GUACAMOLE-289: Clarify behavior of getResource() with respect to authenticated vs. unauthenticated.

2025-09-06 05:07:41 +00:00 · 2017-04-29 14:00:10 -07:00
parent aa261410f4
commit 8142b2d5f8
2 changed files with 21 additions and 17 deletions
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationProvider.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticationProvider.java
@@ -41,15 +41,17 @@ public interface AuthenticationProvider {
    String getIdentifier();

    /**
-     * Returns an arbitrary REST resource. The REST resource returned must be
-     * properly annotated with JSR-311 annotations, and may serve as the root
-     * resource for any number of extension-specific REST resources which are
-     * unrelated to an authenticated user's session. The returned resource is
-     * ultimately exposed at ".../api/ext/IDENTIFIER/", where IDENTIFIER is the
-     * identifier of the AuthenticationProvider.
+     * Returns an arbitrary REST resource representing this
+     * AuthenticationProvider. The REST resource returned must be properly
+     * annotated with JSR-311 annotations, and may serve as the root resource
+     * for any number of subresources. The returned resource is ultimately
+     * exposed at ".../api/ext/IDENTIFIER/", where IDENTIFIER is the identifier
+     * of this AuthenticationProvider.
     *
-     * REST resources which ARE related to an authenticated user's session
-     * should instead be returned from UserContext.getResource().
+     * REST resources returned by this function will be reachable by all users,
+     * regardless of whether they have authenticated. REST resources which
+     * must only be accessible by authenticated users should instead be returned
+     * from UserContext.getResource().
     *
     * @return
     *     An arbitrary REST resource, annotated with JSR-311 annotations, or
--- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/UserContext.java
+++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/UserContext.java
@@ -39,16 +39,18 @@ public interface UserContext {
    User self();

    /**
-     * Returns an arbitrary REST resource. The REST resource returned must be
-     * properly annotated with JSR-311 annotations, and may serve as the root
-     * resource for any number of extension-specific REST resources related to
-     * an authenticated user's session. The returned resource is ultimately
-     * exposed at ".../api/session/ext/IDENTIFIER/", where IDENTIFIER is the
-     * identifier of the AuthenticationProvider associated with this
-     * UserContext.
+     * Returns an arbitrary REST resource representing this UserContext. The
+     * REST resource returned must be properly annotated with JSR-311
+     * annotations, and may serve as the root resource for any number of
+     * subresources. The returned resource is ultimately exposed at
+     * ".../api/session/ext/IDENTIFIER/", where IDENTIFIER is the identifier of
+     * the AuthenticationProvider associated with this UserContext.
     *
-     * REST resources which are NOT related to an authenticated user's session
-     * should instead be returned from AuthenticationProvider.getResource().
+     * REST resources returned by this function will only be reachable by
+     * authenticated users with valid authentication tokens. REST resources
+     * which should be accessible by all users regardless of whether they have
+     * authenticated should instead be returned from
+     * AuthenticationProvider.getResource().
     *
     * @return
     *     An arbitrary REST resource, annotated with JSR-311 annotations, or