiguration {
+
+    /**
+     * The user this configuration belongs to. Access is based on his/her
+     * permission settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * The internal model object containing the values which represent the
+     * connection associated with this configuration.
+     */
+    private ConnectionModel connectionModel;
+
+    /**
+     * Service for managing connection parameters.
+     */
+    @Inject
+    private ConnectionService connectionService;
+
+    /**
+     * The manually-set parameter map, if any.
+     */
+    private Map<String, String> parameters = null;
+    
+    /**
+     * Creates a new, empty MySQLGuacamoleConfiguration.
+     */
+    public MySQLGuacamoleConfiguration() {
+    }
+
+    /**
+     * Initializes this configuration, associating it with the current
+     * authenticated user and populating it with data from the given model
+     * object.
+     *
+     * @param currentUser
+     *     The user that created or retrieved this configuration.
+     *
+     * @param connectionModel 
+     *     The model object backing this configuration.
+     */
+    public void init(AuthenticatedUser currentUser, ConnectionModel connectionModel) {
+        this.currentUser = currentUser;
+        this.connectionModel = connectionModel;
+    }
+
+    @Override
+    public String getConnectionID() {
+        return connectionModel.getIdentifier();
+    }
+
+    @Override
+    public void setConnectionID(String connectionID) {
+        throw new UnsupportedOperationException("The ID of this GuacamoleConfiguration is immutable.");
+    }
+
+    @Override
+    public String getProtocol() {
+        return connectionModel.getProtocol();
+    }
+
+    @Override
+    public void setProtocol(String protocol) {
+        super.setProtocol(protocol);
+        connectionModel.setProtocol(protocol);
+    }
+
+
+    @Override
+    public void setParameters(Map<String, String> parameters) {
+        this.parameters = parameters;
+        super.setParameters(parameters);
+    }
+
+    @Override
+    public Map<String, String> getParameters() {
+
+        // Retrieve visible parameters, if not overridden by setParameters()
+        if (parameters == null) {
+
+            // Retrieve all visible parameters
+            Map<String, String> visibleParameters =
+                    connectionService.retrieveParameters(currentUser, connectionModel.getIdentifier());
+
+            // Use retrieved parameters to back future operations
+            super.setParameters(visibleParameters);
+
+        }
+
+        return super.getParameters();
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index ecc450b99..bcfe38404 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -25,6 +25,8 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Set;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
@@ -180,6 +182,39 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
 
     }
 
+    /**
+     * Retrieves all parameters visible to the given user and associated with
+     * the connection having the given identifier. If the given user has no
+     * access to such parameters, or no such connection exists, the returned
+     * map will be empty.
+     *
+     * @param user
+     *     The user retrieving connection parameters.
+     *
+     * @param identifier
+     *     The identifier of the connection whose parameters are being
+     *     retrieved.
+     *
+     * @return
+     *     A new map of all parameter name/value pairs that the given user has
+     *     access to.
+     */
+    public Map<String, String> retrieveParameters(AuthenticatedUser user,
+            String identifier) {
+
+        // FIXME: Check permissions
+        
+        Map<String, String> parameterMap = new HashMap<String, String>();
+
+        // Convert associated parameters to map
+        Collection<ParameterModel> parameters = parameterMapper.select(identifier);
+        for (ParameterModel parameter : parameters)
+            parameterMap.put(parameter.getName(), parameter.getValue());
+
+        return parameterMap;
+
+    }
+    
     /**
      * Connects to the given connection as the given user, using the given
      * client information. If the user does not have permission to read the

From 1430c9ce3ab67ae359dc4ba3273d1617e6b8cd9e Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 17:44:09 -0800
Subject: [PATCH 27/60] GUAC-1101: Test permissions prior to retrieving
 connection parameters.

---
 .../auth/mysql/service/ConnectionService.java | 24 ++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index bcfe38404..4bab4d194 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -25,6 +25,7 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@@ -202,14 +203,25 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     public Map<String, String> retrieveParameters(AuthenticatedUser user,
             String identifier) {
 
-        // FIXME: Check permissions
-        
         Map<String, String> parameterMap = new HashMap<String, String>();
 
-        // Convert associated parameters to map
-        Collection<ParameterModel> parameters = parameterMapper.select(identifier);
-        for (ParameterModel parameter : parameters)
-            parameterMap.put(parameter.getName(), parameter.getValue());
+        // Determine whether we have permission to read parameters
+        boolean canRetrieveParameters;
+        try {
+            canRetrieveParameters = hasObjectPermission(user, identifier,
+                    ObjectPermission.Type.UPDATE);
+        }
+
+        // Provide empty (but mutable) map if unable to check permissions
+        catch (GuacamoleException e) {
+            return parameterMap;
+        }
+
+        // Populate parameter map if we have permission to do so
+        if (canRetrieveParameters) {
+            for (ParameterModel parameter : parameterMapper.select(identifier))
+                parameterMap.put(parameter.getName(), parameter.getValue());
+        }
 
         return parameterMap;
 

From a797dd8a45698901a6b33ae9d85f595fe93c5405 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 17:47:48 -0800
Subject: [PATCH 28/60] GUAC-1101: The connection ID is _NOT_ the connection
 identifier. It's the unique ID assigned by guacd for the sake of screen
 sharing.

---
 .../net/auth/mysql/MySQLGuacamoleConfiguration.java    | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
index 487615874..9f837928f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
@@ -81,16 +81,6 @@ public class MySQLGuacamoleConfiguration extends GuacamoleConfiguration {
         this.connectionModel = connectionModel;
     }
 
-    @Override
-    public String getConnectionID() {
-        return connectionModel.getIdentifier();
-    }
-
-    @Override
-    public void setConnectionID(String connectionID) {
-        throw new UnsupportedOperationException("The ID of this GuacamoleConfiguration is immutable.");
-    }
-
     @Override
     public String getProtocol() {
         return connectionModel.getProtocol();

From 0c528f00eb81181c0357f7314e78ba219a955d1f Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 18:01:26 -0800
Subject: [PATCH 29/60] GUAC-1101: Remove need for old MySQLConstants.

---
 .../net/auth/mysql/MySQLConnection.java       |   4 +-
 .../net/auth/mysql/MySQLConstants.java        | 265 ------------------
 .../auth/mysql/MySQLRootConnectionGroup.java  |  18 +-
 3 files changed, 18 insertions(+), 269 deletions(-)
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index d1d713ae5..ffb5d0c90 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -129,7 +129,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
         // Translate null parent to proper identifier
         String parentIdentifier = connectionModel.getParentIdentifier();
         if (parentIdentifier == null)
-            return MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER;
+            return MySQLRootConnectionGroup.IDENTIFIER;
 
         return parentIdentifier;
         
@@ -140,7 +140,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
         // Translate root identifier back into null
         if (parentIdentifier != null
-                && parentIdentifier.equals(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER))
+                && parentIdentifier.equals(MySQLRootConnectionGroup.IDENTIFIER))
             parentIdentifier = null;
 
         connectionModel.setParentID(parentIdentifier);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java
deleted file mode 100644
index 532c49f29..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java
+++ /dev/null
@@ -1,265 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-import org.glyptodon.guacamole.net.auth.ConnectionGroup;
-import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
-import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
-
-
-/**
- * A set of constants that are useful for the MySQL-based authentication provider.
- * @author James Muehlner
- */
-public final class MySQLConstants {
-
-    /**
-     * This class should not be instantiated.
-     */
-    private MySQLConstants() {}
-
-    /**
-     * The string stored in the database to represent READ access to a user.
-     */
-    public static final String USER_READ = "READ";
-
-    /**
-     * The string stored in the database to represent UPDATE access to a user.
-     */
-    public static final String USER_UPDATE = "UPDATE";
-
-    /**
-     * The string stored in the database to represent DELETE access to a user.
-     */
-    public static final String USER_DELETE = "DELETE";
-
-    /**
-     * The string stored in the database to represent ADMINISTER access to a
-     * user.
-     */
-    public static final String USER_ADMINISTER = "ADMINISTER";
-
-    /**
-     * The string stored in the database to represent READ access to a
-     * connection.
-     */
-    public static final String CONNECTION_READ = "READ";
-
-    /**
-     * The string stored in the database to represent UPDATE access to a
-     * connection.
-     */
-    public static final String CONNECTION_UPDATE = "UPDATE";
-
-    /**
-     * The string stored in the database to represent DELETE access to a
-     * connection.
-     */
-    public static final String CONNECTION_DELETE = "DELETE";
-
-    /**
-     * The string stored in the database to represent ADMINISTER access to a
-     * connection.
-     */
-    public static final String CONNECTION_ADMINISTER = "ADMINISTER";
-
-    /**
-     * The string stored in the database to represent READ access to a
-     * connection.
-     */
-    public static final String CONNECTION_GROUP_READ = "READ";
-
-    /**
-     * The string stored in the database to represent UPDATE access to a
-     * connection group.
-     */
-    public static final String CONNECTION_GROUP_UPDATE = "UPDATE";
-
-    /**
-     * The string stored in the database to represent DELETE access to a
-     * connection group.
-     */
-    public static final String CONNECTION_GROUP_DELETE = "DELETE";
-
-    /**
-     * The string stored in the database to represent ADMINISTER access to a
-     * connection group.
-     */
-    public static final String CONNECTION_GROUP_ADMINISTER = "ADMINISTER";
-
-    /**
-     * The string stored in the database to represent a BALANCING
-     * connection group.
-     */
-    public static final String CONNECTION_GROUP_BALANCING = "BALANCING";
-
-    /**
-     * The string stored in the database to represent an ORGANIZATIONAL
-     * connection group.
-     */
-    public static final String CONNECTION_GROUP_ORGANIZATIONAL = 
-            "ORGANIZATIONAL";
-    
-    /**
-     * The identifier used to mark the root connection group.
-     */
-    public static final String CONNECTION_GROUP_ROOT_IDENTIFIER = "ROOT";
-
-    /**
-     * The string stored in the database to represent permission to create
-     * users.
-     */
-    public static final String SYSTEM_USER_CREATE = "CREATE_USER";
-
-    /**
-     * The string stored in the database to represent permission to create
-     * connections.
-     */
-    public static final String SYSTEM_CONNECTION_CREATE = "CREATE_CONNECTION";
-
-    /**
-     * The string stored in the database to represent permission to create
-     * connection groups.
-     */
-    public static final String SYSTEM_CONNECTION_GROUP_CREATE = "CREATE_CONNECTION_GROUP";
-
-    /**
-     * The string stored in the database to represent permission to administer
-     * the system as a whole.
-     */
-    public static final String SYSTEM_ADMINISTER = "ADMINISTER";
-
-    /**
-     * Given the type of a permission affecting a user, returns the MySQL
-     * constant representing that permission type.
-     *
-     * @param type The type of permission to look up.
-     * @return The MySQL constant corresponding to the given permission type.
-     */
-    public static String getUserConstant(ObjectPermission.Type type) {
-
-        // Convert permission type to MySQL constant
-        switch (type) {
-            case READ:       return USER_READ;
-            case UPDATE:     return USER_UPDATE;
-            case ADMINISTER: return USER_ADMINISTER;
-            case DELETE:     return USER_DELETE;
-        }
-
-        // If we get here, permission support was not properly implemented
-        throw new UnsupportedOperationException(
-            "Unsupported permission type: " + type);
-
-    }
-
-    /**
-     * Given the type of a permission affecting a connection, returns the MySQL
-     * constant representing that permission type.
-     *
-     * @param type The type of permission to look up.
-     * @return The MySQL constant corresponding to the given permission type.
-     */
-    public static String getConnectionConstant(ObjectPermission.Type type) {
-
-        // Convert permission type to MySQL constant
-        switch (type) {
-            case READ:       return CONNECTION_READ;
-            case UPDATE:     return CONNECTION_UPDATE;
-            case ADMINISTER: return CONNECTION_ADMINISTER;
-            case DELETE:     return CONNECTION_DELETE;
-        }
-
-        // If we get here, permission support was not properly implemented
-        throw new UnsupportedOperationException(
-            "Unsupported permission type: " + type);
-
-    }
-
-    /**
-     * Given the type of a permission affecting a connection group, 
-     * returns the MySQL constant representing that permission type.
-     *
-     * @param type The type of permission to look up.
-     * @return The MySQL constant corresponding to the given permission type.
-     */
-    public static String getConnectionGroupConstant(ObjectPermission.Type type) {
-
-        // Convert permission type to MySQL constant
-        switch (type) {
-            case READ:       return CONNECTION_GROUP_READ;
-            case UPDATE:     return CONNECTION_GROUP_UPDATE;
-            case ADMINISTER: return CONNECTION_GROUP_ADMINISTER;
-            case DELETE:     return CONNECTION_GROUP_DELETE;
-        }
-
-        // If we get here, permission support was not properly implemented
-        throw new UnsupportedOperationException(
-            "Unsupported permission type: " + type);
-
-    }
-
-    /**
-     * Given the type of a connection group, returns the MySQL constant
-     * representing that type.
-     *
-     * @param type The connection group type to look up.
-     * @return The MySQL constant corresponding to the given type.
-     */
-    public static String getConnectionGroupTypeConstant(ConnectionGroup.Type type) {
-
-        // Convert permission type to MySQL constant
-        switch (type) {
-            case ORGANIZATIONAL: return CONNECTION_GROUP_ORGANIZATIONAL;
-            case BALANCING:      return CONNECTION_GROUP_BALANCING;
-        }
-
-        // If we get here, permission support was not properly implemented
-        throw new UnsupportedOperationException(
-            "Unsupported connection group type: " + type);
-
-    }
-
-    /**
-     * Given the type of a permission affecting the system, returns the MySQL
-     * constant representing that permission type.
-     *
-     * @param type The type of permission to look up.
-     * @return The MySQL constant corresponding to the given permission type.
-     */
-    public static String getSystemConstant(SystemPermission.Type type) {
-
-        // Convert permission type to MySQL constant
-        switch (type) {
-            case CREATE_USER:             return SYSTEM_USER_CREATE;
-            case CREATE_CONNECTION:       return SYSTEM_CONNECTION_CREATE;
-            case CREATE_CONNECTION_GROUP: return SYSTEM_CONNECTION_GROUP_CREATE;
-            case ADMINISTER:              return SYSTEM_ADMINISTER;
-        }
-
-        // If we get here, permission support was not properly implemented
-        throw new UnsupportedOperationException(
-            "Unsupported permission type: " + type);
-
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
index 167b71414..fcd1157d9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
@@ -40,6 +40,20 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  */
 public class MySQLRootConnectionGroup implements ConnectionGroup {
 
+    /**
+     * The identifier used to represent the root connection group. There is no
+     * corresponding entry in the database, thus a reserved identifier that
+     * cannot collide with database-generated identifiers is needed.
+     */
+    public static final String IDENTIFIER = "ROOT";
+
+    /**
+     * The human-readable name of this connection group. The name of the root
+     * group is not normally visible, and may even be replaced by the web
+     * interface for the sake of translation.
+     */
+    public static final String NAME = "ROOT";
+
     /**
      * The user this group belongs to. Access is based on his/her permission
      * settings.
@@ -71,7 +85,7 @@ public class MySQLRootConnectionGroup implements ConnectionGroup {
 
     @Override
     public String getName() {
-        return MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER;
+        return NAME;
     }
 
     @Override
@@ -113,7 +127,7 @@ public class MySQLRootConnectionGroup implements ConnectionGroup {
 
     @Override
     public String getIdentifier() {
-        return MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER;
+        return IDENTIFIER;
     }
 
     @Override

From 28832084dbd6fada5fe9644182b1cf0c6c7aed3f Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 20:49:38 -0800
Subject: [PATCH 30/60] GUAC-1101: Move connection logic into
 GuacamoleSocketService, with policy-specific implementations.

---
 .../mysql/MySQLAuthenticationProvider.java    |   5 +
 .../net/auth/mysql/MySQLConnection.java       |  10 +-
 .../AbstractGuacamoleSocketService.java       | 238 ++++++++++++++++++
 .../auth/mysql/service/ConnectionService.java |  46 +---
 .../mysql/service/GuacamoleSocketService.java |  81 ++++++
 .../UnrestrictedGuacamoleSocketService.java   |  52 ++++
 6 files changed, 392 insertions(+), 40 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index c2e75c7fa..f3ec72410 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -39,11 +39,13 @@ import org.glyptodon.guacamole.net.auth.UserContext;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
 import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
 import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SHA256PasswordEncryptionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SecureRandomSaltService;
 import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
+import net.sourceforge.guacamole.net.auth.mysql.service.UnrestrictedGuacamoleSocketService;
 import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
 import org.glyptodon.guacamole.environment.Environment;
@@ -164,6 +166,9 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     bind(SystemPermissionService.class);
                     bind(UserService.class);
 
+                    // Bind appropriate socket service based on policy
+                    bind(GuacamoleSocketService.class).to(UnrestrictedGuacamoleSocketService.class);
+                    
                 }
             } // end of mybatis module
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index ffb5d0c90..fed0d4660 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -28,6 +28,7 @@ import java.util.Collections;
 import java.util.List;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
 import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
@@ -59,6 +60,12 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
     @Inject
     private ConnectionService connectionService;
 
+    /**
+     * Service for creating and tracking sockets.
+     */
+    @Inject
+    private GuacamoleSocketService socketService;
+
     /**
      * Provider for lazy-loaded, permission-controlled configurations.
      */
@@ -185,8 +192,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
     @Override
     public int getActiveConnections() {
-        /* STUB */
-        return 0;
+        return socketService.getActiveConnections(this);
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
new file mode 100644
index 000000000..df347b339
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
@@ -0,0 +1,238 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.environment.Environment;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.InetGuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
+
+
+/**
+ * Base implementation of the GuacamoleSocketService, handling retrieval of
+ * connection parameters, load balancing, and connection usage counts. The
+ * implementation of concurrency rules is up to policy-specific subclasses.
+ *
+ * @author Michael Jumper
+ */
+public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketService {
+
+    /**
+     * The environment of the Guacamole server.
+     */
+    @Inject
+    private Environment environment;
+ 
+    /**
+     * Mapper for accessing connection parameters.
+     */
+    @Inject
+    private ParameterMapper parameterMapper;
+
+    /**
+     * The current number of concurrent uses of the connection having a given
+     * identifier.
+     */
+    private final ConcurrentHashMap<String, AtomicInteger> activeConnectionCount =
+            new ConcurrentHashMap<String, AtomicInteger>();
+
+    /**
+     * Atomically increments the current usage count for the given connection.
+     *
+     * @param connection
+     *     The connection which is being used.
+     */
+    private void incrementUsage(MySQLConnection connection) {
+
+        // Increment or initialize usage count atomically
+        AtomicInteger count = activeConnectionCount.putIfAbsent(connection.getIdentifier(), new AtomicInteger(1));
+        if (count != null)
+            count.incrementAndGet();
+
+    }
+
+    /**
+     * Atomically decrements the current usage count for the given connection.
+     * If a combination of incrementUsage() and decrementUsage() calls result
+     * in the usage counter being reduced to zero, it is guaranteed that one
+     * of those decrementUsage() calls will remove the value from the map.
+     *
+     * @param connection
+     *     The connection which is no longer being used.
+     */
+    private void decrementUsage(MySQLConnection connection) {
+
+        // Decrement usage count, remove entry if it becomes zero
+        AtomicInteger count = activeConnectionCount.get(connection.getIdentifier());
+        if (count != null) {
+            count.decrementAndGet();
+            activeConnectionCount.remove(connection.getIdentifier(), 0);
+        }
+
+    }
+
+    /**
+     * Acquires possibly-exclusive access to the given connection on behalf of
+     * the given user. If access is denied for any reason, an exception is
+     * thrown.
+     *
+     * @param user
+     *     The user acquiring access.
+     *
+     * @param connection
+     *     The connection being accessed.
+     *
+     * @throws GuacamoleException
+     *     If access is denied to the given user for any reason.
+     */
+    protected abstract void acquire(AuthenticatedUser user,
+            MySQLConnection connection) throws GuacamoleException;
+
+    /**
+     * Releases possibly-exclusive access to the given connection on behalf of
+     * the given user. If the given user did not already have access, the
+     * behavior of this function is undefined.
+     *
+     * @param user
+     *     The user releasing access.
+     *
+     * @param connection
+     *     The connection being released.
+     */
+    protected abstract void release(AuthenticatedUser user,
+            MySQLConnection connection);
+
+    /**
+     * Creates a socket for the given user which connects to the given
+     * connection. The given client information will be passed to guacd when
+     * the connection is established. This function will apply any concurrent
+     * usage rules in effect, but will NOT test object- or system-level
+     * permissions.
+     *
+     * @param user
+     *     The user for whom the connection is being established.
+     *
+     * @param connection
+     *     The connection the user is connecting to.
+     *
+     * @param info
+     *     Information describing the Guacamole client connecting to the given
+     *     connection.
+     *
+     * @return
+     *     A new GuacamoleSocket which is configured and connected to the given
+     *     connection.
+     *
+     * @throws GuacamoleException
+     *     If the connection cannot be established due to concurrent usage
+     *     rules.
+     */
+    @Override
+    public GuacamoleSocket getGuacamoleSocket(final AuthenticatedUser user,
+            final MySQLConnection connection, GuacamoleClientInformation info)
+            throws GuacamoleException {
+
+        // Generate configuration from available data
+        GuacamoleConfiguration config = new GuacamoleConfiguration();
+
+        // Set protocol from connection
+        ConnectionModel model = connection.getModel();
+        config.setProtocol(model.getProtocol());
+
+        // Set parameters from associated data
+        Collection<ParameterModel> parameters = parameterMapper.select(connection.getIdentifier());
+        for (ParameterModel parameter : parameters)
+            config.setParameter(parameter.getName(), parameter.getValue());
+
+        // Return new socket
+        try {
+
+            // Atomically gain access to connection
+            acquire(user, connection);
+            incrementUsage(connection);
+
+            // Return newly-reserved connection
+            return new ConfiguredGuacamoleSocket(
+                new InetGuacamoleSocket(
+                    environment.getRequiredProperty(Environment.GUACD_HOSTNAME),
+                    environment.getRequiredProperty(Environment.GUACD_PORT)
+                ),
+                config
+            ) {
+
+                @Override
+                public void close() throws GuacamoleException {
+
+                    // Attempt to close connection
+                    super.close();
+                    
+                    // Release connection upon close
+                    decrementUsage(connection);
+                    release(user, connection);
+
+                }
+                
+            };
+
+        }
+
+        // Release connection in case of error
+        catch (GuacamoleException e) {
+
+            // Atomically release access to connection
+            decrementUsage(connection);
+            release(user, connection);
+
+            throw e;
+
+        }
+
+    }
+
+    @Override
+    public int getActiveConnections(Connection connection) {
+
+        // If no such active connection, zero active users
+        AtomicInteger count = activeConnectionCount.get(connection.getIdentifier());
+        if (count == null)
+            return 0;
+
+        // Otherwise, return stored value
+        return count.intValue();
+        
+    }
+    
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index 4bab4d194..d038ff94c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -24,8 +24,6 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
-import java.util.Collection;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@@ -39,17 +37,13 @@ import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
-import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
-import org.glyptodon.guacamole.net.InetGuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
-import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
-import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
@@ -59,12 +53,6 @@ import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
  */
 public class ConnectionService extends DirectoryObjectService<MySQLConnection, Connection, ConnectionModel> {
 
-    /**
-     * The environment of the Guacamole server.
-     */
-    @Inject
-    private Environment environment;
-    
     /**
      * Mapper for accessing connections.
      */
@@ -83,6 +71,12 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     @Inject
     private Provider<MySQLConnection> mySQLConnectionProvider;
 
+    /**
+     * Service for creating and tracking sockets.
+     */
+    @Inject
+    private GuacamoleSocketService socketService;
+    
     @Override
     protected DirectoryObjectMapper<ConnectionModel> getObjectMapper() {
         return connectionMapper;
@@ -252,33 +246,9 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
             MySQLConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
-        String identifier = connection.getIdentifier();
-        
         // Connect only if READ permission is granted
-        if (hasObjectPermission(user, identifier, ObjectPermission.Type.READ)) {
-
-            // Generate configuration from available data
-            GuacamoleConfiguration config = new GuacamoleConfiguration();
-
-            // Set protocol from connection
-            ConnectionModel model = connection.getModel();
-            config.setProtocol(model.getProtocol());
-
-            // Set parameters from associated data
-            Collection<ParameterModel> parameters = parameterMapper.select(identifier);
-            for (ParameterModel parameter : parameters)
-                config.setParameter(parameter.getName(), parameter.getValue());
-
-            // Return new socket
-            return new ConfiguredGuacamoleSocket(
-                new InetGuacamoleSocket(
-                    environment.getRequiredProperty(Environment.GUACD_HOSTNAME),
-                    environment.getRequiredProperty(Environment.GUACD_PORT)
-                ),
-                config
-            );
-
-        }
+        if (hasObjectPermission(user, connection.getIdentifier(), ObjectPermission.Type.READ))
+            return socketService.getGuacamoleSocket(user, connection, info);
 
         // The user does not have permission to connect
         throw new GuacamoleSecurityException("Permission denied.");
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
new file mode 100644
index 000000000..b3b80bd5d
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+
+
+/**
+ * Service which creates pre-configured GuacamoleSocket instances for
+ * connections and balancing groups, applying concurrent usage rules.
+ *
+ * @author Michael Jumper
+ */
+public interface GuacamoleSocketService {
+
+    /**
+     * Creates a socket for the given user which connects to the given
+     * connection. The given client information will be passed to guacd when
+     * the connection is established. This function will apply any concurrent
+     * usage rules in effect, but will NOT test object- or system-level
+     * permissions.
+     *
+     * @param user
+     *     The user for whom the connection is being established.
+     *
+     * @param connection
+     *     The connection the user is connecting to.
+     *
+     * @param info
+     *     Information describing the Guacamole client connecting to the given
+     *     connection.
+     *
+     * @return
+     *     A new GuacamoleSocket which is configured and connected to the given
+     *     connection.
+     *
+     * @throws GuacamoleException
+     *     If the connection cannot be established due to concurrent usage
+     *     rules.
+     */
+    GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
+            MySQLConnection connection, GuacamoleClientInformation info)
+            throws GuacamoleException;
+
+    /**
+     * Returns the number of active connections using the given connection.
+     *
+     * @param connection
+     *     The connection to check.
+     *
+     * @return
+     *     The number of active connections using the given connection.
+     */
+    public int getActiveConnections(Connection connection);
+   
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java
new file mode 100644
index 000000000..c50d8f2d2
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import com.google.inject.Singleton;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import org.glyptodon.guacamole.GuacamoleException;
+
+
+/**
+ * GuacamoleSocketService implementation which imposes no restrictions
+ * whatsoever on the number of concurrent or duplicate connections.
+ *
+ * @author Michael Jumper
+ */
+@Singleton
+public class UnrestrictedGuacamoleSocketService
+    extends AbstractGuacamoleSocketService {
+
+    @Override
+    protected void acquire(AuthenticatedUser user, MySQLConnection connection)
+            throws GuacamoleException {
+        // Do nothing
+    }
+
+    @Override
+    protected void release(AuthenticatedUser user, MySQLConnection connection) {
+        // Do nothing
+    }
+
+}

From a0c2c666e7bb86f8195bbd48daf20b371fa2ed14 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Tue, 24 Feb 2015 21:44:22 -0800
Subject: [PATCH 31/60] GUAC-1101: Remove old socket implementation.

---
 .../net/auth/mysql/MySQLGuacamoleSocket.java  | 89 -------------------
 1 file changed, 89 deletions(-)
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java
deleted file mode 100644
index 86c72b2e8..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleSocket.java
+++ /dev/null
@@ -1,89 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package net.sourceforge.guacamole.net.auth.mysql;
-
-
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.io.GuacamoleReader;
-import org.glyptodon.guacamole.io.GuacamoleWriter;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
-
-/**
- * A MySQL specific wrapper around a ConfiguredGuacamoleSocket.
- * @author James Muehlner
- */
-public class MySQLGuacamoleSocket implements GuacamoleSocket {
-
-    /**
-     * The wrapped socket.
-     */
-    private GuacamoleSocket socket;
-
-    /**
-     * The ID of the history record associated with this instance of the
-     * connection.
-     */
-    private int historyID;
-
-    /**
-     * The ID of the balancing connection group that is being connected to; 
-     * null if not used.
-     */
-    private Integer connectionGroupID;
-
-    /**
-     * Initialize this MySQLGuacamoleSocket with the provided GuacamoleSocket.
-     *
-     * @param socket The ConfiguredGuacamoleSocket to wrap.
-     * @param historyID The ID of the history record associated with this
-     *                  instance of the connection.
-     * @param connectionGroupID The ID of the balancing connection group that is
-     *                          being connected to; null if not used.
-     */
-    public void init(GuacamoleSocket socket,
-            int historyID, Integer connectionGroupID) {
-        this.socket = socket;
-        this.historyID = historyID;
-        this.connectionGroupID = connectionGroupID;
-    }
-
-    @Override
-    public GuacamoleReader getReader() {
-        return socket.getReader();
-    }
-
-    @Override
-    public GuacamoleWriter getWriter() {
-        return socket.getWriter();
-    }
-
-    @Override
-    public void close() throws GuacamoleException {
-        socket.close();
-    }
-
-    @Override
-    public boolean isOpen() {
-        return socket.isOpen();
-    }
-}

From 1851a394ac392ae0cb6b1d397d928547c5d0c671 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Wed, 25 Feb 2015 11:51:41 -0800
Subject: [PATCH 32/60] GUAC-1101: Implement connection parameter update.

---
 .../net/auth/mysql/dao/ParameterMapper.java   | 25 +++++++++++
 .../auth/mysql/service/ConnectionService.java | 42 +++++++++++++++++++
 .../net/auth/mysql/dao/ParameterMapper.xml    | 24 +++++++++++
 3 files changed, 91 insertions(+)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
index 9e40608c3..0ec5655e8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
@@ -48,4 +48,29 @@ public interface ParameterMapper {
      */
     Collection<ParameterModel> select(@Param("identifier") String identifier);
 
+    /**
+     * Inserts each of the parameter model objects in the given collection as
+     * new connection parameters.
+     *
+     * @param parameters
+     *     The connection parameters to insert.
+     *
+     * @return
+     *     The number of rows inserted.
+     */
+    int insert(@Param("parameters") Collection<ParameterModel> parameters);
+
+    /**
+     * Deletes all parameters associated with the connection having the given
+     * identifier.
+     *
+     * @param identifier
+     *     The identifier of the connection whose parameters should be
+     *     deleted.
+     *
+     * @return
+     *     The number of rows deleted.
+     */
+    int delete(@Param("identifier") String identifier);
+    
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index d038ff94c..38dd55559 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -24,6 +24,8 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@@ -151,6 +153,46 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
         
     }
 
+    @Override
+    public void updateObject(AuthenticatedUser user, MySQLConnection object)
+            throws GuacamoleException {
+
+        // Update connection
+        super.updateObject(user, object);
+
+        // Get identifier and connection parameters
+        String identifier = object.getIdentifier();
+        Map<String, String> parameters = object.getConfiguration().getParameters();
+        
+        // Convert parameters to model objects
+        Collection<ParameterModel> parameterModels = new ArrayList(parameters.size());
+        for (Map.Entry<String, String> parameterEntry : parameters.entrySet()) {
+
+            // Get parameter name and value
+            String name = parameterEntry.getKey();
+            String value = parameterEntry.getValue();
+
+            // There is no need to insert empty parameters
+            if (value.isEmpty())
+                continue;
+            
+            // Produce model object from parameter
+            ParameterModel model = new ParameterModel();
+            model.setConnectionIdentifier(identifier);
+            model.setName(name);
+            model.setValue(value);
+
+            // Add model to list
+            parameterModels.add(model);
+            
+        }
+
+        // Replace existing parameters with new parameters
+        parameterMapper.delete(identifier);
+        parameterMapper.insert(parameterModels);
+        
+    }
+
     /**
      * Returns the set of all identifiers for all connections within the root
      * connection group that the user has read access to.
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
index 05d48b54a..763167382 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
@@ -44,4 +44,28 @@
             connection_id = #{identifier,jdbcType=VARCHAR}
     </select>
 
+    <!-- Delete all parameters of a given connection -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection_parameter
+        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert all given parameters -->
+    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel">
+
+        INSERT INTO guacamole_connection_parameter (
+            connection_id,
+            parameter_name,
+            parameter_value
+        )
+        VALUES 
+            <foreach collection="parameters" item="parameter" separator=",">
+                (#{parameter.connectionIdentifier,jdbcType=VARCHAR},
+                 #{parameter.name,jdbcType=VARCHAR},
+                 #{parameter.value,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+
 </mapper>
\ No newline at end of file

From 57e3fb865e15ef2c33a50ede65ba0edc281530f9 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Wed, 25 Feb 2015 14:13:49 -0800
Subject: [PATCH 33/60] GUAC-1101: Implement connection record retrieval.

---
 .../mysql/MySQLAuthenticationProvider.java    |   2 +
 .../net/auth/mysql/MySQLConnection.java       |   4 +-
 .../net/auth/mysql/MySQLConnectionRecord.java |  52 ++----
 .../mysql/dao/ConnectionRecordMapper.java     |  61 +++++++
 .../mysql/model/ConnectionRecordModel.java    | 170 ++++++++++++++++++
 .../auth/mysql/service/ConnectionService.java |  47 +++++
 .../auth/mysql/dao/ConnectionRecordMapper.xml |  75 ++++++++
 7 files changed, 372 insertions(+), 39 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index f3ec72410..34c7f6d43 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -30,6 +30,7 @@ import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
@@ -144,6 +145,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
                     // Add MyBatis mappers
                     addMapperClass(ConnectionMapper.class);
+                    addMapperClass(ConnectionRecordMapper.class);
                     addMapperClass(ParameterMapper.class);
                     addMapperClass(SystemPermissionMapper.class);
                     addMapperClass(UserMapper.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index fed0d4660..1e938c08b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -24,7 +24,6 @@ package net.sourceforge.guacamole.net.auth.mysql;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
-import java.util.Collections;
 import java.util.List;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
 import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
@@ -181,8 +180,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
     @Override
     public List<? extends ConnectionRecord> getHistory() throws GuacamoleException {
-        /* STUB */
-        return Collections.EMPTY_LIST;
+        return connectionService.retrieveHistory(currentUser, this.getIdentifier());
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java
index e723f89b6..27fcb5a42 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java
@@ -24,72 +24,52 @@ package net.sourceforge.guacamole.net.auth.mysql;
 
 
 import java.util.Date;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 /**
  * A ConnectionRecord which is based on data stored in MySQL.
  *
  * @author James Muehlner
+ * @author Michael Jumper
  */
 public class MySQLConnectionRecord implements ConnectionRecord {
 
     /**
-     * The start date of the ConnectionRecord.
+     * The model object backing this connection record.
      */
-    private Date startDate;
+    private ConnectionRecordModel model;
 
     /**
-     * The end date of the ConnectionRecord.
+     * Creates a new MySQLConnectionRecord backed by the given model object.
+     * Changes to this record will affect the backing model object, and changes
+     * to the backing model object will affect this record.
+     * 
+     * @param model
+     *     The model object to use to back this connection record.
      */
-    private Date endDate;
-
-    /**
-     * The name of the user that is associated with this ConnectionRecord.
-     */
-    private String username;
-
-    /**
-     * Whether this connection is currently active.
-     */
-    private boolean active;
-    
-    /**
-     * Initialize this MySQLConnectionRecord with the start/end dates,
-     * and the name of the user it represents.
-     *
-     * @param startDate The start date of the connection history.
-     * @param endDate The end date of the connection history.
-     * @param username The name of the user that used the connection.
-     * @param active Whether the connection is currently active.
-     */
-    public MySQLConnectionRecord(Date startDate, Date endDate,
-            String username, boolean active) {
-        if (startDate != null) this.startDate = new Date(startDate.getTime());
-        if (endDate != null) this.endDate = new Date(endDate.getTime());
-        this.username = username;
-        this.active = active;
+    public MySQLConnectionRecord(ConnectionRecordModel model) {
+        this.model = model;
     }
 
     @Override
     public Date getStartDate() {
-        if (startDate == null) return null;
-        return new Date(startDate.getTime());
+        return model.getStartDate();
     }
 
     @Override
     public Date getEndDate() {
-        if (endDate == null) return null;
-        return new Date(endDate.getTime());
+        return model.getEndDate();
     }
 
     @Override
     public String getUsername() {
-        return username;
+        return model.getUsername();
     }
 
     @Override
     public boolean isActive() {
-        return active;
+        return false;
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java
new file mode 100644
index 000000000..a584d3fbf
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.List;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for connection record objects.
+ *
+ * @author Michael Jumper
+ */
+public interface ConnectionRecordMapper {
+
+    /**
+     * Returns a collection of all connection records associated with the
+     * connection having the given identifier.
+     *
+     * @param identifier
+     *     The identifier of the connection whose records are to be retrieved.
+     *
+     * @return
+     *     A collection of all connection records associated with the
+     *     connection having the given identifier. This collection will be
+     *     empty if no such connection exists.
+     */
+    List<ConnectionRecordModel> select(@Param("identifier") String identifier);
+
+    /**
+     * Inserts the given connection record.
+     *
+     * @param record
+     *     The connection record to insert.
+     *
+     * @return
+     *     The number of rows inserted.
+     */
+    int insert(@Param("record") ConnectionRecordModel record);
+    
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java
new file mode 100644
index 000000000..200918da7
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+import java.util.Date;
+
+/**
+ * A single connection record representing a past usage of a particular
+ * connection.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionRecordModel {
+
+    /**
+     * The identifier of the connection associated with this connection record.
+     */
+    private String connectionIdentifier;
+
+    /**
+     * The database ID of the user associated with this connection record.
+     */
+    private Integer userID;
+
+    /**
+     * The username of the user associated with this connection record.
+     */
+    private String username;
+
+    /**
+     * The time the connection was initiated by the associated user.
+     */
+    private Date startDate;
+
+    /**
+     * The time the connection ended, or null if the end time is not known or
+     * the connection is still running.
+     */
+    private Date endDate;
+
+    /**
+     * Returns the identifier of the connection associated with this connection
+     * record.
+     *
+     * @return
+     *     The identifier of the connection associated with this connection
+     *     record.
+     */
+    public String getConnectionIdentifier() {
+        return connectionIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the connection associated with this connection
+     * record.
+     *
+     * @param connectionIdentifier
+     *     The identifier of the connection to associate with this connection
+     *     record.
+     */
+    public void setConnectionIdentifier(String connectionIdentifier) {
+        this.connectionIdentifier = connectionIdentifier;
+    }
+
+    /**
+     * Returns the database ID of the user associated with this connection
+     * record.
+     * 
+     * @return
+     *     The database ID of the user associated with this connection record.
+     */
+    public Integer getUserID() {
+        return userID;
+    }
+
+    /**
+     * Sets the database ID of the user associated with this connection record.
+     *
+     * @param userID
+     *     The database ID of the user to associate with this connection
+     *     record.
+     */
+    public void setUserID(Integer userID) {
+        this.userID = userID;
+    }
+
+    /**
+     * Returns the username of the user associated with this connection record.
+     * 
+     * @return
+     *     The username of the user associated with this connection record.
+     */
+    public String getUsername() {
+        return username;
+    }
+
+    /**
+     * Sets the username of the user associated with this connection record.
+     *
+     * @param username
+     *     The username of the user to associate with this connection record.
+     */
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    /**
+     * Returns the date that the associated connection was established.
+     *
+     * @return
+     *     The date the associated connection was established.
+     */
+    public Date getStartDate() {
+        return startDate;
+    }
+
+    /**
+     * Sets the date that the associated connection was established.
+     *
+     * @param startDate
+     *     The date that the associated connection was established.
+     */
+    public void setStartDate(Date startDate) {
+        this.startDate = startDate;
+    }
+
+    /**
+     * Returns the date that the associated connection ended, or null if no
+     * end date was recorded. The lack of an end date does not necessarily
+     * mean that the connection is still active.
+     *
+     * @return
+     *     The date the associated connection ended, or null if no end date was
+     *     recorded.
+     */
+    public Date getEndDate() {
+        return endDate;
+    }
+
+    /**
+     * Sets the date that the associated connection ended.
+     *
+     * @param endDate
+     *     The date that the associated connection ended.
+     */
+    public void setEndDate(Date endDate) {
+        this.endDate = endDate;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index 38dd55559..a18fc468e 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -27,14 +27,18 @@ import com.google.inject.Provider;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionRecord;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
 import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
@@ -67,6 +71,12 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     @Inject
     private ParameterMapper parameterMapper;
 
+    /**
+     * Mapper for accessing connection history.
+     */
+    @Inject
+    private ConnectionRecordMapper connectionRecordMapper;
+
     /**
      * Provider for creating connections.
      */
@@ -262,6 +272,43 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
         return parameterMap;
 
     }
+
+    /**
+     * Retrieves the connection history of the connection with the given
+     * identifier.
+     *
+     * @param user
+     *     The user retrieving the connection history.
+     *
+     * @param identifier
+     *     The identifier of the connection whose history is being retrieved.
+     *
+     * @return
+     * @throws GuacamoleException 
+     */
+    public List<MySQLConnectionRecord> retrieveHistory(AuthenticatedUser user,
+            String identifier) throws GuacamoleException {
+
+        // Retrieve history only if READ permission is granted
+        if (hasObjectPermission(user, identifier, ObjectPermission.Type.READ)) {
+
+            // Retrieve history
+            List<ConnectionRecordModel> models = connectionRecordMapper.select(identifier);
+
+            // Convert model objects into standard records
+            List<MySQLConnectionRecord> records = new ArrayList<MySQLConnectionRecord>(models.size());
+            for (ConnectionRecordModel model : models)
+                records.add(new MySQLConnectionRecord(model));
+
+            // Return converted history list
+            return records;
+            
+        }
+        
+        // The user does not have permission to read the history
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
     
     /**
      * Connects to the given connection as the given user, using the given
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
new file mode 100644
index 000000000..24ba70408
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper" >
+
+    <!-- Result mapper for system permissions -->
+    <resultMap id="ConnectionRecordResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel">
+        <result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
+        <result column="user_id"       property="userID"               jdbcType="INTEGER"/>
+        <result column="username"      property="username"             jdbcType="VARCHAR"/>
+        <result column="start_date"    property="startDate"            jdbcType="TIMESTAMP"/>
+        <result column="end_date"      property="endDate"              jdbcType="TIMESTAMP"/>
+    </resultMap>
+
+    <!-- Select all connection records from a given connection -->
+    <select id="select" resultMap="ConnectionRecordResultMap">
+
+        SELECT
+            connection_id,
+            guacamole_connection_history.user_id,
+            username,
+            start_date,
+            end_date
+        FROM guacamole_connection_history
+        JOIN guacamole_user ON guacamole_connection_history.user_id = guacamole_user.user_id
+        WHERE
+            connection_id = #{identifier,jdbcType=VARCHAR}
+        ORDER BY
+            start_date,
+            end_date
+
+    </select>
+
+    <!-- Insert the given connection record -->
+    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel">
+
+        INSERT INTO guacamole_connection_history (
+            connection_id,
+            user_id,
+            start_date,
+            end_date
+        )
+        VALUES (
+            #{record.connectionIdentifier,jdbcType=VARCHAR},
+            #{record.userID,jdbcType=INTEGER},
+            #{record.startDate,jdbcType=TIMESTAMP},
+            #{record.endDate,jdbcType=TIMESTAMP}
+        )
+
+    </insert>
+
+</mapper>
\ No newline at end of file

From fdab3c51b23a2667d1b470b15058ee124088cceb Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Wed, 25 Feb 2015 15:02:00 -0800
Subject: [PATCH 34/60] GUAC-1101: Sort connection records in descending order.

---
 .../guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
index 24ba70408..4bfe352ee 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
@@ -49,8 +49,8 @@
         WHERE
             connection_id = #{identifier,jdbcType=VARCHAR}
         ORDER BY
-            start_date,
-            end_date
+            start_date DESC,
+            end_date DESC
 
     </select>
 

From 89f0f4783e0fd5cb2abf833aa045abe9e930cde1 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Wed, 25 Feb 2015 16:03:59 -0800
Subject: [PATCH 35/60] GUAC-1101: Include active connections in history.
 Insert history records into database when connections close.

---
 .../net/auth/mysql/MySQLConnection.java       |   4 +-
 .../AbstractGuacamoleSocketService.java       | 129 +++++++++++-------
 .../mysql/service/ActiveConnectionRecord.java |  89 ++++++++++++
 .../auth/mysql/service/ConnectionService.java |  27 ++--
 .../mysql/service/GuacamoleSocketService.java |  13 +-
 5 files changed, 195 insertions(+), 67 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index 1e938c08b..87f02959f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -180,7 +180,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
     @Override
     public List<? extends ConnectionRecord> getHistory() throws GuacamoleException {
-        return connectionService.retrieveHistory(currentUser, this.getIdentifier());
+        return connectionService.retrieveHistory(currentUser, this);
     }
 
     @Override
@@ -190,7 +190,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
     @Override
     public int getActiveConnections() {
-        return socketService.getActiveConnections(this);
+        return socketService.getActiveConnections(this).size();
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
index df347b339..545cb598c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
@@ -24,18 +24,26 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 
 import com.google.inject.Inject;
 import java.util.Collection;
-import java.util.concurrent.ConcurrentHashMap;
-import java.util.concurrent.atomic.AtomicInteger;
+import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
 import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.InetGuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
@@ -62,12 +70,18 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
     @Inject
     private ParameterMapper parameterMapper;
 
+    /**
+     * Mapper for accessing connection history.
+     */
+    @Inject
+    private ConnectionRecordMapper connectionRecordMapper;
+
     /**
      * The current number of concurrent uses of the connection having a given
      * identifier.
      */
-    private final ConcurrentHashMap<String, AtomicInteger> activeConnectionCount =
-            new ConcurrentHashMap<String, AtomicInteger>();
+    private final Map<String, LinkedList<ConnectionRecord>> activeConnections =
+            new HashMap<String, LinkedList<ConnectionRecord>>();
 
     /**
      * Atomically increments the current usage count for the given connection.
@@ -75,13 +89,22 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
      * @param connection
      *     The connection which is being used.
      */
-    private void incrementUsage(MySQLConnection connection) {
+    private void addActiveConnection(Connection connection, ConnectionRecord record) {
+        synchronized (activeConnections) {
 
-        // Increment or initialize usage count atomically
-        AtomicInteger count = activeConnectionCount.putIfAbsent(connection.getIdentifier(), new AtomicInteger(1));
-        if (count != null)
-            count.incrementAndGet();
+            String identifier = connection.getIdentifier();
 
+            // Get set of active connection records, creating if necessary
+            LinkedList<ConnectionRecord> connections = activeConnections.get(identifier);
+            if (connections == null) {
+                connections = new LinkedList<ConnectionRecord>();
+                activeConnections.put(identifier, connections);
+            }
+
+            // Add active connection
+            connections.addFirst(record);
+
+        }
     }
 
     /**
@@ -93,15 +116,23 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
      * @param connection
      *     The connection which is no longer being used.
      */
-    private void decrementUsage(MySQLConnection connection) {
+    private void removeActiveConnection(Connection connection, ConnectionRecord record) {
+        synchronized (activeConnections) {
+
+            String identifier = connection.getIdentifier();
+
+            // Get set of active connection records
+            LinkedList<ConnectionRecord> connections = activeConnections.get(identifier);
+            assert(connections != null);
+
+            // Remove old record
+            connections.remove(record);
+
+            // If now empty, clean the tracking entry
+            if (connections.isEmpty())
+                activeConnections.remove(identifier);
 
-        // Decrement usage count, remove entry if it becomes zero
-        AtomicInteger count = activeConnectionCount.get(connection.getIdentifier());
-        if (count != null) {
-            count.decrementAndGet();
-            activeConnectionCount.remove(connection.getIdentifier(), 0);
         }
-
     }
 
     /**
@@ -135,36 +166,14 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
     protected abstract void release(AuthenticatedUser user,
             MySQLConnection connection);
 
-    /**
-     * Creates a socket for the given user which connects to the given
-     * connection. The given client information will be passed to guacd when
-     * the connection is established. This function will apply any concurrent
-     * usage rules in effect, but will NOT test object- or system-level
-     * permissions.
-     *
-     * @param user
-     *     The user for whom the connection is being established.
-     *
-     * @param connection
-     *     The connection the user is connecting to.
-     *
-     * @param info
-     *     Information describing the Guacamole client connecting to the given
-     *     connection.
-     *
-     * @return
-     *     A new GuacamoleSocket which is configured and connected to the given
-     *     connection.
-     *
-     * @throws GuacamoleException
-     *     If the connection cannot be established due to concurrent usage
-     *     rules.
-     */
     @Override
     public GuacamoleSocket getGuacamoleSocket(final AuthenticatedUser user,
             final MySQLConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
+        // Create record for active connection
+        final ActiveConnectionRecord activeConnection = new ActiveConnectionRecord(user);
+        
         // Generate configuration from available data
         GuacamoleConfiguration config = new GuacamoleConfiguration();
 
@@ -182,7 +191,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
 
             // Atomically gain access to connection
             acquire(user, connection);
-            incrementUsage(connection);
+            addActiveConnection(connection, activeConnection);
 
             // Return newly-reserved connection
             return new ConfiguredGuacamoleSocket(
@@ -200,9 +209,22 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
                     super.close();
                     
                     // Release connection upon close
-                    decrementUsage(connection);
+                    removeActiveConnection(connection, activeConnection);
                     release(user, connection);
 
+                    UserModel userModel = user.getUser().getModel();
+                    ConnectionRecordModel recordModel = new ConnectionRecordModel();
+
+                    // Copy user information and timestamps into new record
+                    recordModel.setUserID(userModel.getUserID());
+                    recordModel.setUsername(userModel.getUsername());
+                    recordModel.setConnectionIdentifier(connection.getIdentifier());
+                    recordModel.setStartDate(activeConnection.getStartDate());
+                    recordModel.setEndDate(new Date());
+
+                    // Insert connection record
+                    connectionRecordMapper.insert(recordModel);
+                    
                 }
                 
             };
@@ -213,7 +235,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
         catch (GuacamoleException e) {
 
             // Atomically release access to connection
-            decrementUsage(connection);
+            removeActiveConnection(connection, activeConnection);
             release(user, connection);
 
             throw e;
@@ -223,16 +245,19 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
     }
 
     @Override
-    public int getActiveConnections(Connection connection) {
+    public List<ConnectionRecord> getActiveConnections(Connection connection) {
+        synchronized (activeConnections) {
 
-        // If no such active connection, zero active users
-        AtomicInteger count = activeConnectionCount.get(connection.getIdentifier());
-        if (count == null)
-            return 0;
+            String identifier = connection.getIdentifier();
 
-        // Otherwise, return stored value
-        return count.intValue();
-        
+            // Get set of active connection records
+            LinkedList<ConnectionRecord> connections = activeConnections.get(identifier);
+            if (connections != null)
+                return Collections.unmodifiableList(connections);
+
+            return Collections.EMPTY_LIST;
+
+        }
     }
     
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java
new file mode 100644
index 000000000..70a9ce7c4
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import java.util.Date;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import org.glyptodon.guacamole.net.auth.ConnectionRecord;
+
+
+/**
+ * A connection record implementation that describes an active connection. As
+ * the associated connection has not yet ended, getEndDate() will always return
+ * null, and isActive() will always return true. The associated start date will
+ * be the time of this objects creation.
+ *
+ * @author Michael Jumper
+ */
+public class ActiveConnectionRecord implements ConnectionRecord {
+
+    /**
+     * The user that connected to the connection associated with this connection
+     * record.
+     */
+    private final AuthenticatedUser user;
+
+    /**
+     * The time this connection record was created.
+     */
+    private final Date startDate = new Date();
+
+    /**
+     * Creates a new connection record associated with the given user. The
+     * start date of this connection record will be the time of its creation.
+     *
+     * @param user
+     *     The user that connected to the connection associated with this
+     *     connection record.
+     */
+    public ActiveConnectionRecord(AuthenticatedUser user) {
+        this.user = user;
+    }
+
+    @Override
+    public Date getStartDate() {
+        return startDate;
+    }
+
+    @Override
+    public Date getEndDate() {
+
+        // Active connections have not yet ended
+        return null;
+        
+    }
+
+    @Override
+    public String getUsername() {
+        return user.getUser().getIdentifier();
+    }
+
+    @Override
+    public boolean isActive() {
+
+        // Active connections are active by definition
+        return true;
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index a18fc468e..a161b20d6 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -45,6 +45,7 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -274,29 +275,37 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     }
 
     /**
-     * Retrieves the connection history of the connection with the given
-     * identifier.
+     * Retrieves the connection history of the given connection, including any
+     * active connections.
      *
      * @param user
      *     The user retrieving the connection history.
      *
-     * @param identifier
-     *     The identifier of the connection whose history is being retrieved.
+     * @param connection
+     *     The connection whose history is being retrieved.
      *
      * @return
-     * @throws GuacamoleException 
+     *     The connection history of the given connection, including any
+     *     active connections.
+     *
+     * @throws GuacamoleException
+     *     If permission to read the connection history is denied.
      */
-    public List<MySQLConnectionRecord> retrieveHistory(AuthenticatedUser user,
-            String identifier) throws GuacamoleException {
+    public List<ConnectionRecord> retrieveHistory(AuthenticatedUser user,
+            MySQLConnection connection) throws GuacamoleException {
 
+        String identifier = connection.getIdentifier();
+        
         // Retrieve history only if READ permission is granted
         if (hasObjectPermission(user, identifier, ObjectPermission.Type.READ)) {
 
             // Retrieve history
             List<ConnectionRecordModel> models = connectionRecordMapper.select(identifier);
 
-            // Convert model objects into standard records
-            List<MySQLConnectionRecord> records = new ArrayList<MySQLConnectionRecord>(models.size());
+            // Get currently-active connections
+            List<ConnectionRecord> records = new ArrayList<ConnectionRecord>(socketService.getActiveConnections(connection));
+
+            // Add past connections from model objects
             for (ConnectionRecordModel model : models)
                 records.add(new MySQLConnectionRecord(model));
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
index b3b80bd5d..b534cfc14 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
@@ -22,11 +22,13 @@
 
 package net.sourceforge.guacamole.net.auth.mysql.service;
 
+import java.util.List;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
 
@@ -68,14 +70,17 @@ public interface GuacamoleSocketService {
             throws GuacamoleException;
 
     /**
-     * Returns the number of active connections using the given connection.
+     * Returns a list containing connection records representing all currently-
+     * active connections using the given connection. These records will have
+     * usernames and start dates, but no end date.
      *
      * @param connection
      *     The connection to check.
      *
      * @return
-     *     The number of active connections using the given connection.
+     *     A list containing connection records representing all currently-
+     *     active connections.
      */
-    public int getActiveConnections(Connection connection);
-   
+    public List<ConnectionRecord> getActiveConnections(Connection connection);
+
 }

From 1ac9f922067242d2c102c5827034980a5775d45f Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Wed, 25 Feb 2015 16:50:52 -0800
Subject: [PATCH 36/60] GUAC-1101: Filter configurations through TokenFilter
 upon connecting.

---
 .../mysql/service/AbstractGuacamoleSocketService.java    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
index 545cb598c..a1c163375 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
@@ -47,6 +47,8 @@ import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
+import org.glyptodon.guacamole.token.StandardTokens;
+import org.glyptodon.guacamole.token.TokenFilter;
 
 
 /**
@@ -186,6 +188,13 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
         for (ParameterModel parameter : parameters)
             config.setParameter(parameter.getName(), parameter.getValue());
 
+        // Build token filter containing credential tokens
+        TokenFilter tokenFilter = new TokenFilter();
+        StandardTokens.addStandardTokens(tokenFilter, user.getCredentials());
+
+        // Filter the configuration
+        tokenFilter.filterValues(config.getParameters());
+
         // Return new socket
         try {
 

From 9dffabfd23c775728afcd3a2f14dcf3f64bf798e Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 26 Feb 2015 22:29:34 -0800
Subject: [PATCH 37/60] GUAC-1101: Extract common base classes from user and
 connection. Add ID to connection.

---
 .../net/auth/mysql/DirectoryObject.java       |  68 +++--------
 .../net/auth/mysql/MySQLConnection.java       |  68 ++---------
 .../guacamole/net/auth/mysql/MySQLUser.java   |  53 +--------
 .../net/auth/mysql/RestrictedObject.java      | 109 ++++++++++++++++++
 .../net/auth/mysql/model/ConnectionModel.java |  36 +++---
 .../net/auth/mysql/model/ObjectModel.java     |  90 +++++++++++++++
 .../net/auth/mysql/model/UserModel.java       |  53 +--------
 .../AbstractGuacamoleSocketService.java       |   4 +-
 .../auth/mysql/service/ConnectionService.java |   5 +-
 .../mysql/service/DirectoryObjectService.java |   3 +-
 .../service/SystemPermissionService.java      |   4 +-
 .../net/auth/mysql/service/UserService.java   |   2 +-
 .../net/auth/mysql/dao/ConnectionMapper.xml   |  12 +-
 .../auth/mysql/dao/SystemPermissionMapper.xml |   4 +-
 .../net/auth/mysql/dao/UserMapper.xml         |  14 +--
 15 files changed, 265 insertions(+), 260 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
index 836d29f44..168f1761f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
@@ -22,69 +22,29 @@
 
 package net.sourceforge.guacamole.net.auth.mysql;
 
+import net.sourceforge.guacamole.net.auth.mysql.model.ObjectModel;
 import org.glyptodon.guacamole.net.auth.Identifiable;
 
 /**
- * Common interface for objects that will ultimately be made available through
+ * Common base class for objects that will ultimately be made available through
  * the Directory class. All such objects will need the same base set of queries
  * to fulfill the needs of the Directory class.
  *
  * @author Michael Jumper
  * @param <ModelType>
- *     The type of object contained within the directory whose objects are
- *     mapped by this mapper.
+ *     The type of model object that corresponds to this object.
  */
-public interface DirectoryObject<ModelType> extends Identifiable {
+public abstract class DirectoryObject<ModelType extends ObjectModel>
+    extends RestrictedObject<ModelType> implements Identifiable {
 
-    /**
-     * Initializes this object, associating it with the current authenticated
-     * user and populating it with data from the given model object
-     *
-     * @param currentUser
-     *     The user that created or retrieved this object.
-     *
-     * @param model 
-     *     The backing model object.
-     */
-    public void init(AuthenticatedUser currentUser, ModelType model);
+    @Override
+    public String getIdentifier() {
+        return getModel().getIdentifier();
+    }
 
-    /**
-     * Returns the user that created or queried this object. This user's
-     * permissions dictate what operations can be performed on or through this
-     * object.
-     *
-     * @return
-     *     The user that created or queried this object.
-     */
-    public AuthenticatedUser getCurrentUser();
+    @Override
+    public void setIdentifier(String identifier) {
+        getModel().setIdentifier(identifier);
+    }
 
-    /**
-     * Sets the user that created or queried this object. This user's
-     * permissions dictate what operations can be performed on or through this
-     * object.
-     *
-     * @param currentUser 
-     *     The user that created or queried this object.
-     */
-    public void setCurrentUser(AuthenticatedUser currentUser);
-
-    /**
-     * Returns the backing model object. Changes to the model object will
-     * affect this object, and changes to this object will affect the model
-     * object.
-     *
-     * @return
-     *     The user model object backing this MySQLUser.
-     */
-    public ModelType getModel();
-
-    /**
-     * Sets the backing model object. This will effectively replace all data
-     * contained within this object.
-     *
-     * @param model
-     *     The backing model object.
-     */
-    public void setModel(ModelType model);
-
-}
\ No newline at end of file
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
index 87f02959f..6c36a52e5 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
@@ -39,19 +39,8 @@ import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
  * A MySQL based implementation of the Connection object.
  * @author James Muehlner
  */
-public class MySQLConnection implements Connection, DirectoryObject<ConnectionModel> {
-
-    /**
-     * The user this connection belongs to. Access is based on his/her permission
-     * settings.
-     */
-    private AuthenticatedUser currentUser;
-
-    /**
-     * The internal model object containing the values which represent this
-     * connection in the database.
-     */
-    private ConnectionModel connectionModel;
+public class MySQLConnection extends DirectoryObject<ConnectionModel>
+    implements Connection {
 
     /**
      * Service for managing connections.
@@ -82,58 +71,21 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
     public MySQLConnection() {
     }
 
-    @Override
-    public void init(AuthenticatedUser currentUser, ConnectionModel connectionModel) {
-        this.currentUser = currentUser;
-        setModel(connectionModel);
-    }
-
-    @Override
-    public AuthenticatedUser getCurrentUser() {
-        return currentUser;
-    }
-
-    @Override
-    public void setCurrentUser(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-
-    @Override
-    public ConnectionModel getModel() {
-        return connectionModel;
-    }
-
-    @Override
-    public void setModel(ConnectionModel connectionModel) {
-        this.connectionModel = connectionModel;
-        this.config = null;
-    }
-
-    @Override
-    public String getIdentifier() {
-        return connectionModel.getIdentifier();
-    }
-
-    @Override
-    public void setIdentifier(String identifier) {
-        connectionModel.setIdentifier(identifier);
-    }
-
     @Override
     public String getName() {
-        return connectionModel.getName();
+        return getModel().getName();
     }
 
     @Override
     public void setName(String name) {
-        connectionModel.setName(name);
+        getModel().setName(name);
     }
 
     @Override
     public String getParentIdentifier() {
 
         // Translate null parent to proper identifier
-        String parentIdentifier = connectionModel.getParentIdentifier();
+        String parentIdentifier = getModel().getParentIdentifier();
         if (parentIdentifier == null)
             return MySQLRootConnectionGroup.IDENTIFIER;
 
@@ -149,7 +101,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
                 && parentIdentifier.equals(MySQLRootConnectionGroup.IDENTIFIER))
             parentIdentifier = null;
 
-        connectionModel.setParentID(parentIdentifier);
+        getModel().setParentIdentifier(parentIdentifier);
 
     }
 
@@ -162,7 +114,7 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
 
         // Otherwise, return permission-controlled configuration
         MySQLGuacamoleConfiguration restrictedConfig = configProvider.get();
-        restrictedConfig.init(currentUser, connectionModel);
+        restrictedConfig.init(getCurrentUser(), getModel());
         return restrictedConfig;
 
     }
@@ -174,18 +126,18 @@ public class MySQLConnection implements Connection, DirectoryObject<ConnectionMo
         this.config = config;
 
         // Update model
-        connectionModel.setProtocol(config.getProtocol());
+        getModel().setProtocol(config.getProtocol());
         
     }
 
     @Override
     public List<? extends ConnectionRecord> getHistory() throws GuacamoleException {
-        return connectionService.retrieveHistory(currentUser, this);
+        return connectionService.retrieveHistory(getCurrentUser(), this);
     }
 
     @Override
     public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
-        return connectionService.connect(currentUser, this, info);
+        return connectionService.connect(getCurrentUser(), this, info);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
index aaa3b817f..ed67c8284 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
@@ -38,13 +38,7 @@ import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
  * A MySQL based implementation of the User object.
  * @author James Muehlner
  */
-public class MySQLUser implements User, DirectoryObject<UserModel> {
-
-    /**
-     * The user this user belongs to. Access is based on his/her permission
-     * settings.
-     */
-    private AuthenticatedUser currentUser;
+public class MySQLUser extends DirectoryObject<UserModel> implements User {
 
     /**
      * Service for hashing passwords.
@@ -64,12 +58,6 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     @Inject
     private SystemPermissionService systemPermissionService;
     
-    /**
-     * The internal model object containing the values which represent this
-     * user in the database.
-     */
-    private UserModel userModel;
-
     /**
      * The plaintext password previously set by a call to setPassword(), if
      * any. The password of a user cannot be retrieved once saved into the
@@ -85,43 +73,6 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     public MySQLUser() {
     }
 
-    @Override
-    public void init(AuthenticatedUser currentUser, UserModel userModel) {
-        this.currentUser = currentUser;
-        setModel(userModel);
-    }
-
-    @Override
-    public AuthenticatedUser getCurrentUser() {
-        return currentUser;
-    }
-
-    @Override
-    public void setCurrentUser(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-
-    @Override
-    public UserModel getModel() {
-        return userModel;
-    }
-
-    @Override
-    public void setModel(UserModel userModel) {
-        this.userModel = userModel;
-        this.password = null;
-    }
-
-    @Override
-    public String getIdentifier() {
-        return userModel.getUsername();
-    }
-
-    @Override
-    public void setIdentifier(String username) {
-        userModel.setUsername(username);
-    }
-
     @Override
     public String getPassword() {
         return password;
@@ -130,6 +81,8 @@ public class MySQLUser implements User, DirectoryObject<UserModel> {
     @Override
     public void setPassword(String password) {
 
+        UserModel userModel = getModel();
+        
         // Store plaintext password internally
         this.password = password;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java
new file mode 100644
index 000000000..16481d488
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+/**
+ * Common base class for objects that are associated with the users that
+ * query them, and have an underlying model.
+ *
+ * @author Michael Jumper
+ * @param <ModelType>
+ *     The type of model object which corresponds to this object.
+ */
+public abstract class RestrictedObject<ModelType> {
+
+    /**
+     * The user this object belongs to. Access is based on his/her permission
+     * settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * The internal model object containing the values which represent this
+     * object in the database.
+     */
+    private ModelType model;
+
+    /**
+     * Initializes this object, associating it with the current authenticated
+     * user and populating it with data from the given model object
+     *
+     * @param currentUser
+     *     The user that created or retrieved this object.
+     *
+     * @param model 
+     *     The backing model object.
+     */
+    public void init(AuthenticatedUser currentUser, ModelType model) {
+        setCurrentUser(currentUser);
+        setModel(model);
+    }
+
+    /**
+     * Returns the user that created or queried this object. This user's
+     * permissions dictate what operations can be performed on or through this
+     * object.
+     *
+     * @return
+     *     The user that created or queried this object.
+     */
+    public AuthenticatedUser getCurrentUser() {
+        return currentUser;
+    }
+
+    /**
+     * Sets the user that created or queried this object. This user's
+     * permissions dictate what operations can be performed on or through this
+     * object.
+     *
+     * @param currentUser 
+     *     The user that created or queried this object.
+     */
+    public void setCurrentUser(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+
+    /**
+     * Returns the backing model object. Changes to the model object will
+     * affect this object, and changes to this object will affect the model
+     * object.
+     *
+     * @return
+     *     The backing model object.
+     */
+    public ModelType getModel() {
+        return model;
+    }
+
+    /**
+     * Sets the backing model object. This will effectively replace all data
+     * contained within this object.
+     *
+     * @param model
+     *     The backing model object.
+     */
+    public void setModel(ModelType model) {
+        this.model = model;
+    }
+
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
index e65258a24..de2dac14a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
@@ -28,12 +28,7 @@ package net.sourceforge.guacamole.net.auth.mysql.model;
  *
  * @author Michael Jumper
  */
-public class ConnectionModel {
-
-    /**
-     * The identifier of this connection in the database, if any.
-     */
-    private String identifier;
+public class ConnectionModel extends ObjectModel {
 
     /**
      * The identifier of the parent connection group in the database, or null
@@ -117,29 +112,26 @@ public class ConnectionModel {
      *     The identifier of the parent connection group, or null if the parent
      *     connection group is the root connection group.
      */
-    public void setParentID(String parentIdentifier) {
+    public void setParentIdentifier(String parentIdentifier) {
         this.parentIdentifier = parentIdentifier;
     }
 
-    /**
-     * Returns the identifier of this connection in the database, if it exists.
-     *
-     * @return
-     *     The identifier of this connection in the database, or null if this
-     *     connection was not retrieved from the database.
-     */
+    @Override
     public String getIdentifier() {
-        return identifier;
+
+        // If no associated ID, then no associated identifier
+        Integer id = getObjectID();
+        if (id == null)
+            return null;
+
+        // Otherwise, the identifier is the ID as a string
+        return id.toString();
+
     }
 
-    /**
-     * Sets the identifier of this connection to the given value.
-     *
-     * @param identifier 
-     *     The identifier to assign to this connection.
-     */
+    @Override
     public void setIdentifier(String identifier) {
-        this.identifier = identifier;
+        throw new UnsupportedOperationException("Connection identifiers are derived from IDs. They cannot be set.");
     }
 
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java
new file mode 100644
index 000000000..4c3077d1c
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+/**
+ * Object representation of a Guacamole object, such as a user or connection,
+ * as represented in the database.
+ *
+ * @author Michael Jumper
+ */
+public abstract class ObjectModel {
+
+    /**
+     * The ID of this object in the database, if any.
+     */
+    private Integer objectID;
+
+    /**
+     * The unique identifier which identifies this object.
+     */
+    private String identifier;
+    
+    /**
+     * Creates a new, empty object.
+     */
+    public ObjectModel() {
+    }
+
+    /**
+     * Returns the identifier that uniquely identifies this object.
+     *
+     * @return
+     *     The identifier that uniquely identifies this object.
+     */
+    public String getIdentifier() {
+        return identifier;
+    }
+
+    /**
+     * Sets the identifier that uniquely identifies this object.
+     *
+     * @param identifier
+     *     The identifier that uniquely identifies this object.
+     */
+    public void setIdentifier(String identifier) {
+        this.identifier = identifier;
+    }
+
+    /**
+     * Returns the ID of this object in the database, if it exists.
+     *
+     * @return
+     *     The ID of this object in the database, or null if this object was
+     *     not retrieved from the database.
+     */
+    public Integer getObjectID() {
+        return objectID;
+    }
+
+    /**
+     * Sets the ID of this object to the given value.
+     *
+     * @param objectID
+     *     The ID to assign to this object.
+     */
+    public void setObjectID(Integer objectID) {
+        this.objectID = objectID;
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
index 4130b6033..5893fd4c9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
@@ -27,18 +27,8 @@ package net.sourceforge.guacamole.net.auth.mysql.model;
  *
  * @author Michael Jumper
  */
-public class UserModel {
+public class UserModel extends ObjectModel {
 
-    /**
-     * The ID of this user in the database, if any.
-     */
-    private Integer userID;
-
-    /**
-     * The unique username which identifies this user.
-     */
-    private String username;
-    
     /**
      * The SHA-256 hash of the password and salt.
      */
@@ -56,47 +46,6 @@ public class UserModel {
     public UserModel() {
     }
 
-    /**
-     * Returns the username that uniquely identifies this user.
-     *
-     * @return
-     *     The username that uniquely identifies this user.
-     */
-    public String getUsername() {
-        return username;
-    }
-
-    /**
-     * Sets the username that uniquely identifies this user.
-     *
-     * @param username
-     *     The username that uniquely identifies this user.
-     */
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    /**
-     * Returns the ID of this user in the database, if it exists.
-     *
-     * @return
-     *     The ID of this user in the database, or null if this user was not
-     *     retrieved from the database.
-     */
-    public Integer getUserID() {
-        return userID;
-    }
-
-    /**
-     * Sets the ID of this user to the given value.
-     *
-     * @param userID
-     *     The ID to assign to this user.
-     */
-    public void setUserID(Integer userID) {
-        this.userID = userID;
-    }
-
     /**
      * Returns the hash of this user's password and password salt. This may be
      * null if the user was not retrieved from the database, and setPassword()
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
index a1c163375..d1d86cc2e 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
@@ -225,8 +225,8 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
                     ConnectionRecordModel recordModel = new ConnectionRecordModel();
 
                     // Copy user information and timestamps into new record
-                    recordModel.setUserID(userModel.getUserID());
-                    recordModel.setUsername(userModel.getUsername());
+                    recordModel.setUserID(userModel.getObjectID());
+                    recordModel.setUsername(userModel.getIdentifier());
                     recordModel.setConnectionIdentifier(connection.getIdentifier());
                     recordModel.setStartDate(activeConnection.getStartDate());
                     recordModel.setEndDate(new Date());
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index a161b20d6..91879ca08 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -112,7 +112,6 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
         MySQLConnection connection = getObjectInstance(currentUser, model);
 
         // Set model contents through MySQLConnection, copying the provided connection
-        connection.setIdentifier(object.getIdentifier());
         connection.setParentIdentifier(object.getParentIdentifier());
         connection.setName(object.getName());
         connection.setConfiguration(object.getConfiguration());
@@ -145,7 +144,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
             throws GuacamoleException {
 
         // Name must not be blank
-        if (object.getIdentifier().trim().isEmpty())
+        if (object.getName().trim().isEmpty())
             throw new GuacamoleClientException("Connection names must not be blank.");
         
         // FIXME: Do not attempt to create duplicate connections
@@ -157,7 +156,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
             MySQLConnection object) throws GuacamoleException {
 
         // Name must not be blank
-        if (object.getIdentifier().trim().isEmpty())
+        if (object.getName().trim().isEmpty())
             throw new GuacamoleClientException("Connection names must not be blank.");
         
         // FIXME: Check whether such a connection is already present
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 6d5ebdac7..59def80dc 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -29,6 +29,7 @@ import java.util.Set;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.DirectoryObject;
 import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.ObjectModel;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -53,7 +54,7 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
  *     database.
  */
 public abstract class DirectoryObjectService<InternalType extends DirectoryObject<ModelType>,
-        ExternalType, ModelType> {
+        ExternalType, ModelType extends ObjectModel> {
 
     /**
      * Returns an instance of a mapper for the type of object used by this
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
index 6c025c0d1..3c8978e01 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
@@ -73,8 +73,8 @@ public class SystemPermissionService
         SystemPermissionModel model = new SystemPermissionModel();
 
         // Populate model object with data from user and permission
-        model.setUserID(targetUser.getModel().getUserID());
-        model.setUsername(targetUser.getModel().getUsername());
+        model.setUserID(targetUser.getModel().getObjectID());
+        model.setUsername(targetUser.getModel().getIdentifier());
         model.setType(permission.getType());
 
         return model;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
index 008db8480..d2e67dc18 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
@@ -138,7 +138,7 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
             UserModel updatedModel = object.getModel();
 
             // Do not rename to existing user
-            if (!existingModel.getUserID().equals(updatedModel.getUserID()))
+            if (!existingModel.getObjectID().equals(updatedModel.getObjectID()))
                 throw new GuacamoleClientException("User \"" + object.getIdentifier() + "\" already exists.");
             
         }
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
index 75e4c4c44..a5b36a12e 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
@@ -28,7 +28,7 @@
 
     <!-- Result mapper for connection objects -->
     <resultMap id="ConnectionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel" >
-        <id     column="connection_id"   property="identifier"       jdbcType="INTEGER"/>
+        <id     column="connection_id"   property="objectID"         jdbcType="INTEGER"/>
         <result column="connection_name" property="name"             jdbcType="VARCHAR"/>
         <result column="parent_id"       property="parentIdentifier" jdbcType="INTEGER"/>
         <result column="protocol"        property="protocol"         jdbcType="VARCHAR"/>
@@ -45,7 +45,7 @@
         SELECT connection_id
         FROM guacamole_connection_permission
         WHERE
-            user_id = #{user.userID,jdbcType=INTEGER}
+            user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
     </select>
 
@@ -66,7 +66,7 @@
         WHERE
             <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
-            AND user_id = #{user.userID,jdbcType=INTEGER}
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
     </select>
 
@@ -102,7 +102,7 @@
                      open="(" separator="," close=")">
                 #{identifier,jdbcType=VARCHAR}
             </foreach>
-            AND user_id = #{user.userID,jdbcType=INTEGER}
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
 
     </select>
@@ -127,7 +127,7 @@
             #{object.protocol,jdbcType=VARCHAR}
         )
 
-        <selectKey resultType="java.lang.String" keyProperty="identifier" order="AFTER">
+        <selectKey resultType="java.lang.String" keyProperty="objectID" order="AFTER">
             SELECT LAST_INSERT_ID()
         </selectKey>
 
@@ -139,7 +139,7 @@
         SET connection_name = #{object.name,jdbcType=VARCHAR},
             parent_id       = #{object.parentIdentifier,jdbcType=VARCHAR},
             protocol        = #{object.protocol,jdbcType=VARCHAR}
-        WHERE connection_id = #{object.identifier,jdbcType=VARCHAR}
+        WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
     </update>
 
 </mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
index 8b8e0f8eb..65a02a100 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
@@ -43,7 +43,7 @@
             permission
         FROM guacamole_system_permission
         JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
-        WHERE guacamole_system_permission.user_id = #{user.userID,jdbcType=INTEGER}
+        WHERE guacamole_system_permission.user_id = #{user.objectID,jdbcType=INTEGER}
 
     </select>
 
@@ -57,7 +57,7 @@
         FROM guacamole_system_permission
         JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
         WHERE
-            guacamole_system_permission.user_id = #{user.userID,jdbcType=INTEGER}
+            guacamole_system_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}
 
     </select>
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
index fe149f1ac..118b098eb 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
@@ -28,8 +28,8 @@
 
     <!-- Result mapper for user objects -->
     <resultMap id="UserResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.UserModel" >
-        <id     column="user_id"       property="userID"       jdbcType="INTEGER"/>
-        <result column="username"      property="username"     jdbcType="VARCHAR"/>
+        <id     column="user_id"       property="objectID"     jdbcType="INTEGER"/>
+        <result column="username"      property="identifier"   jdbcType="VARCHAR"/>
         <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
         <result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
     </resultMap>
@@ -46,7 +46,7 @@
         FROM guacamole_user
         JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
         WHERE
-            guacamole_user_permission.user_id = #{user.userID,jdbcType=INTEGER}
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'read'
     </select>
 
@@ -82,7 +82,7 @@
                      open="(" separator="," close=")">
                 #{identifier,jdbcType=VARCHAR}
             </foreach>
-            AND guacamole_user_permission.user_id = #{user.userID,jdbcType=INTEGER}
+            AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'read'
 
     </select>
@@ -115,12 +115,12 @@
             password_salt
         )
         VALUES (
-            #{object.username,jdbcType=VARCHAR},
+            #{object.identifier,jdbcType=VARCHAR},
             #{object.passwordHash,jdbcType=BINARY},
             #{object.passwordSalt,jdbcType=BINARY}
         )
 
-        <selectKey resultType="java.lang.Integer" keyProperty="userID" order="AFTER">
+        <selectKey resultType="java.lang.Integer" keyProperty="objectID" order="AFTER">
             SELECT LAST_INSERT_ID()
         </selectKey>
 
@@ -131,7 +131,7 @@
         UPDATE guacamole_user
         SET password_hash = #{object.passwordHash,jdbcType=BINARY},
             password_salt = #{object.passwordSalt,jdbcType=BINARY}
-        WHERE user_id = #{object.userID,jdbcType=VARCHAR}
+        WHERE user_id = #{object.objectID,jdbcType=VARCHAR}
     </update>
 
 </mapper>
\ No newline at end of file

From 9159df5ee472ff210afd2147027c38e56a8331fe Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 26 Feb 2015 23:32:27 -0800
Subject: [PATCH 38/60] GUAC-1101: Add parameters upon insertion of new
 connection.

---
 .../auth/mysql/service/ConnectionService.java | 57 +++++++++++++++----
 .../mysql/service/DirectoryObjectService.java | 10 +++-
 2 files changed, 53 insertions(+), 14 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index 91879ca08..f4c1515f6 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -163,16 +163,22 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
         
     }
 
-    @Override
-    public void updateObject(AuthenticatedUser user, MySQLConnection object)
-            throws GuacamoleException {
+    /**
+     * Given an arbitrary Guacamole connection, produces a collection of
+     * parameter model objects containing the name/value pairs of that
+     * connection's parameters.
+     *
+     * @param connection
+     *     The connection whose configuration should be used to produce the
+     *     collection of parameter models.
+     *
+     * @return
+     *     A collection of parameter models containing the name/value pairs
+     *     of the given connection's parameters.
+     */
+    private Collection<ParameterModel> getParameterModels(MySQLConnection connection) {
 
-        // Update connection
-        super.updateObject(user, object);
-
-        // Get identifier and connection parameters
-        String identifier = object.getIdentifier();
-        Map<String, String> parameters = object.getConfiguration().getParameters();
+        Map<String, String> parameters = connection.getConfiguration().getParameters();
         
         // Convert parameters to model objects
         Collection<ParameterModel> parameterModels = new ArrayList(parameters.size());
@@ -188,7 +194,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
             
             // Produce model object from parameter
             ParameterModel model = new ParameterModel();
-            model.setConnectionIdentifier(identifier);
+            model.setConnectionIdentifier(connection.getIdentifier());
             model.setName(name);
             model.setValue(value);
 
@@ -197,8 +203,37 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
             
         }
 
+        return parameterModels;
+
+    }
+
+    @Override
+    public MySQLConnection createObject(AuthenticatedUser user, Connection object)
+            throws GuacamoleException {
+
+        // Create connection
+        MySQLConnection connection = super.createObject(user, object);
+        connection.setConfiguration(object.getConfiguration());
+
+        // Insert new parameters, if any
+        Collection<ParameterModel> parameterModels = getParameterModels(connection);
+        if (!parameterModels.isEmpty())
+            parameterMapper.insert(parameterModels);
+
+        return connection;
+
+    }
+    
+    @Override
+    public void updateObject(AuthenticatedUser user, MySQLConnection object)
+            throws GuacamoleException {
+
+        // Update connection
+        super.updateObject(user, object);
+
         // Replace existing parameters with new parameters
-        parameterMapper.delete(identifier);
+        Collection<ParameterModel> parameterModels = getParameterModels(object);
+        parameterMapper.delete(object.getIdentifier());
         parameterMapper.insert(parameterModels);
         
     }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
index 59def80dc..ae251390c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
@@ -327,11 +327,14 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
      * @param object
      *     The object to create.
      *
+     * @return
+     *     The newly-created object.
+     *
      * @throws GuacamoleException
      *     If the user lacks permission to create the object, or an error
      *     occurs while creating the object.
      */
-    public void createObject(AuthenticatedUser user, ExternalType object)
+    public InternalType createObject(AuthenticatedUser user, ExternalType object)
         throws GuacamoleException {
 
         // Only create object if user has permission to do so
@@ -341,10 +344,11 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
             validateNewObject(user, object);
 
             // Create object
-            getObjectMapper().insert(getModelInstance(user, object));
+            ModelType model = getModelInstance(user, object);
+            getObjectMapper().insert(model);
 
             // FIXME: Insert implicit object permissions, too.
-            return;
+            return getObjectInstance(user, model);
         }
 
         // User lacks permission to create 

From 111581e5cb8a8e4e243d4d29debd3b591e1cfa66 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 26 Feb 2015 23:37:10 -0800
Subject: [PATCH 39/60] GUAC-1101: Use "useGeneratedKeys" to get generated keys
 after insert.

---
 .../guacamole/net/auth/mysql/dao/ConnectionMapper.xml      | 7 ++-----
 .../guacamole/net/auth/mysql/dao/UserMapper.xml            | 7 ++-----
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
index a5b36a12e..087bdda93 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
@@ -114,7 +114,8 @@
     </delete>
 
     <!-- Insert single connection -->
-    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
 
         INSERT INTO guacamole_connection (
             connection_name,
@@ -127,10 +128,6 @@
             #{object.protocol,jdbcType=VARCHAR}
         )
 
-        <selectKey resultType="java.lang.String" keyProperty="objectID" order="AFTER">
-            SELECT LAST_INSERT_ID()
-        </selectKey>
-
     </insert>
 
     <!-- Update single connection -->
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
index 118b098eb..4b732845d 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
@@ -107,7 +107,8 @@
     </delete>
 
     <!-- Insert single user -->
-    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
 
         INSERT INTO guacamole_user (
             username,
@@ -120,10 +121,6 @@
             #{object.passwordSalt,jdbcType=BINARY}
         )
 
-        <selectKey resultType="java.lang.Integer" keyProperty="objectID" order="AFTER">
-            SELECT LAST_INSERT_ID()
-        </selectKey>
-
     </insert>
 
     <!-- Update single user -->

From ac14cf0ff36a3d030d50ebee2fa20d709e34ba27 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 14:00:45 -0800
Subject: [PATCH 40/60] GUAC-1101: Implement connection groups.

---
 .../auth/mysql/ConnectionGroupDirectory.java  | 104 +++++++++
 .../mysql/MySQLAuthenticationProvider.java    |   6 +
 .../net/auth/mysql/MySQLConnectionGroup.java  | 135 +++++++++++
 .../auth/mysql/MySQLRootConnectionGroup.java  |  13 +-
 .../net/auth/mysql/MySQLUserContext.java      |  14 +-
 .../auth/mysql/dao/ConnectionGroupMapper.java |  75 ++++++
 .../mysql/model/ConnectionGroupModel.java     | 140 ++++++++++++
 .../AbstractGuacamoleSocketService.java       |  16 ++
 .../mysql/service/ConnectionGroupService.java | 215 ++++++++++++++++++
 .../auth/mysql/service/ConnectionService.java |  24 +-
 .../mysql/service/GuacamoleSocketService.java |  46 ++++
 .../auth/mysql/dao/ConnectionGroupMapper.xml  | 143 ++++++++++++
 12 files changed, 915 insertions(+), 16 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
new file mode 100644
index 000000000..28f1e4cc6
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
+import org.glyptodon.guacamole.net.auth.Directory;
+import org.mybatis.guice.transactional.Transactional;
+
+/**
+ * A MySQL based implementation of the ConnectionGroup Directory.
+ *
+ * @author James Muehlner
+ * @author Michael Jumper
+ */
+public class ConnectionGroupDirectory implements Directory<ConnectionGroup> {
+
+    /**
+     * The user this connection group directory belongs to. Access is based on
+     * his/her permission settings.
+     */
+    private AuthenticatedUser currentUser;
+    
+    /**
+     * Service for managing connection group objects.
+     */
+    @Inject
+    private ConnectionGroupService connectionGroupService;
+
+    /**
+     * Set the user for this directory.
+     *
+     * @param currentUser
+     *     The user whose permissions define the visibility of connection
+     *     groups in this directory.
+     */
+    public void init(AuthenticatedUser currentUser) {
+        this.currentUser = currentUser;
+    }
+    
+    @Override
+    public ConnectionGroup get(String identifier) throws GuacamoleException {
+        return connectionGroupService.retrieveObject(currentUser, identifier);
+    }
+
+    @Override
+    @Transactional
+    public Collection<ConnectionGroup> getAll(Collection<String> identifiers) throws GuacamoleException {
+        Collection<MySQLConnectionGroup> objects = connectionGroupService.retrieveObjects(currentUser, identifiers);
+        return Collections.<ConnectionGroup>unmodifiableCollection(objects);
+    }
+
+    @Override
+    @Transactional
+    public Set<String> getIdentifiers() throws GuacamoleException {
+        return connectionGroupService.getIdentifiers(currentUser);
+    }
+
+    @Override
+    @Transactional
+    public void add(ConnectionGroup object) throws GuacamoleException {
+        connectionGroupService.createObject(currentUser, object);
+    }
+
+    @Override
+    @Transactional
+    public void update(ConnectionGroup object) throws GuacamoleException {
+        MySQLConnectionGroup connectionGroup = (MySQLConnectionGroup) object;
+        connectionGroupService.updateObject(currentUser, connectionGroup);
+    }
+
+    @Override
+    @Transactional
+    public void remove(String identifier) throws GuacamoleException {
+        connectionGroupService.deleteObject(currentUser, identifier);
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 34c7f6d43..6212374a0 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -29,6 +29,7 @@ import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
@@ -39,6 +40,7 @@ import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.UserContext;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
 import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
 import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
 import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
@@ -145,6 +147,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
                     // Add MyBatis mappers
                     addMapperClass(ConnectionMapper.class);
+                    addMapperClass(ConnectionGroupMapper.class);
                     addMapperClass(ConnectionRecordMapper.class);
                     addMapperClass(ParameterMapper.class);
                     addMapperClass(SystemPermissionMapper.class);
@@ -153,7 +156,9 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
                     // Bind core implementations of guacamole-ext classes
                     bind(Environment.class).toInstance(environment);
                     bind(ConnectionDirectory.class);
+                    bind(ConnectionGroupDirectory.class);
                     bind(MySQLConnection.class);
+                    bind(MySQLConnectionGroup.class);
                     bind(MySQLGuacamoleConfiguration.class);
                     bind(MySQLUser.class);
                     bind(MySQLUserContext.class);
@@ -163,6 +168,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
 
                     // Bind services
                     bind(ConnectionService.class);
+                    bind(ConnectionGroupService.class);
                     bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
                     bind(SaltService.class).to(SecureRandomSaltService.class);
                     bind(SystemPermissionService.class);
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
new file mode 100644
index 000000000..cdc37fc92
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
@@ -0,0 +1,135 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import com.google.inject.Inject;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+
+/**
+ * A MySQL based implementation of the ConnectionGroup object.
+ *
+ * @author James Muehlner
+ */
+public class MySQLConnectionGroup extends DirectoryObject<ConnectionGroupModel>
+    implements ConnectionGroup {
+
+    /**
+     * Service for managing connections.
+     */
+    @Inject
+    private ConnectionService connectionService;
+
+    /**
+     * Service for managing connection groups.
+     */
+    @Inject
+    private ConnectionGroupService connectionGroupService;
+
+    /**
+     * Service for creating and tracking sockets.
+     */
+    @Inject
+    private GuacamoleSocketService socketService;
+
+    /**
+     * Creates a new, empty MySQLConnection.
+     */
+    public MySQLConnectionGroup() {
+    }
+
+    @Override
+    public String getName() {
+        return getModel().getName();
+    }
+
+    @Override
+    public void setName(String name) {
+        getModel().setName(name);
+    }
+
+    @Override
+    public String getParentIdentifier() {
+
+        // Translate null parent to proper identifier
+        String parentIdentifier = getModel().getParentIdentifier();
+        if (parentIdentifier == null)
+            return MySQLRootConnectionGroup.IDENTIFIER;
+
+        return parentIdentifier;
+        
+    }
+
+    @Override
+    public void setParentIdentifier(String parentIdentifier) {
+
+        // Translate root identifier back into null
+        if (parentIdentifier != null
+                && parentIdentifier.equals(MySQLRootConnectionGroup.IDENTIFIER))
+            parentIdentifier = null;
+
+        getModel().setParentIdentifier(parentIdentifier);
+
+    }
+
+    @Override
+    public GuacamoleSocket connect(GuacamoleClientInformation info)
+            throws GuacamoleException {
+        return connectionGroupService.connect(getCurrentUser(), this, info);
+    }
+
+    @Override
+    public int getActiveConnections() {
+        return socketService.getActiveConnections(this).size();
+    }
+
+    @Override
+    public void setType(Type type) {
+        getModel().setType(type);
+    }
+
+    @Override
+    public Type getType() {
+        return getModel().getType();
+    }
+
+    @Override
+    public Set<String> getConnectionIdentifiers()
+            throws GuacamoleException {
+        return connectionService.getIdentifiersWithin(getCurrentUser(), getIdentifier());
+    }
+
+    @Override
+    public Set<String> getConnectionGroupIdentifiers()
+            throws GuacamoleException {
+        return connectionGroupService.getIdentifiersWithin(getCurrentUser(), getIdentifier());
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
index fcd1157d9..5c9dbe488 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
@@ -23,8 +23,8 @@
 package net.sourceforge.guacamole.net.auth.mysql;
 
 import com.google.inject.Inject;
-import java.util.Collections;
 import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
 import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
@@ -65,6 +65,12 @@ public class MySQLRootConnectionGroup implements ConnectionGroup {
      */
     @Inject
     private ConnectionService connectionService;
+
+    /**
+     * Service for managing connection group objects.
+     */
+    @Inject
+    private ConnectionGroupService connectionGroupService;
     
     /**
      * Creates a new, empty MySQLRootConnectionGroup.
@@ -115,14 +121,13 @@ public class MySQLRootConnectionGroup implements ConnectionGroup {
 
     @Override
     public Set<String> getConnectionIdentifiers() throws GuacamoleException {
-        return connectionService.getRootIdentifiers(currentUser);
+        return connectionService.getIdentifiersWithin(currentUser, null);
     }
 
     @Override
     public Set<String> getConnectionGroupIdentifiers()
             throws GuacamoleException {
-        /* STUB */
-        return Collections.EMPTY_SET;
+        return connectionGroupService.getIdentifiersWithin(currentUser, null);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
index c5877d592..17754e283 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
@@ -25,15 +25,12 @@ package net.sourceforge.guacamole.net.auth.mysql;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
-import java.util.Collections;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
-import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroup;
-import org.glyptodon.guacamole.net.auth.simple.SimpleConnectionGroupDirectory;
 
 /**
  * The MySQL representation of a UserContext.
@@ -60,6 +57,13 @@ public class MySQLUserContext implements UserContext {
     @Inject
     private ConnectionDirectory connectionDirectory;
 
+    /**
+     * Connection group directory restricted by the permissions of the user
+     * associated with this context.
+     */
+    @Inject
+    private ConnectionGroupDirectory connectionGroupDirectory;
+
     /**
      * Provider for creating the root group.
      */
@@ -79,6 +83,7 @@ public class MySQLUserContext implements UserContext {
         // Init directories
         userDirectory.init(currentUser);
         connectionDirectory.init(currentUser);
+        connectionGroupDirectory.init(currentUser);
 
     }
 
@@ -99,8 +104,7 @@ public class MySQLUserContext implements UserContext {
 
     @Override
     public Directory<ConnectionGroup> getConnectionGroupDirectory() throws GuacamoleException {
-        /* STUB */
-        return new SimpleConnectionGroupDirectory(Collections.singleton(getRootConnectionGroup()));
+        return connectionGroupDirectory;
     }
 
     @Override
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java
new file mode 100644
index 000000000..1a69a78a8
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.dao;
+
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel;
+import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.apache.ibatis.annotations.Param;
+
+/**
+ * Mapper for connection group objects.
+ *
+ * @author Michael Jumper
+ */
+public interface ConnectionGroupMapper extends DirectoryObjectMapper<ConnectionGroupModel> {
+
+    /**
+     * Selects the identifiers of all connection groups within the given parent
+     * connection group, regardless of whether they are readable by any
+     * particular user. This should only be called on behalf of a system
+     * administrator. If identifiers are needed by a non-administrative user
+     * who must have explicit read rights, use
+     * selectReadableIdentifiersWithin() instead.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the root
+     *     connection group is to be queried.
+     *
+     * @return
+     *     A Set containing all identifiers of all objects.
+     */
+    Set<String> selectIdentifiersWithin(@Param("parentIdentifier") String parentIdentifier);
+    
+    /**
+     * Selects the identifiers of all connection groups within the given parent
+     * connection group that are explicitly readable by the given user. If
+     * identifiers are needed by a system administrator (who, by definition,
+     * does not need explicit read rights), use selectIdentifiersWithin()
+     * instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether an identifier
+     *    is returned.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the root
+     *     connection group is to be queried.
+     *
+     * @return
+     *     A Set containing all identifiers of all readable objects.
+     */
+    Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
+            @Param("parentIdentifier") String parentIdentifier);
+    
+}
\ No newline at end of file
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java
new file mode 100644
index 000000000..29242122f
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.model;
+
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
+
+/**
+ * Object representation of a Guacamole connection group, as represented in the
+ * database.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionGroupModel extends ObjectModel {
+
+    /**
+     * The identifier of the parent connection group in the database, or null
+     * if the parent connection group is the root group.
+     */
+    private String parentIdentifier;
+    
+    /**
+     * The human-readable name associated with this connection group.
+     */
+    private String name;
+
+    /**
+     * The type of this connection group, such as organizational or balancing.
+     */
+    private ConnectionGroup.Type type;
+    
+    /**
+     * Creates a new, empty connection group.
+     */
+    public ConnectionGroupModel() {
+    }
+
+    /**
+     * Returns the name associated with this connection group.
+     *
+     * @return
+     *     The name associated with this connection group.
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * Sets the name associated with this connection group.
+     *
+     * @param name
+     *     The name to associate with this connection group.
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    /**
+     * Returns the identifier of the parent connection group, or null if the
+     * parent connection group is the root connection group.
+     *
+     * @return 
+     *     The identifier of the parent connection group, or null if the parent
+     *     connection group is the root connection group.
+     */
+    public String getParentIdentifier() {
+        return parentIdentifier;
+    }
+
+    /**
+     * Sets the identifier of the parent connection group.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent connection group, or null if the parent
+     *     connection group is the root connection group.
+     */
+    public void setParentIdentifier(String parentIdentifier) {
+        this.parentIdentifier = parentIdentifier;
+    }
+
+    /**
+     * Returns the type of this connection group, such as organizational or
+     * balancing.
+     *
+     * @return
+     *     The type of this connection group.
+     */
+    public ConnectionGroup.Type getType() {
+        return type;
+    }
+
+    /**
+     * Sets the type of this connection group, such as organizational or
+     * balancing.
+     *
+     * @param type
+     *     The type of this connection group.
+     */
+    public void setType(ConnectionGroup.Type type) {
+        this.type = type;
+    }
+
+    @Override
+    public String getIdentifier() {
+
+        // If no associated ID, then no associated identifier
+        Integer id = getObjectID();
+        if (id == null)
+            return null;
+
+        // Otherwise, the identifier is the ID as a string
+        return id.toString();
+
+    }
+
+    @Override
+    public void setIdentifier(String identifier) {
+        throw new UnsupportedOperationException("Connection group identifiers are derived from IDs. They cannot be set.");
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
index d1d86cc2e..de973b9dd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
@@ -32,6 +32,7 @@ import java.util.List;
 import java.util.Map;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
@@ -43,6 +44,7 @@ import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.InetGuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
@@ -268,5 +270,19 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
 
         }
     }
+
+    @Override
+    public GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
+            MySQLConnectionGroup connectionGroup,
+            GuacamoleClientInformation info) throws GuacamoleException {
+        // STUB
+        throw new UnsupportedOperationException("STUB");
+    }
+
+    @Override
+    public List<ConnectionRecord> getActiveConnections(ConnectionGroup connectionGroup) {
+        // STUB
+        return Collections.EMPTY_LIST;
+    }
     
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
new file mode 100644
index 000000000..34e62ca7b
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
@@ -0,0 +1,215 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql.service;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
+import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel;
+import org.glyptodon.guacamole.GuacamoleClientException;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
+import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating connection groups.
+ *
+ * @author Michael Jumper, James Muehlner
+ */
+public class ConnectionGroupService extends DirectoryObjectService<MySQLConnectionGroup,
+        ConnectionGroup, ConnectionGroupModel> {
+
+    /**
+     * Mapper for accessing connection groups.
+     */
+    @Inject
+    private ConnectionGroupMapper connectionGroupMapper;
+
+    /**
+     * Provider for creating connection groups.
+     */
+    @Inject
+    private Provider<MySQLConnectionGroup> connectionGroupProvider;
+
+    /**
+     * Service for creating and tracking sockets.
+     */
+    @Inject
+    private GuacamoleSocketService socketService;
+    
+    @Override
+    protected DirectoryObjectMapper<ConnectionGroupModel> getObjectMapper() {
+        return connectionGroupMapper;
+    }
+
+    @Override
+    protected MySQLConnectionGroup getObjectInstance(AuthenticatedUser currentUser,
+            ConnectionGroupModel model) {
+        MySQLConnectionGroup connectionGroup = connectionGroupProvider.get();
+        connectionGroup.init(currentUser, model);
+        return connectionGroup;
+    }
+
+    @Override
+    protected ConnectionGroupModel getModelInstance(AuthenticatedUser currentUser,
+            final ConnectionGroup object) {
+
+        // Create new MySQLConnectionGroup backed by blank model
+        ConnectionGroupModel model = new ConnectionGroupModel();
+        MySQLConnectionGroup connectionGroup = getObjectInstance(currentUser, model);
+
+        // Set model contents through MySQLConnection, copying the provided connection group
+        connectionGroup.setParentIdentifier(object.getParentIdentifier());
+        connectionGroup.setName(object.getName());
+        connectionGroup.setType(object.getType());
+
+        return model;
+        
+    }
+
+    @Override
+    protected boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return whether user has explicit connection group creation permission
+        SystemPermissionSet permissionSet = user.getUser().getSystemPermissions();
+        return permissionSet.hasPermission(SystemPermission.Type.CREATE_CONNECTION_GROUP);
+
+    }
+
+    @Override
+    protected ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException {
+
+        // Return permissions related to connection groups 
+        return user.getUser().getConnectionGroupPermissions();
+
+    }
+
+    @Override
+    protected void validateNewObject(AuthenticatedUser user, ConnectionGroup object)
+            throws GuacamoleException {
+
+        // Name must not be blank
+        if (object.getName().trim().isEmpty())
+            throw new GuacamoleClientException("Connection group names must not be blank.");
+        
+        // FIXME: Do not attempt to create duplicate connection groups
+
+    }
+
+    @Override
+    protected void validateExistingObject(AuthenticatedUser user,
+            MySQLConnectionGroup object) throws GuacamoleException {
+
+        // Name must not be blank
+        if (object.getName().trim().isEmpty())
+            throw new GuacamoleClientException("Connection group names must not be blank.");
+        
+        // FIXME: Check whether such a connection group is already present
+        
+    }
+
+    /**
+     * Returns the set of all identifiers for all connection groups within the
+     * connection group having the given identifier. Only connection groups
+     * that the user has read access to will be returned.
+     * 
+     * Permission to read the connection group having the given identifier is
+     * NOT checked.
+     *
+     * @param user
+     *     The user retrieving the identifiers.
+     * 
+     * @param identifier
+     *     The identifier of the parent connection group, or null to check the
+     *     root connection group.
+     *
+     * @return
+     *     The set of all identifiers for all connection groups in the
+     *     connection group having the given identifier that the user has read
+     *     access to.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while reading identifiers.
+     */
+    public Set<String> getIdentifiersWithin(AuthenticatedUser user,
+            String identifier)
+            throws GuacamoleException {
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            return connectionGroupMapper.selectIdentifiersWithin(identifier);
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            return connectionGroupMapper.selectReadableIdentifiersWithin(user.getUser().getModel(), identifier);
+
+    }
+
+    /**
+     * Connects to the given connection group as the given user, using the
+     * given client information. If the user does not have permission to read
+     * the connection group, permission will be denied.
+     *
+     * @param user
+     *     The user connecting to the connection group.
+     *
+     * @param connectionGroup
+     *     The connectionGroup being connected to.
+     *
+     * @param info
+     *     Information associated with the connecting client.
+     *
+     * @return
+     *     A connected GuacamoleSocket associated with a newly-established
+     *     connection.
+     *
+     * @throws GuacamoleException
+     *     If permission to connect to this connection is denied.
+     */
+    public GuacamoleSocket connect(AuthenticatedUser user,
+            MySQLConnectionGroup connectionGroup, GuacamoleClientInformation info)
+            throws GuacamoleException {
+
+        // Connect only if READ permission is granted
+        if (hasObjectPermission(user, connectionGroup.getIdentifier(), ObjectPermission.Type.READ))
+            return socketService.getGuacamoleSocket(user, connectionGroup, info);
+
+        // The user does not have permission to connect
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index f4c1515f6..a9ca2c512 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -239,28 +239,38 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     }
 
     /**
-     * Returns the set of all identifiers for all connections within the root
-     * connection group that the user has read access to.
+     * Returns the set of all identifiers for all connections within the
+     * connection group having the given identifier. Only connections that the
+     * user has read access to will be returned.
+     * 
+     * Permission to read the connection group having the given identifier is
+     * NOT checked.
      *
      * @param user
      *     The user retrieving the identifiers.
+     * 
+     * @param identifier
+     *     The identifier of the parent connection group, or null to check the
+     *     root connection group.
      *
      * @return
-     *     The set of all identifiers for all connections in the root
-     *     connection group that the user has read access to.
+     *     The set of all identifiers for all connections in the connection
+     *     group having the given identifier that the user has read access to.
      *
      * @throws GuacamoleException
      *     If an error occurs while reading identifiers.
      */
-    public Set<String> getRootIdentifiers(AuthenticatedUser user) throws GuacamoleException {
+    public Set<String> getIdentifiersWithin(AuthenticatedUser user,
+            String identifier)
+            throws GuacamoleException {
 
         // Bypass permission checks if the user is a system admin
         if (user.getUser().isAdministrator())
-            return connectionMapper.selectIdentifiersWithin(null);
+            return connectionMapper.selectIdentifiersWithin(identifier);
 
         // Otherwise only return explicitly readable identifiers
         else
-            return connectionMapper.selectReadableIdentifiersWithin(user.getUser().getModel(), null);
+            return connectionMapper.selectReadableIdentifiersWithin(user.getUser().getModel(), identifier);
 
     }
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
index b534cfc14..c14e0af8c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
@@ -25,9 +25,11 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
 import java.util.List;
 import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
+import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
@@ -83,4 +85,48 @@ public interface GuacamoleSocketService {
      */
     public List<ConnectionRecord> getActiveConnections(Connection connection);
 
+    /**
+     * Creates a socket for the given user which connects to the given
+     * connection group. The given client information will be passed to guacd
+     * when the connection is established. This function will apply any
+     * concurrent usage rules in effect, but will NOT test object- or
+     * system-level permissions.
+     *
+     * @param user
+     *     The user for whom the connection is being established.
+     *
+     * @param connectionGroup
+     *     The connection group the user is connecting to.
+     *
+     * @param info
+     *     Information describing the Guacamole client connecting to the given
+     *     connection group.
+     *
+     * @return
+     *     A new GuacamoleSocket which is configured and connected to the given
+     *     connection group.
+     *
+     * @throws GuacamoleException
+     *     If the connection cannot be established due to concurrent usage
+     *     rules, or if the connection group is not balancing.
+     */
+    GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
+            MySQLConnectionGroup connectionGroup,
+            GuacamoleClientInformation info)
+            throws GuacamoleException;
+
+    /**
+     * Returns a list containing connection records representing all currently-
+     * active connections using the given connection group. These records will
+     * have usernames and start dates, but no end date.
+     *
+     * @param connectionGroup
+     *     The connection group to check.
+     *
+     * @return
+     *     A list containing connection records representing all currently-
+     *     active connections.
+     */
+    public List<ConnectionRecord> getActiveConnections(ConnectionGroup connectionGroup);
+
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml
new file mode 100644
index 000000000..1a7c16b84
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper" >
+
+    <!-- Result mapper for connection objects -->
+    <resultMap id="ConnectionGroupResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel" >
+        <id     column="connection_group_id"   property="objectID"         jdbcType="INTEGER"/>
+        <result column="connection_group_name" property="name"             jdbcType="VARCHAR"/>
+        <result column="parent_id"             property="parentIdentifier" jdbcType="INTEGER"/>
+        <result column="type"                  property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.ConnectionGroup$Type"/>
+    </resultMap>
+
+    <!-- Select all connection group identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT connection_group_id 
+        FROM guacamole_connection_group
+    </select>
+
+    <!-- Select identifiers of all readable connection groups -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT connection_group_id
+        FROM guacamole_connection_group_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all connection identifiers within a particular connection group -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT connection_group_id 
+        FROM guacamole_connection_group
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+    </select>
+
+    <!-- Select identifiers of all readable connection groups within a particular connection group -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT guacamole_connection_group.connection_group_id
+        FROM guacamole_connection_group
+        JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection.group_connection_group_id
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple connection groups by identifier -->
+    <select id="select" resultMap="ConnectionGroupResultMap">
+
+        SELECT
+            connection_group_id,
+            connection_group_name,
+            parent_id,
+            type
+        FROM guacamole_connection_group
+        WHERE connection_group_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple connection groups by identifier only if readable -->
+    <select id="selectReadable" resultMap="ConnectionGroupResultMap">
+
+        SELECT
+            guacamole_connection_group.connection_group_id,
+            connection_group_name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection_group
+        JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
+        WHERE guacamole_connection_group.connection_group_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Delete single connection group by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection_group
+        WHERE connection_group_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single connection -->
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel">
+
+        INSERT INTO guacamole_connection_group (
+            connection_group_name,
+            parent_id,
+            type
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.type,jdbcType=VARCHAR}
+        )
+
+    </insert>
+
+    <!-- Update single connection group -->
+    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel">
+        UPDATE guacamole_connection_group
+        SET connection_group_name = #{object.name,jdbcType=VARCHAR},
+            parent_id             = #{object.parentIdentifier,jdbcType=VARCHAR},
+            type                  = #{object.type,jdbcType=VARCHAR}
+        WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
+    </update>
+
+</mapper>
\ No newline at end of file

From 872607eb2c1fa5ca6c6fd110778f83659d76fb1e Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 14:01:49 -0800
Subject: [PATCH 41/60] GUAC-1101: Fix connection-related comments.

---
 .../guacamole/net/auth/mysql/ConnectionDirectory.java         | 4 ++--
 .../guacamole/net/auth/mysql/service/ConnectionService.java   | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
index a7cff5617..c54e16b92 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
@@ -42,8 +42,8 @@ import org.mybatis.guice.transactional.Transactional;
 public class ConnectionDirectory implements Directory<Connection> {
 
     /**
-     * The user this user directory belongs to. Access is based on his/her
-     * permission settings.
+     * The user this connection directory belongs to. Access is based on
+     * his/her permission settings.
      */
     private AuthenticatedUser currentUser;
     
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
index a9ca2c512..0708f7f47 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
@@ -124,7 +124,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     protected boolean hasCreatePermission(AuthenticatedUser user)
             throws GuacamoleException {
 
-        // Return whether user has explicit user creation permission
+        // Return whether user has explicit connection creation permission
         SystemPermissionSet permissionSet = user.getUser().getSystemPermissions();
         return permissionSet.hasPermission(SystemPermission.Type.CREATE_CONNECTION);
 

From c19b43ce958fec798887d177e124ea8e721be839 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 16:15:26 -0800
Subject: [PATCH 42/60] GUAC-1101: Reorganize everything into
 org.glyptodon.guacamole.auth.mysql packages based on related guacamole-ext
 type.

---
 .../mysql/MySQLAuthenticationProvider.java    | 44 ++++++++++++-------
 .../net/auth/mysql/package-info.java          |  6 +--
 .../auth/mysql/base}/DirectoryObject.java     |  3 +-
 .../mysql/base}/DirectoryObjectMapper.java    |  4 +-
 .../mysql/base}/DirectoryObjectService.java   |  7 +--
 .../auth/mysql/base}/ObjectModel.java         |  2 +-
 .../auth/mysql/base}/RestrictedObject.java    |  4 +-
 .../auth/mysql/base/package-info.java         | 28 ++++++++++++
 .../mysql/conf}/MySQLGuacamoleProperties.java |  2 +-
 .../auth/mysql/conf}/package-info.java        |  8 ++--
 .../connection}/ConnectionDirectory.java      |  4 +-
 .../mysql/connection}/ConnectionMapper.java   |  6 +--
 .../mysql/connection}/ConnectionModel.java    |  4 +-
 .../connection}/ConnectionRecordMapper.java   |  3 +-
 .../connection}/ConnectionRecordModel.java    |  2 +-
 .../mysql/connection}/ConnectionService.java  | 16 +++----
 .../mysql/connection}/MySQLConnection.java    |  8 ++--
 .../connection}/MySQLConnectionRecord.java    |  3 +-
 .../MySQLGuacamoleConfiguration.java          |  5 +--
 .../mysql/connection}/ParameterMapper.java    |  3 +-
 .../mysql/connection}/ParameterModel.java     |  2 +-
 .../auth/mysql/connection}/package-info.java  |  8 ++--
 .../ConnectionGroupDirectory.java             |  4 +-
 .../ConnectionGroupMapper.java                |  6 +--
 .../ConnectionGroupModel.java                 |  3 +-
 .../ConnectionGroupService.java               | 11 +++--
 .../MySQLConnectionGroup.java                 |  9 ++--
 .../MySQLRootConnectionGroup.java             |  6 +--
 .../mysql/connectiongroup/package-info.java   | 26 +++++++++++
 .../permission}/MySQLSystemPermissionSet.java |  5 ++-
 .../permission}/ObjectPermissionMapper.java   |  4 +-
 .../permission}/ObjectPermissionModel.java    |  2 +-
 .../permission}/ObjectPermissionService.java  |  6 +--
 .../mysql/permission}/PermissionMapper.java   |  4 +-
 .../mysql/permission}/PermissionModel.java    |  2 +-
 .../mysql/permission}/PermissionService.java  |  7 ++-
 .../permission}/SystemPermissionMapper.java   |  5 +--
 .../permission}/SystemPermissionModel.java    |  2 +-
 .../permission}/SystemPermissionService.java  |  9 ++--
 .../auth/mysql/permission/package-info.java   | 26 +++++++++++
 .../security}/PasswordEncryptionService.java  |  2 +-
 .../SHA256PasswordEncryptionService.java      |  2 +-
 .../auth/mysql/security}/SaltService.java     |  2 +-
 .../security}/SecureRandomSaltService.java    |  2 +-
 .../auth/mysql/security/package-info.java     | 26 +++++++++++
 .../AbstractGuacamoleSocketService.java       | 20 ++++-----
 .../mysql/socket}/ActiveConnectionRecord.java |  4 +-
 .../mysql/socket}/GuacamoleSocketService.java |  8 ++--
 .../UnrestrictedGuacamoleSocketService.java   |  6 +--
 .../auth/mysql/socket/package-info.java       | 27 ++++++++++++
 .../auth/mysql/user}/AuthenticatedUser.java   |  2 +-
 .../guacamole/auth/mysql/user}/MySQLUser.java | 10 ++---
 .../auth/mysql/user}/MySQLUserContext.java    |  5 ++-
 .../auth/mysql/user}/UserDirectory.java       |  4 +-
 .../auth/mysql/user}/UserMapper.java          |  4 +-
 .../guacamole/auth/mysql/user}/UserModel.java |  4 +-
 .../auth/mysql/user}/UserService.java         |  9 ++--
 .../auth/mysql/user/package-info.java         | 26 +++++++++++
 .../mysql/connection}/ConnectionMapper.xml    |  8 ++--
 .../connection}/ConnectionRecordMapper.xml    |  6 +--
 .../mysql/connection}/ParameterMapper.xml     |  6 +--
 .../ConnectionGroupMapper.xml                 |  8 ++--
 .../permission}/SystemPermissionMapper.xml    |  8 ++--
 .../guacamole/auth/mysql/user}/UserMapper.xml |  8 ++--
 64 files changed, 332 insertions(+), 184 deletions(-)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/base}/DirectoryObject.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/base}/DirectoryObjectMapper.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/base}/DirectoryObjectService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/base}/ObjectModel.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/base}/RestrictedObject.java (96%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/properties => org/glyptodon/guacamole/auth/mysql/conf}/MySQLGuacamoleProperties.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/conf}/package-info.java (85%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionDirectory.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionMapper.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionModel.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionRecordMapper.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionRecordModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionService.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connection}/MySQLConnection.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connection}/MySQLConnectionRecord.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connection}/MySQLGuacamoleConfiguration.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connection}/ParameterMapper.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/connection}/ParameterModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/properties => org/glyptodon/guacamole/auth/mysql/connection}/package-info.java (85%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connectiongroup}/ConnectionGroupDirectory.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connectiongroup}/ConnectionGroupMapper.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/connectiongroup}/ConnectionGroupModel.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/connectiongroup}/ConnectionGroupService.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connectiongroup}/MySQLConnectionGroup.java (91%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/connectiongroup}/MySQLRootConnectionGroup.java (95%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/permission}/MySQLSystemPermissionSet.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/permission}/ObjectPermissionMapper.java (90%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/permission}/ObjectPermissionModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/permission}/ObjectPermissionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/permission}/PermissionMapper.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/permission}/PermissionModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/permission}/PermissionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/permission}/SystemPermissionMapper.java (90%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/permission}/SystemPermissionModel.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/permission}/SystemPermissionService.java (93%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/security}/PasswordEncryptionService.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/security}/SHA256PasswordEncryptionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/security}/SaltService.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/security}/SecureRandomSaltService.java (96%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/socket}/AbstractGuacamoleSocketService.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/socket}/ActiveConnectionRecord.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/socket}/GuacamoleSocketService.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/socket}/UnrestrictedGuacamoleSocketService.java (90%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/user}/AuthenticatedUser.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/user}/MySQLUser.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/user}/MySQLUserContext.java (92%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql => org/glyptodon/guacamole/auth/mysql/user}/UserDirectory.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/user}/UserMapper.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/model => org/glyptodon/guacamole/auth/mysql/user}/UserModel.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/{net/sourceforge/guacamole/net/auth/mysql/service => org/glyptodon/guacamole/auth/mysql/user}/UserService.java (93%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/resources/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionMapper.xml (93%)
 rename extensions/guacamole-auth-mysql/src/main/resources/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connection}/ConnectionRecordMapper.xml (89%)
 rename extensions/guacamole-auth-mysql/src/main/resources/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connection}/ParameterMapper.xml (90%)
 rename extensions/guacamole-auth-mysql/src/main/resources/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/connectiongroup}/ConnectionGroupMapper.xml (93%)
 rename extensions/guacamole-auth-mysql/src/main/resources/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/permission}/SystemPermissionMapper.xml (88%)
 rename extensions/guacamole-auth-mysql/src/main/resources/{net/sourceforge/guacamole/net/auth/mysql/dao => org/glyptodon/guacamole/auth/mysql/user}/UserMapper.xml (92%)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 6212374a0..f08d28f59 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -23,33 +23,43 @@
 package net.sourceforge.guacamole.net.auth.mysql;
 
 
+import org.glyptodon.guacamole.auth.mysql.user.MySQLUserContext;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupDirectory;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionDirectory;
+import org.glyptodon.guacamole.auth.mysql.connection.MySQLGuacamoleConfiguration;
+import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.mysql.permission.MySQLSystemPermissionSet;
+import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
+import org.glyptodon.guacamole.auth.mysql.user.UserDirectory;
 import com.google.inject.Binder;
 import com.google.inject.Guice;
 import com.google.inject.Injector;
 import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupMapper;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionMapper;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordMapper;
+import org.glyptodon.guacamole.auth.mysql.connection.ParameterMapper;
+import org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
 import org.glyptodon.guacamole.net.auth.Credentials;
 import org.glyptodon.guacamole.net.auth.UserContext;
-import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
-import net.sourceforge.guacamole.net.auth.mysql.properties.MySQLGuacamoleProperties;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
-import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.SHA256PasswordEncryptionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
-import net.sourceforge.guacamole.net.auth.mysql.service.SecureRandomSaltService;
-import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.UnrestrictedGuacamoleSocketService;
-import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
+import org.glyptodon.guacamole.auth.mysql.user.UserMapper;
+import org.glyptodon.guacamole.auth.mysql.conf.MySQLGuacamoleProperties;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupService;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionService;
+import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.mysql.security.PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.mysql.security.SHA256PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.mysql.security.SaltService;
+import org.glyptodon.guacamole.auth.mysql.security.SecureRandomSaltService;
+import org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionService;
+import org.glyptodon.guacamole.auth.mysql.socket.UnrestrictedGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.mysql.user.UserService;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.environment.LocalEnvironment;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
index b21abfcae..24de42d2d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
@@ -21,8 +21,8 @@
  */
 
 /**
- * Base classes which support the MySQL authentication provider, including
- * the authentication provider itself.
+ * The MySQL authentication provider. This package exists purely for backwards-
+ * compatibility. All other classes have been moved to packages within
+ * org.glyptodon.guacamole.auth.mysql.
  */
 package net.sourceforge.guacamole.net.auth.mysql;
-
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObject.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObject.java
index 168f1761f..67e546269 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/DirectoryObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObject.java
@@ -20,9 +20,8 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.base;
 
-import net.sourceforge.guacamole.net.auth.mysql.model.ObjectModel;
 import org.glyptodon.guacamole.net.auth.Identifiable;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectMapper.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectMapper.java
index 69ffa133a..3d47491f8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/DirectoryObjectMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectMapper.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.base;
 
 import java.util.Collection;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectService.java
index ae251390c..a6ac70dc1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectService.java
@@ -20,16 +20,13 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.base;
 
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.DirectoryObject;
-import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ObjectModel;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/ObjectModel.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/ObjectModel.java
index 4c3077d1c..58ec04658 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/ObjectModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.base;
 
 /**
  * Object representation of a Guacamole object, such as a user or connection,
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/RestrictedObject.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/RestrictedObject.java
index 16481d488..f27bd2b32 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/RestrictedObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/RestrictedObject.java
@@ -20,7 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.base;
+
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 
 /**
  * Common base class for objects that are associated with the users that
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java
new file mode 100644
index 000000000..e7b11a621
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Base classes supporting the MySQL authentication provider and defining the
+ * relationships between the model and the implementations of guacamole-ext
+ * classes.
+ */
+package org.glyptodon.guacamole.auth.mysql.base;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/properties/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/properties/MySQLGuacamoleProperties.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java
index a4e7ef044..d71883ade 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/properties/MySQLGuacamoleProperties.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.properties;
+package org.glyptodon.guacamole.auth.mysql.conf;
 
 import org.glyptodon.guacamole.properties.BooleanGuacamoleProperty;
 import org.glyptodon.guacamole.properties.IntegerGuacamoleProperty;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/package-info.java
similarity index 85%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/package-info.java
index d665bbc7d..b200d0d73 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Glyptodon LLC
+ * Copyright (C) 2015 Glyptodon LLC
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -21,8 +21,6 @@
  */
 
 /**
- * Service classes which help fill the needs of the MySQL authentication
- * provider.
+ * Classes related to the configuration of the MySQL authentication provider.
  */
-package net.sourceforge.guacamole.net.auth.mysql.service;
-
+package org.glyptodon.guacamole.auth.mysql.conf;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionDirectory.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionDirectory.java
index c54e16b92..3f898c29b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionDirectory.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 
 import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.Directory;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.java
index 4890361aa..33c0bac48 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.mysql.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionModel.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionModel.java
index de2dac14a..34fc2cc16 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionModel.java
@@ -20,7 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.connection;
+
+import org.glyptodon.guacamole.auth.mysql.base.ObjectModel;
 
 /**
  * Object representation of a Guacamole connection, as represented in the
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.java
index a584d3fbf..e23f8b64a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.java
@@ -20,10 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import java.util.List;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordModel.java
index 200918da7..7e10e8476 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionRecordModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import java.util.Date;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionService.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionService.java
index 0708f7f47..01cc3b04a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -30,16 +30,10 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionRecord;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnection.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnection.java
index 6c36a52e5..205972771 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnection.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.List;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnectionRecord.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnectionRecord.java
index 27fcb5a42..01086797e 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionRecord.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnectionRecord.java
@@ -20,11 +20,10 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 
 import java.util.Date;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLGuacamoleConfiguration.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLGuacamoleConfiguration.java
index 9f837928f..70ca86258 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleConfiguration.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLGuacamoleConfiguration.java
@@ -20,12 +20,11 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import com.google.inject.Inject;
 import java.util.Map;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.java
index 0ec5655e8..f54392aa5 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.java
@@ -20,10 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 import java.util.Collection;
-import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterModel.java
index 6764269c5..ec96cfb4a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ParameterModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.connection;
 
 /**
  * A single parameter name/value pair belonging to a connection.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/properties/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/package-info.java
similarity index 85%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/properties/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/package-info.java
index cf3a32372..52ba27dff 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/properties/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/package-info.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Glyptodon LLC
+ * Copyright (C) 2015 Glyptodon LLC
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -21,8 +21,6 @@
  */
 
 /**
- * Properties which control the configuration of the MySQL authentication
- * provider.
+ * Classes related to connections and their parameters and history.
  */
-package net.sourceforge.guacamole.net.auth.mysql.properties;
-
+package org.glyptodon.guacamole.auth.mysql.connection;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupDirectory.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupDirectory.java
index 28f1e4cc6..8789b2e9d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupDirectory.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
 
 
 import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.java
index 1a69a78a8..99c3addf1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
 
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.mysql.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupModel.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupModel.java
index 29242122f..ce7276e90 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ConnectionGroupModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupModel.java
@@ -20,8 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
 
+import org.glyptodon.guacamole.auth.mysql.base.ObjectModel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupService.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupService.java
index 34e62ca7b..0fba4151b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupService.java
@@ -20,16 +20,15 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLConnectionGroup.java
similarity index 91%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLConnectionGroup.java
index cdc37fc92..0488498a1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLConnectionGroup.java
@@ -20,14 +20,13 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
 
 import com.google.inject.Inject;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionService;
+import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLRootConnectionGroup.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLRootConnectionGroup.java
index 5c9dbe488..dee968ae8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLRootConnectionGroup.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLRootConnectionGroup.java
@@ -20,12 +20,12 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
 
 import com.google.inject.Inject;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
-import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java
new file mode 100644
index 000000000..4c27273f6
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Classes related to connection groups.
+ */
+package org.glyptodon.guacamole.auth.mysql.connectiongroup;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/MySQLSystemPermissionSet.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/MySQLSystemPermissionSet.java
index 5343feffb..ef48dc718 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLSystemPermissionSet.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/MySQLSystemPermissionSet.java
@@ -20,12 +20,13 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
+import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
 import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionMapper.java
similarity index 90%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionMapper.java
index 8764afba0..ebf92b7f2 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/ObjectPermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionMapper.java
@@ -20,9 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
-
-import net.sourceforge.guacamole.net.auth.mysql.model.ObjectPermissionModel;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 /**
  * Mapper for object-related permissions.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionModel.java
index 4194e216a..5c2c60f98 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/ObjectPermissionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionService.java
index 9a6290504..99f266466 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionService.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionMapper.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionMapper.java
index fad022fcf..6d8f2c876 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/PermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionMapper.java
@@ -20,10 +20,10 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 import java.util.Collection;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionModel.java
index d5242b7d5..4904e8ce6 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/PermissionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 /**
  * Generic base permission model which grants a permission of a particular type
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionService.java
index ef3cf07ca..b3112b00d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionService.java
@@ -20,15 +20,14 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
-import net.sourceforge.guacamole.net.auth.mysql.dao.PermissionMapper;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.Permission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.java
similarity index 90%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.java
index 8646a3774..63378088c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.java
@@ -20,10 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
-import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionModel.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionModel.java
index 712bcab2d..a798cf110 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/SystemPermissionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionService.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionService.java
index 3c8978e01..3ad300796 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionService.java
@@ -20,16 +20,13 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.permission;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLSystemPermissionSet;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
-import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java
new file mode 100644
index 000000000..79e89425a
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Classes related to object- and system-level permissions.
+ */
+package org.glyptodon.guacamole.auth.mysql.permission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/PasswordEncryptionService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/PasswordEncryptionService.java
index 5d21eeb3e..1e0824b96 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/PasswordEncryptionService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.security;
 
 /**
  * A service to perform password encryption and checking.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SHA256PasswordEncryptionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SHA256PasswordEncryptionService.java
index 78f0cef65..ec2014673 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SHA256PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SHA256PasswordEncryptionService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.security;
 
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SaltService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SaltService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SaltService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SaltService.java
index 823fa93da..863e82769 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SaltService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SaltService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.security;
 
 /**
  * A service to generate password salts.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SecureRandomSaltService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SecureRandomSaltService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SecureRandomSaltService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SecureRandomSaltService.java
index e119eb881..79a5cc489 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SecureRandomSaltService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SecureRandomSaltService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.security;
 
 
 import java.security.SecureRandom;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java
new file mode 100644
index 000000000..a8fa5e208
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Classes related to hashing or encryption.
+ */
+package org.glyptodon.guacamole.auth.mysql.security;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/AbstractGuacamoleSocketService.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/AbstractGuacamoleSocketService.java
index de973b9dd..bc3480da3 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/AbstractGuacamoleSocketService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.socket;
 
 import com.google.inject.Inject;
 import java.util.Collection;
@@ -30,15 +30,15 @@ import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordMapper;
+import org.glyptodon.guacamole.auth.mysql.connection.ParameterMapper;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordModel;
+import org.glyptodon.guacamole.auth.mysql.connection.ParameterModel;
+import org.glyptodon.guacamole.auth.mysql.user.UserModel;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/ActiveConnectionRecord.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/ActiveConnectionRecord.java
index 70a9ce7c4..9bdc2ee67 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ActiveConnectionRecord.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/ActiveConnectionRecord.java
@@ -20,10 +20,10 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.socket;
 
 import java.util.Date;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/GuacamoleSocketService.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/GuacamoleSocketService.java
index c14e0af8c..bea2fcbf3 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/GuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/GuacamoleSocketService.java
@@ -20,12 +20,12 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.socket;
 
 import java.util.List;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLConnectionGroup;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/UnrestrictedGuacamoleSocketService.java
similarity index 90%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/UnrestrictedGuacamoleSocketService.java
index c50d8f2d2..140c9aa29 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UnrestrictedGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/UnrestrictedGuacamoleSocketService.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.socket;
 
 import com.google.inject.Singleton;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
+import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
 import org.glyptodon.guacamole.GuacamoleException;
 
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java
new file mode 100644
index 000000000..498518883
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Classes related to obtaining/configuring Guacamole sockets, and restricting
+ * access to those sockets.
+ */
+package org.glyptodon.guacamole.auth.mysql.socket;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/AuthenticatedUser.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/AuthenticatedUser.java
index beaca0166..df66abde9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/AuthenticatedUser.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.user;
 
 import org.glyptodon.guacamole.net.auth.Credentials;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUser.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUser.java
index ed67c8284..9b597ec21 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUser.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.user;
 
 import com.google.inject.Inject;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
-import net.sourceforge.guacamole.net.auth.mysql.service.PasswordEncryptionService;
-import net.sourceforge.guacamole.net.auth.mysql.service.SaltService;
-import net.sourceforge.guacamole.net.auth.mysql.service.SystemPermissionService;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.mysql.security.PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.mysql.security.SaltService;
+import org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUserContext.java
similarity index 92%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUserContext.java
index 17754e283..b6026ed4b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUserContext.java
@@ -20,9 +20,12 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.user;
 
 
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupDirectory;
+import org.glyptodon.guacamole.auth.mysql.connection.ConnectionDirectory;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import org.glyptodon.guacamole.GuacamoleException;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserDirectory.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserDirectory.java
index 406d33747..d81dc8fb8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserDirectory.java
@@ -20,16 +20,14 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql;
+package org.glyptodon.guacamole.auth.mysql.user;
 
 
 import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.mybatis.guice.transactional.Transactional;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserMapper.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserMapper.java
index 048d61207..58f6df0ff 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserMapper.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.dao;
+package org.glyptodon.guacamole.auth.mysql.user;
 
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserModel.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserModel.java
index 5893fd4c9..e0f1c416a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/model/UserModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserModel.java
@@ -20,7 +20,9 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.model;
+package org.glyptodon.guacamole.auth.mysql.user;
+
+import org.glyptodon.guacamole.auth.mysql.base.ObjectModel;
 
 /**
  * Object representation of a Guacamole user, as represented in the database.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserService.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserService.java
index d2e67dc18..530a26dd6 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserService.java
@@ -20,18 +20,15 @@
  * THE SOFTWARE.
  */
 
-package net.sourceforge.guacamole.net.auth.mysql.service;
+package org.glyptodon.guacamole.auth.mysql.user;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
 import java.util.Collections;
-import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
 import org.glyptodon.guacamole.net.auth.Credentials;
-import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
-import net.sourceforge.guacamole.net.auth.mysql.dao.DirectoryObjectMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
-import net.sourceforge.guacamole.net.auth.mysql.model.UserModel;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java
new file mode 100644
index 000000000..c8d66ce42
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Classes related to Guacamole users.
+ */
+package org.glyptodon.guacamole.auth.mysql.user;
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.xml
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.xml
index 087bdda93..e9b7c1c27 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.mysql.connection.ConnectionMapper" >
 
     <!-- Result mapper for connection objects -->
-    <resultMap id="ConnectionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel" >
+    <resultMap id="ConnectionResultMap" type="org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel" >
         <id     column="connection_id"   property="objectID"         jdbcType="INTEGER"/>
         <result column="connection_name" property="name"             jdbcType="VARCHAR"/>
         <result column="parent_id"       property="parentIdentifier" jdbcType="INTEGER"/>
@@ -115,7 +115,7 @@
 
     <!-- Insert single connection -->
     <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
-            parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+            parameterType="org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel">
 
         INSERT INTO guacamole_connection (
             connection_name,
@@ -131,7 +131,7 @@
     </insert>
 
     <!-- Update single connection -->
-    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionModel">
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel">
         UPDATE guacamole_connection
         SET connection_name = #{object.name,jdbcType=VARCHAR},
             parent_id       = #{object.parentIdentifier,jdbcType=VARCHAR},
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.xml
similarity index 89%
rename from extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.xml
index 4bfe352ee..0f66f50cd 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionRecordMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionRecordMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordMapper" >
 
     <!-- Result mapper for system permissions -->
-    <resultMap id="ConnectionRecordResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel">
+    <resultMap id="ConnectionRecordResultMap" type="org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordModel">
         <result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
         <result column="user_id"       property="userID"               jdbcType="INTEGER"/>
         <result column="username"      property="username"             jdbcType="VARCHAR"/>
@@ -55,7 +55,7 @@
     </select>
 
     <!-- Insert the given connection record -->
-    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionRecordModel">
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordModel">
 
         INSERT INTO guacamole_connection_history (
             connection_id,
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.xml
similarity index 90%
rename from extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.xml
index 763167382..ef3ac8261 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ParameterMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ParameterMapper">
+<mapper namespace="org.glyptodon.guacamole.auth.mysql.connection.ParameterMapper">
 
     <!-- Result mapper for connection parameters -->
-    <resultMap id="ParameterResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel">
+    <resultMap id="ParameterResultMap" type="org.glyptodon.guacamole.auth.mysql.connection.ParameterModel">
         <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
         <result column="parameter_name"  property="name"                 jdbcType="VARCHAR"/>
         <result column="parameter_value" property="value"                jdbcType="VARCHAR"/>
@@ -51,7 +51,7 @@
     </delete>
 
     <!-- Insert all given parameters -->
-    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ParameterModel">
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.mysql.connection.ParameterModel">
 
         INSERT INTO guacamole_connection_parameter (
             connection_id,
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.xml
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.xml
index 1a7c16b84..6f3ccf958 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupMapper" >
 
     <!-- Result mapper for connection objects -->
-    <resultMap id="ConnectionGroupResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel" >
+    <resultMap id="ConnectionGroupResultMap" type="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupModel" >
         <id     column="connection_group_id"   property="objectID"         jdbcType="INTEGER"/>
         <result column="connection_group_name" property="name"             jdbcType="VARCHAR"/>
         <result column="parent_id"             property="parentIdentifier" jdbcType="INTEGER"/>
@@ -116,7 +116,7 @@
 
     <!-- Insert single connection -->
     <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
-            parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel">
+            parameterType="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupModel">
 
         INSERT INTO guacamole_connection_group (
             connection_group_name,
@@ -132,7 +132,7 @@
     </insert>
 
     <!-- Update single connection group -->
-    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupModel">
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupModel">
         UPDATE guacamole_connection_group
         SET connection_group_name = #{object.name,jdbcType=VARCHAR},
             parent_id             = #{object.parentIdentifier,jdbcType=VARCHAR},
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.xml
similarity index 88%
rename from extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.xml
index 65a02a100..b483d2440 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionMapper" >
 
     <!-- Result mapper for system permissions -->
-    <resultMap id="SystemPermissionResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
+    <resultMap id="SystemPermissionResultMap" type="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionModel">
         <result column="user_id"    property="userID"   jdbcType="INTEGER"/>
         <result column="username"   property="username" jdbcType="VARCHAR"/>
         <result column="permission" property="type"     jdbcType="VARCHAR"
@@ -63,7 +63,7 @@
     </select>
 
     <!-- Delete all given permissions -->
-    <delete id="delete" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionModel">
 
         DELETE FROM guacamole_system_permission
         WHERE (user_id, permission) IN
@@ -76,7 +76,7 @@
     </delete>
 
     <!-- Insert all given permissions -->
-    <insert id="insert" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel">
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionModel">
 
         INSERT IGNORE INTO guacamole_system_permission (
             user_id,
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/user/UserMapper.xml
similarity index 92%
rename from extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/user/UserMapper.xml
index 4b732845d..ce4c05ee4 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/net/sourceforge/guacamole/net/auth/mysql/dao/UserMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/user/UserMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.mysql.user.UserMapper" >
 
     <!-- Result mapper for user objects -->
-    <resultMap id="UserResultMap" type="net.sourceforge.guacamole.net.auth.mysql.model.UserModel" >
+    <resultMap id="UserResultMap" type="org.glyptodon.guacamole.auth.mysql.user.UserModel" >
         <id     column="user_id"       property="objectID"     jdbcType="INTEGER"/>
         <result column="username"      property="identifier"   jdbcType="VARCHAR"/>
         <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
@@ -108,7 +108,7 @@
 
     <!-- Insert single user -->
     <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
-            parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
+            parameterType="org.glyptodon.guacamole.auth.mysql.user.UserModel">
 
         INSERT INTO guacamole_user (
             username,
@@ -124,7 +124,7 @@
     </insert>
 
     <!-- Update single user -->
-    <update id="update" parameterType="net.sourceforge.guacamole.net.auth.mysql.model.UserModel">
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.mysql.user.UserModel">
         UPDATE guacamole_user
         SET password_hash = #{object.passwordHash,jdbcType=BINARY},
             password_salt = #{object.passwordSalt,jdbcType=BINARY}

From 883cc051da0deb7f34a0611b1b5b8c37309367d0 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 16:29:34 -0800
Subject: [PATCH 43/60] GUAC-1101: Begin separating out the common JDBC base of
 everything.

---
 .../mysql/MySQLAuthenticationProvider.java    | 168 +-------------
 .../net/auth/mysql/package-info.java          |   3 +-
 .../auth/jdbc/JDBCAuthenticationProvider.java | 205 ++++++++++++++++++
 .../{mysql => jdbc}/base/DirectoryObject.java |   2 +-
 .../base/DirectoryObjectMapper.java           |   4 +-
 .../base/DirectoryObjectService.java          |   4 +-
 .../{mysql => jdbc}/base/ObjectModel.java     |   2 +-
 .../base/RestrictedObject.java                |   4 +-
 .../{mysql => jdbc}/base/package-info.java    |   2 +-
 .../conf/MySQLGuacamoleProperties.java        |   2 +-
 .../{mysql => jdbc}/conf/package-info.java    |   2 +-
 .../connection/ConnectionDirectory.java       |   4 +-
 .../connection/ConnectionMapper.java          |   6 +-
 .../connection/ConnectionModel.java           |   4 +-
 .../connection/ConnectionRecordMapper.java    |   2 +-
 .../connection/ConnectionRecordModel.java     |   2 +-
 .../connection/ConnectionService.java         |  10 +-
 .../connection/MySQLConnection.java           |   8 +-
 .../connection/MySQLConnectionRecord.java     |   2 +-
 .../MySQLGuacamoleConfiguration.java          |   4 +-
 .../connection/ParameterMapper.java           |   2 +-
 .../connection/ParameterModel.java            |   2 +-
 .../connection/package-info.java              |   2 +-
 .../ConnectionGroupDirectory.java             |   4 +-
 .../ConnectionGroupMapper.java                |   6 +-
 .../connectiongroup/ConnectionGroupModel.java |   4 +-
 .../ConnectionGroupService.java               |  10 +-
 .../connectiongroup/MySQLConnectionGroup.java |   8 +-
 .../MySQLRootConnectionGroup.java             |   6 +-
 .../connectiongroup/package-info.java         |   2 +-
 .../guacamole/auth/jdbc/package-info.java     |  29 +++
 .../permission/MySQLSystemPermissionSet.java  |   6 +-
 .../permission/ObjectPermissionMapper.java    |   2 +-
 .../permission/ObjectPermissionModel.java     |   2 +-
 .../permission/ObjectPermissionService.java   |   6 +-
 .../permission/PermissionMapper.java          |   4 +-
 .../permission/PermissionModel.java           |   2 +-
 .../permission/PermissionService.java         |   6 +-
 .../permission/SystemPermissionMapper.java    |   4 +-
 .../permission/SystemPermissionModel.java     |   2 +-
 .../permission/SystemPermissionService.java   |   6 +-
 .../permission/package-info.java              |   2 +-
 .../security/PasswordEncryptionService.java   |   2 +-
 .../SHA256PasswordEncryptionService.java      |   2 +-
 .../{mysql => jdbc}/security/SaltService.java |   2 +-
 .../security/SecureRandomSaltService.java     |   2 +-
 .../security/package-info.java                |   2 +-
 .../AbstractGuacamoleSocketService.java       |  20 +-
 .../socket/ActiveConnectionRecord.java        |   4 +-
 .../socket/GuacamoleSocketService.java        |   8 +-
 .../UnrestrictedGuacamoleSocketService.java   |   6 +-
 .../{mysql => jdbc}/socket/package-info.java  |   2 +-
 .../user/AuthenticatedUser.java               |   2 +-
 .../auth/{mysql => jdbc}/user/MySQLUser.java  |  10 +-
 .../user/MySQLUserContext.java                |   8 +-
 .../{mysql => jdbc}/user/UserDirectory.java   |   2 +-
 .../auth/{mysql => jdbc}/user/UserMapper.java |   4 +-
 .../auth/{mysql => jdbc}/user/UserModel.java  |   4 +-
 .../{mysql => jdbc}/user/UserService.java     |   6 +-
 .../{mysql => jdbc}/user/package-info.java    |   2 +-
 .../connection/ConnectionMapper.xml           |   8 +-
 .../connection/ConnectionRecordMapper.xml     |   6 +-
 .../connection/ParameterMapper.xml            |   6 +-
 .../connectiongroup/ConnectionGroupMapper.xml |   8 +-
 .../permission/SystemPermissionMapper.xml     |   8 +-
 .../auth/{mysql => jdbc}/user/UserMapper.xml  |   8 +-
 66 files changed, 383 insertions(+), 306 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/base/DirectoryObject.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/base/DirectoryObjectMapper.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/base/DirectoryObjectService.java (99%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/base/ObjectModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/base/RestrictedObject.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/base/package-info.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/conf/MySQLGuacamoleProperties.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/conf/package-info.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionDirectory.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionMapper.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionModel.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionRecordMapper.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionRecordModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/MySQLConnection.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/MySQLConnectionRecord.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/MySQLGuacamoleConfiguration.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ParameterMapper.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ParameterModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/package-info.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/ConnectionGroupDirectory.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/ConnectionGroupMapper.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/ConnectionGroupModel.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/ConnectionGroupService.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/MySQLConnectionGroup.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/MySQLRootConnectionGroup.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/package-info.java (95%)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/MySQLSystemPermissionSet.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/ObjectPermissionMapper.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/ObjectPermissionModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/ObjectPermissionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/PermissionMapper.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/PermissionModel.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/PermissionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/SystemPermissionMapper.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/SystemPermissionModel.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/SystemPermissionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/package-info.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/security/PasswordEncryptionService.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/security/SHA256PasswordEncryptionService.java (97%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/security/SaltService.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/security/SecureRandomSaltService.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/security/package-info.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/socket/AbstractGuacamoleSocketService.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/socket/ActiveConnectionRecord.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/socket/GuacamoleSocketService.java (94%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/socket/UnrestrictedGuacamoleSocketService.java (90%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/socket/package-info.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/AuthenticatedUser.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/MySQLUser.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/MySQLUserContext.java (92%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/UserDirectory.java (98%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/UserMapper.java (93%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/UserModel.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/UserService.java (96%)
 rename extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/package-info.java (95%)
 rename extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionMapper.xml (95%)
 rename extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ConnectionRecordMapper.xml (93%)
 rename extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/{mysql => jdbc}/connection/ParameterMapper.xml (94%)
 rename extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/{mysql => jdbc}/connectiongroup/ConnectionGroupMapper.xml (95%)
 rename extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/{mysql => jdbc}/permission/SystemPermissionMapper.xml (93%)
 rename extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/{mysql => jdbc}/user/UserMapper.xml (95%)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index f08d28f59..2397eb058 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -23,49 +23,8 @@
 package net.sourceforge.guacamole.net.auth.mysql;
 
 
-import org.glyptodon.guacamole.auth.mysql.user.MySQLUserContext;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLRootConnectionGroup;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLConnectionGroup;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupDirectory;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionDirectory;
-import org.glyptodon.guacamole.auth.mysql.connection.MySQLGuacamoleConfiguration;
-import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.mysql.permission.MySQLSystemPermissionSet;
-import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
-import org.glyptodon.guacamole.auth.mysql.user.UserDirectory;
-import com.google.inject.Binder;
-import com.google.inject.Guice;
-import com.google.inject.Injector;
-import com.google.inject.Module;
-import com.google.inject.name.Names;
-import java.util.Properties;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupMapper;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionMapper;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordMapper;
-import org.glyptodon.guacamole.auth.mysql.connection.ParameterMapper;
-import org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionMapper;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
-import org.glyptodon.guacamole.net.auth.Credentials;
-import org.glyptodon.guacamole.net.auth.UserContext;
-import org.glyptodon.guacamole.auth.mysql.user.UserMapper;
-import org.glyptodon.guacamole.auth.mysql.conf.MySQLGuacamoleProperties;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupService;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionService;
-import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
-import org.glyptodon.guacamole.auth.mysql.security.PasswordEncryptionService;
-import org.glyptodon.guacamole.auth.mysql.security.SHA256PasswordEncryptionService;
-import org.glyptodon.guacamole.auth.mysql.security.SaltService;
-import org.glyptodon.guacamole.auth.mysql.security.SecureRandomSaltService;
-import org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionService;
-import org.glyptodon.guacamole.auth.mysql.socket.UnrestrictedGuacamoleSocketService;
-import org.glyptodon.guacamole.auth.mysql.user.UserService;
-import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
-import org.glyptodon.guacamole.environment.Environment;
-import org.glyptodon.guacamole.environment.LocalEnvironment;
-import org.mybatis.guice.MyBatisModule;
-import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
-import org.mybatis.guice.datasource.helper.JdbcHelper;
+import org.glyptodon.guacamole.auth.jdbc.JDBCAuthenticationProvider;
 
 /**
  * Provides a MySQL based implementation of the AuthenticationProvider
@@ -73,133 +32,18 @@ import org.mybatis.guice.datasource.helper.JdbcHelper;
  *
  * @author James Muehlner
  */
-public class MySQLAuthenticationProvider implements AuthenticationProvider {
-
-    /**
-     * Injector which will manage the object graph of this authentication
-     * provider.
-     */
-    private final Injector injector;
-
-    @Override
-    public UserContext getUserContext(Credentials credentials) throws GuacamoleException {
-
-        // Get user service
-        UserService userService = injector.getInstance(UserService.class);
-
-        // Authenticate user
-        MySQLUser user = userService.retrieveUser(credentials);
-        if (user != null) {
-
-            // Upon successful authentication, return new user context
-            MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
-            context.init(user.getCurrentUser());
-            return context;
-
-        }
-
-        // Otherwise, unauthorized
-        return null;
-
-    }
+public class MySQLAuthenticationProvider extends JDBCAuthenticationProvider {
 
     /**
      * Creates a new MySQLAuthenticationProvider that reads and writes
      * authentication data to a MySQL database defined by properties in
      * guacamole.properties.
      *
-     * @throws GuacamoleException If a required property is missing, or
-     *                            an error occurs while parsing a property.
+     * @throws GuacamoleException
+     *     If a required property is missing, or an error occurs while parsing
+     *     a property.
      */
     public MySQLAuthenticationProvider() throws GuacamoleException {
-
-        // Get local environment
-        final Environment environment = new LocalEnvironment();
-        
-        final Properties myBatisProperties = new Properties();
-        final Properties driverProperties = new Properties();
-
-        // Set the mysql properties for MyBatis.
-        myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
-        myBatisProperties.setProperty("JDBC.host", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_HOSTNAME));
-        myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PORT)));
-        myBatisProperties.setProperty("JDBC.schema", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE));
-        myBatisProperties.setProperty("JDBC.username", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME));
-        myBatisProperties.setProperty("JDBC.password", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD));
-        myBatisProperties.setProperty("JDBC.autoCommit", "false");
-        myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
-        myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
-        driverProperties.setProperty("characterEncoding","UTF-8");
-
-        // Set up Guice injector.
-        injector = Guice.createInjector(
-            JdbcHelper.MySQL,
-
-            new Module() {
-                @Override
-                public void configure(Binder binder) {
-                    Names.bindProperties(binder, myBatisProperties);
-                    binder.bind(Properties.class)
-                        .annotatedWith(Names.named("JDBC.driverProperties"))
-                        .toInstance(driverProperties);
-                }
-            },
-
-            new MyBatisModule() {
-                @Override
-                protected void initialize() {
-
-                    // Datasource
-                    bindDataSourceProviderType(PooledDataSourceProvider.class);
-
-                    // Transaction factory
-                    bindTransactionFactoryType(JdbcTransactionFactory.class);
-
-                    // Add MyBatis mappers
-                    addMapperClass(ConnectionMapper.class);
-                    addMapperClass(ConnectionGroupMapper.class);
-                    addMapperClass(ConnectionRecordMapper.class);
-                    addMapperClass(ParameterMapper.class);
-                    addMapperClass(SystemPermissionMapper.class);
-                    addMapperClass(UserMapper.class);
-
-                    // Bind core implementations of guacamole-ext classes
-                    bind(Environment.class).toInstance(environment);
-                    bind(ConnectionDirectory.class);
-                    bind(ConnectionGroupDirectory.class);
-                    bind(MySQLConnection.class);
-                    bind(MySQLConnectionGroup.class);
-                    bind(MySQLGuacamoleConfiguration.class);
-                    bind(MySQLUser.class);
-                    bind(MySQLUserContext.class);
-                    bind(MySQLRootConnectionGroup.class);
-                    bind(MySQLSystemPermissionSet.class);
-                    bind(UserDirectory.class);
-
-                    // Bind services
-                    bind(ConnectionService.class);
-                    bind(ConnectionGroupService.class);
-                    bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
-                    bind(SaltService.class).to(SecureRandomSaltService.class);
-                    bind(SystemPermissionService.class);
-                    bind(UserService.class);
-
-                    // Bind appropriate socket service based on policy
-                    bind(GuacamoleSocketService.class).to(UnrestrictedGuacamoleSocketService.class);
-                    
-                }
-            } // end of mybatis module
-
-        );
-    } // end of constructor
-
-    @Override
-    public UserContext updateUserContext(UserContext context,
-        Credentials credentials) throws GuacamoleException {
-
-        // No need to update the context
-        return context;
-
     }
-
+    
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
index 24de42d2d..cdac45a07 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
@@ -22,7 +22,6 @@
 
 /**
  * The MySQL authentication provider. This package exists purely for backwards-
- * compatibility. All other classes have been moved to packages within
- * org.glyptodon.guacamole.auth.mysql.
+ * compatibility.
  */
 package net.sourceforge.guacamole.net.auth.mysql;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java
new file mode 100644
index 000000000..3be906e29
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java
@@ -0,0 +1,205 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc;
+
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUserContext;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLGuacamoleConfiguration;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.jdbc.permission.MySQLSystemPermissionSet;
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.UserDirectory;
+import com.google.inject.Binder;
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import com.google.inject.Module;
+import com.google.inject.name.Names;
+import java.util.Properties;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionMapper;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
+import org.glyptodon.guacamole.net.auth.Credentials;
+import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.auth.jdbc.user.UserMapper;
+import org.glyptodon.guacamole.auth.jdbc.conf.MySQLGuacamoleProperties;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupService;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.jdbc.security.SHA256PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
+import org.glyptodon.guacamole.auth.jdbc.security.SecureRandomSaltService;
+import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.socket.UnrestrictedGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.user.UserService;
+import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
+import org.glyptodon.guacamole.environment.Environment;
+import org.glyptodon.guacamole.environment.LocalEnvironment;
+import org.mybatis.guice.MyBatisModule;
+import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
+import org.mybatis.guice.datasource.helper.JdbcHelper;
+
+/**
+ * Provides a MySQL based implementation of the AuthenticationProvider
+ * functionality.
+ *
+ * @author James Muehlner
+ */
+public class JDBCAuthenticationProvider implements AuthenticationProvider {
+
+    /**
+     * Injector which will manage the object graph of this authentication
+     * provider.
+     */
+    private final Injector injector;
+
+    @Override
+    public UserContext getUserContext(Credentials credentials) throws GuacamoleException {
+
+        // Get user service
+        UserService userService = injector.getInstance(UserService.class);
+
+        // Authenticate user
+        MySQLUser user = userService.retrieveUser(credentials);
+        if (user != null) {
+
+            // Upon successful authentication, return new user context
+            MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
+            context.init(user.getCurrentUser());
+            return context;
+
+        }
+
+        // Otherwise, unauthorized
+        return null;
+
+    }
+
+    /**
+     * Creates a new JDBCAuthenticationProvider that reads and writes
+     * authentication data to an arbitrary database defined by properties in
+     * guacamole.properties.
+     *
+     * @throws GuacamoleException
+     *     If a required property is missing, or an error occurs while parsing
+     *     a property.
+     */
+    public JDBCAuthenticationProvider() throws GuacamoleException {
+
+        // Get local environment
+        final Environment environment = new LocalEnvironment();
+        
+        final Properties myBatisProperties = new Properties();
+        final Properties driverProperties = new Properties();
+
+        // Set the mysql properties for MyBatis.
+        myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
+        myBatisProperties.setProperty("JDBC.host", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_HOSTNAME));
+        myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PORT)));
+        myBatisProperties.setProperty("JDBC.schema", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE));
+        myBatisProperties.setProperty("JDBC.username", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME));
+        myBatisProperties.setProperty("JDBC.password", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD));
+        myBatisProperties.setProperty("JDBC.autoCommit", "false");
+        myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
+        myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
+        driverProperties.setProperty("characterEncoding","UTF-8");
+
+        // Set up Guice injector.
+        injector = Guice.createInjector(
+            JdbcHelper.MySQL,
+
+            new Module() {
+                @Override
+                public void configure(Binder binder) {
+                    Names.bindProperties(binder, myBatisProperties);
+                    binder.bind(Properties.class)
+                        .annotatedWith(Names.named("JDBC.driverProperties"))
+                        .toInstance(driverProperties);
+                }
+            },
+
+            new MyBatisModule() {
+                @Override
+                protected void initialize() {
+
+                    // Datasource
+                    bindDataSourceProviderType(PooledDataSourceProvider.class);
+
+                    // Transaction factory
+                    bindTransactionFactoryType(JdbcTransactionFactory.class);
+
+                    // Add MyBatis mappers
+                    addMapperClass(ConnectionMapper.class);
+                    addMapperClass(ConnectionGroupMapper.class);
+                    addMapperClass(ConnectionRecordMapper.class);
+                    addMapperClass(ParameterMapper.class);
+                    addMapperClass(SystemPermissionMapper.class);
+                    addMapperClass(UserMapper.class);
+
+                    // Bind core implementations of guacamole-ext classes
+                    bind(Environment.class).toInstance(environment);
+                    bind(ConnectionDirectory.class);
+                    bind(ConnectionGroupDirectory.class);
+                    bind(MySQLConnection.class);
+                    bind(MySQLConnectionGroup.class);
+                    bind(MySQLGuacamoleConfiguration.class);
+                    bind(MySQLUser.class);
+                    bind(MySQLUserContext.class);
+                    bind(MySQLRootConnectionGroup.class);
+                    bind(MySQLSystemPermissionSet.class);
+                    bind(UserDirectory.class);
+
+                    // Bind services
+                    bind(ConnectionService.class);
+                    bind(ConnectionGroupService.class);
+                    bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
+                    bind(SaltService.class).to(SecureRandomSaltService.class);
+                    bind(SystemPermissionService.class);
+                    bind(UserService.class);
+
+                    // Bind appropriate socket service based on policy
+                    bind(GuacamoleSocketService.class).to(UnrestrictedGuacamoleSocketService.class);
+                    
+                }
+            } // end of mybatis module
+
+        );
+    } // end of constructor
+
+    @Override
+    public UserContext updateUserContext(UserContext context,
+        Credentials credentials) throws GuacamoleException {
+
+        // No need to update the context
+        return context;
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObject.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObject.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
index 67e546269..0f3e6d6a5 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.base;
+package org.glyptodon.guacamole.auth.jdbc.base;
 
 import org.glyptodon.guacamole.net.auth.Identifiable;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
index 3d47491f8..d63cf3814 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.base;
+package org.glyptodon.guacamole.auth.jdbc.base;
 
 import java.util.Collection;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.UserModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
similarity index 99%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
index a6ac70dc1..e370174ba 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.base;
+package org.glyptodon.guacamole.auth.jdbc.base;
 
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/ObjectModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/ObjectModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
index 58ec04658..e936686cd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/ObjectModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.base;
+package org.glyptodon.guacamole.auth.jdbc.base;
 
 /**
  * Object representation of a Guacamole object, such as a user or connection,
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/RestrictedObject.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/RestrictedObject.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
index f27bd2b32..0c506b6a0 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/RestrictedObject.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.base;
+package org.glyptodon.guacamole.auth.jdbc.base;
 
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 
 /**
  * Common base class for objects that are associated with the users that
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
index e7b11a621..72f8f4816 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/base/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
@@ -25,4 +25,4 @@
  * relationships between the model and the implementations of guacamole-ext
  * classes.
  */
-package org.glyptodon.guacamole.auth.mysql.base;
+package org.glyptodon.guacamole.auth.jdbc.base;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/MySQLGuacamoleProperties.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/MySQLGuacamoleProperties.java
index d71883ade..9b38d23b0 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/MySQLGuacamoleProperties.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/MySQLGuacamoleProperties.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.conf;
+package org.glyptodon.guacamole.auth.jdbc.conf;
 
 import org.glyptodon.guacamole.properties.BooleanGuacamoleProperty;
 import org.glyptodon.guacamole.properties.IntegerGuacamoleProperty;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java
index b200d0d73..5c16bfa04 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/conf/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java
@@ -23,4 +23,4 @@
 /**
  * Classes related to the configuration of the MySQL authentication provider.
  */
-package org.glyptodon.guacamole.auth.mysql.conf;
+package org.glyptodon.guacamole.auth.jdbc.conf;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionDirectory.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
index 3f898c29b..4fba7e243 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 
 import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.Directory;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
index 33c0bac48..8c8cf0a2b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
-import org.glyptodon.guacamole.auth.mysql.user.UserModel;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
index 34fc2cc16..b4ef2e907 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
-import org.glyptodon.guacamole.auth.mysql.base.ObjectModel;
+import org.glyptodon.guacamole.auth.jdbc.base.ObjectModel;
 
 /**
  * Object representation of a Guacamole connection, as represented in the
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
index e23f8b64a..8816fb69c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import java.util.List;
 import org.apache.ibatis.annotations.Param;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
index 7e10e8476..aa35fb27c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import java.util.Date;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
index 01cc3b04a..3109638b8 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
@@ -30,10 +30,10 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectService;
-import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnection.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnection.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
index 205972771..df9bc02c2 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnection.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.List;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObject;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLRootConnectionGroup;
-import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnectionRecord.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnectionRecord.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
index 01086797e..b600af326 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLConnectionRecord.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 
 import java.util.Date;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLGuacamoleConfiguration.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
index 70ca86258..27f9abb6c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/MySQLGuacamoleConfiguration.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import com.google.inject.Inject;
 import java.util.Map;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
index f54392aa5..b8bb26fb5 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import java.util.Collection;
 import org.apache.ibatis.annotations.Param;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
index ec96cfb4a..103bdae49 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/ParameterModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
 
 /**
  * A single parameter name/value pair belonging to a connection.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
index 52ba27dff..6507c59b9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connection/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
@@ -23,4 +23,4 @@
 /**
  * Classes related to connections and their parameters and history.
  */
-package org.glyptodon.guacamole.auth.mysql.connection;
+package org.glyptodon.guacamole.auth.jdbc.connection;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupDirectory.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
index 8789b2e9d..7b752a329 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 
 import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
index 99c3addf1..ad682cd20 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
-import org.glyptodon.guacamole.auth.mysql.user.UserModel;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
index ce7276e90..68845df9c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
-import org.glyptodon.guacamole.auth.mysql.base.ObjectModel;
+import org.glyptodon.guacamole.auth.jdbc.base.ObjectModel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
index 0fba4151b..4f50e9e65 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
@@ -20,15 +20,15 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectService;
-import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLConnectionGroup.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
index 0488498a1..f23f19969 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLConnectionGroup.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 import com.google.inject.Inject;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObject;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionService;
-import org.glyptodon.guacamole.auth.mysql.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLRootConnectionGroup.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
index dee968ae8..eeaf6e939 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/MySQLRootConnectionGroup.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
@@ -20,12 +20,12 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 import com.google.inject.Inject;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionService;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
index 4c27273f6..a1d0bd250 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/connectiongroup/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
@@ -23,4 +23,4 @@
 /**
  * Classes related to connection groups.
  */
-package org.glyptodon.guacamole.auth.mysql.connectiongroup;
+package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
new file mode 100644
index 000000000..e4d12fca9
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
@@ -0,0 +1,29 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * The base JDBC authentication provider. This authentication provider serves
+ * as a basis for other JDBC authentication provider implementations which are
+ * driven by relatively-common schemas. The only difference between such
+ * implementations are maintained within database-specific MyBatis mappings.
+ */
+package org.glyptodon.guacamole.auth.jdbc;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/MySQLSystemPermissionSet.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/MySQLSystemPermissionSet.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
index ef48dc718..0bcf0a44b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/MySQLSystemPermissionSet.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
-import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
 import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
index ebf92b7f2..777f54046 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 /**
  * Mapper for object-related permissions.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
index 5c2c60f98..7b193193d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index 99f266466..14b893c55 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
index 6d8f2c876..eff35a1ac 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
@@ -20,10 +20,10 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 import java.util.Collection;
-import org.glyptodon.guacamole.auth.mysql.user.UserModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
index 4904e8ce6..d50c9704f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 /**
  * Generic base permission model which grants a permission of a particular type
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
index b3112b00d..1e1266215 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/PermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
@@ -20,14 +20,14 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.Permission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
index 63378088c..fdcb63ce9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
-import org.glyptodon.guacamole.auth.mysql.user.UserModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
index a798cf110..8c1c13ac9 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
index 3ad300796..90ebdc146 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
index 79e89425a..01b820ac1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/permission/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
@@ -23,4 +23,4 @@
 /**
  * Classes related to object- and system-level permissions.
  */
-package org.glyptodon.guacamole.auth.mysql.permission;
+package org.glyptodon.guacamole.auth.jdbc.permission;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/PasswordEncryptionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/PasswordEncryptionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
index 1e0824b96..ef3099468 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.security;
+package org.glyptodon.guacamole.auth.jdbc.security;
 
 /**
  * A service to perform password encryption and checking.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SHA256PasswordEncryptionService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
similarity index 97%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SHA256PasswordEncryptionService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
index ec2014673..cfe5bc45f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SHA256PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.security;
+package org.glyptodon.guacamole.auth.jdbc.security;
 
 import java.io.UnsupportedEncodingException;
 import java.security.MessageDigest;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SaltService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SaltService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
index 863e82769..7badde447 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SaltService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.security;
+package org.glyptodon.guacamole.auth.jdbc.security;
 
 /**
  * A service to generate password salts.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SecureRandomSaltService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SecureRandomSaltService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
index 79a5cc489..608733b5b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/SecureRandomSaltService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.security;
+package org.glyptodon.guacamole.auth.jdbc.security;
 
 
 import java.security.SecureRandom;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
index a8fa5e208..3f1d8b4f7 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/security/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
@@ -23,4 +23,4 @@
 /**
  * Classes related to hashing or encryption.
  */
-package org.glyptodon.guacamole.auth.mysql.security;
+package org.glyptodon.guacamole.auth.jdbc.security;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/AbstractGuacamoleSocketService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
index bc3480da3..9ef4903a7 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.socket;
+package org.glyptodon.guacamole.auth.jdbc.socket;
 
 import com.google.inject.Inject;
 import java.util.Collection;
@@ -30,15 +30,15 @@ import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLConnectionGroup;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordMapper;
-import org.glyptodon.guacamole.auth.mysql.connection.ParameterMapper;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordModel;
-import org.glyptodon.guacamole.auth.mysql.connection.ParameterModel;
-import org.glyptodon.guacamole.auth.mysql.user.UserModel;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordModel;
+import org.glyptodon.guacamole.auth.jdbc.connection.ParameterModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/ActiveConnectionRecord.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/ActiveConnectionRecord.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
index 9bdc2ee67..f32669446 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/ActiveConnectionRecord.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
@@ -20,10 +20,10 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.socket;
+package org.glyptodon.guacamole.auth.jdbc.socket;
 
 import java.util.Date;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/GuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/GuacamoleSocketService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
index bea2fcbf3..2ef2025ce 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/GuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
@@ -20,12 +20,12 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.socket;
+package org.glyptodon.guacamole.auth.jdbc.socket;
 
 import java.util.List;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/UnrestrictedGuacamoleSocketService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
similarity index 90%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/UnrestrictedGuacamoleSocketService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
index 140c9aa29..02bb5263a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/UnrestrictedGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
@@ -20,11 +20,11 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.socket;
+package org.glyptodon.guacamole.auth.jdbc.socket;
 
 import com.google.inject.Singleton;
-import org.glyptodon.guacamole.auth.mysql.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.mysql.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
 import org.glyptodon.guacamole.GuacamoleException;
 
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
index 498518883..42c8cc335 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/socket/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
@@ -24,4 +24,4 @@
  * Classes related to obtaining/configuring Guacamole sockets, and restricting
  * access to those sockets.
  */
-package org.glyptodon.guacamole.auth.mysql.socket;
+package org.glyptodon.guacamole.auth.jdbc.socket;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/AuthenticatedUser.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/AuthenticatedUser.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
index df66abde9..d6181ccfb 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
 import org.glyptodon.guacamole.net.auth.Credentials;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUser.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUser.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
index 9b597ec21..8243cc5fd 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUser.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
@@ -20,13 +20,13 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
 import com.google.inject.Inject;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObject;
-import org.glyptodon.guacamole.auth.mysql.security.PasswordEncryptionService;
-import org.glyptodon.guacamole.auth.mysql.security.SaltService;
-import org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
+import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUserContext.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
similarity index 92%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUserContext.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
index b6026ed4b..4151a8ee1 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/MySQLUserContext.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
@@ -20,12 +20,12 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
 
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.MySQLRootConnectionGroup;
-import org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupDirectory;
-import org.glyptodon.guacamole.auth.mysql.connection.ConnectionDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import org.glyptodon.guacamole.GuacamoleException;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserDirectory.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
index d81dc8fb8..ae02e066c 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
 
 import com.google.inject.Inject;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserMapper.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserMapper.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
index 58f6df0ff..fbe83ae25 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserMapper.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
 import org.apache.ibatis.annotations.Param;
 
 /**
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserModel.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserModel.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
index e0f1c416a..546b1927a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserModel.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
@@ -20,9 +20,9 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
-import org.glyptodon.guacamole.auth.mysql.base.ObjectModel;
+import org.glyptodon.guacamole.auth.jdbc.base.ObjectModel;
 
 /**
  * Object representation of a Guacamole user, as represented in the database.
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
similarity index 96%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserService.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
index 530a26dd6..e3ff5a23a 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/UserService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
@@ -20,15 +20,15 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
 
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
 import java.util.Collections;
 import org.glyptodon.guacamole.net.auth.Credentials;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectMapper;
-import org.glyptodon.guacamole.auth.mysql.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.User;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java
rename to extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
index c8d66ce42..e5c15703f 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/mysql/user/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
@@ -23,4 +23,4 @@
 /**
  * Classes related to Guacamole users.
  */
-package org.glyptodon.guacamole.auth.mysql.user;
+package org.glyptodon.guacamole.auth.jdbc.user;
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
index e9b7c1c27..ac8fb6d6b 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="org.glyptodon.guacamole.auth.mysql.connection.ConnectionMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper" >
 
     <!-- Result mapper for connection objects -->
-    <resultMap id="ConnectionResultMap" type="org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel" >
+    <resultMap id="ConnectionResultMap" type="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel" >
         <id     column="connection_id"   property="objectID"         jdbcType="INTEGER"/>
         <result column="connection_name" property="name"             jdbcType="VARCHAR"/>
         <result column="parent_id"       property="parentIdentifier" jdbcType="INTEGER"/>
@@ -115,7 +115,7 @@
 
     <!-- Insert single connection -->
     <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
-            parameterType="org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel">
+            parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel">
 
         INSERT INTO guacamole_connection (
             connection_name,
@@ -131,7 +131,7 @@
     </insert>
 
     <!-- Update single connection -->
-    <update id="update" parameterType="org.glyptodon.guacamole.auth.mysql.connection.ConnectionModel">
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel">
         UPDATE guacamole_connection
         SET connection_name = #{object.name,jdbcType=VARCHAR},
             parent_id       = #{object.parentIdentifier,jdbcType=VARCHAR},
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
index 0f66f50cd..b5775f607 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ConnectionRecordMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper" >
 
     <!-- Result mapper for system permissions -->
-    <resultMap id="ConnectionRecordResultMap" type="org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordModel">
+    <resultMap id="ConnectionRecordResultMap" type="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordModel">
         <result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
         <result column="user_id"       property="userID"               jdbcType="INTEGER"/>
         <result column="username"      property="username"             jdbcType="VARCHAR"/>
@@ -55,7 +55,7 @@
     </select>
 
     <!-- Insert the given connection record -->
-    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.mysql.connection.ConnectionRecordModel">
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordModel">
 
         INSERT INTO guacamole_connection_history (
             connection_id,
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
similarity index 94%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
index ef3ac8261..ccd386c14 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connection/ParameterMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="org.glyptodon.guacamole.auth.mysql.connection.ParameterMapper">
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper">
 
     <!-- Result mapper for connection parameters -->
-    <resultMap id="ParameterResultMap" type="org.glyptodon.guacamole.auth.mysql.connection.ParameterModel">
+    <resultMap id="ParameterResultMap" type="org.glyptodon.guacamole.auth.jdbc.connection.ParameterModel">
         <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
         <result column="parameter_name"  property="name"                 jdbcType="VARCHAR"/>
         <result column="parameter_value" property="value"                jdbcType="VARCHAR"/>
@@ -51,7 +51,7 @@
     </delete>
 
     <!-- Insert all given parameters -->
-    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.mysql.connection.ParameterModel">
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ParameterModel">
 
         INSERT INTO guacamole_connection_parameter (
             connection_id,
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 6f3ccf958..d79cdf61e 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper" >
 
     <!-- Result mapper for connection objects -->
-    <resultMap id="ConnectionGroupResultMap" type="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupModel" >
+    <resultMap id="ConnectionGroupResultMap" type="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel" >
         <id     column="connection_group_id"   property="objectID"         jdbcType="INTEGER"/>
         <result column="connection_group_name" property="name"             jdbcType="VARCHAR"/>
         <result column="parent_id"             property="parentIdentifier" jdbcType="INTEGER"/>
@@ -116,7 +116,7 @@
 
     <!-- Insert single connection -->
     <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
-            parameterType="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupModel">
+            parameterType="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
 
         INSERT INTO guacamole_connection_group (
             connection_group_name,
@@ -132,7 +132,7 @@
     </insert>
 
     <!-- Update single connection group -->
-    <update id="update" parameterType="org.glyptodon.guacamole.auth.mysql.connectiongroup.ConnectionGroupModel">
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
         UPDATE guacamole_connection_group
         SET connection_group_name = #{object.name,jdbcType=VARCHAR},
             parent_id             = #{object.parentIdentifier,jdbcType=VARCHAR},
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
similarity index 93%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
index b483d2440..55eacd072 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/permission/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionMapper" >
 
     <!-- Result mapper for system permissions -->
-    <resultMap id="SystemPermissionResultMap" type="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionModel">
+    <resultMap id="SystemPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
         <result column="user_id"    property="userID"   jdbcType="INTEGER"/>
         <result column="username"   property="username" jdbcType="VARCHAR"/>
         <result column="permission" property="type"     jdbcType="VARCHAR"
@@ -63,7 +63,7 @@
     </select>
 
     <!-- Delete all given permissions -->
-    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionModel">
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
 
         DELETE FROM guacamole_system_permission
         WHERE (user_id, permission) IN
@@ -76,7 +76,7 @@
     </delete>
 
     <!-- Insert all given permissions -->
-    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.mysql.permission.SystemPermissionModel">
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
 
         INSERT IGNORE INTO guacamole_system_permission (
             user_id,
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/user/UserMapper.xml b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
similarity index 95%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/user/UserMapper.xml
rename to extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
index ce4c05ee4..b3726eb8f 100644
--- a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/mysql/user/UserMapper.xml
+++ b/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -24,10 +24,10 @@
    THE SOFTWARE.
 -->
 
-<mapper namespace="org.glyptodon.guacamole.auth.mysql.user.UserMapper" >
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.user.UserMapper" >
 
     <!-- Result mapper for user objects -->
-    <resultMap id="UserResultMap" type="org.glyptodon.guacamole.auth.mysql.user.UserModel" >
+    <resultMap id="UserResultMap" type="org.glyptodon.guacamole.auth.jdbc.user.UserModel" >
         <id     column="user_id"       property="objectID"     jdbcType="INTEGER"/>
         <result column="username"      property="identifier"   jdbcType="VARCHAR"/>
         <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
@@ -108,7 +108,7 @@
 
     <!-- Insert single user -->
     <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
-            parameterType="org.glyptodon.guacamole.auth.mysql.user.UserModel">
+            parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
 
         INSERT INTO guacamole_user (
             username,
@@ -124,7 +124,7 @@
     </insert>
 
     <!-- Update single user -->
-    <update id="update" parameterType="org.glyptodon.guacamole.auth.mysql.user.UserModel">
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
         UPDATE guacamole_user
         SET password_hash = #{object.passwordHash,jdbcType=BINARY},
             password_salt = #{object.passwordSalt,jdbcType=BINARY}

From bcb603a4b884ced26d0f0f897beb5c82114535ff Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 17:36:09 -0800
Subject: [PATCH 44/60] GUAC-1101: Separate database-specific concerns from
 Guice and MyBatis config.

---
 .../mysql/MySQLAuthenticationProvider.java    |  56 ++++-
 .../MySQLAuthenticationProviderModule.java    |  99 +++++++++
 .../auth/jdbc/JDBCAuthenticationProvider.java | 205 ------------------
 .../JDBCAuthenticationProviderModule.java     | 125 +++++++++++
 .../auth/jdbc/user/UserContextService.java    |  84 +++++++
 5 files changed, 360 insertions(+), 209 deletions(-)
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
 create mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
index 2397eb058..8547fcf3d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
@@ -22,17 +22,31 @@
 
 package net.sourceforge.guacamole.net.auth.mysql;
 
-
+import com.google.inject.Guice;
+import com.google.inject.Injector;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.auth.jdbc.JDBCAuthenticationProvider;
+import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
+import org.glyptodon.guacamole.net.auth.Credentials;
+import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
+import org.glyptodon.guacamole.auth.jdbc.user.UserContextService;
+import org.glyptodon.guacamole.environment.Environment;
+import org.glyptodon.guacamole.environment.LocalEnvironment;
 
 /**
  * Provides a MySQL based implementation of the AuthenticationProvider
  * functionality.
  *
  * @author James Muehlner
+ * @author Michael Jumper
  */
-public class MySQLAuthenticationProvider extends JDBCAuthenticationProvider {
+public class MySQLAuthenticationProvider implements AuthenticationProvider {
+
+    /**
+     * Injector which will manage the object graph of this authentication
+     * provider.
+     */
+    private final Injector injector;
 
     /**
      * Creates a new MySQLAuthenticationProvider that reads and writes
@@ -44,6 +58,40 @@ public class MySQLAuthenticationProvider extends JDBCAuthenticationProvider {
      *     a property.
      */
     public MySQLAuthenticationProvider() throws GuacamoleException {
+
+        // Get local environment
+        Environment environment = new LocalEnvironment();
+
+        // Set up Guice injector.
+        injector = Guice.createInjector(
+
+            // Configure MySQL-specific authentication
+            new MySQLAuthenticationProviderModule(environment),
+
+            // Configure JDBC authentication core
+            new JDBCAuthenticationProviderModule(environment)
+
+        );
+
     }
-    
+
+    @Override
+    public UserContext getUserContext(Credentials credentials)
+            throws GuacamoleException {
+
+        // Create UserContext based on credentials, if valid
+        UserContextService userContextService = injector.getInstance(UserContextService.class);
+        return userContextService.getUserContext(credentials);
+
+    }
+
+    @Override
+    public UserContext updateUserContext(UserContext context,
+        Credentials credentials) throws GuacamoleException {
+
+        // No need to update the context
+        return context;
+
+    }
+
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
new file mode 100644
index 000000000..1da117aee
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import com.google.inject.Binder;
+import com.google.inject.Module;
+import com.google.inject.name.Names;
+import java.util.Properties;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.conf.MySQLGuacamoleProperties;
+import org.glyptodon.guacamole.environment.Environment;
+import org.mybatis.guice.datasource.helper.JdbcHelper;
+
+/**
+ * Guice module which configures MySQL-specific injections.
+ *
+ * @author James Muehlner
+ */
+public class MySQLAuthenticationProviderModule implements Module {
+
+    /**
+     * MyBatis-specific configuration properties.
+     */
+    private final Properties myBatisProperties = new Properties();
+
+    /**
+     * MySQL-specific driver configuration properties.
+     */
+    private final Properties driverProperties = new Properties();
+    
+    /**
+     * Creates a new MySQL authentication provider module that configures
+     * driver and MyBatis properties using the given environment.
+     *
+     * @param environment
+     *     The environment to use when configuring MyBatis and the underlying
+     *     JDBC driver.
+     *
+     * @throws GuacamoleException
+     *     If a required property is missing, or an error occurs while parsing
+     *     a property.
+     */
+    public MySQLAuthenticationProviderModule(Environment environment)
+            throws GuacamoleException {
+
+        // Set the MySQL-specific properties for MyBatis.
+        myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
+        myBatisProperties.setProperty("JDBC.host", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_HOSTNAME));
+        myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PORT)));
+        myBatisProperties.setProperty("JDBC.schema", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE));
+        myBatisProperties.setProperty("JDBC.username", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME));
+        myBatisProperties.setProperty("JDBC.password", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD));
+        myBatisProperties.setProperty("JDBC.autoCommit", "false");
+        myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
+        myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
+
+        // Use UTF-8 in database
+        driverProperties.setProperty("characterEncoding","UTF-8");
+
+
+    }
+
+    @Override
+    public void configure(Binder binder) {
+
+        // Bind MySQL-specific properties
+        JdbcHelper.MySQL.configure(binder);
+        
+        // Bind MyBatis properties
+        Names.bindProperties(binder, myBatisProperties);
+
+        // Bing JDBC driver properties
+        binder.bind(Properties.class)
+            .annotatedWith(Names.named("JDBC.driverProperties"))
+            .toInstance(driverProperties);
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java
deleted file mode 100644
index 3be906e29..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProvider.java
+++ /dev/null
@@ -1,205 +0,0 @@
-/*
- * Copyright (C) 2015 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package org.glyptodon.guacamole.auth.jdbc;
-
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUserContext;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory;
-import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLGuacamoleConfiguration;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.jdbc.permission.MySQLSystemPermissionSet;
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
-import org.glyptodon.guacamole.auth.jdbc.user.UserDirectory;
-import com.google.inject.Binder;
-import com.google.inject.Guice;
-import com.google.inject.Injector;
-import com.google.inject.Module;
-import com.google.inject.name.Names;
-import java.util.Properties;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper;
-import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper;
-import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
-import org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper;
-import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionMapper;
-import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
-import org.glyptodon.guacamole.net.auth.Credentials;
-import org.glyptodon.guacamole.net.auth.UserContext;
-import org.glyptodon.guacamole.auth.jdbc.user.UserMapper;
-import org.glyptodon.guacamole.auth.jdbc.conf.MySQLGuacamoleProperties;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupService;
-import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
-import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
-import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
-import org.glyptodon.guacamole.auth.jdbc.security.SHA256PasswordEncryptionService;
-import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
-import org.glyptodon.guacamole.auth.jdbc.security.SecureRandomSaltService;
-import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
-import org.glyptodon.guacamole.auth.jdbc.socket.UnrestrictedGuacamoleSocketService;
-import org.glyptodon.guacamole.auth.jdbc.user.UserService;
-import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
-import org.glyptodon.guacamole.environment.Environment;
-import org.glyptodon.guacamole.environment.LocalEnvironment;
-import org.mybatis.guice.MyBatisModule;
-import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
-import org.mybatis.guice.datasource.helper.JdbcHelper;
-
-/**
- * Provides a MySQL based implementation of the AuthenticationProvider
- * functionality.
- *
- * @author James Muehlner
- */
-public class JDBCAuthenticationProvider implements AuthenticationProvider {
-
-    /**
-     * Injector which will manage the object graph of this authentication
-     * provider.
-     */
-    private final Injector injector;
-
-    @Override
-    public UserContext getUserContext(Credentials credentials) throws GuacamoleException {
-
-        // Get user service
-        UserService userService = injector.getInstance(UserService.class);
-
-        // Authenticate user
-        MySQLUser user = userService.retrieveUser(credentials);
-        if (user != null) {
-
-            // Upon successful authentication, return new user context
-            MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
-            context.init(user.getCurrentUser());
-            return context;
-
-        }
-
-        // Otherwise, unauthorized
-        return null;
-
-    }
-
-    /**
-     * Creates a new JDBCAuthenticationProvider that reads and writes
-     * authentication data to an arbitrary database defined by properties in
-     * guacamole.properties.
-     *
-     * @throws GuacamoleException
-     *     If a required property is missing, or an error occurs while parsing
-     *     a property.
-     */
-    public JDBCAuthenticationProvider() throws GuacamoleException {
-
-        // Get local environment
-        final Environment environment = new LocalEnvironment();
-        
-        final Properties myBatisProperties = new Properties();
-        final Properties driverProperties = new Properties();
-
-        // Set the mysql properties for MyBatis.
-        myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
-        myBatisProperties.setProperty("JDBC.host", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_HOSTNAME));
-        myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PORT)));
-        myBatisProperties.setProperty("JDBC.schema", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE));
-        myBatisProperties.setProperty("JDBC.username", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME));
-        myBatisProperties.setProperty("JDBC.password", environment.getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD));
-        myBatisProperties.setProperty("JDBC.autoCommit", "false");
-        myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
-        myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
-        driverProperties.setProperty("characterEncoding","UTF-8");
-
-        // Set up Guice injector.
-        injector = Guice.createInjector(
-            JdbcHelper.MySQL,
-
-            new Module() {
-                @Override
-                public void configure(Binder binder) {
-                    Names.bindProperties(binder, myBatisProperties);
-                    binder.bind(Properties.class)
-                        .annotatedWith(Names.named("JDBC.driverProperties"))
-                        .toInstance(driverProperties);
-                }
-            },
-
-            new MyBatisModule() {
-                @Override
-                protected void initialize() {
-
-                    // Datasource
-                    bindDataSourceProviderType(PooledDataSourceProvider.class);
-
-                    // Transaction factory
-                    bindTransactionFactoryType(JdbcTransactionFactory.class);
-
-                    // Add MyBatis mappers
-                    addMapperClass(ConnectionMapper.class);
-                    addMapperClass(ConnectionGroupMapper.class);
-                    addMapperClass(ConnectionRecordMapper.class);
-                    addMapperClass(ParameterMapper.class);
-                    addMapperClass(SystemPermissionMapper.class);
-                    addMapperClass(UserMapper.class);
-
-                    // Bind core implementations of guacamole-ext classes
-                    bind(Environment.class).toInstance(environment);
-                    bind(ConnectionDirectory.class);
-                    bind(ConnectionGroupDirectory.class);
-                    bind(MySQLConnection.class);
-                    bind(MySQLConnectionGroup.class);
-                    bind(MySQLGuacamoleConfiguration.class);
-                    bind(MySQLUser.class);
-                    bind(MySQLUserContext.class);
-                    bind(MySQLRootConnectionGroup.class);
-                    bind(MySQLSystemPermissionSet.class);
-                    bind(UserDirectory.class);
-
-                    // Bind services
-                    bind(ConnectionService.class);
-                    bind(ConnectionGroupService.class);
-                    bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
-                    bind(SaltService.class).to(SecureRandomSaltService.class);
-                    bind(SystemPermissionService.class);
-                    bind(UserService.class);
-
-                    // Bind appropriate socket service based on policy
-                    bind(GuacamoleSocketService.class).to(UnrestrictedGuacamoleSocketService.class);
-                    
-                }
-            } // end of mybatis module
-
-        );
-    } // end of constructor
-
-    @Override
-    public UserContext updateUserContext(UserContext context,
-        Credentials credentials) throws GuacamoleException {
-
-        // No need to update the context
-        return context;
-
-    }
-
-}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
new file mode 100644
index 000000000..60bb6966d
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -0,0 +1,125 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc;
+
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUserContext;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLGuacamoleConfiguration;
+import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.jdbc.permission.MySQLSystemPermissionSet;
+import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.UserDirectory;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
+import org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.user.UserMapper;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupService;
+import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.jdbc.security.SHA256PasswordEncryptionService;
+import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
+import org.glyptodon.guacamole.auth.jdbc.security.SecureRandomSaltService;
+import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.socket.UnrestrictedGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.user.UserService;
+import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
+import org.glyptodon.guacamole.environment.Environment;
+import org.mybatis.guice.MyBatisModule;
+import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
+
+/**
+ * Guice module which configures the injections used by the JDBC authentication
+ * provider base. This module MUST be included in the Guice injector, or
+ * authentication providers based on JDBC will not function.
+ *
+ * @author Michael Jumper
+ * @author James Muehlner
+ */
+public class JDBCAuthenticationProviderModule extends MyBatisModule {
+
+    /**
+     * The environment of the Guacamole server.
+     */
+    private final Environment environment;
+
+    /**
+     * Creates a new JDBC authentication provider module that configures the
+     * various injected base classes using the given environment.
+     *
+     * @param environment
+     *     The environment to use to configure injected classes.
+     */
+    public JDBCAuthenticationProviderModule(Environment environment) {
+        this.environment = environment;
+    }
+
+    @Override
+    protected void initialize() {
+        
+        // Datasource
+        bindDataSourceProviderType(PooledDataSourceProvider.class);
+        
+        // Transaction factory
+        bindTransactionFactoryType(JdbcTransactionFactory.class);
+        
+        // Add MyBatis mappers
+        addMapperClass(ConnectionMapper.class);
+        addMapperClass(ConnectionGroupMapper.class);
+        addMapperClass(ConnectionRecordMapper.class);
+        addMapperClass(ParameterMapper.class);
+        addMapperClass(SystemPermissionMapper.class);
+        addMapperClass(UserMapper.class);
+        
+        // Bind core implementations of guacamole-ext classes
+        bind(Environment.class).toInstance(environment);
+        bind(ConnectionDirectory.class);
+        bind(ConnectionGroupDirectory.class);
+        bind(MySQLConnection.class);
+        bind(MySQLConnectionGroup.class);
+        bind(MySQLGuacamoleConfiguration.class);
+        bind(MySQLUser.class);
+        bind(MySQLUserContext.class);
+        bind(MySQLRootConnectionGroup.class);
+        bind(MySQLSystemPermissionSet.class);
+        bind(UserDirectory.class);
+        
+        // Bind services
+        bind(ConnectionService.class);
+        bind(ConnectionGroupService.class);
+        bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
+        bind(SaltService.class).to(SecureRandomSaltService.class);
+        bind(SystemPermissionService.class);
+        bind(UserService.class);
+        
+        // Bind appropriate socket service based on policy
+        bind(GuacamoleSocketService.class).to(UnrestrictedGuacamoleSocketService.class);
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
new file mode 100644
index 000000000..8895b4674
--- /dev/null
+++ b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.user;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.Credentials;
+import org.glyptodon.guacamole.net.auth.UserContext;
+
+/**
+ * Service which creates new UserContext instances for valid users based on
+ * credentials.
+ *
+ * @author Michael Jumper
+ */
+public class UserContextService  {
+
+    /**
+     * Service for accessing users.
+     */
+    @Inject
+    private UserService userService;
+
+    /**
+     * Provider for retrieving UserContext instances.
+     */
+    @Inject
+    private Provider<MySQLUserContext> userContextProvider;
+
+    /**
+     * Authenticates the user having the given credentials, returning a new
+     * UserContext instance if the credentials are valid.
+     *
+     * @param credentials
+     *     The credentials to use to produce the UserContext.
+     *
+     * @return
+     *     A new UserContext instance for the user identified by the given
+     *     credentials, or null if the credentials are not valid.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs during authentication.
+     */
+    public UserContext getUserContext(Credentials credentials)
+            throws GuacamoleException {
+
+        // Authenticate user
+        MySQLUser user = userService.retrieveUser(credentials);
+        if (user != null) {
+
+            // Upon successful authentication, return new user context
+            MySQLUserContext context = userContextProvider.get();
+            context.init(user.getCurrentUser());
+            return context;
+
+        }
+
+        // Otherwise, unauthorized
+        return null;
+
+    }
+
+}

From 2d175f87920b3202e00e2f9ced41a27f43d2778d Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 18:43:51 -0800
Subject: [PATCH 45/60] GUAC-1101: Split JDBC and MySQL code into separate
 projects.

---
 extensions/guacamole-auth-jdbc/.gitignore     |  2 +
 extensions/guacamole-auth-jdbc/LICENSE        | 19 +++++
 extensions/guacamole-auth-jdbc/pom.xml        | 85 +++++++++++++++++++
 .../JDBCAuthenticationProviderModule.java     |  0
 .../auth/jdbc/base/DirectoryObject.java       |  0
 .../auth/jdbc/base/DirectoryObjectMapper.java |  0
 .../jdbc/base/DirectoryObjectService.java     |  0
 .../guacamole/auth/jdbc/base/ObjectModel.java |  0
 .../auth/jdbc/base/RestrictedObject.java      |  0
 .../auth/jdbc/base/package-info.java          |  0
 .../jdbc/connection/ConnectionDirectory.java  |  0
 .../jdbc/connection/ConnectionMapper.java     |  0
 .../auth/jdbc/connection/ConnectionModel.java |  0
 .../connection/ConnectionRecordMapper.java    |  0
 .../connection/ConnectionRecordModel.java     |  0
 .../jdbc/connection/ConnectionService.java    |  0
 .../auth/jdbc/connection/MySQLConnection.java |  0
 .../connection/MySQLConnectionRecord.java     |  0
 .../MySQLGuacamoleConfiguration.java          |  0
 .../auth/jdbc/connection/ParameterMapper.java |  0
 .../auth/jdbc/connection/ParameterModel.java  |  0
 .../auth/jdbc/connection/package-info.java    |  0
 .../ConnectionGroupDirectory.java             |  0
 .../ConnectionGroupMapper.java                |  0
 .../connectiongroup/ConnectionGroupModel.java |  0
 .../ConnectionGroupService.java               |  0
 .../connectiongroup/MySQLConnectionGroup.java |  0
 .../MySQLRootConnectionGroup.java             |  0
 .../jdbc/connectiongroup/package-info.java    |  0
 .../guacamole/auth/jdbc/package-info.java     |  0
 .../permission/MySQLSystemPermissionSet.java  |  0
 .../permission/ObjectPermissionMapper.java    |  0
 .../permission/ObjectPermissionModel.java     |  0
 .../permission/ObjectPermissionService.java   |  0
 .../jdbc/permission/PermissionMapper.java     |  0
 .../auth/jdbc/permission/PermissionModel.java |  0
 .../jdbc/permission/PermissionService.java    |  0
 .../permission/SystemPermissionMapper.java    |  0
 .../permission/SystemPermissionModel.java     |  0
 .../permission/SystemPermissionService.java   |  0
 .../auth/jdbc/permission/package-info.java    |  0
 .../security/PasswordEncryptionService.java   |  0
 .../SHA256PasswordEncryptionService.java      |  0
 .../auth/jdbc/security/SaltService.java       |  0
 .../security/SecureRandomSaltService.java     |  0
 .../auth/jdbc/security/package-info.java      |  0
 .../AbstractGuacamoleSocketService.java       |  0
 .../jdbc/socket/ActiveConnectionRecord.java   |  0
 .../jdbc/socket/GuacamoleSocketService.java   |  0
 .../UnrestrictedGuacamoleSocketService.java   |  0
 .../auth/jdbc/socket/package-info.java        |  0
 .../auth/jdbc/user/AuthenticatedUser.java     |  0
 .../guacamole/auth/jdbc/user/MySQLUser.java   |  0
 .../auth/jdbc/user/MySQLUserContext.java      |  0
 .../auth/jdbc/user/UserContextService.java    |  0
 .../auth/jdbc/user/UserDirectory.java         |  0
 .../guacamole/auth/jdbc/user/UserMapper.java  |  0
 .../guacamole/auth/jdbc/user/UserModel.java   |  0
 .../guacamole/auth/jdbc/user/UserService.java |  0
 .../auth/jdbc/user/package-info.java          |  0
 extensions/guacamole-auth-mysql/pom.xml       | 73 ++++++----------
 .../src/main/assembly/dist.xml                | 32 ++-----
 .../MySQLAuthenticationProviderModule.java    |  1 -
 .../auth/mysql}/MySQLGuacamoleProperties.java |  2 +-
 .../net/auth/mysql/package-info.java          |  4 +-
 .../auth/jdbc/conf/package-info.java          | 26 ------
 66 files changed, 144 insertions(+), 100 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/.gitignore
 create mode 100644 extensions/guacamole-auth-jdbc/LICENSE
 create mode 100644 extensions/guacamole-auth-jdbc/pom.xml
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java (100%)
 rename extensions/guacamole-auth-mysql/src/main/java/{org/glyptodon/guacamole/auth/jdbc/conf => net/sourceforge/guacamole/net/auth/mysql}/MySQLGuacamoleProperties.java (98%)
 delete mode 100644 extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java

diff --git a/extensions/guacamole-auth-jdbc/.gitignore b/extensions/guacamole-auth-jdbc/.gitignore
new file mode 100644
index 000000000..42f4a1a64
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/.gitignore
@@ -0,0 +1,2 @@
+target/
+*~
diff --git a/extensions/guacamole-auth-jdbc/LICENSE b/extensions/guacamole-auth-jdbc/LICENSE
new file mode 100644
index 000000000..540cdcf75
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/LICENSE
@@ -0,0 +1,19 @@
+Copyright (C) 2013 Glyptodon LLC
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/extensions/guacamole-auth-jdbc/pom.xml b/extensions/guacamole-auth-jdbc/pom.xml
new file mode 100644
index 000000000..68b098b54
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/pom.xml
@@ -0,0 +1,85 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.glyptodon.guacamole</groupId>
+    <artifactId>guacamole-auth-jdbc</artifactId>
+    <packaging>jar</packaging>
+    <version>0.9.5</version>
+    <name>guacamole-auth-jdbc</name>
+    <url>http://guac-dev.org/</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <plugins>
+
+            <!-- Written for 1.6 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+
+        </plugins>
+    </build>
+
+    <dependencies>
+
+        <!-- Guacamole Java API -->
+        <dependency>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-common</artifactId>
+            <version>0.9.4</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Guacamole Extension API -->
+        <dependency>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-ext</artifactId>
+            <version>0.9.5</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- SLF4J - logging -->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.7</version>
+        </dependency>
+
+        <!-- MyBatis -->
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <version>3.2.8</version>
+        </dependency>
+        
+        <!-- MyBatis Guice -->
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis-guice</artifactId>
+            <version>3.6</version>
+        </dependency>
+
+        <!-- Guice -->
+        <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+            <version>3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.inject.extensions</groupId>
+            <artifactId>guice-multibindings</artifactId>
+            <version>3.0</version>
+        </dependency>
+               
+    </dependencies>
+
+</project>
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java b/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
rename to extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
diff --git a/extensions/guacamole-auth-mysql/pom.xml b/extensions/guacamole-auth-mysql/pom.xml
index 912908484..7e2e11d95 100644
--- a/extensions/guacamole-auth-mysql/pom.xml
+++ b/extensions/guacamole-auth-mysql/pom.xml
@@ -30,20 +30,34 @@
             <plugin>
                 <artifactId>maven-assembly-plugin</artifactId>
                 <version>2.2-beta-5</version>
-                <configuration>
-                    <finalName>${project.artifactId}-${project.version}</finalName>
-                    <appendAssemblyId>false</appendAssemblyId>
-                    <descriptors>
-                        <descriptor>src/main/assembly/dist.xml</descriptor>
-                    </descriptors>
-                </configuration>
                 <executions>
+                    <execution>
+                        <id>jar-with-dependencies</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <finalName>extension/${project.artifactId}-${project.version}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <descriptorRefs>
+                                <descriptorRef>jar-with-dependencies</descriptorRef>
+                            </descriptorRefs>
+                        </configuration>
+                    </execution>                    
                     <execution>
                         <id>make-dist-archive</id>
                         <phase>package</phase>
                         <goals>
                             <goal>single</goal>
                         </goals>
+                        <configuration>
+                            <finalName>${project.artifactId}-${project.version}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <descriptors>
+                                <descriptor>src/main/assembly/dist.xml</descriptor>
+                            </descriptors>
+                        </configuration>
                     </execution>
                 </executions>
             </plugin>
@@ -53,54 +67,19 @@
 
     <dependencies>
 
-        <!-- Guacamole Java API -->
-        <dependency>
-            <groupId>org.glyptodon.guacamole</groupId>
-            <artifactId>guacamole-common</artifactId>
-            <version>0.9.4</version>
-        </dependency>
-
         <!-- Guacamole Extension API -->
         <dependency>
             <groupId>org.glyptodon.guacamole</groupId>
             <artifactId>guacamole-ext</artifactId>
             <version>0.9.5</version>
+            <scope>provided</scope>
         </dependency>
 
-        <!-- SLF4J - logging -->
+        <!-- Guacamole JDBC Authentication -->
         <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>1.7.7</version>
-        </dependency>
-
-        <!-- MyBatis -->
-        <dependency>
-            <groupId>org.mybatis</groupId>
-            <artifactId>mybatis</artifactId>
-            <version>3.2.8</version>
-        </dependency>
-        
-        <!-- MyBatis Guice -->
-        <dependency>
-            <groupId>org.mybatis</groupId>
-            <artifactId>mybatis-guice</artifactId>
-            <version>3.6</version>
-        </dependency>
-
-        <!-- Guice -->
-        <dependency>
-            <groupId>com.google.inject</groupId>
-            <artifactId>guice</artifactId>
-            <version>3.0</version>
-        </dependency>
-
-               
-        <!-- Google Collections -->
-        <dependency>
-            <groupId>com.google.collections</groupId>
-            <artifactId>google-collections</artifactId>
-            <version>1.0</version>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-auth-jdbc</artifactId>
+            <version>0.9.5</version>
         </dependency>
 
     </dependencies>
diff --git a/extensions/guacamole-auth-mysql/src/main/assembly/dist.xml b/extensions/guacamole-auth-mysql/src/main/assembly/dist.xml
index 0628ad61c..f8cc2764d 100644
--- a/extensions/guacamole-auth-mysql/src/main/assembly/dist.xml
+++ b/extensions/guacamole-auth-mysql/src/main/assembly/dist.xml
@@ -26,29 +26,15 @@
                 <directory>schema</directory>
             </fileSet>
 
+            <!-- Include extension .jar -->
+            <fileSet>
+                <directory>${project.build.directory}/extension</directory>
+                <outputDirectory>/</outputDirectory>
+                <includes>
+                    <include>*.jar</include>
+                </includes>
+            </fileSet>
+
     </fileSets>
 
-    <!-- Include self and all dependencies except guacamole-common 
-         and guacamole-ext -->
-    <dependencySets>
-        <dependencySet>
-
-            <outputDirectory>/lib</outputDirectory>
-            <scope>runtime</scope>
-            <unpack>false</unpack>
-            <useProjectArtifact>true</useProjectArtifact>
-            <useTransitiveFiltering>true</useTransitiveFiltering>
-
-            <excludes>
-
-                <!-- Do not include guacamole-common -->
-                <exclude>org.glyptodon.guacamole:guacamole-common</exclude>
-
-                <!-- Do not include guacamole-ext -->
-                <exclude>org.glyptodon.guacamole:guacamole-ext</exclude>
-
-            </excludes>
-        </dependencySet>
-    </dependencySets>
-
 </assembly>
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
index 1da117aee..e5af46928 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
@@ -27,7 +27,6 @@ import com.google.inject.Module;
 import com.google.inject.name.Names;
 import java.util.Properties;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.auth.jdbc.conf.MySQLGuacamoleProperties;
 import org.glyptodon.guacamole.environment.Environment;
 import org.mybatis.guice.datasource.helper.JdbcHelper;
 
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
similarity index 98%
rename from extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/MySQLGuacamoleProperties.java
rename to extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
index 9b38d23b0..3a599fc93 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/MySQLGuacamoleProperties.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
@@ -20,7 +20,7 @@
  * THE SOFTWARE.
  */
 
-package org.glyptodon.guacamole.auth.jdbc.conf;
+package net.sourceforge.guacamole.net.auth.mysql;
 
 import org.glyptodon.guacamole.properties.BooleanGuacamoleProperty;
 import org.glyptodon.guacamole.properties.IntegerGuacamoleProperty;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
index cdac45a07..65dc294e6 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
@@ -21,7 +21,7 @@
  */
 
 /**
- * The MySQL authentication provider. This package exists purely for backwards-
- * compatibility.
+ * The MySQL authentication provider. This package exists outside of
+ * org.glyptodon for backwards-compatibility.
  */
 package net.sourceforge.guacamole.net.auth.mysql;
diff --git a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java b/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java
deleted file mode 100644
index 5c16bfa04..000000000
--- a/extensions/guacamole-auth-mysql/src/main/java/org/glyptodon/guacamole/auth/jdbc/conf/package-info.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Copyright (C) 2015 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/**
- * Classes related to the configuration of the MySQL authentication provider.
- */
-package org.glyptodon.guacamole.auth.jdbc.conf;

From a271550bcb5ad8714778fb25a6eb0534c154ced8 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 21:24:11 -0800
Subject: [PATCH 46/60] GUAC-1101: Move JDBC-related auth into single parent
 project.

---
 .../README                                    | 46 +++++----
 .../guacamole-auth-jdbc-base}/.gitignore      |  0
 .../modules/guacamole-auth-jdbc-base/pom.xml  | 85 ++++++++++++++++
 .../JDBCAuthenticationProviderModule.java     |  0
 .../auth/jdbc/base/DirectoryObject.java       |  0
 .../auth/jdbc/base/DirectoryObjectMapper.java |  0
 .../jdbc/base/DirectoryObjectService.java     |  0
 .../guacamole/auth/jdbc/base/ObjectModel.java |  0
 .../auth/jdbc/base/RestrictedObject.java      |  0
 .../auth/jdbc/base/package-info.java          |  0
 .../jdbc/connection/ConnectionDirectory.java  |  0
 .../jdbc/connection/ConnectionMapper.java     |  0
 .../auth/jdbc/connection/ConnectionModel.java |  0
 .../connection/ConnectionRecordMapper.java    |  0
 .../connection/ConnectionRecordModel.java     |  0
 .../jdbc/connection/ConnectionService.java    |  0
 .../auth/jdbc/connection/MySQLConnection.java |  0
 .../connection/MySQLConnectionRecord.java     |  0
 .../MySQLGuacamoleConfiguration.java          |  0
 .../auth/jdbc/connection/ParameterMapper.java |  0
 .../auth/jdbc/connection/ParameterModel.java  |  0
 .../auth/jdbc/connection/package-info.java    |  0
 .../ConnectionGroupDirectory.java             |  0
 .../ConnectionGroupMapper.java                |  0
 .../connectiongroup/ConnectionGroupModel.java |  0
 .../ConnectionGroupService.java               |  0
 .../connectiongroup/MySQLConnectionGroup.java |  0
 .../MySQLRootConnectionGroup.java             |  0
 .../jdbc/connectiongroup/package-info.java    |  0
 .../guacamole/auth/jdbc/package-info.java     |  0
 .../permission/MySQLSystemPermissionSet.java  |  0
 .../permission/ObjectPermissionMapper.java    |  0
 .../permission/ObjectPermissionModel.java     |  0
 .../permission/ObjectPermissionService.java   |  0
 .../jdbc/permission/PermissionMapper.java     |  0
 .../auth/jdbc/permission/PermissionModel.java |  0
 .../jdbc/permission/PermissionService.java    |  0
 .../permission/SystemPermissionMapper.java    |  0
 .../permission/SystemPermissionModel.java     |  0
 .../permission/SystemPermissionService.java   |  0
 .../auth/jdbc/permission/package-info.java    |  0
 .../security/PasswordEncryptionService.java   |  0
 .../SHA256PasswordEncryptionService.java      |  0
 .../auth/jdbc/security/SaltService.java       |  0
 .../security/SecureRandomSaltService.java     |  0
 .../auth/jdbc/security/package-info.java      |  0
 .../AbstractGuacamoleSocketService.java       |  0
 .../jdbc/socket/ActiveConnectionRecord.java   |  0
 .../jdbc/socket/GuacamoleSocketService.java   |  0
 .../UnrestrictedGuacamoleSocketService.java   |  0
 .../auth/jdbc/socket/package-info.java        |  0
 .../auth/jdbc/user/AuthenticatedUser.java     |  0
 .../guacamole/auth/jdbc/user/MySQLUser.java   |  0
 .../auth/jdbc/user/MySQLUserContext.java      |  0
 .../auth/jdbc/user/UserContextService.java    |  0
 .../auth/jdbc/user/UserDirectory.java         |  0
 .../guacamole/auth/jdbc/user/UserMapper.java  |  0
 .../guacamole/auth/jdbc/user/UserModel.java   |  0
 .../guacamole/auth/jdbc/user/UserService.java |  0
 .../auth/jdbc/user/package-info.java          |  0
 .../modules}/guacamole-auth-mysql/.gitignore  |  0
 .../modules}/guacamole-auth-mysql/pom.xml     | 16 +--
 .../schema/001-create-schema.sql              |  0
 .../schema/002-create-admin-user.sql          |  0
 .../schema/upgrade/upgrade-pre-0.8.2.sql      |  0
 .../mysql/MySQLAuthenticationProvider.java    |  0
 .../MySQLAuthenticationProviderModule.java    |  0
 .../auth/mysql/MySQLGuacamoleProperties.java  |  0
 .../net/auth/mysql/package-info.java          |  0
 .../auth/jdbc/connection/ConnectionMapper.xml |  0
 .../connection/ConnectionRecordMapper.xml     |  0
 .../auth/jdbc/connection/ParameterMapper.xml  |  0
 .../connectiongroup/ConnectionGroupMapper.xml |  0
 .../permission/SystemPermissionMapper.xml     |  0
 .../guacamole/auth/jdbc/user/UserMapper.xml   |  0
 extensions/guacamole-auth-jdbc/pom.xml        | 97 +++++++------------
 .../src/main/assembly/dist.xml                | 20 ++--
 extensions/guacamole-auth-mysql/LICENSE       | 19 ----
 78 files changed, 151 insertions(+), 132 deletions(-)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/README (62%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/.gitignore (100%)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java (100%)
 rename extensions/guacamole-auth-jdbc/{ => modules/guacamole-auth-jdbc-base}/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/.gitignore (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/pom.xml (77%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/schema/001-create-schema.sql (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/schema/002-create-admin-user.sql (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml (100%)
 rename extensions/{ => guacamole-auth-jdbc/modules}/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml (100%)
 rename extensions/{guacamole-auth-mysql => guacamole-auth-jdbc}/src/main/assembly/dist.xml (57%)
 delete mode 100644 extensions/guacamole-auth-mysql/LICENSE

diff --git a/extensions/guacamole-auth-mysql/README b/extensions/guacamole-auth-jdbc/README
similarity index 62%
rename from extensions/guacamole-auth-mysql/README
rename to extensions/guacamole-auth-jdbc/README
index 733e369dd..d4fa250aa 100644
--- a/extensions/guacamole-auth-mysql/README
+++ b/extensions/guacamole-auth-jdbc/README
@@ -17,29 +17,30 @@ Distribution-specific documentation is provided on the Guacamole wiki:
 
 
 ------------------------------------------------------------
- What is guacamole-auth-mysql?
+ What is guacamole-auth-jdbc?
 ------------------------------------------------------------
 
-guacamole-auth-ldap is a Java library for use with the Guacamole web
-application to provide MySQL based authentication.
+guacamole-auth-jdbc is a Java library for use with the Guacamole web
+application to provide database-driven authentication.
 
-guacamole-auth-mysql provides an authentication provider which can be
-set in guacamole.properties to allow MySQL authentication of Guacamole
-users. Additional properties are required to configure the mysql
-connection parameters.
+guacamole-auth-jdbc provides multiple authentication provider implementations
+which each provide a support for a different database. These authentication
+providers can be set in guacamole.properties to allow authentication of
+Guacamole users through that type of database.
 
-A schema file are provided to create the required tables in your
-mysql database.
+Schema files are provided to create the required tables in your database of
+choice.
 
 
 ------------------------------------------------------------
- Compiling and installing guacamole-auth-mysql
+ Compiling and installing guacamole-auth-jdbc
 ------------------------------------------------------------
 
-guacamole-auth-mysql is built using Maven. Building guacamole-auth-mysql
-compiles all classes and packages them into a redistributable .jar file. This
-.jar file can be installed in the library directory configured in
-guacamole.properties such that the authentication provider is available.
+guacamole-auth-jdbc is built using Maven. Building guacamole-auth-jdbc compiles
+all classes and packages them into a redistributable .tar.gz archive.  This
+archive contains multiple .jar files, each of this corresponds to a
+database-specific authentication provider implementation that can be installed
+in the library directory configured in guacamole.properties.
 
 1) Run mvn package
 
@@ -68,13 +69,16 @@ guacamole.properties such that the authentication provider is available.
     with username 'guacadmin' and password 'guacadmin'. This user can 
     be used to set up any other connections and users.
 
-6) Configure guacamole.properties for MySQL
+6) Configure guacamole.properties for your database
 
-    There are additional properties required by the MySQL JDBC driver
-    which must be added/changed in your guacamole.properties:
+    There are additional properties required by JDBC drivers which must
+    be added/changed in your guacamole.properties. These parameters are
+    specific to the database being used.
 
-    # Configuration for MySQL connection
-    mysql-hostname:           mysql.host.name
+    For MySQL, the following properties are available:
+
+    # Database connection configuration
+    mysql-hostname:           database.host.name
     mysql-port:               3306
     mysql-database:           guacamole.database.name
     mysql-username:           user
@@ -91,8 +95,8 @@ guacamole.properties such that the authentication provider is available.
  Reporting problems
 ------------------------------------------------------------
 
-Please report any bugs encountered by opening a new ticket at the Trac system
+Please report any bugs encountered by opening a new issue in the JIRA system
 hosted at:
     
-    http://guac-dev.org/trac/
+    http://glyptodon.org/jira/
 
diff --git a/extensions/guacamole-auth-jdbc/.gitignore b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/.gitignore
similarity index 100%
rename from extensions/guacamole-auth-jdbc/.gitignore
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/.gitignore
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
new file mode 100644
index 000000000..6c2aa4597
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
@@ -0,0 +1,85 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.glyptodon.guacamole</groupId>
+    <artifactId>guacamole-auth-jdbc-base</artifactId>
+    <packaging>jar</packaging>
+    <version>0.9.5</version>
+    <name>guacamole-auth-jdbc-base</name>
+    <url>http://guac-dev.org/</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <build>
+        <plugins>
+
+            <!-- Written for 1.6 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+
+        </plugins>
+    </build>
+
+    <dependencies>
+
+        <!-- Guacamole Java API -->
+        <dependency>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-common</artifactId>
+            <version>0.9.4</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Guacamole Extension API -->
+        <dependency>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-ext</artifactId>
+            <version>0.9.5</version>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- SLF4J - logging -->
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+            <version>1.7.7</version>
+        </dependency>
+
+        <!-- MyBatis -->
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <version>3.2.8</version>
+        </dependency>
+        
+        <!-- MyBatis Guice -->
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis-guice</artifactId>
+            <version>3.6</version>
+        </dependency>
+
+        <!-- Guice -->
+        <dependency>
+            <groupId>com.google.inject</groupId>
+            <artifactId>guice</artifactId>
+            <version>3.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.google.inject.extensions</groupId>
+            <artifactId>guice-multibindings</artifactId>
+            <version>3.0</version>
+        </dependency>
+               
+    </dependencies>
+
+</project>
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ObjectModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ParameterModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SaltService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SecureRandomSaltService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserModel.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
diff --git a/extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/package-info.java
diff --git a/extensions/guacamole-auth-mysql/.gitignore b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/.gitignore
similarity index 100%
rename from extensions/guacamole-auth-mysql/.gitignore
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/.gitignore
diff --git a/extensions/guacamole-auth-mysql/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
similarity index 77%
rename from extensions/guacamole-auth-mysql/pom.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
index 7e2e11d95..c4b7e7051 100644
--- a/extensions/guacamole-auth-mysql/pom.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
@@ -45,20 +45,6 @@
                             </descriptorRefs>
                         </configuration>
                     </execution>                    
-                    <execution>
-                        <id>make-dist-archive</id>
-                        <phase>package</phase>
-                        <goals>
-                            <goal>single</goal>
-                        </goals>
-                        <configuration>
-                            <finalName>${project.artifactId}-${project.version}</finalName>
-                            <appendAssemblyId>false</appendAssemblyId>
-                            <descriptors>
-                                <descriptor>src/main/assembly/dist.xml</descriptor>
-                            </descriptors>
-                        </configuration>
-                    </execution>
                 </executions>
             </plugin>
 
@@ -78,7 +64,7 @@
         <!-- Guacamole JDBC Authentication -->
         <dependency>
             <groupId>org.glyptodon.guacamole</groupId>
-            <artifactId>guacamole-auth-jdbc</artifactId>
+            <artifactId>guacamole-auth-jdbc-base</artifactId>
             <version>0.9.5</version>
         </dependency>
 
diff --git a/extensions/guacamole-auth-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/001-create-schema.sql
similarity index 100%
rename from extensions/guacamole-auth-mysql/schema/001-create-schema.sql
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/001-create-schema.sql
diff --git a/extensions/guacamole-auth-mysql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/002-create-admin-user.sql
similarity index 100%
rename from extensions/guacamole-auth-mysql/schema/002-create-admin-user.sql
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/002-create-admin-user.sql
diff --git a/extensions/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql
similarity index 100%
rename from extensions/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
diff --git a/extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/pom.xml b/extensions/guacamole-auth-jdbc/pom.xml
index 68b098b54..5f86c8d8b 100644
--- a/extensions/guacamole-auth-jdbc/pom.xml
+++ b/extensions/guacamole-auth-jdbc/pom.xml
@@ -1,10 +1,12 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
+                        http://maven.apache.org/maven-v4_0_0.xsd">
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.glyptodon.guacamole</groupId>
     <artifactId>guacamole-auth-jdbc</artifactId>
-    <packaging>jar</packaging>
+    <packaging>pom</packaging>
     <version>0.9.5</version>
     <name>guacamole-auth-jdbc</name>
     <url>http://guac-dev.org/</url>
@@ -13,73 +15,42 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
+    <modules>
+
+        <!-- Base JDBC classes -->
+        <module>modules/guacamole-auth-jdbc-base</module>
+
+        <!-- MySQL authentication -->
+        <module>modules/guacamole-auth-mysql</module>
+
+    </modules>
+
     <build>
         <plugins>
 
-            <!-- Written for 1.6 -->
+            <!-- Assembly plugin - for easy distribution -->
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <source>1.6</source>
-                    <target>1.6</target>
-                </configuration>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.2-beta-5</version>
+                <executions>
+                    <execution>
+                        <id>make-dist-archive</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <finalName>${project.artifactId}-${project.version}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <descriptors>
+                                <descriptor>src/main/assembly/dist.xml</descriptor>
+                            </descriptors>
+                        </configuration>
+                    </execution>
+                </executions>
             </plugin>
 
         </plugins>
     </build>
 
-    <dependencies>
-
-        <!-- Guacamole Java API -->
-        <dependency>
-            <groupId>org.glyptodon.guacamole</groupId>
-            <artifactId>guacamole-common</artifactId>
-            <version>0.9.4</version>
-            <scope>provided</scope>
-        </dependency>
-
-        <!-- Guacamole Extension API -->
-        <dependency>
-            <groupId>org.glyptodon.guacamole</groupId>
-            <artifactId>guacamole-ext</artifactId>
-            <version>0.9.5</version>
-            <scope>provided</scope>
-        </dependency>
-
-        <!-- SLF4J - logging -->
-        <dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-api</artifactId>
-            <version>1.7.7</version>
-        </dependency>
-
-        <!-- MyBatis -->
-        <dependency>
-            <groupId>org.mybatis</groupId>
-            <artifactId>mybatis</artifactId>
-            <version>3.2.8</version>
-        </dependency>
-        
-        <!-- MyBatis Guice -->
-        <dependency>
-            <groupId>org.mybatis</groupId>
-            <artifactId>mybatis-guice</artifactId>
-            <version>3.6</version>
-        </dependency>
-
-        <!-- Guice -->
-        <dependency>
-            <groupId>com.google.inject</groupId>
-            <artifactId>guice</artifactId>
-            <version>3.0</version>
-        </dependency>
-        <dependency>
-            <groupId>com.google.inject.extensions</groupId>
-            <artifactId>guice-multibindings</artifactId>
-            <version>3.0</version>
-        </dependency>
-               
-    </dependencies>
-
 </project>
diff --git a/extensions/guacamole-auth-mysql/src/main/assembly/dist.xml b/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
similarity index 57%
rename from extensions/guacamole-auth-mysql/src/main/assembly/dist.xml
rename to extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
index f8cc2764d..c99e3465f 100644
--- a/extensions/guacamole-auth-mysql/src/main/assembly/dist.xml
+++ b/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
@@ -11,25 +11,17 @@
         <format>tar.gz</format>
     </formats>
 
-    <!-- Include docs and schema -->
+    <!-- Include all implementations -->
     <fileSets>
 
-            <!-- Include docs -->
+            <!-- MySQL implementation -->
             <fileSet>
-                <outputDirectory>/</outputDirectory>
-                <directory>doc</directory>
+                <outputDirectory>/mysql/schema</outputDirectory>
+                <directory>modules/guacamole-auth-mysql/schema</directory>
             </fileSet>
-
-            <!-- Include schema -->
             <fileSet>
-                <outputDirectory>/schema</outputDirectory>
-                <directory>schema</directory>
-            </fileSet>
-
-            <!-- Include extension .jar -->
-            <fileSet>
-                <directory>${project.build.directory}/extension</directory>
-                <outputDirectory>/</outputDirectory>
+                <directory>modules/guacamole-auth-mysql/target/extension</directory>
+                <outputDirectory>/mysql</outputDirectory>
                 <includes>
                     <include>*.jar</include>
                 </includes>
diff --git a/extensions/guacamole-auth-mysql/LICENSE b/extensions/guacamole-auth-mysql/LICENSE
deleted file mode 100644
index 540cdcf75..000000000
--- a/extensions/guacamole-auth-mysql/LICENSE
+++ /dev/null
@@ -1,19 +0,0 @@
-Copyright (C) 2013 Glyptodon LLC
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.

From 410f789b0395145f136bc7f693b2efa0b8578f83 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 21:45:01 -0800
Subject: [PATCH 47/60] GUAC-1101: Inherit parent version and dependencies.

---
 .../modules/guacamole-auth-jdbc-base/pom.xml    | 17 +++++++----------
 .../modules/guacamole-auth-mysql/pom.xml        |  9 +++++++--
 extensions/guacamole-auth-jdbc/pom.xml          | 15 +++++++++++++++
 3 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
index 6c2aa4597..40ca67bee 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
@@ -5,7 +5,6 @@
     <groupId>org.glyptodon.guacamole</groupId>
     <artifactId>guacamole-auth-jdbc-base</artifactId>
     <packaging>jar</packaging>
-    <version>0.9.5</version>
     <name>guacamole-auth-jdbc-base</name>
     <url>http://guac-dev.org/</url>
 
@@ -13,6 +12,13 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
+    <parent>
+        <groupId>org.glyptodon.guacamole</groupId>
+        <artifactId>guacamole-auth-jdbc</artifactId>
+        <version>0.9.5</version>
+        <relativePath>../../</relativePath>
+    </parent>
+
     <build>
         <plugins>
 
@@ -31,19 +37,10 @@
 
     <dependencies>
 
-        <!-- Guacamole Java API -->
-        <dependency>
-            <groupId>org.glyptodon.guacamole</groupId>
-            <artifactId>guacamole-common</artifactId>
-            <version>0.9.4</version>
-            <scope>provided</scope>
-        </dependency>
-
         <!-- Guacamole Extension API -->
         <dependency>
             <groupId>org.glyptodon.guacamole</groupId>
             <artifactId>guacamole-ext</artifactId>
-            <version>0.9.5</version>
             <scope>provided</scope>
         </dependency>
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
index c4b7e7051..33a03394f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
@@ -5,7 +5,6 @@
     <groupId>org.glyptodon.guacamole</groupId>
     <artifactId>guacamole-auth-mysql</artifactId>
     <packaging>jar</packaging>
-    <version>0.9.5</version>
     <name>guacamole-auth-mysql</name>
     <url>http://guac-dev.org/</url>
 
@@ -13,6 +12,13 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
 
+    <parent>
+        <groupId>org.glyptodon.guacamole</groupId>
+        <artifactId>guacamole-auth-jdbc</artifactId>
+        <version>0.9.5</version>
+        <relativePath>../../</relativePath>
+    </parent>
+
     <build>
         <plugins>
 
@@ -57,7 +63,6 @@
         <dependency>
             <groupId>org.glyptodon.guacamole</groupId>
             <artifactId>guacamole-ext</artifactId>
-            <version>0.9.5</version>
             <scope>provided</scope>
         </dependency>
 
diff --git a/extensions/guacamole-auth-jdbc/pom.xml b/extensions/guacamole-auth-jdbc/pom.xml
index 5f86c8d8b..96bd61864 100644
--- a/extensions/guacamole-auth-jdbc/pom.xml
+++ b/extensions/guacamole-auth-jdbc/pom.xml
@@ -32,6 +32,7 @@
             <plugin>
                 <artifactId>maven-assembly-plugin</artifactId>
                 <version>2.2-beta-5</version>
+                <inherited>false</inherited>
                 <executions>
                     <execution>
                         <id>make-dist-archive</id>
@@ -53,4 +54,18 @@
         </plugins>
     </build>
 
+    <dependencyManagement>
+        <dependencies>
+
+            <!-- Guacamole Extension API -->
+            <dependency>
+                <groupId>org.glyptodon.guacamole</groupId>
+                <artifactId>guacamole-ext</artifactId>
+                <version>0.9.5</version>
+                <scope>provided</scope>
+            </dependency>
+
+        </dependencies>
+    </dependencyManagement>
+
 </project>

From fc25bb33aab602e216606bbed1076450b3811198 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 27 Feb 2015 21:57:01 -0800
Subject: [PATCH 48/60] GUAC-1101: Rename guacamole-auth-mysql hierarchically.

---
 .../.gitignore                                                | 0
 .../pom.xml                                                   | 4 ++--
 .../schema/001-create-schema.sql                              | 0
 .../schema/002-create-admin-user.sql                          | 0
 .../schema/upgrade/upgrade-pre-0.8.2.sql                      | 0
 .../guacamole/net/auth/mysql/MySQLAuthenticationProvider.java | 0
 .../net/auth/mysql/MySQLAuthenticationProviderModule.java     | 0
 .../guacamole/net/auth/mysql/MySQLGuacamoleProperties.java    | 0
 .../sourceforge/guacamole/net/auth/mysql/package-info.java    | 0
 .../guacamole/auth/jdbc/connection/ConnectionMapper.xml       | 0
 .../guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml | 0
 .../guacamole/auth/jdbc/connection/ParameterMapper.xml        | 0
 .../auth/jdbc/connectiongroup/ConnectionGroupMapper.xml       | 0
 .../guacamole/auth/jdbc/permission/SystemPermissionMapper.xml | 0
 .../org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml     | 0
 extensions/guacamole-auth-jdbc/pom.xml                        | 2 +-
 extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml     | 4 ++--
 17 files changed, 5 insertions(+), 5 deletions(-)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/.gitignore (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/pom.xml (96%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/schema/001-create-schema.sql (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/schema/002-create-admin-user.sql (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/schema/upgrade/upgrade-pre-0.8.2.sql (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml (100%)
 rename extensions/guacamole-auth-jdbc/modules/{guacamole-auth-mysql => guacamole-auth-jdbc-mysql}/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml (100%)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/.gitignore b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/.gitignore
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/.gitignore
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/.gitignore
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/pom.xml
similarity index 96%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/pom.xml
index 33a03394f..47dbf1797 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/pom.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/pom.xml
@@ -3,9 +3,9 @@
 
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.glyptodon.guacamole</groupId>
-    <artifactId>guacamole-auth-mysql</artifactId>
+    <artifactId>guacamole-auth-jdbc-mysql</artifactId>
     <packaging>jar</packaging>
-    <name>guacamole-auth-mysql</name>
+    <name>guacamole-auth-jdbc-mysql</name>
     <url>http://guac-dev.org/</url>
 
     <properties>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/001-create-schema.sql
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/002-create-admin-user.sql
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/002-create-admin-user.sql
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.8.2.sql
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/schema/upgrade/upgrade-pre-0.8.2.sql
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/upgrade/upgrade-pre-0.8.2.sql
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProviderModule.java
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLGuacamoleProperties.java
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/package-info.java
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
similarity index 100%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
diff --git a/extensions/guacamole-auth-jdbc/pom.xml b/extensions/guacamole-auth-jdbc/pom.xml
index 96bd61864..c6c622994 100644
--- a/extensions/guacamole-auth-jdbc/pom.xml
+++ b/extensions/guacamole-auth-jdbc/pom.xml
@@ -21,7 +21,7 @@
         <module>modules/guacamole-auth-jdbc-base</module>
 
         <!-- MySQL authentication -->
-        <module>modules/guacamole-auth-mysql</module>
+        <module>modules/guacamole-auth-jdbc-mysql</module>
 
     </modules>
 
diff --git a/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml b/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
index c99e3465f..2d20b63a0 100644
--- a/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
+++ b/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
@@ -17,10 +17,10 @@
             <!-- MySQL implementation -->
             <fileSet>
                 <outputDirectory>/mysql/schema</outputDirectory>
-                <directory>modules/guacamole-auth-mysql/schema</directory>
+                <directory>modules/guacamole-auth-jdbc-mysql/schema</directory>
             </fileSet>
             <fileSet>
-                <directory>modules/guacamole-auth-mysql/target/extension</directory>
+                <directory>modules/guacamole-auth-jdbc-mysql/target/extension</directory>
                 <outputDirectory>/mysql</outputDirectory>
                 <includes>
                     <include>*.jar</include>

From acb6ea44fa63cb22fb54abff7687f0294421c994 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 12:11:39 -0800
Subject: [PATCH 49/60] GUAC-1101: Remove mention of MySQL from generic JDBC
 code.

---
 .../JDBCAuthenticationProviderModule.java     | 28 ++++++++---------
 .../auth/jdbc/base/package-info.java          |  4 +--
 .../jdbc/connection/ConnectionDirectory.java  |  7 +++--
 .../jdbc/connection/ConnectionService.java    | 30 +++++++++---------
 ...Connection.java => ModeledConnection.java} | 21 +++++++------
 ...cord.java => ModeledConnectionRecord.java} | 10 +++---
 ...ava => ModeledGuacamoleConfiguration.java} |  6 ++--
 .../ConnectionGroupDirectory.java             |  7 +++--
 .../ConnectionGroupService.java               | 18 +++++------
 ...Group.java => ModeledConnectionGroup.java} | 13 ++++----
 ...ionGroup.java => RootConnectionGroup.java} |  6 ++--
 .../permission/ObjectPermissionService.java   |  8 ++---
 .../jdbc/permission/PermissionService.java    | 14 ++++-----
 .../permission/SystemPermissionService.java   | 20 ++++++------
 ...ssionSet.java => SystemPermissionSet.java} | 14 ++++-----
 .../AbstractGuacamoleSocketService.java       | 12 +++----
 .../jdbc/socket/GuacamoleSocketService.java   |  8 ++---
 .../UnrestrictedGuacamoleSocketService.java   |  6 ++--
 .../auth/jdbc/user/AuthenticatedUser.java     |  6 ++--
 .../user/{MySQLUser.java => ModeledUser.java} | 10 +++---
 ...MySQLUserContext.java => UserContext.java} | 15 +++++----
 .../auth/jdbc/user/UserContextService.java    | 12 +++----
 .../auth/jdbc/user/UserDirectory.java         |  7 +++--
 .../guacamole/auth/jdbc/user/UserService.java | 31 ++++++++++---------
 24 files changed, 164 insertions(+), 149 deletions(-)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/{MySQLConnection.java => ModeledConnection.java} (87%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/{MySQLConnectionRecord.java => ModeledConnectionRecord.java} (86%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/{MySQLGuacamoleConfiguration.java => ModeledGuacamoleConfiguration.java} (95%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/{MySQLConnectionGroup.java => ModeledConnectionGroup.java} (90%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/{MySQLRootConnectionGroup.java => RootConnectionGroup.java} (96%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/{MySQLSystemPermissionSet.java => SystemPermissionSet.java} (90%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/{MySQLUser.java => ModeledUser.java} (95%)
 rename extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/{MySQLUserContext.java => UserContext.java} (89%)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 60bb6966d..061eebc2b 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -22,15 +22,15 @@
 
 package org.glyptodon.guacamole.auth.jdbc;
 
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUserContext;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.user.UserContext;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
 import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLGuacamoleConfiguration;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.jdbc.permission.MySQLSystemPermissionSet;
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.connection.ModeledGuacamoleConfiguration;
+import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection;
+import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionSet;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
 import org.glyptodon.guacamole.auth.jdbc.user.UserDirectory;
 import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper;
@@ -100,13 +100,13 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(Environment.class).toInstance(environment);
         bind(ConnectionDirectory.class);
         bind(ConnectionGroupDirectory.class);
-        bind(MySQLConnection.class);
-        bind(MySQLConnectionGroup.class);
-        bind(MySQLGuacamoleConfiguration.class);
-        bind(MySQLUser.class);
-        bind(MySQLUserContext.class);
-        bind(MySQLRootConnectionGroup.class);
-        bind(MySQLSystemPermissionSet.class);
+        bind(ModeledConnection.class);
+        bind(ModeledConnectionGroup.class);
+        bind(ModeledGuacamoleConfiguration.class);
+        bind(ModeledUser.class);
+        bind(RootConnectionGroup.class);
+        bind(SystemPermissionSet.class);
+        bind(UserContext.class);
         bind(UserDirectory.class);
         
         // Bind services
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
index 72f8f4816..122dc3ec9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/package-info.java
@@ -21,8 +21,8 @@
  */
 
 /**
- * Base classes supporting the MySQL authentication provider and defining the
- * relationships between the model and the implementations of guacamole-ext
+ * Base classes supporting JDBC-driven authentication providers and defining
+ * the relationships between the model and the implementations of guacamole-ext
  * classes.
  */
 package org.glyptodon.guacamole.auth.jdbc.base;
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
index 4fba7e243..f0d167c95 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
@@ -34,7 +34,8 @@ import org.glyptodon.guacamole.net.auth.Directory;
 import org.mybatis.guice.transactional.Transactional;
 
 /**
- * A MySQL based implementation of the Connection Directory.
+ * Implementation of the Connection Directory which is driven by an underlying,
+ * arbitrary database.
  *
  * @author James Muehlner
  * @author Michael Jumper
@@ -72,7 +73,7 @@ public class ConnectionDirectory implements Directory<Connection> {
     @Override
     @Transactional
     public Collection<Connection> getAll(Collection<String> identifiers) throws GuacamoleException {
-        Collection<MySQLConnection> objects = connectionService.retrieveObjects(currentUser, identifiers);
+        Collection<ModeledConnection> objects = connectionService.retrieveObjects(currentUser, identifiers);
         return Collections.<Connection>unmodifiableCollection(objects);
     }
 
@@ -91,7 +92,7 @@ public class ConnectionDirectory implements Directory<Connection> {
     @Override
     @Transactional
     public void update(Connection object) throws GuacamoleException {
-        MySQLConnection connection = (MySQLConnection) object;
+        ModeledConnection connection = (ModeledConnection) object;
         connectionService.updateObject(currentUser, connection);
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
index 3109638b8..634087ab7 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -52,7 +52,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class ConnectionService extends DirectoryObjectService<MySQLConnection, Connection, ConnectionModel> {
+public class ConnectionService extends DirectoryObjectService<ModeledConnection, Connection, ConnectionModel> {
 
     /**
      * Mapper for accessing connections.
@@ -76,7 +76,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
      * Provider for creating connections.
      */
     @Inject
-    private Provider<MySQLConnection> mySQLConnectionProvider;
+    private Provider<ModeledConnection> connectionProvider;
 
     /**
      * Service for creating and tracking sockets.
@@ -90,9 +90,9 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     }
 
     @Override
-    protected MySQLConnection getObjectInstance(AuthenticatedUser currentUser,
+    protected ModeledConnection getObjectInstance(AuthenticatedUser currentUser,
             ConnectionModel model) {
-        MySQLConnection connection = mySQLConnectionProvider.get();
+        ModeledConnection connection = connectionProvider.get();
         connection.init(currentUser, model);
         return connection;
     }
@@ -101,11 +101,11 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     protected ConnectionModel getModelInstance(AuthenticatedUser currentUser,
             final Connection object) {
 
-        // Create new MySQLConnection backed by blank model
+        // Create new ModeledConnection backed by blank model
         ConnectionModel model = new ConnectionModel();
-        MySQLConnection connection = getObjectInstance(currentUser, model);
+        ModeledConnection connection = getObjectInstance(currentUser, model);
 
-        // Set model contents through MySQLConnection, copying the provided connection
+        // Set model contents through ModeledConnection, copying the provided connection
         connection.setParentIdentifier(object.getParentIdentifier());
         connection.setName(object.getName());
         connection.setConfiguration(object.getConfiguration());
@@ -147,7 +147,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
 
     @Override
     protected void validateExistingObject(AuthenticatedUser user,
-            MySQLConnection object) throws GuacamoleException {
+            ModeledConnection object) throws GuacamoleException {
 
         // Name must not be blank
         if (object.getName().trim().isEmpty())
@@ -170,7 +170,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
      *     A collection of parameter models containing the name/value pairs
      *     of the given connection's parameters.
      */
-    private Collection<ParameterModel> getParameterModels(MySQLConnection connection) {
+    private Collection<ParameterModel> getParameterModels(ModeledConnection connection) {
 
         Map<String, String> parameters = connection.getConfiguration().getParameters();
         
@@ -202,11 +202,11 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     }
 
     @Override
-    public MySQLConnection createObject(AuthenticatedUser user, Connection object)
+    public ModeledConnection createObject(AuthenticatedUser user, Connection object)
             throws GuacamoleException {
 
         // Create connection
-        MySQLConnection connection = super.createObject(user, object);
+        ModeledConnection connection = super.createObject(user, object);
         connection.setConfiguration(object.getConfiguration());
 
         // Insert new parameters, if any
@@ -219,7 +219,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
     }
     
     @Override
-    public void updateObject(AuthenticatedUser user, MySQLConnection object)
+    public void updateObject(AuthenticatedUser user, ModeledConnection object)
             throws GuacamoleException {
 
         // Update connection
@@ -330,7 +330,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
      *     If permission to read the connection history is denied.
      */
     public List<ConnectionRecord> retrieveHistory(AuthenticatedUser user,
-            MySQLConnection connection) throws GuacamoleException {
+            ModeledConnection connection) throws GuacamoleException {
 
         String identifier = connection.getIdentifier();
         
@@ -345,7 +345,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
 
             // Add past connections from model objects
             for (ConnectionRecordModel model : models)
-                records.add(new MySQLConnectionRecord(model));
+                records.add(new ModeledConnectionRecord(model));
 
             // Return converted history list
             return records;
@@ -379,7 +379,7 @@ public class ConnectionService extends DirectoryObjectService<MySQLConnection, C
      *     If permission to connect to this connection is denied.
      */
     public GuacamoleSocket connect(AuthenticatedUser user,
-            MySQLConnection connection, GuacamoleClientInformation info)
+            ModeledConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
         // Connect only if READ permission is granted
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java
similarity index 87%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java
index df9bc02c2..64cb1232c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnection.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java
@@ -26,7 +26,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.List;
 import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObject;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup;
 import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
@@ -36,10 +36,13 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
 
 /**
- * A MySQL based implementation of the Connection object.
+ * An implementation of the Connection object which is backed by a database
+ * model.
+ *
  * @author James Muehlner
+ * @author Michael Jumper
  */
-public class MySQLConnection extends DirectoryObject<ConnectionModel>
+public class ModeledConnection extends DirectoryObject<ConnectionModel>
     implements Connection {
 
     /**
@@ -58,7 +61,7 @@ public class MySQLConnection extends DirectoryObject<ConnectionModel>
      * Provider for lazy-loaded, permission-controlled configurations.
      */
     @Inject
-    private Provider<MySQLGuacamoleConfiguration> configProvider;
+    private Provider<ModeledGuacamoleConfiguration> configProvider;
     
     /**
      * The manually-set GuacamoleConfiguration, if any.
@@ -66,9 +69,9 @@ public class MySQLConnection extends DirectoryObject<ConnectionModel>
     private GuacamoleConfiguration config = null;
     
     /**
-     * Creates a new, empty MySQLConnection.
+     * Creates a new, empty ModeledConnection.
      */
-    public MySQLConnection() {
+    public ModeledConnection() {
     }
 
     @Override
@@ -87,7 +90,7 @@ public class MySQLConnection extends DirectoryObject<ConnectionModel>
         // Translate null parent to proper identifier
         String parentIdentifier = getModel().getParentIdentifier();
         if (parentIdentifier == null)
-            return MySQLRootConnectionGroup.IDENTIFIER;
+            return RootConnectionGroup.IDENTIFIER;
 
         return parentIdentifier;
         
@@ -98,7 +101,7 @@ public class MySQLConnection extends DirectoryObject<ConnectionModel>
 
         // Translate root identifier back into null
         if (parentIdentifier != null
-                && parentIdentifier.equals(MySQLRootConnectionGroup.IDENTIFIER))
+                && parentIdentifier.equals(RootConnectionGroup.IDENTIFIER))
             parentIdentifier = null;
 
         getModel().setParentIdentifier(parentIdentifier);
@@ -113,7 +116,7 @@ public class MySQLConnection extends DirectoryObject<ConnectionModel>
             return config;
 
         // Otherwise, return permission-controlled configuration
-        MySQLGuacamoleConfiguration restrictedConfig = configProvider.get();
+        ModeledGuacamoleConfiguration restrictedConfig = configProvider.get();
         restrictedConfig.init(getCurrentUser(), getModel());
         return restrictedConfig;
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java
similarity index 86%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java
index b600af326..c86e46588 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLConnectionRecord.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java
@@ -27,27 +27,27 @@ import java.util.Date;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 /**
- * A ConnectionRecord which is based on data stored in MySQL.
+ * A ConnectionRecord which is backed by a database model.
  *
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class MySQLConnectionRecord implements ConnectionRecord {
+public class ModeledConnectionRecord implements ConnectionRecord {
 
     /**
      * The model object backing this connection record.
      */
-    private ConnectionRecordModel model;
+    private final ConnectionRecordModel model;
 
     /**
-     * Creates a new MySQLConnectionRecord backed by the given model object.
+     * Creates a new ModeledConnectionRecord backed by the given model object.
      * Changes to this record will affect the backing model object, and changes
      * to the backing model object will affect this record.
      * 
      * @param model
      *     The model object to use to back this connection record.
      */
-    public MySQLConnectionRecord(ConnectionRecordModel model) {
+    public ModeledConnectionRecord(ConnectionRecordModel model) {
         this.model = model;
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledGuacamoleConfiguration.java
similarity index 95%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledGuacamoleConfiguration.java
index 27f9abb6c..b88a936e7 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/MySQLGuacamoleConfiguration.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledGuacamoleConfiguration.java
@@ -33,7 +33,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
  *
  * @author Michael Jumper
  */
-public class MySQLGuacamoleConfiguration extends GuacamoleConfiguration {
+public class ModeledGuacamoleConfiguration extends GuacamoleConfiguration {
 
     /**
      * The user this configuration belongs to. Access is based on his/her
@@ -59,9 +59,9 @@ public class MySQLGuacamoleConfiguration extends GuacamoleConfiguration {
     private Map<String, String> parameters = null;
     
     /**
-     * Creates a new, empty MySQLGuacamoleConfiguration.
+     * Creates a new, empty ModelGuacamoleConfiguration.
      */
-    public MySQLGuacamoleConfiguration() {
+    public ModeledGuacamoleConfiguration() {
     }
 
     /**
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
index 7b752a329..e4ff0bbe9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
@@ -34,7 +34,8 @@ import org.glyptodon.guacamole.net.auth.Directory;
 import org.mybatis.guice.transactional.Transactional;
 
 /**
- * A MySQL based implementation of the ConnectionGroup Directory.
+ * Implementation of the ConnectionGroup Directory which is driven by an
+ * underlying, arbitrary database.
  *
  * @author James Muehlner
  * @author Michael Jumper
@@ -72,7 +73,7 @@ public class ConnectionGroupDirectory implements Directory<ConnectionGroup> {
     @Override
     @Transactional
     public Collection<ConnectionGroup> getAll(Collection<String> identifiers) throws GuacamoleException {
-        Collection<MySQLConnectionGroup> objects = connectionGroupService.retrieveObjects(currentUser, identifiers);
+        Collection<ModeledConnectionGroup> objects = connectionGroupService.retrieveObjects(currentUser, identifiers);
         return Collections.<ConnectionGroup>unmodifiableCollection(objects);
     }
 
@@ -91,7 +92,7 @@ public class ConnectionGroupDirectory implements Directory<ConnectionGroup> {
     @Override
     @Transactional
     public void update(ConnectionGroup object) throws GuacamoleException {
-        MySQLConnectionGroup connectionGroup = (MySQLConnectionGroup) object;
+        ModeledConnectionGroup connectionGroup = (ModeledConnectionGroup) object;
         connectionGroupService.updateObject(currentUser, connectionGroup);
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
index 4f50e9e65..296f87e28 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
@@ -46,7 +46,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class ConnectionGroupService extends DirectoryObjectService<MySQLConnectionGroup,
+public class ConnectionGroupService extends DirectoryObjectService<ModeledConnectionGroup,
         ConnectionGroup, ConnectionGroupModel> {
 
     /**
@@ -59,7 +59,7 @@ public class ConnectionGroupService extends DirectoryObjectService<MySQLConnecti
      * Provider for creating connection groups.
      */
     @Inject
-    private Provider<MySQLConnectionGroup> connectionGroupProvider;
+    private Provider<ModeledConnectionGroup> connectionGroupProvider;
 
     /**
      * Service for creating and tracking sockets.
@@ -73,9 +73,9 @@ public class ConnectionGroupService extends DirectoryObjectService<MySQLConnecti
     }
 
     @Override
-    protected MySQLConnectionGroup getObjectInstance(AuthenticatedUser currentUser,
+    protected ModeledConnectionGroup getObjectInstance(AuthenticatedUser currentUser,
             ConnectionGroupModel model) {
-        MySQLConnectionGroup connectionGroup = connectionGroupProvider.get();
+        ModeledConnectionGroup connectionGroup = connectionGroupProvider.get();
         connectionGroup.init(currentUser, model);
         return connectionGroup;
     }
@@ -84,11 +84,11 @@ public class ConnectionGroupService extends DirectoryObjectService<MySQLConnecti
     protected ConnectionGroupModel getModelInstance(AuthenticatedUser currentUser,
             final ConnectionGroup object) {
 
-        // Create new MySQLConnectionGroup backed by blank model
+        // Create new ModeledConnectionGroup backed by blank model
         ConnectionGroupModel model = new ConnectionGroupModel();
-        MySQLConnectionGroup connectionGroup = getObjectInstance(currentUser, model);
+        ModeledConnectionGroup connectionGroup = getObjectInstance(currentUser, model);
 
-        // Set model contents through MySQLConnection, copying the provided connection group
+        // Set model contents through ModeledConnectionGroup, copying the provided connection group
         connectionGroup.setParentIdentifier(object.getParentIdentifier());
         connectionGroup.setName(object.getName());
         connectionGroup.setType(object.getType());
@@ -130,7 +130,7 @@ public class ConnectionGroupService extends DirectoryObjectService<MySQLConnecti
 
     @Override
     protected void validateExistingObject(AuthenticatedUser user,
-            MySQLConnectionGroup object) throws GuacamoleException {
+            ModeledConnectionGroup object) throws GuacamoleException {
 
         // Name must not be blank
         if (object.getName().trim().isEmpty())
@@ -199,7 +199,7 @@ public class ConnectionGroupService extends DirectoryObjectService<MySQLConnecti
      *     If permission to connect to this connection is denied.
      */
     public GuacamoleSocket connect(AuthenticatedUser user,
-            MySQLConnectionGroup connectionGroup, GuacamoleClientInformation info)
+            ModeledConnectionGroup connectionGroup, GuacamoleClientInformation info)
             throws GuacamoleException {
 
         // Connect only if READ permission is granted
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java
similarity index 90%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java
index f23f19969..cad15286c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLConnectionGroup.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java
@@ -33,11 +33,12 @@ import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
 /**
- * A MySQL based implementation of the ConnectionGroup object.
+ * An implementation of the ConnectionGroup object which is backed by a
+ * database model.
  *
  * @author James Muehlner
  */
-public class MySQLConnectionGroup extends DirectoryObject<ConnectionGroupModel>
+public class ModeledConnectionGroup extends DirectoryObject<ConnectionGroupModel>
     implements ConnectionGroup {
 
     /**
@@ -59,9 +60,9 @@ public class MySQLConnectionGroup extends DirectoryObject<ConnectionGroupModel>
     private GuacamoleSocketService socketService;
 
     /**
-     * Creates a new, empty MySQLConnection.
+     * Creates a new, empty ModeledConnectionGroup.
      */
-    public MySQLConnectionGroup() {
+    public ModeledConnectionGroup() {
     }
 
     @Override
@@ -80,7 +81,7 @@ public class MySQLConnectionGroup extends DirectoryObject<ConnectionGroupModel>
         // Translate null parent to proper identifier
         String parentIdentifier = getModel().getParentIdentifier();
         if (parentIdentifier == null)
-            return MySQLRootConnectionGroup.IDENTIFIER;
+            return RootConnectionGroup.IDENTIFIER;
 
         return parentIdentifier;
         
@@ -91,7 +92,7 @@ public class MySQLConnectionGroup extends DirectoryObject<ConnectionGroupModel>
 
         // Translate root identifier back into null
         if (parentIdentifier != null
-                && parentIdentifier.equals(MySQLRootConnectionGroup.IDENTIFIER))
+                && parentIdentifier.equals(RootConnectionGroup.IDENTIFIER))
             parentIdentifier = null;
 
         getModel().setParentIdentifier(parentIdentifier);
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java
similarity index 96%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java
index eeaf6e939..be0ed819e 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/MySQLRootConnectionGroup.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java
@@ -38,7 +38,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author Michael Jumper
  */
-public class MySQLRootConnectionGroup implements ConnectionGroup {
+public class RootConnectionGroup implements ConnectionGroup {
 
     /**
      * The identifier used to represent the root connection group. There is no
@@ -73,9 +73,9 @@ public class MySQLRootConnectionGroup implements ConnectionGroup {
     private ConnectionGroupService connectionGroupService;
     
     /**
-     * Creates a new, empty MySQLRootConnectionGroup.
+     * Creates a new, empty RootConnectionGroup.
      */
-    public MySQLRootConnectionGroup() {
+    public RootConnectionGroup() {
     }
 
     /**
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index 14b893c55..88b391600 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -26,7 +26,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -89,7 +89,7 @@ public abstract class ObjectPermissionService<ModelType>
      *     If an error occurs while checking permission status, or if
      *     permission is denied to read the current user's permissions.
      */
-    protected boolean canAlterPermissions(AuthenticatedUser user, MySQLUser targetUser,
+    protected boolean canAlterPermissions(AuthenticatedUser user, ModeledUser targetUser,
             Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
@@ -123,7 +123,7 @@ public abstract class ObjectPermissionService<ModelType>
     }
     
     @Override
-    public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
+    public void createPermissions(AuthenticatedUser user, ModeledUser targetUser,
             Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
@@ -140,7 +140,7 @@ public abstract class ObjectPermissionService<ModelType>
     }
 
     @Override
-    public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
+    public void deletePermissions(AuthenticatedUser user, ModeledUser targetUser,
             Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
index 1e1266215..3207ffc8d 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/PermissionService.java
@@ -27,7 +27,7 @@ import java.util.Collection;
 import java.util.HashSet;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.Permission;
@@ -112,7 +112,7 @@ public abstract class PermissionService<PermissionSetType extends PermissionSet<
      *     A model object which is based on the given permission and target
      *     user.
      */
-    protected abstract ModelType getModelInstance(MySQLUser targetUser,
+    protected abstract ModelType getModelInstance(ModeledUser targetUser,
             PermissionType permission);
     
     /**
@@ -129,7 +129,7 @@ public abstract class PermissionService<PermissionSetType extends PermissionSet<
      *     A collection of model objects which are based on the given
      *     permissions and target user.
      */
-    protected Collection<ModelType> getModelInstances(MySQLUser targetUser,
+    protected Collection<ModelType> getModelInstances(ModeledUser targetUser,
             Collection<PermissionType> permissions) {
 
         // Create new collection of models by manually converting each permission 
@@ -163,7 +163,7 @@ public abstract class PermissionService<PermissionSetType extends PermissionSet<
      *     user is denied.
      */
     public abstract PermissionSetType getPermissionSet(AuthenticatedUser user,
-            MySQLUser targetUser) throws GuacamoleException;
+            ModeledUser targetUser) throws GuacamoleException;
 
     /**
      * Retrieves all permissions associated with the given user.
@@ -181,7 +181,7 @@ public abstract class PermissionService<PermissionSetType extends PermissionSet<
      *     If an error occurs while retrieving the requested permissions.
      */
     public Set<PermissionType> retrievePermissions(AuthenticatedUser user,
-            MySQLUser targetUser) throws GuacamoleException {
+            ModeledUser targetUser) throws GuacamoleException {
 
         // Only an admin can read permissions that aren't his own
         if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
@@ -211,7 +211,7 @@ public abstract class PermissionService<PermissionSetType extends PermissionSet<
      *     occurs while creating the permissions.
      */
     public abstract void createPermissions(AuthenticatedUser user,
-            MySQLUser targetUser,
+            ModeledUser targetUser,
             Collection<PermissionType> permissions) throws GuacamoleException;
 
     /**
@@ -232,7 +232,7 @@ public abstract class PermissionService<PermissionSetType extends PermissionSet<
      *     occurs while deleting the permissions.
      */
     public abstract void deletePermissions(AuthenticatedUser user,
-            MySQLUser targetUser,
+            ModeledUser targetUser,
             Collection<PermissionType> permissions) throws GuacamoleException;
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
index 90ebdc146..52edda6d0 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
@@ -26,7 +26,7 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Collection;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -39,7 +39,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
  * @author Michael Jumper
  */
 public class SystemPermissionService
-    extends PermissionService<MySQLSystemPermissionSet, SystemPermission, SystemPermissionModel> {
+    extends PermissionService<SystemPermissionSet, SystemPermission, SystemPermissionModel> {
 
     /**
      * Mapper for system-level permissions.
@@ -51,7 +51,7 @@ public class SystemPermissionService
      * Provider for creating system permission sets.
      */
     @Inject
-    private Provider<MySQLSystemPermissionSet> systemPermissionSetProvider;
+    private Provider<SystemPermissionSet> systemPermissionSetProvider;
 
     @Override
     protected SystemPermissionMapper getPermissionMapper() {
@@ -64,7 +64,7 @@ public class SystemPermissionService
     }
 
     @Override
-    protected SystemPermissionModel getModelInstance(final MySQLUser targetUser,
+    protected SystemPermissionModel getModelInstance(final ModeledUser targetUser,
             final SystemPermission permission) {
 
         SystemPermissionModel model = new SystemPermissionModel();
@@ -79,11 +79,11 @@ public class SystemPermissionService
     }
 
     @Override
-    public MySQLSystemPermissionSet getPermissionSet(AuthenticatedUser user,
-            MySQLUser targetUser) throws GuacamoleException {
+    public SystemPermissionSet getPermissionSet(AuthenticatedUser user,
+            ModeledUser targetUser) throws GuacamoleException {
 
         // Create permission set for requested user
-        MySQLSystemPermissionSet permissionSet = systemPermissionSetProvider.get();
+        SystemPermissionSet permissionSet = systemPermissionSetProvider.get();
         permissionSet.init(user, targetUser);
 
         return permissionSet;
@@ -91,7 +91,7 @@ public class SystemPermissionService
     }
     
     @Override
-    public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
+    public void createPermissions(AuthenticatedUser user, ModeledUser targetUser,
             Collection<SystemPermission> permissions) throws GuacamoleException {
 
         // Only an admin can create system permissions
@@ -107,7 +107,7 @@ public class SystemPermissionService
     }
 
     @Override
-    public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
+    public void deletePermissions(AuthenticatedUser user, ModeledUser targetUser,
             Collection<SystemPermission> permissions) throws GuacamoleException {
 
         // Only an admin can delete system permissions
@@ -143,7 +143,7 @@ public class SystemPermissionService
      *     If an error occurs while retrieving the requested permission.
      */
     public SystemPermission retrievePermission(AuthenticatedUser user,
-            MySQLUser targetUser, SystemPermission.Type type) throws GuacamoleException {
+            ModeledUser targetUser, SystemPermission.Type type) throws GuacamoleException {
 
         // Only an admin can read permissions that aren't his own
         if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java
similarity index 90%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java
index 0bcf0a44b..55fa50077 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/MySQLSystemPermissionSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java
@@ -22,14 +22,13 @@
 
 package org.glyptodon.guacamole.auth.jdbc.permission;
 
-import org.glyptodon.guacamole.auth.jdbc.user.MySQLUser;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
 import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
-import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
 
 /**
  * A database implementation of SystemPermissionSet which uses an injected
@@ -38,7 +37,8 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
  *
  * @author Michael Jumper
  */
-public class MySQLSystemPermissionSet implements SystemPermissionSet {
+public class SystemPermissionSet
+    implements org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet {
 
     /**
      * The user that queried this permission set. Access is based on his/her
@@ -50,7 +50,7 @@ public class MySQLSystemPermissionSet implements SystemPermissionSet {
      * The user associated with this permission set. Each of the permissions in
      * this permission set is granted to this user.
      */
-    private MySQLUser user;
+    private ModeledUser user;
 
     /**
      * Service for reading and manipulating system permissions.
@@ -59,11 +59,11 @@ public class MySQLSystemPermissionSet implements SystemPermissionSet {
     private SystemPermissionService systemPermissionService;
     
     /**
-     * Creates a new MySQLSystemPermissionSet. The resulting permission set
+     * Creates a new SystemPermissionSet. The resulting permission set
      * must still be initialized by a call to init(), or the information
      * necessary to read and modify this set will be missing.
      */
-    public MySQLSystemPermissionSet() {
+    public SystemPermissionSet() {
     }
 
     /**
@@ -77,7 +77,7 @@ public class MySQLSystemPermissionSet implements SystemPermissionSet {
      * @param user
      *     The user to whom the permissions in this set are granted.
      */
-    public void init(AuthenticatedUser currentUser, MySQLUser user) {
+    public void init(AuthenticatedUser currentUser, ModeledUser user) {
         this.currentUser = currentUser;
         this.user = user;
     }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
index 9ef4903a7..5f1b623e6 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java
@@ -31,8 +31,8 @@ import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper;
 import org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel;
@@ -154,7 +154,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
      *     If access is denied to the given user for any reason.
      */
     protected abstract void acquire(AuthenticatedUser user,
-            MySQLConnection connection) throws GuacamoleException;
+            ModeledConnection connection) throws GuacamoleException;
 
     /**
      * Releases possibly-exclusive access to the given connection on behalf of
@@ -168,11 +168,11 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
      *     The connection being released.
      */
     protected abstract void release(AuthenticatedUser user,
-            MySQLConnection connection);
+            ModeledConnection connection);
 
     @Override
     public GuacamoleSocket getGuacamoleSocket(final AuthenticatedUser user,
-            final MySQLConnection connection, GuacamoleClientInformation info)
+            final ModeledConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
         // Create record for active connection
@@ -273,7 +273,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
 
     @Override
     public GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
-            MySQLConnectionGroup connectionGroup,
+            ModeledConnectionGroup connectionGroup,
             GuacamoleClientInformation info) throws GuacamoleException {
         // STUB
         throw new UnsupportedOperationException("STUB");
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
index 2ef2025ce..31e240ba2 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java
@@ -24,8 +24,8 @@ package org.glyptodon.guacamole.auth.jdbc.socket;
 
 import java.util.List;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
@@ -68,7 +68,7 @@ public interface GuacamoleSocketService {
      *     rules.
      */
     GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
-            MySQLConnection connection, GuacamoleClientInformation info)
+            ModeledConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException;
 
     /**
@@ -111,7 +111,7 @@ public interface GuacamoleSocketService {
      *     rules, or if the connection group is not balancing.
      */
     GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
-            MySQLConnectionGroup connectionGroup,
+            ModeledConnectionGroup connectionGroup,
             GuacamoleClientInformation info)
             throws GuacamoleException;
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
index 02bb5263a..a1d619378 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/UnrestrictedGuacamoleSocketService.java
@@ -24,7 +24,7 @@ package org.glyptodon.guacamole.auth.jdbc.socket;
 
 import com.google.inject.Singleton;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.connection.MySQLConnection;
+import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection;
 import org.glyptodon.guacamole.GuacamoleException;
 
 
@@ -39,13 +39,13 @@ public class UnrestrictedGuacamoleSocketService
     extends AbstractGuacamoleSocketService {
 
     @Override
-    protected void acquire(AuthenticatedUser user, MySQLConnection connection)
+    protected void acquire(AuthenticatedUser user, ModeledConnection connection)
             throws GuacamoleException {
         // Do nothing
     }
 
     @Override
-    protected void release(AuthenticatedUser user, MySQLConnection connection) {
+    protected void release(AuthenticatedUser user, ModeledConnection connection) {
         // Do nothing
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
index d6181ccfb..7b01d4598 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/AuthenticatedUser.java
@@ -34,7 +34,7 @@ public class AuthenticatedUser {
     /**
      * The user that authenticated.
      */
-    private final MySQLUser user;
+    private final ModeledUser user;
 
     /**
      * The credentials given when this user authenticated.
@@ -51,7 +51,7 @@ public class AuthenticatedUser {
      * @param credentials 
      *     The credentials given by the user when they authenticated.
      */
-    public AuthenticatedUser(MySQLUser user, Credentials credentials) {
+    public AuthenticatedUser(ModeledUser user, Credentials credentials) {
         this.user = user;
         this.credentials = credentials;
     }
@@ -62,7 +62,7 @@ public class AuthenticatedUser {
      * @return 
      *     The user that authenticated.
      */
-    public MySQLUser getUser() {
+    public ModeledUser getUser() {
         return user;
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
similarity index 95%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
index 8243cc5fd..8f3eeb6f1 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
@@ -35,10 +35,12 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
 import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 
 /**
- * A MySQL based implementation of the User object.
+ * An implementation of the User object which is backed by a database model.
+ *
  * @author James Muehlner
+ * @author Michael Jumper
  */
-public class MySQLUser extends DirectoryObject<UserModel> implements User {
+public class ModeledUser extends DirectoryObject<UserModel> implements User {
 
     /**
      * Service for hashing passwords.
@@ -68,9 +70,9 @@ public class MySQLUser extends DirectoryObject<UserModel> implements User {
     private String password = null;
     
     /**
-     * Creates a new, empty MySQLUser.
+     * Creates a new, empty ModeledUser.
      */
-    public MySQLUser() {
+    public ModeledUser() {
     }
 
     @Override
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
similarity index 89%
rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
index 4151a8ee1..84e14a157 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/MySQLUserContext.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
@@ -23,7 +23,7 @@
 package org.glyptodon.guacamole.auth.jdbc.user;
 
 
-import org.glyptodon.guacamole.auth.jdbc.connectiongroup.MySQLRootConnectionGroup;
+import org.glyptodon.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup;
 import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirectory;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
 import com.google.inject.Inject;
@@ -33,13 +33,16 @@ import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
-import org.glyptodon.guacamole.net.auth.UserContext;
 
 /**
- * The MySQL representation of a UserContext.
+ * UserContext implementation which is driven by an arbitrary, underlying
+ * database.
+ *
  * @author James Muehlner
+ * @author Michael Jumper
  */
-public class MySQLUserContext implements UserContext {
+public class UserContext
+    implements org.glyptodon.guacamole.net.auth.UserContext {
 
     /**
      * The the user owning this context.
@@ -71,7 +74,7 @@ public class MySQLUserContext implements UserContext {
      * Provider for creating the root group.
      */
     @Inject
-    private Provider<MySQLRootConnectionGroup> rootGroupProvider;
+    private Provider<RootConnectionGroup> rootGroupProvider;
 
     /**
      * Initializes the user and directories associated with this context.
@@ -114,7 +117,7 @@ public class MySQLUserContext implements UserContext {
     public ConnectionGroup getRootConnectionGroup() throws GuacamoleException {
 
         // Build and return a root group for the current user
-        MySQLRootConnectionGroup rootGroup = rootGroupProvider.get();
+        RootConnectionGroup rootGroup = rootGroupProvider.get();
         rootGroup.init(currentUser);
         return rootGroup;
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
index 8895b4674..c0a31074f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContextService.java
@@ -26,7 +26,6 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.Credentials;
-import org.glyptodon.guacamole.net.auth.UserContext;
 
 /**
  * Service which creates new UserContext instances for valid users based on
@@ -46,7 +45,7 @@ public class UserContextService  {
      * Provider for retrieving UserContext instances.
      */
     @Inject
-    private Provider<MySQLUserContext> userContextProvider;
+    private Provider<UserContext> userContextProvider;
 
     /**
      * Authenticates the user having the given credentials, returning a new
@@ -62,15 +61,16 @@ public class UserContextService  {
      * @throws GuacamoleException
      *     If an error occurs during authentication.
      */
-    public UserContext getUserContext(Credentials credentials)
-            throws GuacamoleException {
+    public org.glyptodon.guacamole.net.auth.UserContext
+        getUserContext(Credentials credentials)
+                throws GuacamoleException {
 
         // Authenticate user
-        MySQLUser user = userService.retrieveUser(credentials);
+        ModeledUser user = userService.retrieveUser(credentials);
         if (user != null) {
 
             // Upon successful authentication, return new user context
-            MySQLUserContext context = userContextProvider.get();
+            UserContext context = userContextProvider.get();
             context.init(user.getCurrentUser());
             return context;
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
index ae02e066c..0693a9737 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
@@ -33,7 +33,8 @@ import org.glyptodon.guacamole.net.auth.User;
 import org.mybatis.guice.transactional.Transactional;
 
 /**
- * A MySQL based implementation of the User Directory.
+ * Implementation of the User Directory which is driven by an underlying,
+ * arbitrary database.
  *
  * @author James Muehlner
  * @author Michael Jumper
@@ -71,7 +72,7 @@ public class UserDirectory implements Directory<User> {
     @Override
     @Transactional
     public Collection<User> getAll(Collection<String> identifiers) throws GuacamoleException {
-        Collection<MySQLUser> objects = userService.retrieveObjects(currentUser, identifiers);
+        Collection<ModeledUser> objects = userService.retrieveObjects(currentUser, identifiers);
         return Collections.<User>unmodifiableCollection(objects);
     }
 
@@ -90,7 +91,7 @@ public class UserDirectory implements Directory<User> {
     @Override
     @Transactional
     public void update(User object) throws GuacamoleException {
-        MySQLUser user = (MySQLUser) object;
+        ModeledUser user = (ModeledUser) object;
         userService.updateObject(currentUser, user);
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
index e3ff5a23a..a74f5cd89 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
@@ -42,7 +42,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class UserService extends DirectoryObjectService<MySQLUser, User, UserModel> {
+public class UserService extends DirectoryObjectService<ModeledUser, User, UserModel> {
 
     /**
      * Mapper for accessing users.
@@ -54,7 +54,7 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
      * Provider for creating users.
      */
     @Inject
-    private Provider<MySQLUser> mySQLUserProvider;
+    private Provider<ModeledUser> userProvider;
 
     @Override
     protected DirectoryObjectMapper<UserModel> getObjectMapper() {
@@ -62,9 +62,9 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
     }
 
     @Override
-    protected MySQLUser getObjectInstance(AuthenticatedUser currentUser,
+    protected ModeledUser getObjectInstance(AuthenticatedUser currentUser,
             UserModel model) {
-        MySQLUser user = mySQLUserProvider.get();
+        ModeledUser user = userProvider.get();
         user.init(currentUser, model);
         return user;
     }
@@ -73,11 +73,11 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
     protected UserModel getModelInstance(AuthenticatedUser currentUser,
             final User object) {
 
-        // Create new MySQLUser backed by blank model
+        // Create new ModeledUser backed by blank model
         UserModel model = new UserModel();
-        MySQLUser user = getObjectInstance(currentUser, model);
+        ModeledUser user = getObjectInstance(currentUser, model);
 
-        // Set model contents through MySQLUser, copying the provided user
+        // Set model contents through ModeledUser, copying the provided user
         user.setIdentifier(object.getIdentifier());
         user.setPassword(object.getPassword());
 
@@ -121,14 +121,14 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
 
     @Override
     protected void validateExistingObject(AuthenticatedUser user,
-            MySQLUser object) throws GuacamoleException {
+            ModeledUser object) throws GuacamoleException {
 
         // Username must not be blank
         if (object.getIdentifier().trim().isEmpty())
             throw new GuacamoleClientException("The username must not be blank.");
         
         // Check whether such a user is already present
-        MySQLUser existing = retrieveObject(user, object.getIdentifier());
+        ModeledUser existing = retrieveObject(user, object.getIdentifier());
         if (existing != null) {
 
             UserModel existingModel = existing.getModel();
@@ -146,11 +146,14 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
      * Retrieves the user corresponding to the given credentials from the
      * database.
      *
-     * @param credentials The credentials to use when locating the user.
-     * @return The existing MySQLUser object if the credentials given are
-     *         valid, null otherwise.
+     * @param credentials
+     *     The credentials to use when locating the user.
+     *
+     * @return
+     *     The existing ModeledUser object if the credentials given are valid,
+     *     null otherwise.
      */
-    public MySQLUser retrieveUser(Credentials credentials) {
+    public ModeledUser retrieveUser(Credentials credentials) {
 
         // Get username and password
         String username = credentials.getUsername();
@@ -162,7 +165,7 @@ public class UserService extends DirectoryObjectService<MySQLUser, User, UserMod
             return null;
 
         // Return corresponding user, set up cyclic reference
-        MySQLUser user = getObjectInstance(null, userModel);
+        ModeledUser user = getObjectInstance(null, userModel);
         user.setCurrentUser(new AuthenticatedUser(user, credentials));
         return user;
 

From 925479455a68ecb0a7139aec5f95212bc2f760f2 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 12:50:28 -0800
Subject: [PATCH 50/60] GUAC-1101: Add extensions to main parent pom.xml, now
 that no extension depends on external systems.

---
 pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pom.xml b/pom.xml
index 7c3e2323b..e3af9a7df 100644
--- a/pom.xml
+++ b/pom.xml
@@ -27,6 +27,11 @@
         <!-- Guacamole JavaScript API -->
         <module>guacamole-common-js</module>
 
+        <!-- Authentication extensions -->
+        <module>extensions/guacamole-auth-jdbc</module>
+        <module>extensions/guacamole-auth-ldap</module>
+        <module>extensions/guacamole-auth-noauth</module>
+
     </modules>
 
     <build>

From 68fd8e225c83fdfc131ef5a3ed50b8164c8630f4 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 13:53:07 -0800
Subject: [PATCH 51/60] GUAC-1101: Partial object permission implementation.

---
 .../permission/ObjectPermissionMapper.java    |  29 +++-
 .../permission/ObjectPermissionService.java   |  59 +++++++-
 .../jdbc/permission/ObjectPermissionSet.java  | 130 ++++++++++++++++++
 3 files changed, 210 insertions(+), 8 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
index 777f54046..232f1efd5 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
@@ -22,10 +22,37 @@
 
 package org.glyptodon.guacamole.auth.jdbc.permission;
 
+import org.apache.ibatis.annotations.Param;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+
 /**
  * Mapper for object-related permissions.
  *
  * @author Michael Jumper
  */
 public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissionModel> {
-}
\ No newline at end of file
+
+    /**
+     * Retrieve the permission of the given type associated with the given
+     * user and object, if it exists. If no such permission exists, null is
+     * returned.
+     *
+     * @param user
+     *     The user to retrieve permissions for.
+     * 
+     * @param type
+     *     The type of permission to return.
+     * 
+     * @param identifier
+     *     The identifier of the object affected by the permission to return.
+     *
+     * @return
+     *     The requested permission, or null if no such permission is granted
+     *     to the given user for the given object.
+     */
+    ObjectPermissionModel selectOne(@Param("user") UserModel user,
+            @Param("type") ObjectPermission.Type type,
+            @Param("identifier") String identifier);
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index 88b391600..d5abdc1a2 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -38,12 +38,12 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
  * permissions of the current user.
  *
  * @author Michael Jumper
- * @param <ModelType>
- *     The underlying model object used to represent PermissionType in the
- *     database.
  */
-public abstract class ObjectPermissionService<ModelType>
-    extends PermissionService<ObjectPermissionSet, ObjectPermission, ModelType> {
+public abstract class ObjectPermissionService
+    extends PermissionService<ObjectPermissionSet, ObjectPermission, ObjectPermissionModel> {
+
+    @Override
+    protected abstract ObjectPermissionMapper getPermissionMapper();
 
     /**
      * Returns the permission set associated with the given user and related
@@ -129,7 +129,7 @@ public abstract class ObjectPermissionService<ModelType>
 
         // Create permissions only if user has permission to do so
         if (canAlterPermissions(user, targetUser, permissions)) {
-            Collection<ModelType> models = getModelInstances(targetUser, permissions);
+            Collection<ObjectPermissionModel> models = getModelInstances(targetUser, permissions);
             getPermissionMapper().insert(models);
             return;
         }
@@ -146,7 +146,7 @@ public abstract class ObjectPermissionService<ModelType>
 
         // Delete permissions only if user has permission to do so
         if (canAlterPermissions(user, targetUser, permissions)) {
-            Collection<ModelType> models = getModelInstances(targetUser, permissions);
+            Collection<ObjectPermissionModel> models = getModelInstances(targetUser, permissions);
             getPermissionMapper().delete(models);
             return;
         }
@@ -156,4 +156,49 @@ public abstract class ObjectPermissionService<ModelType>
 
     }
 
+    /**
+     * Retrieves the permission of the given type associated with the given
+     * user and object, if it exists. If no such permission exists, null is
+     *
+     * @param user
+     *     The user retrieving the permission.
+     *
+     * @param targetUser
+     *     The user associated with the permission to be retrieved.
+     * 
+     * @param type
+     *     The type of permission to retrieve.
+     *
+     * @param identifier
+     *     The identifier of the object affected by the permission to return.
+     *
+     * @return
+     *     The permission of the given type associated with the given user and
+     *     object, or null if no such permission exists.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested permission.
+     */
+    public ObjectPermission retrievePermission(AuthenticatedUser user,
+            ModeledUser targetUser, ObjectPermission.Type type,
+            String identifier) throws GuacamoleException {
+
+        // Only an admin can read permissions that aren't his own
+        if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
+                || user.getUser().isAdministrator()) {
+
+            // Read permission from database, return null if not found
+            ObjectPermissionModel model = getPermissionMapper().selectOne(targetUser.getModel(), type, identifier);
+            if (model == null)
+                return null;
+
+            return getPermissionInstance(model);
+
+        }
+
+        // User cannot read this user's permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+        
+    }
+
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
new file mode 100644
index 000000000..fc1a1ae2f
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
@@ -0,0 +1,130 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+
+/**
+ * A database implementation of ObjectPermissionSet which uses an injected
+ * service to query and manipulate the object-level permissions associated with
+ * a particular user.
+ *
+ * @author Michael Jumper
+ */
+public abstract class ObjectPermissionSet
+    implements org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet {
+
+    /**
+     * The user that queried this permission set. Access is based on his/her
+     * permission settings.
+     */
+    private AuthenticatedUser currentUser;
+
+    /**
+     * The user associated with this permission set. Each of the permissions in
+     * this permission set is granted to this user.
+     */
+    private ModeledUser user;
+
+    /**
+     * Creates a new ObjectPermissionSet. The resulting permission set
+     * must still be initialized by a call to init(), or the information
+     * necessary to read and modify this set will be missing.
+     */
+    public ObjectPermissionSet() {
+    }
+
+    /**
+     * Initializes this permission set with the current user and the user
+     * to whom the permissions in this set are granted.
+     *
+     * @param currentUser
+     *     The user who queried this permission set, and whose permissions
+     *     dictate the access level of all operations performed on this set.
+     *
+     * @param user
+     *     The user to whom the permissions in this set are granted.
+     */
+    public void init(AuthenticatedUser currentUser, ModeledUser user) {
+        this.currentUser = currentUser;
+        this.user = user;
+    }
+
+    /**
+     * Returns an ObjectPermissionService implementation for manipulating the
+     * type of permissions contained within this permission set.
+     *
+     * @return
+     *     An object permission service for manipulating the type of
+     *     permissions contained within this permission set.
+     */
+    protected abstract ObjectPermissionService getObjectPermissionService();
+ 
+    @Override
+    public Set<ObjectPermission> getPermissions() throws GuacamoleException {
+        return getObjectPermissionService().retrievePermissions(currentUser, user);
+    }
+
+    @Override
+    public boolean hasPermission(ObjectPermission.Type permission,
+            String identifier) throws GuacamoleException {
+        return getObjectPermissionService().retrievePermission(currentUser, user, permission, identifier) != null;
+    }
+
+    @Override
+    public void addPermission(ObjectPermission.Type permission,
+            String identifier) throws GuacamoleException {
+        addPermissions(Collections.singleton(new ObjectPermission(permission, identifier)));
+    }
+
+    @Override
+    public void removePermission(ObjectPermission.Type permission,
+            String identifier) throws GuacamoleException {
+        removePermissions(Collections.singleton(new ObjectPermission(permission, identifier)));
+    }
+
+    @Override
+    public Collection<String> getAccessibleObjects(Collection<ObjectPermission.Type> permissions,
+            Collection<String> identifiers) throws GuacamoleException {
+        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+    }
+
+    @Override
+    public void addPermissions(Set<ObjectPermission> permissions)
+            throws GuacamoleException {
+        getObjectPermissionService().createPermissions(currentUser, user, permissions);
+    }
+
+    @Override
+    public void removePermissions(Set<ObjectPermission> permissions)
+            throws GuacamoleException {
+        getObjectPermissionService().deletePermissions(currentUser, user, permissions);
+    }
+
+}

From 03633fb9025bc997a62654a221c5eb4ff585fce6 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 14:27:27 -0800
Subject: [PATCH 52/60] GUAC-1101: Move tracking of current user into
 RestrictedObject.

---
 .../auth/jdbc/base/DirectoryObject.java       |  2 +-
 .../auth/jdbc/base/ModeledObject.java         | 82 +++++++++++++++++++
 .../auth/jdbc/base/RestrictedObject.java      | 43 +---------
 .../jdbc/connection/ConnectionDirectory.java  | 34 ++------
 .../ConnectionGroupDirectory.java             | 34 ++------
 .../connectiongroup/RootConnectionGroup.java  | 26 ++----
 .../jdbc/permission/ObjectPermissionSet.java  | 19 ++---
 .../jdbc/permission/SystemPermissionSet.java  | 19 ++---
 .../guacamole/auth/jdbc/user/UserContext.java | 23 ++----
 .../auth/jdbc/user/UserDirectory.java         | 33 ++------
 10 files changed, 140 insertions(+), 175 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledObject.java

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
index 0f3e6d6a5..8568d8995 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java
@@ -34,7 +34,7 @@ import org.glyptodon.guacamole.net.auth.Identifiable;
  *     The type of model object that corresponds to this object.
  */
 public abstract class DirectoryObject<ModelType extends ObjectModel>
-    extends RestrictedObject<ModelType> implements Identifiable {
+    extends ModeledObject<ModelType> implements Identifiable {
 
     @Override
     public String getIdentifier() {
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledObject.java
new file mode 100644
index 000000000..276b0909e
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledObject.java
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.base;
+
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+
+/**
+ * Common base class for objects have an underlying model. For the purposes of
+ * JDBC-driven authentication providers, all modeled objects are also
+ * restricted.
+ *
+ * @author Michael Jumper
+ * @param <ModelType>
+ *     The type of model object which corresponds to this object.
+ */
+public abstract class ModeledObject<ModelType> extends RestrictedObject {
+
+    /**
+     * The internal model object containing the values which represent this
+     * object in the database.
+     */
+    private ModelType model;
+
+    /**
+     * Initializes this object, associating it with the current authenticated
+     * user and populating it with data from the given model object
+     *
+     * @param currentUser
+     *     The user that created or retrieved this object.
+     *
+     * @param model 
+     *     The backing model object.
+     */
+    public void init(AuthenticatedUser currentUser, ModelType model) {
+        super.init(currentUser);
+        setModel(model);
+    }
+
+    /**
+     * Returns the backing model object. Changes to the model object will
+     * affect this object, and changes to this object will affect the model
+     * object.
+     *
+     * @return
+     *     The backing model object.
+     */
+    public ModelType getModel() {
+        return model;
+    }
+
+    /**
+     * Sets the backing model object. This will effectively replace all data
+     * contained within this object.
+     *
+     * @param model
+     *     The backing model object.
+     */
+    public void setModel(ModelType model) {
+        this.model = model;
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
index 0c506b6a0..d8828c43c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/RestrictedObject.java
@@ -26,13 +26,11 @@ import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 
 /**
  * Common base class for objects that are associated with the users that
- * query them, and have an underlying model.
+ * obtain them.
  *
  * @author Michael Jumper
- * @param <ModelType>
- *     The type of model object which corresponds to this object.
  */
-public abstract class RestrictedObject<ModelType> {
+public abstract class RestrictedObject {
 
     /**
      * The user this object belongs to. Access is based on his/her permission
@@ -40,25 +38,15 @@ public abstract class RestrictedObject<ModelType> {
      */
     private AuthenticatedUser currentUser;
 
-    /**
-     * The internal model object containing the values which represent this
-     * object in the database.
-     */
-    private ModelType model;
-
     /**
      * Initializes this object, associating it with the current authenticated
      * user and populating it with data from the given model object
      *
      * @param currentUser
      *     The user that created or retrieved this object.
-     *
-     * @param model 
-     *     The backing model object.
      */
-    public void init(AuthenticatedUser currentUser, ModelType model) {
+    public void init(AuthenticatedUser currentUser) {
         setCurrentUser(currentUser);
-        setModel(model);
     }
 
     /**
@@ -85,27 +73,4 @@ public abstract class RestrictedObject<ModelType> {
         this.currentUser = currentUser;
     }
 
-    /**
-     * Returns the backing model object. Changes to the model object will
-     * affect this object, and changes to this object will affect the model
-     * object.
-     *
-     * @return
-     *     The backing model object.
-     */
-    public ModelType getModel() {
-        return model;
-    }
-
-    /**
-     * Sets the backing model object. This will effectively replace all data
-     * contained within this object.
-     *
-     * @param model
-     *     The backing model object.
-     */
-    public void setModel(ModelType model) {
-        this.model = model;
-    }
-
-}
\ No newline at end of file
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
index f0d167c95..2afc98b28 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionDirectory.java
@@ -27,8 +27,8 @@ import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.mybatis.guice.transactional.Transactional;
@@ -40,66 +40,50 @@ import org.mybatis.guice.transactional.Transactional;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class ConnectionDirectory implements Directory<Connection> {
+public class ConnectionDirectory extends RestrictedObject
+    implements Directory<Connection> {
 
-    /**
-     * The user this connection directory belongs to. Access is based on
-     * his/her permission settings.
-     */
-    private AuthenticatedUser currentUser;
-    
     /**
      * Service for managing connection objects.
      */
     @Inject
     private ConnectionService connectionService;
 
-    /**
-     * Set the user for this directory.
-     *
-     * @param currentUser
-     *     The user whose permissions define the visibility of connections in
-     *     this directory.
-     */
-    public void init(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-    
     @Override
     public Connection get(String identifier) throws GuacamoleException {
-        return connectionService.retrieveObject(currentUser, identifier);
+        return connectionService.retrieveObject(getCurrentUser(), identifier);
     }
 
     @Override
     @Transactional
     public Collection<Connection> getAll(Collection<String> identifiers) throws GuacamoleException {
-        Collection<ModeledConnection> objects = connectionService.retrieveObjects(currentUser, identifiers);
+        Collection<ModeledConnection> objects = connectionService.retrieveObjects(getCurrentUser(), identifiers);
         return Collections.<Connection>unmodifiableCollection(objects);
     }
 
     @Override
     @Transactional
     public Set<String> getIdentifiers() throws GuacamoleException {
-        return connectionService.getIdentifiers(currentUser);
+        return connectionService.getIdentifiers(getCurrentUser());
     }
 
     @Override
     @Transactional
     public void add(Connection object) throws GuacamoleException {
-        connectionService.createObject(currentUser, object);
+        connectionService.createObject(getCurrentUser(), object);
     }
 
     @Override
     @Transactional
     public void update(Connection object) throws GuacamoleException {
         ModeledConnection connection = (ModeledConnection) object;
-        connectionService.updateObject(currentUser, connection);
+        connectionService.updateObject(getCurrentUser(), connection);
     }
 
     @Override
     @Transactional
     public void remove(String identifier) throws GuacamoleException {
-        connectionService.deleteObject(currentUser, identifier);
+        connectionService.deleteObject(getCurrentUser(), identifier);
     }
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
index e4ff0bbe9..6f76dd7c6 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupDirectory.java
@@ -27,8 +27,8 @@ import com.google.inject.Inject;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.mybatis.guice.transactional.Transactional;
@@ -40,66 +40,50 @@ import org.mybatis.guice.transactional.Transactional;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class ConnectionGroupDirectory implements Directory<ConnectionGroup> {
+public class ConnectionGroupDirectory extends RestrictedObject
+    implements Directory<ConnectionGroup> {
 
-    /**
-     * The user this connection group directory belongs to. Access is based on
-     * his/her permission settings.
-     */
-    private AuthenticatedUser currentUser;
-    
     /**
      * Service for managing connection group objects.
      */
     @Inject
     private ConnectionGroupService connectionGroupService;
 
-    /**
-     * Set the user for this directory.
-     *
-     * @param currentUser
-     *     The user whose permissions define the visibility of connection
-     *     groups in this directory.
-     */
-    public void init(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-    
     @Override
     public ConnectionGroup get(String identifier) throws GuacamoleException {
-        return connectionGroupService.retrieveObject(currentUser, identifier);
+        return connectionGroupService.retrieveObject(getCurrentUser(), identifier);
     }
 
     @Override
     @Transactional
     public Collection<ConnectionGroup> getAll(Collection<String> identifiers) throws GuacamoleException {
-        Collection<ModeledConnectionGroup> objects = connectionGroupService.retrieveObjects(currentUser, identifiers);
+        Collection<ModeledConnectionGroup> objects = connectionGroupService.retrieveObjects(getCurrentUser(), identifiers);
         return Collections.<ConnectionGroup>unmodifiableCollection(objects);
     }
 
     @Override
     @Transactional
     public Set<String> getIdentifiers() throws GuacamoleException {
-        return connectionGroupService.getIdentifiers(currentUser);
+        return connectionGroupService.getIdentifiers(getCurrentUser());
     }
 
     @Override
     @Transactional
     public void add(ConnectionGroup object) throws GuacamoleException {
-        connectionGroupService.createObject(currentUser, object);
+        connectionGroupService.createObject(getCurrentUser(), object);
     }
 
     @Override
     @Transactional
     public void update(ConnectionGroup object) throws GuacamoleException {
         ModeledConnectionGroup connectionGroup = (ModeledConnectionGroup) object;
-        connectionGroupService.updateObject(currentUser, connectionGroup);
+        connectionGroupService.updateObject(getCurrentUser(), connectionGroup);
     }
 
     @Override
     @Transactional
     public void remove(String identifier) throws GuacamoleException {
-        connectionGroupService.deleteObject(currentUser, identifier);
+        connectionGroupService.deleteObject(getCurrentUser(), identifier);
     }
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java
index be0ed819e..93b61275b 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java
@@ -24,10 +24,10 @@ package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 import com.google.inject.Inject;
 import java.util.Set;
-import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
@@ -38,7 +38,8 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author Michael Jumper
  */
-public class RootConnectionGroup implements ConnectionGroup {
+public class RootConnectionGroup extends RestrictedObject
+    implements ConnectionGroup {
 
     /**
      * The identifier used to represent the root connection group. There is no
@@ -54,12 +55,6 @@ public class RootConnectionGroup implements ConnectionGroup {
      */
     public static final String NAME = "ROOT";
 
-    /**
-     * The user this group belongs to. Access is based on his/her permission
-     * settings.
-     */
-    private AuthenticatedUser currentUser;
-
     /**
      * Service for managing connection objects.
      */
@@ -78,17 +73,6 @@ public class RootConnectionGroup implements ConnectionGroup {
     public RootConnectionGroup() {
     }
 
-    /**
-     * Initializes this root connection group, associating it with the current
-     * authenticated user.
-     *
-     * @param currentUser
-     *     The user that created or retrieved this object.
-     */
-    public void init(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-
     @Override
     public String getName() {
         return NAME;
@@ -121,13 +105,13 @@ public class RootConnectionGroup implements ConnectionGroup {
 
     @Override
     public Set<String> getConnectionIdentifiers() throws GuacamoleException {
-        return connectionService.getIdentifiersWithin(currentUser, null);
+        return connectionService.getIdentifiersWithin(getCurrentUser(), null);
     }
 
     @Override
     public Set<String> getConnectionGroupIdentifiers()
             throws GuacamoleException {
-        return connectionGroupService.getIdentifiersWithin(currentUser, null);
+        return connectionGroupService.getIdentifiersWithin(getCurrentUser(), null);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
index fc1a1ae2f..d5d52c246 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
@@ -28,6 +28,7 @@ import java.util.Collections;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 
 /**
@@ -37,15 +38,9 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
  *
  * @author Michael Jumper
  */
-public abstract class ObjectPermissionSet
+public abstract class ObjectPermissionSet extends RestrictedObject
     implements org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet {
 
-    /**
-     * The user that queried this permission set. Access is based on his/her
-     * permission settings.
-     */
-    private AuthenticatedUser currentUser;
-
     /**
      * The user associated with this permission set. Each of the permissions in
      * this permission set is granted to this user.
@@ -72,7 +67,7 @@ public abstract class ObjectPermissionSet
      *     The user to whom the permissions in this set are granted.
      */
     public void init(AuthenticatedUser currentUser, ModeledUser user) {
-        this.currentUser = currentUser;
+        super.init(currentUser);
         this.user = user;
     }
 
@@ -88,13 +83,13 @@ public abstract class ObjectPermissionSet
  
     @Override
     public Set<ObjectPermission> getPermissions() throws GuacamoleException {
-        return getObjectPermissionService().retrievePermissions(currentUser, user);
+        return getObjectPermissionService().retrievePermissions(getCurrentUser(), user);
     }
 
     @Override
     public boolean hasPermission(ObjectPermission.Type permission,
             String identifier) throws GuacamoleException {
-        return getObjectPermissionService().retrievePermission(currentUser, user, permission, identifier) != null;
+        return getObjectPermissionService().retrievePermission(getCurrentUser(), user, permission, identifier) != null;
     }
 
     @Override
@@ -118,13 +113,13 @@ public abstract class ObjectPermissionSet
     @Override
     public void addPermissions(Set<ObjectPermission> permissions)
             throws GuacamoleException {
-        getObjectPermissionService().createPermissions(currentUser, user, permissions);
+        getObjectPermissionService().createPermissions(getCurrentUser(), user, permissions);
     }
 
     @Override
     public void removePermissions(Set<ObjectPermission> permissions)
             throws GuacamoleException {
-        getObjectPermissionService().deletePermissions(currentUser, user, permissions);
+        getObjectPermissionService().deletePermissions(getCurrentUser(), user, permissions);
     }
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java
index 55fa50077..485eaecfe 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionSet.java
@@ -28,6 +28,7 @@ import java.util.Collections;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 
 /**
@@ -37,15 +38,9 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
  *
  * @author Michael Jumper
  */
-public class SystemPermissionSet
+public class SystemPermissionSet extends RestrictedObject
     implements org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet {
 
-    /**
-     * The user that queried this permission set. Access is based on his/her
-     * permission settings.
-     */
-    private AuthenticatedUser currentUser;
-
     /**
      * The user associated with this permission set. Each of the permissions in
      * this permission set is granted to this user.
@@ -78,19 +73,19 @@ public class SystemPermissionSet
      *     The user to whom the permissions in this set are granted.
      */
     public void init(AuthenticatedUser currentUser, ModeledUser user) {
-        this.currentUser = currentUser;
+        super.init(currentUser);
         this.user = user;
     }
 
     @Override
     public Set<SystemPermission> getPermissions() throws GuacamoleException {
-        return systemPermissionService.retrievePermissions(currentUser, user);
+        return systemPermissionService.retrievePermissions(getCurrentUser(), user);
     }
 
     @Override
     public boolean hasPermission(SystemPermission.Type permission)
             throws GuacamoleException {
-        return systemPermissionService.retrievePermission(currentUser, user, permission) != null;
+        return systemPermissionService.retrievePermission(getCurrentUser(), user, permission) != null;
     }
 
     @Override
@@ -108,13 +103,13 @@ public class SystemPermissionSet
     @Override
     public void addPermissions(Set<SystemPermission> permissions)
             throws GuacamoleException {
-        systemPermissionService.createPermissions(currentUser, user, permissions);
+        systemPermissionService.createPermissions(getCurrentUser(), user, permissions);
     }
 
     @Override
     public void removePermissions(Set<SystemPermission> permissions)
             throws GuacamoleException {
-        systemPermissionService.deletePermissions(currentUser, user, permissions);
+        systemPermissionService.deletePermissions(getCurrentUser(), user, permissions);
     }
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
index 84e14a157..fac5b9af9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java
@@ -29,6 +29,7 @@ import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
@@ -41,14 +42,9 @@ import org.glyptodon.guacamole.net.auth.User;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class UserContext
+public class UserContext extends RestrictedObject
     implements org.glyptodon.guacamole.net.auth.UserContext {
 
-    /**
-     * The the user owning this context.
-     */
-    private AuthenticatedUser currentUser;
-
     /**
      * User directory restricted by the permissions of the user associated
      * with this context.
@@ -76,16 +72,11 @@ public class UserContext
     @Inject
     private Provider<RootConnectionGroup> rootGroupProvider;
 
-    /**
-     * Initializes the user and directories associated with this context.
-     *
-     * @param currentUser
-     *     The user owning this context.
-     */
+    @Override
     public void init(AuthenticatedUser currentUser) {
 
-        this.currentUser = currentUser;
-
+        super.init(currentUser);
+        
         // Init directories
         userDirectory.init(currentUser);
         connectionDirectory.init(currentUser);
@@ -95,7 +86,7 @@ public class UserContext
 
     @Override
     public User self() {
-        return currentUser.getUser();
+        return getCurrentUser().getUser();
     }
 
     @Override
@@ -118,7 +109,7 @@ public class UserContext
 
         // Build and return a root group for the current user
         RootConnectionGroup rootGroup = rootGroupProvider.get();
-        rootGroup.init(currentUser);
+        rootGroup.init(getCurrentUser());
         return rootGroup;
 
     }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
index 0693a9737..826957b89 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserDirectory.java
@@ -28,6 +28,7 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.Set;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 import org.mybatis.guice.transactional.Transactional;
@@ -39,66 +40,50 @@ import org.mybatis.guice.transactional.Transactional;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class UserDirectory implements Directory<User> {
+public class UserDirectory extends RestrictedObject
+    implements Directory<User> {
 
-    /**
-     * The user this user directory belongs to. Access is based on his/her
-     * permission settings.
-     */
-    private AuthenticatedUser currentUser;
-    
     /**
      * Service for managing user objects.
      */
     @Inject
     private UserService userService;
 
-    /**
-     * Set the user for this directory.
-     *
-     * @param currentUser
-     *     The user whose permissions define the visibility of other users in
-     *     this directory.
-     */
-    public void init(AuthenticatedUser currentUser) {
-        this.currentUser = currentUser;
-    }
-    
     @Override
     public User get(String identifier) throws GuacamoleException {
-        return userService.retrieveObject(currentUser, identifier);
+        return userService.retrieveObject(getCurrentUser(), identifier);
     }
 
     @Override
     @Transactional
     public Collection<User> getAll(Collection<String> identifiers) throws GuacamoleException {
-        Collection<ModeledUser> objects = userService.retrieveObjects(currentUser, identifiers);
+        Collection<ModeledUser> objects = userService.retrieveObjects(getCurrentUser(), identifiers);
         return Collections.<User>unmodifiableCollection(objects);
     }
 
     @Override
     @Transactional
     public Set<String> getIdentifiers() throws GuacamoleException {
-        return userService.getIdentifiers(currentUser);
+        return userService.getIdentifiers(getCurrentUser());
     }
 
     @Override
     @Transactional
     public void add(User object) throws GuacamoleException {
-        userService.createObject(currentUser, object);
+        userService.createObject(getCurrentUser(), object);
     }
 
     @Override
     @Transactional
     public void update(User object) throws GuacamoleException {
         ModeledUser user = (ModeledUser) object;
-        userService.updateObject(currentUser, user);
+        userService.updateObject(getCurrentUser(), user);
     }
 
     @Override
     @Transactional
     public void remove(String identifier) throws GuacamoleException {
-        userService.deleteObject(currentUser, identifier);
+        userService.deleteObject(getCurrentUser(), identifier);
     }
 
 }

From 7d399a0fbe9d16129df09a59d28ee6aeb5492bc5 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 15:07:04 -0800
Subject: [PATCH 53/60] GUAC-1101: Implement getAccessibleObjects() and
 supporting methods.

---
 .../permission/ObjectPermissionMapper.java    | 25 ++++++++++
 .../permission/ObjectPermissionService.java   | 50 +++++++++++++++++++
 .../jdbc/permission/ObjectPermissionSet.java  |  2 +-
 3 files changed, 76 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
index 232f1efd5..fcd54b17f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
@@ -22,6 +22,7 @@
 
 package org.glyptodon.guacamole.auth.jdbc.permission;
 
+import java.util.Collection;
 import org.apache.ibatis.annotations.Param;
 import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -55,4 +56,28 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
             @Param("type") ObjectPermission.Type type,
             @Param("identifier") String identifier);
 
+    /**
+     * Retrieves the subset of the given identifiers for which the given user
+     * has at least one of the given permissions.
+     *
+     * @param user
+     *     The user to check permissions of.
+     *
+     * @param permissions
+     *     The permissions to check. An identifier will be included in the
+     *     resulting collection if at least one of these permissions is granted
+     *     for the associated object
+     *
+     * @param identifiers
+     *     The identifiers of the objects affected by the permissions being
+     *     checked.
+     *
+     * @return
+     *     A collection containing the subset of identifiers for which at least
+     *     one of the specified permissions is granted.
+     */
+    Collection<String> selectAccessibleIdentifiers(@Param("user") UserModel user,
+            @Param("permissions") Collection<ObjectPermission.Type> permissions,
+            @Param("identifiers") Collection<String> identifiers);
+
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index d5abdc1a2..9be9589a1 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -201,4 +201,54 @@ public abstract class ObjectPermissionService
         
     }
 
+    /**
+     * Retrieves the subset of the given identifiers for which the given user
+     * has at least one of the given permissions.
+     *
+     * @param user
+     *     The user checking the permissions.
+     *
+     * @param targetUser
+     *     The user to check permissions of.
+     *
+     * @param permissions
+     *     The permissions to check. An identifier will be included in the
+     *     resulting collection if at least one of these permissions is granted
+     *     for the associated object
+     *
+     * @param identifiers
+     *     The identifiers of the objects affected by the permissions being
+     *     checked.
+     *
+     * @return
+     *     A collection containing the subset of identifiers for which at least
+     *     one of the specified permissions is granted.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving permissions.
+     */
+    public Collection<String> retrieveAccessibleIdentifiers(AuthenticatedUser user,
+            ModeledUser targetUser, Collection<ObjectPermission.Type> permissions,
+            Collection<String> identifiers) throws GuacamoleException {
+
+        // Determine whether the user is an admin
+        boolean isAdmin = user.getUser().isAdministrator();
+        
+        // Only an admin can read permissions that aren't his own
+        if (isAdmin || user.getUser().getIdentifier().equals(targetUser.getIdentifier())) {
+
+            // If user is an admin, everything is accessible
+            if (isAdmin)
+                return identifiers;
+
+            // Otherwise, return explicitly-retrievable identifiers
+            return getPermissionMapper().selectAccessibleIdentifiers(targetUser.getModel(), permissions, identifiers);
+            
+        }
+
+        // User cannot read this user's permissions
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
index d5d52c246..3806f046c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionSet.java
@@ -107,7 +107,7 @@ public abstract class ObjectPermissionSet extends RestrictedObject
     @Override
     public Collection<String> getAccessibleObjects(Collection<ObjectPermission.Type> permissions,
             Collection<String> identifiers) throws GuacamoleException {
-        throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
+        return getObjectPermissionService().retrieveAccessibleIdentifiers(getCurrentUser(), user, permissions, identifiers);
     }
 
     @Override

From 820ffed9594bbfe560f8ccdf3b5f6dbdd80e0cc1 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 18:53:07 -0800
Subject: [PATCH 54/60] GUAC-1101: Implement querying of connection
 permissions.

---
 .../JDBCAuthenticationProviderModule.java     |  6 ++
 .../ConnectionPermissionMapper.java           | 30 ++++++
 .../ConnectionPermissionService.java          | 69 +++++++++++++
 .../permission/ConnectionPermissionSet.java   | 47 +++++++++
 .../permission/ObjectPermissionModel.java     | 37 ++-----
 .../permission/ObjectPermissionService.java   | 40 ++++----
 .../guacamole/auth/jdbc/user/ModeledUser.java | 10 +-
 .../connectiongroup/ConnectionGroupMapper.xml |  2 +-
 .../permission/ConnectionPermissionMapper.xml | 99 +++++++++++++++++++
 9 files changed, 287 insertions(+), 53 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionSet.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 061eebc2b..6c99b5aef 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -49,6 +49,9 @@ import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.socket.UnrestrictedGuacamoleSocketService;
 import org.glyptodon.guacamole.auth.jdbc.user.UserService;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionSet;
 import org.glyptodon.guacamole.environment.Environment;
 import org.mybatis.guice.MyBatisModule;
 import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
@@ -91,6 +94,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         // Add MyBatis mappers
         addMapperClass(ConnectionMapper.class);
         addMapperClass(ConnectionGroupMapper.class);
+        addMapperClass(ConnectionPermissionMapper.class);
         addMapperClass(ConnectionRecordMapper.class);
         addMapperClass(ParameterMapper.class);
         addMapperClass(SystemPermissionMapper.class);
@@ -105,11 +109,13 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(ModeledGuacamoleConfiguration.class);
         bind(ModeledUser.class);
         bind(RootConnectionGroup.class);
+        bind(ConnectionPermissionSet.class);
         bind(SystemPermissionSet.class);
         bind(UserContext.class);
         bind(UserDirectory.class);
         
         // Bind services
+        bind(ConnectionPermissionService.class);
         bind(ConnectionService.class);
         bind(ConnectionGroupService.class);
         bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.java
new file mode 100644
index 000000000..5dfdd07cd
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+/**
+ * Mapper for connection permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface ConnectionPermissionMapper extends ObjectPermissionMapper {}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
new file mode 100644
index 000000000..0903f71ab
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionService.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting connection permissions. This service will automatically enforce the
+ * permissions of the current user.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionPermissionService extends ObjectPermissionService {
+
+    /**
+     * Mapper for connection permissions.
+     */
+    @Inject
+    private ConnectionPermissionMapper connectionPermissionMapper;
+    
+    /**
+     * Provider for connection permission sets.
+     */
+    @Inject
+    private Provider<ConnectionPermissionSet> connectionPermissionSetProvider;
+    
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return connectionPermissionMapper;
+    }
+
+    @Override
+    public ObjectPermissionSet getPermissionSet(AuthenticatedUser user,
+            ModeledUser targetUser) throws GuacamoleException {
+
+        // Create permission set for requested user
+        ObjectPermissionSet permissionSet = connectionPermissionSetProvider.get();
+        permissionSet.init(user, targetUser);
+
+        return permissionSet;
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionSet.java
new file mode 100644
index 000000000..6ed57ebbd
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionSet.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+
+/**
+ * A database implementation of ObjectPermissionSet which uses an injected
+ * service to query and manipulate the connection permissions associated with
+ * a particular user.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionPermissionSet extends ObjectPermissionSet {
+
+    /**
+     * Service for querying and manipulating connection permissions.
+     */
+    @Inject
+    private ConnectionPermissionService connectionPermissionService;
+    
+    @Override
+    protected ObjectPermissionService getObjectPermissionService() {
+        return connectionPermissionService;
+    }
+ 
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
index 7b193193d..0a00081ab 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionModel.java
@@ -32,15 +32,10 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
  */
 public class ObjectPermissionModel extends PermissionModel<ObjectPermission.Type> {
 
-    /**
-     * The database ID of the object affected by this permission.
-     */
-    private Integer affectedID;
-
     /**
      * The unique identifier of the object affected by this permission.
      */
-    private String affectedIdentifier;
+    private String objectIdentifier;
 
     /**
      * Creates a new, empty object permission.
@@ -48,44 +43,24 @@ public class ObjectPermissionModel extends PermissionModel<ObjectPermission.Type
     public ObjectPermissionModel() {
     }
 
-    /**
-     * Returns the database ID of the object affected by this permission.
-     *
-     * @return
-     *     The database ID of the object affected by this permission.
-     */
-    public Integer getAffectedID() {
-        return affectedID;
-    }
-
-    /**
-     * Sets the database ID of the object affected by this permission.
-     *
-     * @param affectedID 
-     *     The database ID of the object affected by this permission.
-     */
-    public void setAffectedID(Integer affectedID) {
-        this.affectedID = affectedID;
-    }
-
     /**
      * Returns the unique identifier of the object affected by this permission.
      *
      * @return
      *     The unique identifier of the object affected by this permission.
      */
-    public String getAffectedIdentifier() {
-        return affectedIdentifier;
+    public String getObjectIdentifier() {
+        return objectIdentifier;
     }
 
     /**
      * Sets the unique identifier of the object affected by this permission.
      *
-     * @param affectedIdentifier 
+     * @param objectIdentifier 
      *     The unique identifier of the object affected by this permission.
      */
-    public void setAffectedIdentifier(String affectedIdentifier) {
-        this.affectedIdentifier = affectedIdentifier;
+    public void setObjectIdentifier(String objectIdentifier) {
+        this.objectIdentifier = objectIdentifier;
     }
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index 9be9589a1..0bd19d44f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -45,24 +45,26 @@ public abstract class ObjectPermissionService
     @Override
     protected abstract ObjectPermissionMapper getPermissionMapper();
 
-    /**
-     * Returns the permission set associated with the given user and related
-     * to the type of objects affected the permissions handled by this
-     * permission service.
-     *
-     * @param user
-     *     The user whose permissions are being retrieved.
-     *
-     * @return
-     *     A permission set which contains the permissions associated with the
-     *     given user and related to the type of objects handled by this
-     *     directory object service.
-     * 
-     * @throws GuacamoleException
-     *     If permission to read the user's permissions is denied.
-     */
-    protected abstract ObjectPermissionSet getAffectedPermissionSet(AuthenticatedUser user)
-            throws GuacamoleException;
+    @Override
+    protected ObjectPermission getPermissionInstance(ObjectPermissionModel model) {
+        return new ObjectPermission(model.getType(), model.getObjectIdentifier());
+    }
+
+    @Override
+    protected ObjectPermissionModel getModelInstance(ModeledUser targetUser,
+            ObjectPermission permission) {
+
+        ObjectPermissionModel model = new ObjectPermissionModel();
+
+        // Populate model object with data from user and permission
+        model.setUserID(targetUser.getModel().getObjectID());
+        model.setUsername(targetUser.getModel().getIdentifier());
+        model.setType(permission.getType());
+        model.setObjectIdentifier(permission.getObjectIdentifier());
+
+        return model;
+        
+    }
 
     /**
      * Determines whether the current user has permission to update the given
@@ -108,7 +110,7 @@ public abstract class ObjectPermissionService
             affectedIdentifiers.add(permission.getObjectIdentifier());
 
         // Determine subset of affected identifiers that we have admin access to
-        ObjectPermissionSet affectedPermissionSet = getAffectedPermissionSet(user);
+        ObjectPermissionSet affectedPermissionSet = getPermissionSet(user, user.getUser());
         Collection<String> allowedSubset = affectedPermissionSet.getAccessibleObjects(
             Collections.singleton(ObjectPermission.Type.ADMINISTER),
             affectedIdentifiers
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
index 8f3eeb6f1..55085be25 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
@@ -28,6 +28,7 @@ import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
 import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
 import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -59,6 +60,12 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
      */
     @Inject
     private SystemPermissionService systemPermissionService;
+
+    /**
+     * Service for retrieving connection permissions.
+     */
+    @Inject
+    private ConnectionPermissionService connectionPermissionService;
     
     /**
      * The plaintext password previously set by a call to setPassword(), if
@@ -131,8 +138,7 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
     @Override
     public ObjectPermissionSet getConnectionPermissions()
             throws GuacamoleException {
-        // STUB
-        return new SimpleObjectPermissionSet();
+        return connectionPermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index d79cdf61e..7ee627d0f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -63,7 +63,7 @@
     <select id="selectReadableIdentifiersWithin" resultType="string">
         SELECT guacamole_connection_group.connection_group_id
         FROM guacamole_connection_group
-        JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection.group_connection_group_id
+        JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
         WHERE
             <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
new file mode 100644
index 000000000..7e3cedb64
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper" >
+
+    <!-- Result mapper for connection permissions -->
+    <resultMap id="ConnectionPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"       property="userID"           jdbcType="INTEGER"/>
+        <result column="username"      property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"    property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="connection_id" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="ConnectionPermissionResultMap">
+
+        SELECT
+            guacamole_connection_permission.user_id,
+            username,
+            permission,
+            connection_id
+        FROM guacamole_connection_permission
+        JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="ConnectionPermissionResultMap">
+
+        SELECT
+            guacamole_connection_permission.user_id,
+            username,
+            permission,
+            connection_id
+        FROM guacamole_connection_permission
+        JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_connection_permission
+        WHERE (user_id, permission, connection_id) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_connection_permission (
+            user_id,
+            permission,
+            connection_id
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>
\ No newline at end of file

From 9f22d6bd715c280c91c9f7e11818db6ce65147c7 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 19:27:14 -0800
Subject: [PATCH 55/60] GUAC-1101: Implement querying of connection group
 permissions.

---
 .../JDBCAuthenticationProviderModule.java     | 10 +-
 .../ConnectionGroupPermissionMapper.java      | 30 ++++++
 .../ConnectionGroupPermissionService.java     | 69 +++++++++++++
 .../ConnectionGroupPermissionSet.java         | 47 +++++++++
 .../guacamole/auth/jdbc/user/ModeledUser.java | 12 ++-
 .../connectiongroup/ConnectionGroupMapper.xml |  2 +-
 .../ConnectionGroupPermissionMapper.xml       | 99 +++++++++++++++++++
 7 files changed, 263 insertions(+), 6 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionSet.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 6c99b5aef..0421d5e1f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -49,6 +49,9 @@ import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.socket.UnrestrictedGuacamoleSocketService;
 import org.glyptodon.guacamole.auth.jdbc.user.UserService;
 import org.apache.ibatis.transaction.jdbc.JdbcTransactionFactory;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionSet;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionSet;
@@ -94,6 +97,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         // Add MyBatis mappers
         addMapperClass(ConnectionMapper.class);
         addMapperClass(ConnectionGroupMapper.class);
+        addMapperClass(ConnectionGroupPermissionMapper.class);
         addMapperClass(ConnectionPermissionMapper.class);
         addMapperClass(ConnectionRecordMapper.class);
         addMapperClass(ParameterMapper.class);
@@ -104,20 +108,22 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(Environment.class).toInstance(environment);
         bind(ConnectionDirectory.class);
         bind(ConnectionGroupDirectory.class);
+        bind(ConnectionGroupPermissionSet.class);
+        bind(ConnectionPermissionSet.class);
         bind(ModeledConnection.class);
         bind(ModeledConnectionGroup.class);
         bind(ModeledGuacamoleConfiguration.class);
         bind(ModeledUser.class);
         bind(RootConnectionGroup.class);
-        bind(ConnectionPermissionSet.class);
         bind(SystemPermissionSet.class);
         bind(UserContext.class);
         bind(UserDirectory.class);
         
         // Bind services
+        bind(ConnectionGroupPermissionService.class);
+        bind(ConnectionGroupService.class);
         bind(ConnectionPermissionService.class);
         bind(ConnectionService.class);
-        bind(ConnectionGroupService.class);
         bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
         bind(SaltService.class).to(SecureRandomSaltService.class);
         bind(SystemPermissionService.class);
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.java
new file mode 100644
index 000000000..cc791d628
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+/**
+ * Mapper for connection group permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface ConnectionGroupPermissionMapper extends ObjectPermissionMapper {}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
new file mode 100644
index 000000000..e64d6c71f
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting connection group permissions. This service will automatically
+ * enforce the permissions of the current user.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionGroupPermissionService extends ObjectPermissionService {
+
+    /**
+     * Mapper for connection group permissions.
+     */
+    @Inject
+    private ConnectionGroupPermissionMapper connectionGroupPermissionMapper;
+    
+    /**
+     * Provider for connection group permission sets.
+     */
+    @Inject
+    private Provider<ConnectionGroupPermissionSet> connectionGroupPermissionSetProvider;
+    
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return connectionGroupPermissionMapper;
+    }
+
+    @Override
+    public ObjectPermissionSet getPermissionSet(AuthenticatedUser user,
+            ModeledUser targetUser) throws GuacamoleException {
+
+        // Create permission set for requested user
+        ObjectPermissionSet permissionSet = connectionGroupPermissionSetProvider.get();
+        permissionSet.init(user, targetUser);
+
+        return permissionSet;
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionSet.java
new file mode 100644
index 000000000..5f057dc2d
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionSet.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+
+/**
+ * A database implementation of ObjectPermissionSet which uses an injected
+ * service to query and manipulate the connection group permissions associated
+ * with a particular user.
+ *
+ * @author Michael Jumper
+ */
+public class ConnectionGroupPermissionSet extends ObjectPermissionSet {
+
+    /**
+     * Service for querying and manipulating connection group permissions.
+     */
+    @Inject
+    private ConnectionGroupPermissionService connectionGroupPermissionService;
+    
+    @Override
+    protected ObjectPermissionService getObjectPermissionService() {
+        return connectionGroupPermissionService;
+    }
+ 
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
index 55085be25..5c568a511 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
@@ -28,6 +28,7 @@ import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
 import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
 import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -66,7 +67,13 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
      */
     @Inject
     private ConnectionPermissionService connectionPermissionService;
-    
+
+    /**
+     * Service for retrieving connection group permissions.
+     */
+    @Inject
+    private ConnectionGroupPermissionService connectionGroupPermissionService;
+
     /**
      * The plaintext password previously set by a call to setPassword(), if
      * any. The password of a user cannot be retrieved once saved into the
@@ -144,8 +151,7 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
     @Override
     public ObjectPermissionSet getConnectionGroupPermissions()
             throws GuacamoleException {
-        // STUB
-        return new SimpleObjectPermissionSet();
+        return connectionGroupPermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
     @Override
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 7ee627d0f..3e3f8c156 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -95,7 +95,7 @@
             guacamole_connection_group.connection_group_id,
             connection_group_name,
             parent_id,
-            protocol 
+            type 
         FROM guacamole_connection_group
         JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
         WHERE guacamole_connection_group.connection_group_id IN
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
new file mode 100644
index 000000000..c7d40e3aa
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -0,0 +1,99 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper" >
+
+    <!-- Result mapper for connection permissions -->
+    <resultMap id="ConnectionGroupPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"             property="userID"           jdbcType="INTEGER"/>
+        <result column="username"            property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"          property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="connection_group_id" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="ConnectionGroupPermissionResultMap">
+
+        SELECT
+            guacamole_connection_group_permission.user_id,
+            username,
+            permission,
+            connection_group_id
+        FROM guacamole_connection_group_permission
+        JOIN guacamole_user ON guacamole_connection_group_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
+
+        SELECT
+            guacamole_connection_group_permission.user_id,
+            username,
+            permission,
+            connection_group_id
+        FROM guacamole_connection_group_permission
+        JOIN guacamole_user ON guacamole_connection_group_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_connection_group_permission
+        WHERE (user_id, permission, connection_group_id) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_connection_group_permission (
+            user_id,
+            permission,
+            connection_group_id
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>
\ No newline at end of file

From 8d2e953a23b55b0e55841fcb6b726f925288fed3 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 20:29:07 -0800
Subject: [PATCH 56/60] GUAC-1101: Implement querying of user permissions.

---
 .../JDBCAuthenticationProviderModule.java     |   6 +
 .../jdbc/permission/UserPermissionMapper.java |  30 +++++
 .../permission/UserPermissionService.java     |  69 ++++++++++++
 .../jdbc/permission/UserPermissionSet.java    |  47 ++++++++
 .../guacamole/auth/jdbc/user/ModeledUser.java |  11 +-
 .../jdbc/permission/UserPermissionMapper.xml  | 106 ++++++++++++++++++
 6 files changed, 266 insertions(+), 3 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionService.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionSet.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 0421d5e1f..31e9c6389 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -55,6 +55,9 @@ import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionSet
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionSet;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionSet;
 import org.glyptodon.guacamole.environment.Environment;
 import org.mybatis.guice.MyBatisModule;
 import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
@@ -103,6 +106,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         addMapperClass(ParameterMapper.class);
         addMapperClass(SystemPermissionMapper.class);
         addMapperClass(UserMapper.class);
+        addMapperClass(UserPermissionMapper.class);
         
         // Bind core implementations of guacamole-ext classes
         bind(Environment.class).toInstance(environment);
@@ -118,6 +122,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(SystemPermissionSet.class);
         bind(UserContext.class);
         bind(UserDirectory.class);
+        bind(UserPermissionSet.class);
         
         // Bind services
         bind(ConnectionGroupPermissionService.class);
@@ -127,6 +132,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
         bind(SaltService.class).to(SecureRandomSaltService.class);
         bind(SystemPermissionService.class);
+        bind(UserPermissionService.class);
         bind(UserService.class);
         
         // Bind appropriate socket service based on policy
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.java
new file mode 100644
index 000000000..a6c3275d9
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+/**
+ * Mapper for user permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface UserPermissionMapper extends ObjectPermissionMapper {}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionService.java
new file mode 100644
index 000000000..33497496a
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionService.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting user permissions. This service will automatically enforce the
+ * permissions of the current user.
+ *
+ * @author Michael Jumper
+ */
+public class UserPermissionService extends ObjectPermissionService {
+
+    /**
+     * Mapper for user permissions.
+     */
+    @Inject
+    private UserPermissionMapper userPermissionMapper;
+    
+    /**
+     * Provider for user permission sets.
+     */
+    @Inject
+    private Provider<UserPermissionSet> userPermissionSetProvider;
+    
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return userPermissionMapper;
+    }
+
+    @Override
+    public ObjectPermissionSet getPermissionSet(AuthenticatedUser user,
+            ModeledUser targetUser) throws GuacamoleException {
+
+        // Create permission set for requested user
+        ObjectPermissionSet permissionSet = userPermissionSetProvider.get();
+        permissionSet.init(user, targetUser);
+
+        return permissionSet;
+        
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionSet.java
new file mode 100644
index 000000000..ca99be759
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionSet.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+
+/**
+ * A database implementation of ObjectPermissionSet which uses an injected
+ * service to query and manipulate the user permissions associated with a
+ * particular user.
+ *
+ * @author Michael Jumper
+ */
+public class UserPermissionSet extends ObjectPermissionSet {
+
+    /**
+     * Service for querying and manipulating user permissions.
+     */
+    @Inject
+    private UserPermissionService userPermissionService;
+    
+    @Override
+    protected ObjectPermissionService getObjectPermissionService() {
+        return userPermissionService;
+    }
+ 
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
index 5c568a511..e9f79d2fd 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java
@@ -30,11 +30,11 @@ import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
-import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 
 /**
  * An implementation of the User object which is backed by a database model.
@@ -73,6 +73,12 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
      */
     @Inject
     private ConnectionGroupPermissionService connectionGroupPermissionService;
+    
+    /**
+     * Service for retrieving user permissions.
+     */
+    @Inject
+    private UserPermissionService userPermissionService;
 
     /**
      * The plaintext password previously set by a call to setPassword(), if
@@ -157,8 +163,7 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
     @Override
     public ObjectPermissionSet getUserPermissions()
             throws GuacamoleException {
-        // STUB
-        return new SimpleObjectPermissionSet();
+        return userPermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
new file mode 100644
index 000000000..ed71265f7
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -0,0 +1,106 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper" >
+
+    <!-- Result mapper for user permissions -->
+    <resultMap id="UserPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"           property="userID"           jdbcType="INTEGER"/>
+        <result column="username"          property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"        property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="affected_username" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="UserPermissionResultMap">
+
+        SELECT
+            guacamole_user_permission.user_id,
+            guacamole_user.username,
+            permission,
+            affected.username AS affected_username
+        FROM guacamole_user_permission
+        JOIN guacamole_user          ON guacamole_user_permission.user_id          = guacamole_user.user_id
+        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        WHERE guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="UserPermissionResultMap">
+
+        SELECT
+            guacamole_user_permission.user_id,
+            guacamole_user.username,
+            permission,
+            affected.username AS affected_username
+        FROM guacamole_user_permission
+        JOIN guacamole_user          ON guacamole_user_permission.user_id          = guacamole_user.user_id
+        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_user_permission
+        USING guacamole_user_permission
+        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        WHERE
+            (guacamole_user_permission.user_id, permission, affected.username) IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    (#{permission.userID,jdbcType=INTEGER},
+                     #{permission.type,jdbcType=VARCHAR},
+                     #{permission.objectIdentifier,jdbcType=VARCHAR})
+                </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_user_permission (
+            user_id,
+            permission,
+            affected_user_id
+        )
+        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM ( 
+            <foreach collection="permissions" item="permission" separator="UNION ALL">
+                SELECT #{permission.userID,jdbcType=INTEGER}           AS user_id,
+                       #{permission.type,jdbcType=VARCHAR}             AS permission,
+                       #{permission.objectIdentifier,jdbcType=VARCHAR} AS username
+            </foreach>
+        ) AS permissions
+        JOIN guacamole_user ON guacamole_user.username = permissions.username; 
+
+    </insert>
+
+</mapper>
\ No newline at end of file

From 12c00c974972c224b507a8cb2af03ce89bedf408 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 21:05:32 -0800
Subject: [PATCH 57/60] GUAC-1101: Add missing selectAccessibleIdentifiers
 query. Fix selectOne for object permissions.

---
 .../ConnectionGroupPermissionMapper.xml       | 21 ++++++++++++++
 .../permission/ConnectionPermissionMapper.xml | 21 ++++++++++++++
 .../jdbc/permission/UserPermissionMapper.xml  | 29 +++++++++++++++++--
 3 files changed, 68 insertions(+), 3 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
index c7d40e3aa..40ada12a5 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -62,6 +62,27 @@
         WHERE
             guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}
+            AND connection_group_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT connection_group_id 
+        FROM guacamole_connection_group_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND connection_group_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
 
     </select>
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
index 7e3cedb64..9935f3cfd 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -62,6 +62,27 @@
         WHERE
             guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}
+            AND connection_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT connection_id 
+        FROM guacamole_connection_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND connection_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
 
     </select>
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
index ed71265f7..038bb814f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -64,6 +64,28 @@
         WHERE
             guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}
+            AND affected.username = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT username
+        FROM guacamole_user_permission
+        JOIN guacamole_user ON guacamole_user_permission.affected_user_id = guacamole_user.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND username IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
 
     </select>
 
@@ -92,13 +114,14 @@
             permission,
             affected_user_id
         )
-        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM ( 
-            <foreach collection="permissions" item="permission" separator="UNION ALL">
+        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="UNION ALL" close=")">
                 SELECT #{permission.userID,jdbcType=INTEGER}           AS user_id,
                        #{permission.type,jdbcType=VARCHAR}             AS permission,
                        #{permission.objectIdentifier,jdbcType=VARCHAR} AS username
             </foreach>
-        ) AS permissions
+        AS permissions
         JOIN guacamole_user ON guacamole_user.username = permissions.username; 
 
     </insert>

From d104a3170b4d933fe4ff5bba53ceabd265574c11 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 22:46:46 -0800
Subject: [PATCH 58/60] GUAC-1101: Do not query accessible identifiers if none
 given.

---
 .../auth/jdbc/permission/ObjectPermissionService.java         | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
index 0bd19d44f..79ce6407e 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/ObjectPermissionService.java
@@ -233,6 +233,10 @@ public abstract class ObjectPermissionService
             ModeledUser targetUser, Collection<ObjectPermission.Type> permissions,
             Collection<String> identifiers) throws GuacamoleException {
 
+        // Nothing is always accessible
+        if (identifiers.isEmpty())
+            return identifiers;
+        
         // Determine whether the user is an admin
         boolean isAdmin = user.getUser().isAdministrator();
         

From 1af52cffa4c864f9c4bae5bc3dc88aef54dfbdc1 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 23:25:14 -0800
Subject: [PATCH 59/60] GUAC-1101: Insert implicit permissions for created
 objects.

---
 .../jdbc/base/DirectoryObjectService.java     | 47 ++++++++++++++++++-
 .../jdbc/connection/ConnectionService.java    | 13 +++++
 .../ConnectionGroupService.java               | 13 +++++
 .../guacamole/auth/jdbc/user/UserService.java | 13 +++++
 4 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
index e370174ba..1e879b904 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
@@ -29,6 +29,9 @@ import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 
@@ -53,6 +56,17 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 public abstract class DirectoryObjectService<InternalType extends DirectoryObject<ModelType>,
         ExternalType, ModelType extends ObjectModel> {
 
+    /**
+     * All object permissions which are implicitly granted upon creation to the
+     * creator of the object.
+     */
+    private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = {
+        ObjectPermission.Type.READ,
+        ObjectPermission.Type.UPDATE,
+        ObjectPermission.Type.DELETE,
+        ObjectPermission.Type.ADMINISTER
+    };
+    
     /**
      * Returns an instance of a mapper for the type of object used by this
      * service.
@@ -63,6 +77,16 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
      */
     protected abstract DirectoryObjectMapper<ModelType> getObjectMapper();
 
+    /**
+     * Returns an instance of a mapper for the type of permissions that affect
+     * the type of object used by this service.
+     *
+     * @return
+     *     A mapper which provides access to the model objects associated with
+     *     the permissions that affect the objects used by this service.
+     */
+    protected abstract ObjectPermissionMapper getPermissionMapper();
+
     /**
      * Returns an instance of an object which is backed by the given model
      * object.
@@ -344,7 +368,28 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
             ModelType model = getModelInstance(user, object);
             getObjectMapper().insert(model);
 
-            // FIXME: Insert implicit object permissions, too.
+            // Build list of implicit permissions
+            Collection<ObjectPermissionModel> implicitPermissions =
+                    new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
+
+            UserModel userModel = user.getUser().getModel();
+            for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
+
+                // Create model which grants this permission to the current user
+                ObjectPermissionModel permissionModel = new ObjectPermissionModel();
+                permissionModel.setUserID(userModel.getObjectID());
+                permissionModel.setUsername(userModel.getIdentifier());
+                permissionModel.setType(permission);
+                permissionModel.setObjectIdentifier(model.getIdentifier());
+
+                // Add permission
+                implicitPermissions.add(permissionModel);
+                
+            }
+
+            // Add implicit permissions
+            getPermissionMapper().insert(implicitPermissions);
+
             return getObjectInstance(user, model);
         }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
index 634087ab7..fcc43208b 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -37,6 +37,8 @@ import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -60,6 +62,12 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
     @Inject
     private ConnectionMapper connectionMapper;
 
+    /**
+     * Mapper for manipulating connection permissions.
+     */
+    @Inject
+    private ConnectionPermissionMapper connectionPermissionMapper;
+    
     /**
      * Mapper for accessing connection parameters.
      */
@@ -89,6 +97,11 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
         return connectionMapper;
     }
 
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return connectionPermissionMapper;
+    }
+
     @Override
     protected ModeledConnection getObjectInstance(AuthenticatedUser currentUser,
             ConnectionModel model) {
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
index 296f87e28..f144dcb87 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
@@ -32,6 +32,8 @@ import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -55,6 +57,12 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
     @Inject
     private ConnectionGroupMapper connectionGroupMapper;
 
+    /**
+     * Mapper for manipulating connection group permissions.
+     */
+    @Inject
+    private ConnectionGroupPermissionMapper connectionGroupPermissionMapper;
+    
     /**
      * Provider for creating connection groups.
      */
@@ -72,6 +80,11 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
         return connectionGroupMapper;
     }
 
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return connectionGroupPermissionMapper;
+    }
+
     @Override
     protected ModeledConnectionGroup getObjectInstance(AuthenticatedUser currentUser,
             ConnectionGroupModel model) {
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
index a74f5cd89..0785337ee 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
@@ -31,6 +31,8 @@ import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
 import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -50,6 +52,12 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
     @Inject
     private UserMapper userMapper;
 
+    /**
+     * Mapper for manipulating user permissions.
+     */
+    @Inject
+    private UserPermissionMapper userPermissionMapper;
+    
     /**
      * Provider for creating users.
      */
@@ -61,6 +69,11 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
         return userMapper;
     }
 
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return userPermissionMapper;
+    }
+
     @Override
     protected ModeledUser getObjectInstance(AuthenticatedUser currentUser,
             UserModel model) {

From 6f8b0ba41e87ec20e75336e4c6bc37dbd433f87e Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sun, 1 Mar 2015 12:05:58 -0800
Subject: [PATCH 60/60] GUAC-1101: Implement connection and group duplicate
 checks. Fix username duplicate check.

---
 .../jdbc/base/DirectoryObjectService.java     | 48 ++++++++++---------
 .../jdbc/connection/ConnectionMapper.java     | 17 +++++++
 .../jdbc/connection/ConnectionService.java    | 34 ++++++++-----
 .../ConnectionGroupMapper.java                | 17 +++++++
 .../ConnectionGroupService.java               | 27 +++++++----
 .../guacamole/auth/jdbc/user/UserMapper.java  | 14 +++++-
 .../guacamole/auth/jdbc/user/UserService.java | 25 +++++-----
 .../auth/jdbc/connection/ConnectionMapper.xml | 16 +++++++
 .../connectiongroup/ConnectionGroupMapper.xml | 16 +++++++
 .../guacamole/auth/jdbc/user/UserMapper.xml   | 18 ++++++-
 10 files changed, 173 insertions(+), 59 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
index 1e879b904..fc2bdb331 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
@@ -215,49 +215,50 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
     }
 
     /**
-     * Returns whether the given object is valid and can be created as-is. The
-     * object does not yet exist in the database, but the user desires to
-     * create a new object with the given values. This function will be called
-     * prior to any creation operation, and provides a means for the
-     * implementation to abort prior to completion. The default implementation
-     * does nothing.
+     * Returns whether the contents of the given model are valid and can be
+     * used to create a new object as-is. The object does not yet exist in the
+     * database, but the user desires to create a new object with the given
+     * model. This function will be called prior to any creation operation, and
+     * provides a means for the implementation to abort prior to completion. The
+     * default implementation does nothing.
      *
      * @param user
      *     The user creating the object.
      *
-     * @param object
-     *     The object to validate.
+     * @param model
+     *     The model to validate.
      *
      * @throws GuacamoleException
      *     If the object is invalid, or an error prevents validating the given
      *     object.
      */
-    protected void validateNewObject(AuthenticatedUser user,
-            ExternalType object) throws GuacamoleException {
+    protected void validateNewModel(AuthenticatedUser user,
+            ModelType model) throws GuacamoleException {
 
         // By default, do nothing.
 
     }
 
     /**
-     * Returns whether the given object is valid and can updated as-is. The
-     * object already exists in the database, but the user desires to update
-     * the object to the given values. This function will be called prior to
-     * update operation, and provides a means for the implementation to abort
-     * prior to completion. The default implementation does nothing.
+     * Returns whether the given model is valid and can be used to update an
+     * existing object as-is. The object already exists in the database, but the
+     * user desires to update the object to the given model. This function will
+     * be called prior to update operation, and provides a means for the
+     * implementation to abort prior to completion. The default implementation
+     * does nothing.
      *
      * @param user
      *     The user updating the existing object.
      *
-     * @param object 
-     *     The object to validate.
+     * @param model
+     *     The model to validate.
      *
      * @throws GuacamoleException
      *     If the object is invalid, or an error prevents validating the given
      *     object.
      */
-    protected void validateExistingObject(AuthenticatedUser user,
-            InternalType object) throws GuacamoleException {
+    protected void validateExistingModel(AuthenticatedUser user,
+            ModelType model) throws GuacamoleException {
 
         // By default, do nothing.
 
@@ -362,10 +363,10 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
         if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
 
             // Validate object prior to creation
-            validateNewObject(user, object);
+            ModelType model = getModelInstance(user, object);
+            validateNewModel(user, model);
 
             // Create object
-            ModelType model = getModelInstance(user, object);
             getObjectMapper().insert(model);
 
             // Build list of implicit permissions
@@ -447,10 +448,11 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
         if (hasObjectPermission(user, object.getIdentifier(), ObjectPermission.Type.UPDATE)) {
 
             // Validate object prior to creation
-            validateExistingObject(user, object);
+            ModelType model = object.getModel();
+            validateExistingModel(user, model);
 
             // Update object
-            getObjectMapper().update(object.getModel());
+            getObjectMapper().update(model);
             return;
         }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
index 8c8cf0a2b..faa7f21d1 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java
@@ -71,5 +71,22 @@ public interface ConnectionMapper extends DirectoryObjectMapper<ConnectionModel>
      */
     Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
             @Param("parentIdentifier") String parentIdentifier);
+
+    /**
+     * Selects the connection within the given parent group and having the
+     * given name. If no such connection exists, null is returned.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent group to search within.
+     *
+     * @param name
+     *     The name of the connection to find.
+     *
+     * @return
+     *     The connection having the given name within the given parent group,
+     *     or null if no such connection exists.
+     */
+    ConnectionModel selectOneByName(@Param("parentIdentifier") String parentIdentifier,
+            @Param("name") String name);
     
 }
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
index fcc43208b..f7d0b5ac5 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -147,26 +147,37 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
     }
 
     @Override
-    protected void validateNewObject(AuthenticatedUser user, Connection object)
-            throws GuacamoleException {
+    protected void validateNewModel(AuthenticatedUser user,
+            ConnectionModel model) throws GuacamoleException {
 
         // Name must not be blank
-        if (object.getName().trim().isEmpty())
+        if (model.getName().trim().isEmpty())
             throw new GuacamoleClientException("Connection names must not be blank.");
-        
-        // FIXME: Do not attempt to create duplicate connections
+
+        // Do not attempt to create duplicate connections
+        ConnectionModel existing = connectionMapper.selectOneByName(model.getParentIdentifier(), model.getName());
+        if (existing != null)
+            throw new GuacamoleClientException("The connection \"" + model.getName() + "\" already exists.");
 
     }
 
     @Override
-    protected void validateExistingObject(AuthenticatedUser user,
-            ModeledConnection object) throws GuacamoleException {
+    protected void validateExistingModel(AuthenticatedUser user,
+            ConnectionModel model) throws GuacamoleException {
 
         // Name must not be blank
-        if (object.getName().trim().isEmpty())
+        if (model.getName().trim().isEmpty())
             throw new GuacamoleClientException("Connection names must not be blank.");
         
-        // FIXME: Check whether such a connection is already present
+        // Check whether such a connection is already present
+        ConnectionModel existing = connectionMapper.selectOneByName(model.getParentIdentifier(), model.getName());
+        if (existing != null) {
+
+            // If the specified name matches a DIFFERENT existing connection, the update cannot continue
+            if (!existing.getObjectID().equals(model.getObjectID()))
+                throw new GuacamoleClientException("The connection \"" + model.getName() + "\" already exists.");
+
+        }
         
     }
 
@@ -238,10 +249,11 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
         // Update connection
         super.updateObject(user, object);
 
-        // Replace existing parameters with new parameters
+        // Replace existing parameters with new parameters, if any
         Collection<ParameterModel> parameterModels = getParameterModels(object);
         parameterMapper.delete(object.getIdentifier());
-        parameterMapper.insert(parameterModels);
+        if (!parameterModels.isEmpty())
+            parameterMapper.insert(parameterModels);
         
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
index ad682cd20..a08ef7c20 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java
@@ -71,5 +71,22 @@ public interface ConnectionGroupMapper extends DirectoryObjectMapper<ConnectionG
      */
     Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
             @Param("parentIdentifier") String parentIdentifier);
+
+    /**
+     * Selects the connection group within the given parent group and having
+     * the given name. If no such connection group exists, null is returned.
+     *
+     * @param parentIdentifier
+     *     The identifier of the parent group to search within.
+     *
+     * @param name
+     *     The name of the connection group to find.
+     *
+     * @return
+     *     The connection group having the given name within the given parent
+     *     group, or null if no such connection group exists.
+     */
+    ConnectionGroupModel selectOneByName(@Param("parentIdentifier") String parentIdentifier,
+            @Param("name") String name);
     
 }
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
index f144dcb87..cfed2edd0 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
@@ -130,26 +130,37 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
     }
 
     @Override
-    protected void validateNewObject(AuthenticatedUser user, ConnectionGroup object)
-            throws GuacamoleException {
+    protected void validateNewModel(AuthenticatedUser user,
+            ConnectionGroupModel model) throws GuacamoleException {
 
         // Name must not be blank
-        if (object.getName().trim().isEmpty())
+        if (model.getName().trim().isEmpty())
             throw new GuacamoleClientException("Connection group names must not be blank.");
         
-        // FIXME: Do not attempt to create duplicate connection groups
+        // Do not attempt to create duplicate connection groups
+        ConnectionGroupModel existing = connectionGroupMapper.selectOneByName(model.getParentIdentifier(), model.getName());
+        if (existing != null)
+            throw new GuacamoleClientException("The connection group \"" + model.getName() + "\" already exists.");
 
     }
 
     @Override
-    protected void validateExistingObject(AuthenticatedUser user,
-            ModeledConnectionGroup object) throws GuacamoleException {
+    protected void validateExistingModel(AuthenticatedUser user,
+            ConnectionGroupModel model) throws GuacamoleException {
 
         // Name must not be blank
-        if (object.getName().trim().isEmpty())
+        if (model.getName().trim().isEmpty())
             throw new GuacamoleClientException("Connection group names must not be blank.");
         
-        // FIXME: Check whether such a connection group is already present
+        // Check whether such a connection group is already present
+        ConnectionGroupModel existing = connectionGroupMapper.selectOneByName(model.getParentIdentifier(), model.getName());
+        if (existing != null) {
+
+            // If the specified name matches a DIFFERENT existing connection group, the update cannot continue
+            if (!existing.getObjectID().equals(model.getObjectID()))
+                throw new GuacamoleClientException("The connection group \"" + model.getName() + "\" already exists.");
+
+        }
         
     }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
index fbe83ae25..0563196de 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java
@@ -46,7 +46,19 @@ public interface UserMapper extends DirectoryObjectMapper<UserModel> {
      *     The user having the given username and password, or null if no such
      *     user exists.
      */
-    UserModel selectByCredentials(@Param("username") String username,
+    UserModel selectOneByCredentials(@Param("username") String username,
             @Param("password") String password);
+
+    /**
+     * Returns the user having the given username, if any. If no such user
+     * exists, null is returned.
+     *
+     * @param username
+     *     The username of the user to return.
+     *
+     * @return
+     *     The user having the given username, or null if no such user exists.
+     */
+    UserModel selectOne(@Param("username") String username);
     
 }
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
index 0785337ee..1fd24dc54 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
@@ -118,38 +118,35 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
     }
 
     @Override
-    protected void validateNewObject(AuthenticatedUser user, User object)
+    protected void validateNewModel(AuthenticatedUser user, UserModel model)
             throws GuacamoleException {
 
         // Username must not be blank
-        if (object.getIdentifier().trim().isEmpty())
+        if (model.getIdentifier().trim().isEmpty())
             throw new GuacamoleClientException("The username must not be blank.");
         
         // Do not create duplicate users
-        Collection<UserModel> existing = userMapper.select(Collections.singleton(object.getIdentifier()));
+        Collection<UserModel> existing = userMapper.select(Collections.singleton(model.getIdentifier()));
         if (!existing.isEmpty())
-            throw new GuacamoleClientException("User \"" + object.getIdentifier() + "\" already exists.");
+            throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists.");
 
     }
 
     @Override
-    protected void validateExistingObject(AuthenticatedUser user,
-            ModeledUser object) throws GuacamoleException {
+    protected void validateExistingModel(AuthenticatedUser user,
+            UserModel model) throws GuacamoleException {
 
         // Username must not be blank
-        if (object.getIdentifier().trim().isEmpty())
+        if (model.getIdentifier().trim().isEmpty())
             throw new GuacamoleClientException("The username must not be blank.");
         
         // Check whether such a user is already present
-        ModeledUser existing = retrieveObject(user, object.getIdentifier());
+        UserModel existing = userMapper.selectOne(model.getIdentifier());
         if (existing != null) {
 
-            UserModel existingModel = existing.getModel();
-            UserModel updatedModel = object.getModel();
-
             // Do not rename to existing user
-            if (!existingModel.getObjectID().equals(updatedModel.getObjectID()))
-                throw new GuacamoleClientException("User \"" + object.getIdentifier() + "\" already exists.");
+            if (!existing.getObjectID().equals(model.getObjectID()))
+                throw new GuacamoleClientException("User \"" + model.getIdentifier() + "\" already exists.");
             
         }
         
@@ -173,7 +170,7 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
         String password = credentials.getPassword();
 
         // Retrieve user model, if the user exists
-        UserModel userModel = userMapper.selectByCredentials(username, password);
+        UserModel userModel = userMapper.selectOneByCredentials(username, password);
         if (userModel == null)
             return null;
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
index ac8fb6d6b..2211da069 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
@@ -107,6 +107,22 @@
 
     </select>
 
+    <!-- Select single connection by name -->
+    <select id="selectOneByName" resultMap="ConnectionResultMap">
+
+        SELECT
+            connection_id,
+            connection_name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        WHERE 
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND connection_name = #{name,jdbcType=VARCHAR}
+
+    </select>
+
     <!-- Delete single connection by identifier -->
     <delete id="delete">
         DELETE FROM guacamole_connection
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 3e3f8c156..4eb20da1c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -108,6 +108,22 @@
 
     </select>
 
+    <!-- Select single connection group by name -->
+    <select id="selectOneByName" resultMap="ConnectionGroupResultMap">
+
+        SELECT
+            connection_group_id,
+            connection_group_name,
+            parent_id,
+            type
+        FROM guacamole_connection_group
+        WHERE 
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND connection_group_name = #{name,jdbcType=VARCHAR}
+
+    </select>
+
     <!-- Delete single connection group by identifier -->
     <delete id="delete">
         DELETE FROM guacamole_connection_group
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
index b3726eb8f..fb7e6ff55 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -87,8 +87,8 @@
 
     </select>
 
-
-    <select id="selectByCredentials" resultMap="UserResultMap">
+    <!-- Select single user by credentials -->
+    <select id="selectOneByCredentials" resultMap="UserResultMap">
         SELECT
             user_id,
             username,
@@ -100,6 +100,20 @@
             AND password_hash = UNHEX(SHA2(CONCAT(#{password,jdbcType=VARCHAR}, HEX(password_salt)), 256))
     </select>
 
+    <!-- Select single user by username -->
+    <select id="selectOne" resultMap="UserResultMap">
+
+        SELECT
+            user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        WHERE
+            username = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
     <!-- Delete single user by username -->
     <delete id="delete">
         DELETE FROM guacamole_user