Merge 1.0.0 changes back to master.

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUser.java

@@ -19,10 +19,17 @@
 
 package org.apache.guacamole.net.auth;
 
+import java.util.Collections;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
 
 /**
- * Basic implementation of a Guacamole user which uses the username to
- * determine equality. Username comparison is case-sensitive.
+ * Base implementation of User which provides default implementations of
+ * most functions.
  */
 public abstract class AbstractUser extends AbstractIdentifiable
         implements User {
@@ -44,4 +51,164 @@ public abstract class AbstractUser extends AbstractIdentifiable
         this.password = password;
     }
 
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty map. Implementations
+     * that wish to expose custom attributes should override this function.
+     */
+    @Override
+    public Map<String, String> getAttributes() {
+        return Collections.emptyMap();
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply ignores all attributes given.
+     * Implementations that wish to support modification of custom attributes
+     * should override this function.
+     */
+    @Override
+    public void setAttributes(Map<String, String> attributes) {
+        // Ignore all attributes by default
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply returns {@code null}. Implementations that
+     * wish to expose the date and time that a user was last active should
+     * override this function.
+     */
+    @Override
+    public Date getLastActive() {
+        return null;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty list. Implementations
+     * that wish to expose user login history should override this function.
+     */
+    @Override
+    public List<ActivityRecord> getHistory() throws GuacamoleException {
+        return Collections.emptyList();
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public SystemPermissionSet getSystemPermissions()
+            throws GuacamoleException {
+        return SystemPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getConnectionPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getConnectionGroupPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getUserPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getUserGroupPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getActiveConnectionPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getSharingProfilePermissions() {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty related object set.
+     * Implementations that wish to expose group membership should override
+     * this function.
+     */
+    @Override
+    public RelatedObjectSet getUserGroups() throws GuacamoleException {
+        return RelatedObjectSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply returns {@code this}. Implementations that
+     * wish to expose permissions which apply indirectly (such as through
+     * group inheritance) should override this function.
+     */
+    @Override
+    public Permissions getEffectivePermissions() throws GuacamoleException {
+        return this;
+    }
+
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractUserGroup.java

@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.net.auth;
+
+import java.util.Collections;
+import java.util.Map;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
+
+/**
+ * Base implementation of UserGroup which provides default implementations of
+ * most functions.
+ */
+public class AbstractUserGroup extends AbstractIdentifiable implements UserGroup {
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty map. Implementations
+     * that wish to expose custom attributes should override this function.
+     */
+    @Override
+    public Map<String, String> getAttributes() {
+        return Collections.emptyMap();
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply ignores all attributes given.
+     * Implementations that wish to support modification of custom attributes
+     * should override this function.
+     */
+    @Override
+    public void setAttributes(Map<String, String> attributes) {
+        // Ignore all attributes by default
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public SystemPermissionSet getSystemPermissions()
+            throws GuacamoleException {
+        return SystemPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getConnectionPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getConnectionGroupPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getUserPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getUserGroupPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getActiveConnectionPermissions()
+            throws GuacamoleException {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty permission set.
+     * Implementations that wish to expose permissions should override this
+     * function.
+     */
+    @Override
+    public ObjectPermissionSet getSharingProfilePermissions() {
+        return ObjectPermissionSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty related object set.
+     * Implementations that wish to expose group membership should override
+     * this function.
+     */
+    @Override
+    public RelatedObjectSet getUserGroups() throws GuacamoleException {
+        return RelatedObjectSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty related object set.
+     * Implementations that wish to expose group membership should override
+     * this function.
+     */
+    @Override
+    public RelatedObjectSet getMemberUsers() throws GuacamoleException {
+        return RelatedObjectSet.EMPTY_SET;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>This implementation simply an immutable, empty related object set.
+     * Implementations that wish to expose group membership should override
+     * this function.
+     */
+    @Override
+    public RelatedObjectSet getMemberUserGroups() throws GuacamoleException {
+        return RelatedObjectSet.EMPTY_SET;
+    }
+
+}

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/RelatedObjectSet.java

@@ -19,8 +19,10 @@
 
 package org.apache.guacamole.net.auth;
 
+import java.util.Collections;
 import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
 
 /**
  * An arbitrary set of existing objects sharing some common relation. Unlike a
@@ -75,4 +77,28 @@ public interface RelatedObjectSet {
      */
     void removeObjects(Set<String> identifiers) throws GuacamoleException;
 
+    /**
+     * An immutable instance of RelatedObjectSEt which contains no objects.
+     */
+    static final RelatedObjectSet EMPTY_SET = new RelatedObjectSet() {
+
+        @Override
+        public Set<String> getObjects() throws GuacamoleException {
+            return Collections.emptySet();
+        }
+
+        @Override
+        public void addObjects(Set<String> identifiers)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public void removeObjects(Set<String> identifiers)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+    };
+
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/ObjectPermissionSet.java

@@ -20,8 +20,10 @@
 package org.apache.guacamole.net.auth.permission;
 
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
 
 
 /**
@@ -126,4 +128,54 @@ public interface ObjectPermissionSet extends PermissionSet<ObjectPermission> {
     void removePermissions(Set<ObjectPermission> permissions)
             throws GuacamoleException;
 
+    /**
+     * An immutable instance of ObjectPermissionSet which contains no
+     * permissions.
+     */
+    static final ObjectPermissionSet EMPTY_SET = new ObjectPermissionSet() {
+
+        @Override
+        public boolean hasPermission(ObjectPermission.Type permission,
+                String identifier) throws GuacamoleException {
+            return false;
+        }
+
+        @Override
+        public void addPermission(ObjectPermission.Type permission,
+                String identifier) throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public void removePermission(ObjectPermission.Type permission,
+                String identifier) throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public Collection<String> getAccessibleObjects(Collection<ObjectPermission.Type> permissions,
+                Collection<String> identifiers) throws GuacamoleException {
+            return Collections.emptySet();
+        }
+
+        @Override
+        public Set<ObjectPermission> getPermissions()
+                throws GuacamoleException {
+            return Collections.emptySet();
+        }
+
+        @Override
+        public void addPermissions(Set<ObjectPermission> permissions)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public void removePermissions(Set<ObjectPermission> permissions)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+    };
+
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/SystemPermissionSet.java

@@ -19,8 +19,10 @@
 
 package org.apache.guacamole.net.auth.permission;
 
+import java.util.Collections;
 import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.GuacamoleSecurityException;
 
 
 /**
@@ -81,4 +83,48 @@ public interface SystemPermissionSet extends PermissionSet<SystemPermission> {
     void removePermissions(Set<SystemPermission> permissions)
             throws GuacamoleException;
 
+    /**
+     * An immutable instance of SystemPermissionSet which contains no
+     * permissions.
+     */
+    static final SystemPermissionSet EMPTY_SET = new SystemPermissionSet() {
+
+        @Override
+        public boolean hasPermission(SystemPermission.Type permission)
+                throws GuacamoleException {
+            return false;
+        }
+
+        @Override
+        public void addPermission(SystemPermission.Type permission)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public void removePermission(SystemPermission.Type permission)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public Set<SystemPermission> getPermissions()
+                throws GuacamoleException {
+            return Collections.emptySet();
+        }
+
+        @Override
+        public void addPermissions(Set<SystemPermission> permissions)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+        @Override
+        public void removePermissions(Set<SystemPermission> permissions)
+                throws GuacamoleException {
+            throw new GuacamoleSecurityException("Permission denied.");
+        }
+
+    };
+
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java

@@ -22,6 +22,7 @@ package org.apache.guacamole.net.auth.simple;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleSecurityException;
@@ -37,14 +38,77 @@ public class SimpleObjectPermissionSet implements ObjectPermissionSet {
     /**
      * The set of all permissions currently granted.
      */
-    private Set<ObjectPermission> permissions = Collections.<ObjectPermission>emptySet();
+    private Set<ObjectPermission> permissions = Collections.emptySet();
 
     /**
-     * Creates a new empty SimpleObjectPermissionSet.
+     * Creates a new empty SimpleObjectPermissionSet. If you are not extending
+     * SimpleObjectPermissionSet and only need an immutable, empty
+     * ObjectPermissionSet, consider using {@link ObjectPermissionSet#EMPTY_SET}
+     * instead.
      */
     public SimpleObjectPermissionSet() {
     }
 
+    /**
+     * Creates a new set of ObjectPermissions for each possible combination of
+     * the given identifiers and permission types.
+     *
+     * @param identifiers
+     *     The identifiers which should have one ObjectPermission for each of
+     *     the given permission types.
+     *
+     * @param types
+     *     The permissions which should be granted for each of the given
+     *     identifiers.
+     *
+     * @return
+     *     A new set of ObjectPermissions containing one ObjectPermission for
+     *     each possible combination of the given identifiers and permission
+     *     types.
+     */
+    private static Set<ObjectPermission> createPermissions(Collection<String> identifiers,
+            Collection<ObjectPermission.Type> types) {
+
+        // Add a permission of each type to the set for each identifier given
+        Set<ObjectPermission> permissions = new HashSet<>(identifiers.size());
+        types.forEach(type -> {
+            identifiers.forEach(identifier -> permissions.add(new ObjectPermission(type, identifier)));
+        });
+
+        return permissions;
+
+    }
+
+    /**
+     * Creates a new SimpleObjectPermissionSet which contains permissions for
+     * all possible unique combinations of the given identifiers and permission
+     * types.
+     *
+     * @param identifiers
+     *     The identifiers which should be associated permissions having each
+     *     of the given permission types.
+     *
+     * @param types
+     *     The types of permissions which should be granted for each of the
+     *     given identifiers.
+     */
+    public SimpleObjectPermissionSet(Collection<String> identifiers,
+            Collection<ObjectPermission.Type> types) {
+        this(createPermissions(identifiers, types));
+    }
+
+    /**
+     * Creates a new SimpleObjectPermissionSet which contains only READ
+     * permissions for each of the given identifiers.
+     *
+     * @param identifiers
+     *     The identifiers which should each be associated with READ
+     *     permission.
+     */
+    public SimpleObjectPermissionSet(Collection<String> identifiers) {
+        this(identifiers, Collections.singletonList(ObjectPermission.Type.READ));
+    }
+
     /**
      * Creates a new SimpleObjectPermissionSet which contains the permissions
      * within the given Set.

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleRelatedObjectSet.java

@@ -34,10 +34,13 @@ public class SimpleRelatedObjectSet implements RelatedObjectSet {
     /**
      * A set containing the identifiers of all objects currently present.
      */
-    private Set<String> identifiers = Collections.<String>emptySet();
+    private Set<String> identifiers = Collections.emptySet();
 
     /**
-     * Creates a new empty SimpleObjectPermissionSet.
+     * Creates a new empty SimpleRelatedObjectSet. If you are not extending
+     * SimpleRelatedObjectSet and only need an immutable, empty
+     * RelatedObjectSet, consider using {@link RelatedObjectSet#EMPTY_SET}
+     * instead.
      */
     public SimpleRelatedObjectSet() {
     }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleSystemPermissionSet.java

@@ -35,10 +35,13 @@ public class SimpleSystemPermissionSet implements SystemPermissionSet {
     /**
      * The set of all permissions currently granted.
      */
-    private Set<SystemPermission> permissions = Collections.<SystemPermission>emptySet();
+    private Set<SystemPermission> permissions = Collections.emptySet();
 
     /**
-     * Creates a new empty SimpleSystemPermissionSet.
+     * Creates a new empty SimpleSystemPermissionSet. If you are not extending
+     * SimpleSystemPermissionSet and only need an immutable, empty
+     * SystemPermissionSet, consider using {@link SystemPermissionSet#EMPTY_SET}
+     * instead.
      */
     public SimpleSystemPermissionSet() {
     }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUser.java

@@ -20,43 +20,34 @@
 package org.apache.guacamole.net.auth.simple;
 
 import java.util.Collection;
-import java.util.Collections;
-import java.util.Date;
 import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
 import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.AbstractUser;
-import org.apache.guacamole.net.auth.ActivityRecord;
-import org.apache.guacamole.net.auth.Permissions;
-import org.apache.guacamole.net.auth.RelatedObjectSet;
 import org.apache.guacamole.net.auth.permission.ObjectPermission;
 import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
-import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
 
 /**
- * An extremely basic User implementation.
+ * A read-only User implementation which has no permissions. Implementations
+ * that need to define permissions should extend this class and override the
+ * associated getters.
  */
 public class SimpleUser extends AbstractUser {
 
     /**
-     * All connection permissions granted to this user.
+     * All user permissions granted to this user.
      */
-    private final Set<ObjectPermission> userPermissions =
-            new HashSet<ObjectPermission>();
+    private final Set<ObjectPermission> userPermissions = new HashSet<>();
 
     /**
      * All connection permissions granted to this user.
      */
-    private final Set<ObjectPermission> connectionPermissions =
-            new HashSet<ObjectPermission>();
+    private final Set<ObjectPermission> connectionPermissions = new HashSet<>();
     
     /**
      * All connection group permissions granted to this user.
      */
-    private final Set<ObjectPermission> connectionGroupPermissions =
-            new HashSet<ObjectPermission>();
+    private final Set<ObjectPermission> connectionGroupPermissions = new HashSet<>();
 
     /**
      * Creates a completely uninitialized SimpleUser.
@@ -65,16 +56,13 @@ public class SimpleUser extends AbstractUser {
     }
 
     /**
-     * Creates a new SimpleUser having the given username and no permissions.
+     * Creates a new SimpleUser having the given username.
      *
      * @param username
      *     The username to assign to this SimpleUser.
      */
     public SimpleUser(String username) {
-
-        // Set username
-        setIdentifier(username);
-
+        super.setIdentifier(username);
     }
 
     /**
@@ -92,18 +80,17 @@ public class SimpleUser extends AbstractUser {
             Collection<String> identifiers) {
 
         // Add a READ permission to the set for each identifier given
-        for (String identifier : identifiers) {
-            permissions.add(new ObjectPermission (
+        identifiers.forEach(identifier ->
+            permissions.add(new ObjectPermission(
                 ObjectPermission.Type.READ,
-                identifier
+                identifier)
             ));
-        }
 
     }
-    
+
     /**
      * Creates a new SimpleUser having the given username and READ access to
-     * the connections and groups having the given identifiers.
+     * the connections and connection groups having the given identifiers.
      *
      * @param username
      *     The username to assign to this SimpleUser.
@@ -114,7 +101,15 @@ public class SimpleUser extends AbstractUser {
      * @param connectionGroupIdentifiers
      *     The identifiers of all connection groups this user has READ access
      *     to.
+     *
+     * @deprecated
+     *     Extend and override the applicable permission set getters instead,
+     *     relying on SimpleUser to expose no permissions by default for all
+     *     permission sets that aren't overridden. See {@link SimpleObjectPermissionSet}
+     *     for convenient methods of providing a read-only permission set with
+     *     specific permissions.
      */
+    @Deprecated
     public SimpleUser(String username,
             Collection<String> connectionIdentifiers,
             Collection<String> connectionGroupIdentifiers) {
@@ -143,7 +138,15 @@ public class SimpleUser extends AbstractUser {
      * @param connectionGroupIdentifiers
      *     The identifiers of all connection groups this user has READ access
      *     to.
+     *
+     * @deprecated
+     *     Extend and override the applicable permission set getters instead,
+     *     relying on SimpleUser to expose no permissions by default for all
+     *     permission sets that aren't overridden. See {@link SimpleObjectPermissionSet}
+     *     for convenient methods of providing a read-only permission set with
+     *     specific permissions.
      */
+    @Deprecated
     public SimpleUser(String username,
             Collection<String> userIdentifiers,
             Collection<String> connectionIdentifiers,
@@ -158,32 +161,6 @@ public class SimpleUser extends AbstractUser {
 
     }
 
-    @Override
-    public Map<String, String> getAttributes() {
-        return Collections.<String, String>emptyMap();
-    }
-
-    @Override
-    public void setAttributes(Map<String, String> attributes) {
-        // Do nothing - there are no attributes
-    }
-
-    @Override
-    public Date getLastActive() {
-        return null;
-    }
-
-    @Override
-    public List<ActivityRecord> getHistory() throws GuacamoleException {
-        return Collections.<ActivityRecord>emptyList();
-    }
-
-    @Override
-    public SystemPermissionSet getSystemPermissions()
-            throws GuacamoleException {
-        return new SimpleSystemPermissionSet();
-    }
-
     @Override
     public ObjectPermissionSet getConnectionPermissions()
             throws GuacamoleException {
@@ -202,31 +179,4 @@ public class SimpleUser extends AbstractUser {
         return new SimpleObjectPermissionSet(userPermissions);
     }
 
-    @Override
-    public ObjectPermissionSet getUserGroupPermissions()
-            throws GuacamoleException {
-        return new SimpleObjectPermissionSet();
-    }
-
-    @Override
-    public ObjectPermissionSet getActiveConnectionPermissions()
-            throws GuacamoleException {
-        return new SimpleObjectPermissionSet();
-    }
-
-    @Override
-    public ObjectPermissionSet getSharingProfilePermissions() {
-        return new SimpleObjectPermissionSet();
-    }
-
-    @Override
-    public RelatedObjectSet getUserGroups() throws GuacamoleException {
-        return new SimpleRelatedObjectSet();
-    }
-
-    @Override
-    public Permissions getEffectivePermissions() throws GuacamoleException {
-        return this;
-    }
-
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserContext.java

@@ -19,7 +19,6 @@
 
 package org.apache.guacamole.net.auth.simple;
 
-import java.util.Collections;
 import java.util.Map;
 import java.util.concurrent.ConcurrentHashMap;
 import org.apache.guacamole.GuacamoleException;
@@ -29,6 +28,7 @@ import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Connection;
 import org.apache.guacamole.net.auth.Directory;
 import org.apache.guacamole.net.auth.User;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.protocol.GuacamoleConfiguration;
 
 /**
@@ -113,20 +113,19 @@ public class SimpleUserContext extends AbstractUserContext {
 
     @Override
     public User self() {
+        return new SimpleUser(username) {
 
-        try {
-            return new SimpleUser(username,
-                    getConnectionDirectory().getIdentifiers(),
-                    getConnectionGroupDirectory().getIdentifiers()
-            );
-        }
+            @Override
+            public ObjectPermissionSet getConnectionGroupPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(getConnectionDirectory().getIdentifiers());
+            }
 
-        catch (GuacamoleException e) {
-            return new SimpleUser(username,
-                    Collections.<String>emptySet(),
-                    Collections.<String>emptySet());
-        }
+            @Override
+            public ObjectPermissionSet getConnectionPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(getConnectionGroupDirectory().getIdentifiers());
+            }
 
+        };
     }
 
     @Override

guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserGroup.java

@@ -0,0 +1,47 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.net.auth.simple;
+
+import org.apache.guacamole.net.auth.AbstractUserGroup;
+
+/**
+ * A read-only UserGroup implementation which has no members and no
+ * permissions. Implementations that need to define members or permissions
+ * should extend this class and override the associated getters.
+ */
+public class SimpleUserGroup extends AbstractUserGroup {
+
+    /**
+     * Creates a completely uninitialized SimpleUserGroup.
+     */
+    public SimpleUserGroup() {
+    }
+
+    /**
+     * Creates a new SimpleUserGroup having the given identifier.
+     *
+     * @param identifier
+     *     The identifier to assign to this SimpleUserGroup.
+     */
+    public SimpleUserGroup(String identifier) {
+        super.setIdentifier(identifier);
+    }
+
+}