From 6e71f330b8f8108751fa2fee2b5adea1ae6aecae Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 6 Apr 2018 13:46:36 -0700 Subject: [PATCH] GUACAMOLE-220: Move JDBC handling of effective groups to RemoteAuthenticatedUser level. Stub out retrieval of effective groups. --- .../sharing/user/SharedAuthenticatedUser.java | 11 +++------- .../jdbc/user/ModeledAuthenticatedUser.java | 9 ++------- .../guacamole/auth/jdbc/user/ModeledUser.java | 16 +++++++++++++++ .../jdbc/user/RemoteAuthenticatedUser.java | 20 ++++++++++++++++++- 4 files changed, 40 insertions(+), 16 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java index 958213cbc..96c6a9e31 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedAuthenticatedUser.java @@ -20,7 +20,6 @@ package org.apache.guacamole.auth.jdbc.sharing.user; import java.util.Collections; -import java.util.Set; import org.apache.guacamole.auth.jdbc.user.RemoteAuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; @@ -52,7 +51,8 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser { * The AuthenticatedUser to copy. */ public SharedAuthenticatedUser(AuthenticatedUser authenticatedUser) { - super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials()); + super(authenticatedUser.getAuthenticationProvider(), + authenticatedUser.getCredentials(), Collections.emptySet()); this.shareKey = null; this.identifier = authenticatedUser.getIdentifier(); } @@ -75,7 +75,7 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser { */ public SharedAuthenticatedUser(AuthenticationProvider authenticationProvider, Credentials credentials, String shareKey) { - super(authenticationProvider, credentials); + super(authenticationProvider, credentials, Collections.emptySet()); this.shareKey = shareKey; this.identifier = AuthenticatedUser.ANONYMOUS_IDENTIFIER; } @@ -102,9 +102,4 @@ public class SharedAuthenticatedUser extends RemoteAuthenticatedUser { throw new UnsupportedOperationException("Users authenticated via share keys are immutable."); } - @Override - public Set getEffectiveUserGroups() { - return Collections.emptySet(); - } - } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java index 8c201d004..e756374cb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java @@ -76,7 +76,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { */ public ModeledAuthenticatedUser(AuthenticatedUser authenticatedUser, AuthenticationProvider modelAuthenticationProvider, ModeledUser user) { - super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials()); + super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials(), authenticatedUser.getEffectiveUserGroups()); this.modelAuthenticationProvider = modelAuthenticationProvider; this.user = user; } @@ -98,7 +98,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { */ public ModeledAuthenticatedUser(AuthenticationProvider authenticationProvider, ModeledUser user, Credentials credentials) { - super(authenticationProvider, credentials); + super(authenticationProvider, credentials, user.getEffectiveUserGroups()); this.modelAuthenticationProvider = authenticationProvider; this.user = user; } @@ -169,9 +169,4 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { user.setIdentifier(identifier); } - @Override - public Set getEffectiveUserGroups() { - return Collections.emptySet(); - } - } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 737aec860..0628d7499 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -854,6 +854,22 @@ public class ModeledUser extends ModeledDirectoryObject implements Us return new SimpleRelatedObjectSet(); } + /** + * Returns the identifiers of all user groups defined within the database + * which apply to this user, including any groups inherited through + * membership in yet more groups. + * + * @return + * The identifiers of all user groups defined within the database which + * apply to this user. + */ + public Set getEffectiveUserGroups() { + + // FIXME: STUB + return /*retrieveEffectiveIdentifiers(this, */Collections.emptySet()/*)*/; + + } + @Override public Permissions getEffectivePermissions() throws GuacamoleException { return new Permissions() { diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java index d68d9a96e..324892e4d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java @@ -19,6 +19,8 @@ package org.apache.guacamole.auth.jdbc.user; +import java.util.Collections; +import java.util.Set; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; @@ -43,6 +45,12 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { */ private final String remoteHost; + /** + * The identifiers of any groups of which this user is a member, including + * groups inherited through membership in other groups. + */ + private final Set effectiveGroups; + /** * Creates a new RemoteAuthenticatedUser, deriving the associated remote * host from the given credentials. @@ -52,12 +60,17 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { * * @param credentials * The credentials given by the user when they authenticated. + * + * @param effectiveGroups + * The identifiers of any groups of which this user is a member, + * including groups inherited through membership in other groups. */ public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider, - Credentials credentials) { + Credentials credentials, Set effectiveGroups) { this.authenticationProvider = authenticationProvider; this.credentials = credentials; this.remoteHost = credentials.getRemoteAddress(); + this.effectiveGroups = Collections.unmodifiableSet(effectiveGroups); } @Override @@ -75,6 +88,11 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { return remoteHost; } + @Override + public Set getEffectiveUserGroups() { + return effectiveGroups; + } + @Override public AuthenticationProvider getAuthenticationProvider() { return authenticationProvider;