GUACAMOLE-220: Move JDBC handling of effective groups to RemoteAuthenticatedUser level. Stub out retrieval of effective groups.

2025-09-06 13:17:41 +00:00 · 2018-04-06 13:46:36 -07:00
parent a155397947
commit 6e71f330b8
4 changed files with 40 additions and 16 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java
@@ -20,7 +20,6 @@
 package org.apache.guacamole.auth.jdbc.sharing.user;

 import java.util.Collections;
-import java.util.Set;
 import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
@@ -52,7 +51,8 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser {
     *     The AuthenticatedUser to copy.
     */
    public SharedAuthenticatedUser(AuthenticatedUser authenticatedUser) {
-        super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials());
+        super(authenticatedUser.getAuthenticationProvider(),
+                authenticatedUser.getCredentials(), Collections.<String>emptySet());
        this.shareKey = null;
        this.identifier = authenticatedUser.getIdentifier();
    }
@@ -75,7 +75,7 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser {
     */
    public SharedAuthenticatedUser(AuthenticationProvider authenticationProvider,
            Credentials credentials, String shareKey) {
-        super(authenticationProvider, credentials);
+        super(authenticationProvider, credentials, Collections.<String>emptySet());
        this.shareKey = shareKey;
        this.identifier = AuthenticatedUser.ANONYMOUS_IDENTIFIER;
    }
@@ -102,9 +102,4 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser {
        throw new UnsupportedOperationException("Users authenticated via share keys are immutable.");
    }

-    @Override
-    public Set<String> getEffectiveUserGroups() {
-        return Collections.<String>emptySet();
-    }
-
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java
@@ -76,7 +76,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser {
     */
    public ModeledAuthenticatedUser(AuthenticatedUser authenticatedUser,
            AuthenticationProvider modelAuthenticationProvider, ModeledUser user) {
-        super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials());
+        super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials(), authenticatedUser.getEffectiveUserGroups());
        this.modelAuthenticationProvider = modelAuthenticationProvider;
        this.user = user;
    }
@@ -98,7 +98,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser {
     */
    public ModeledAuthenticatedUser(AuthenticationProvider authenticationProvider,
            ModeledUser user, Credentials credentials) {
-        super(authenticationProvider, credentials);
+        super(authenticationProvider, credentials, user.getEffectiveUserGroups());
        this.modelAuthenticationProvider = authenticationProvider;
        this.user = user;
    }
@@ -169,9 +169,4 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser {
        user.setIdentifier(identifier);
    }

-    @Override
-    public Set<String> getEffectiveUserGroups() {
-        return Collections.<String>emptySet();
-    }
-
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
@@ -854,6 +854,22 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
        return new SimpleRelatedObjectSet();
    }

+    /**
+     * Returns the identifiers of all user groups defined within the database
+     * which apply to this user, including any groups inherited through
+     * membership in yet more groups.
+     *
+     * @return
+     *     The identifiers of all user groups defined within the database which
+     *     apply to this user.
+     */
+    public Set<String> getEffectiveUserGroups() {
+
+        // FIXME: STUB
+        return /*retrieveEffectiveIdentifiers(this, */Collections.<String>emptySet()/*)*/;
+
+    }
+
    @Override
    public Permissions getEffectivePermissions() throws GuacamoleException {
        return new Permissions() {
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
@@ -19,6 +19,8 @@

 package org.apache.guacamole.auth.jdbc.user;

+import java.util.Collections;
+import java.util.Set;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
@@ -43,6 +45,12 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
     */
    private final String remoteHost;

+    /**
+     * The identifiers of any groups of which this user is a member, including
+     * groups inherited through membership in other groups.
+     */
+    private final Set<String> effectiveGroups;
+
    /**
     * Creates a new RemoteAuthenticatedUser, deriving the associated remote
     * host from the given credentials.
@@ -52,12 +60,17 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
     *
     * @param credentials 
     *     The credentials given by the user when they authenticated.
+     *
+     * @param effectiveGroups
+     *     The identifiers of any groups of which this user is a member,
+     *     including groups inherited through membership in other groups.
     */
    public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider,
-            Credentials credentials) {
+            Credentials credentials, Set<String> effectiveGroups) {
        this.authenticationProvider = authenticationProvider;
        this.credentials = credentials;
        this.remoteHost = credentials.getRemoteAddress();
+        this.effectiveGroups = Collections.unmodifiableSet(effectiveGroups);
    }

    @Override
@@ -75,6 +88,11 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
        return remoteHost;
    }

+    @Override
+    public Set<String> getEffectiveUserGroups() {
+        return effectiveGroups;
+    }
+
    @Override
    public AuthenticationProvider getAuthenticationProvider() {
        return authenticationProvider;