GUACAMOLE-641: Merge expand extension API to allow properties to be retrieved from key vaults.

extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java

@@ -58,7 +58,7 @@ public class CASAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java

@@ -58,7 +58,7 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderAuthenticationProviderModule.java

@@ -56,7 +56,7 @@ public class HTTPHeaderAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/DynamicallyAuthenticatedDataSource.java

@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc;
+
+import com.google.inject.Inject;
+import com.google.inject.Singleton;
+import com.google.inject.name.Named;
+import java.sql.Connection;
+import java.sql.SQLException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.ibatis.datasource.pooled.PooledDataSource;
+import org.apache.ibatis.datasource.unpooled.UnpooledDataSource;
+
+/**
+ * Pooled DataSource implementation which dynamically retrieves the database
+ * username and password from the Guacamole server environment each time a
+ * new database connection is created.
+ */
+@Singleton
+public class DynamicallyAuthenticatedDataSource extends PooledDataSource {
+
+    /**
+     * Creates a new DynamicallyAuthenticatedDataSource which dynamically
+     * retrieves database credentials from the given JDBCEnvironment each time
+     * a new database connection is needed.
+     *
+     * @param environment
+     *     The JDBCEnvironment that should be used to retrieve database
+     *     credentials.
+     *
+     * @param driverClassLoader
+     * @param driver
+     * @param url
+     */
+    @Inject
+    public DynamicallyAuthenticatedDataSource(JDBCEnvironment environment,
+            @Named(value="JDBC.driverClassLoader") ClassLoader driverClassLoader,
+            @Named(value="JDBC.driver") String driver,
+            @Named(value="JDBC.url") String url) {
+
+        // Wrap unpooled DataSource, overriding the connection process such
+        // that credentials are dynamically retrieved from the JDBCEnvironment
+        super(new UnpooledDataSource(driverClassLoader, driver, url, null, null) {
+
+            @Override
+            public Connection getConnection() throws SQLException {
+                try {
+                    return super.getConnection(environment.getUsername(), environment.getPassword());
+                }
+                catch (GuacamoleException e) {
+                    throw new SQLException("Retrieval of database credentials failed.", e);
+                }
+            }
+
+        });
+
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java

@@ -20,6 +20,7 @@
 package org.apache.guacamole.auth.jdbc;
 
 import com.google.inject.Scopes;
+import javax.sql.DataSource;
 import org.apache.guacamole.auth.jdbc.user.ModeledUserContext;
 import org.apache.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup;
 import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
@@ -90,7 +91,6 @@ import org.apache.guacamole.auth.jdbc.usergroup.UserGroupMemberUserMapper;
 import org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper;
 import org.apache.guacamole.auth.jdbc.usergroup.UserGroupService;
 import org.mybatis.guice.MyBatisModule;
-import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
 import org.apache.guacamole.auth.jdbc.user.UserParentUserGroupMapper;
 
 /**
@@ -121,7 +121,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
     protected void initialize() {
         
         // Datasource
-        bindDataSourceProviderType(PooledDataSourceProvider.class);
+        bind(DataSource.class).to(DynamicallyAuthenticatedDataSource.class);
         
         // Transaction factory
         bindTransactionFactoryType(JdbcTransactionFactory.class);

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCEnvironment.java

@@ -20,25 +20,23 @@
 package org.apache.guacamole.auth.jdbc;
 
 import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.environment.LocalEnvironment;
 import org.apache.guacamole.auth.jdbc.security.PasswordPolicy;
+import org.apache.guacamole.environment.DelegatingEnvironment;
+import org.apache.guacamole.environment.LocalEnvironment;
 import org.apache.ibatis.session.SqlSession;
 
 /**
  * A JDBC-specific implementation of Environment that defines generic properties
  * intended for use within JDBC based authentication providers.
  */
-public abstract class JDBCEnvironment extends LocalEnvironment {
+public abstract class JDBCEnvironment extends DelegatingEnvironment {
     
     /**
      * Constructs a new JDBCEnvironment using an underlying LocalEnviroment to
      * read properties from the file system.
-     * 
-     * @throws GuacamoleException
-     *     If an error occurs while setting up the underlying LocalEnvironment.
      */
-    public JDBCEnvironment() throws GuacamoleException {
-        super();
+    public JDBCEnvironment() {
+        super(LocalEnvironment.getInstance());
     }
 
     /**
@@ -168,4 +166,30 @@ public abstract class JDBCEnvironment extends LocalEnvironment {
      */
     public abstract boolean autoCreateAbsentAccounts() throws GuacamoleException;
 
+    /**
+     * Returns the username that should be used when authenticating with the
+     * database containing the Guacamole authentication tables.
+     *
+     * @return
+     *     The username for the database.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the property value, or if the
+     *     value was not set, as this property is required.
+     */
+    public abstract String getUsername() throws GuacamoleException;
+
+    /**
+     * Returns the password that should be used authenticating with the
+     * database containing the Guacamole authentication tables.
+     *
+     * @return
+     *     The password for the database.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the property value, or if the
+     *     value was not set, as this property is required.
+     */
+    public abstract String getPassword() throws GuacamoleException;
+
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java

@@ -72,8 +72,6 @@ public class MySQLAuthenticationProviderModule implements Module {
         myBatisProperties.setProperty("JDBC.host", environment.getMySQLHostname());
         myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getMySQLPort()));
         myBatisProperties.setProperty("JDBC.schema", environment.getMySQLDatabase());
-        myBatisProperties.setProperty("JDBC.username", environment.getMySQLUsername());
-        myBatisProperties.setProperty("JDBC.password", environment.getMySQLPassword());
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
         myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java

@@ -241,34 +241,14 @@ public class MySQLEnvironment extends JDBCEnvironment {
     public String getMySQLDatabase() throws GuacamoleException {
         return getRequiredProperty(MySQLGuacamoleProperties.MYSQL_DATABASE);
     }
-    
-    /**
-     * Returns the username that should be used when authenticating with the
-     * MySQL database containing the Guacamole authentication tables.
-     * 
-     * @return
-     *     The username for the MySQL database.
-     *
-     * @throws GuacamoleException 
-     *     If an error occurs while retrieving the property value, or if the
-     *     value was not set, as this property is required.
-     */
-    public String getMySQLUsername() throws GuacamoleException {
+
+    @Override
+    public String getUsername() throws GuacamoleException {
         return getRequiredProperty(MySQLGuacamoleProperties.MYSQL_USERNAME);
     }
     
-    /**
-     * Returns the password that should be used when authenticating with the
-     * MySQL database containing the Guacamole authentication tables.
-     * 
-     * @return
-     *     The password for the MySQL database.
-     *
-     * @throws GuacamoleException 
-     *     If an error occurs while retrieving the property value, or if the
-     *     value was not set, as this property is required.
-     */
-    public String getMySQLPassword() throws GuacamoleException {
+    @Override
+    public String getPassword() throws GuacamoleException {
         return getRequiredProperty(MySQLGuacamoleProperties.MYSQL_PASSWORD);
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java

@@ -64,8 +64,6 @@ public class PostgreSQLAuthenticationProviderModule implements Module {
         myBatisProperties.setProperty("JDBC.host", environment.getPostgreSQLHostname());
         myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getPostgreSQLPort()));
         myBatisProperties.setProperty("JDBC.schema", environment.getPostgreSQLDatabase());
-        myBatisProperties.setProperty("JDBC.username", environment.getPostgreSQLUsername());
-        myBatisProperties.setProperty("JDBC.password", environment.getPostgreSQLPassword());
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
         myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/apache/guacamole/auth/postgresql/conf/PostgreSQLEnvironment.java

@@ -232,34 +232,14 @@ public class PostgreSQLEnvironment extends JDBCEnvironment {
     public String getPostgreSQLDatabase() throws GuacamoleException {
         return getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_DATABASE);
     }
-    
-    /**
-     * Returns the username that should be used when authenticating with the
-     * PostgreSQL database containing the Guacamole authentication tables.
-     * 
-     * @return
-     *     The username for the PostgreSQL database.
-     *
-     * @throws GuacamoleException 
-     *     If an error occurs while retrieving the property value, or if the
-     *     value was not set, as this property is required.
-     */
-    public String getPostgreSQLUsername() throws GuacamoleException {
+
+    @Override
+    public String getUsername() throws GuacamoleException {
         return getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_USERNAME);
     }
-    
-    /**
-     * Returns the password that should be used when authenticating with the
-     * PostgreSQL database containing the Guacamole authentication tables.
-     * 
-     * @return
-     *     The password for the PostgreSQL database.
-     *
-     * @throws GuacamoleException 
-     *     If an error occurs while retrieving the property value, or if the
-     *     value was not set, as this property is required.
-     */
-    public String getPostgreSQLPassword() throws GuacamoleException {
+
+    @Override
+    public String getPassword() throws GuacamoleException {
         return getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_PASSWORD);
     }
     

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java

@@ -69,8 +69,6 @@ public class SQLServerAuthenticationProviderModule implements Module {
         myBatisProperties.setProperty("JDBC.host", environment.getSQLServerHostname());
         myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getSQLServerPort()));
         myBatisProperties.setProperty("JDBC.schema", environment.getSQLServerDatabase());
-        myBatisProperties.setProperty("JDBC.username", environment.getSQLServerUsername());
-        myBatisProperties.setProperty("JDBC.password", environment.getSQLServerPassword());
         
         myBatisProperties.setProperty("JDBC.autoCommit", "false");
         myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java

@@ -222,33 +222,13 @@ public class SQLServerEnvironment extends JDBCEnvironment {
         return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_DATABASE);
     }
 
-    /**
-     * Returns the username that should be used when authenticating with the
-     * SQLServer database containing the Guacamole authentication tables.
-     * 
-     * @return
-     *     The username for the SQLServer database.
-     *
-     * @throws GuacamoleException 
-     *     If an error occurs while retrieving the property value, or if the
-     *     value was not set, as this property is required.
-     */
-    public String getSQLServerUsername() throws GuacamoleException {
+    @Override
+    public String getUsername() throws GuacamoleException {
         return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_USERNAME);
     }
     
-    /**
-     * Returns the password that should be used when authenticating with the
-     * SQLServer database containing the Guacamole authentication tables.
-     * 
-     * @return
-     *     The password for the SQLServer database.
-     *
-     * @throws GuacamoleException 
-     *     If an error occurs while retrieving the property value, or if the
-     *     value was not set, as this property is required.
-     */
-    public String getSQLServerPassword() throws GuacamoleException {
+    @Override
+    public String getPassword() throws GuacamoleException {
         return getRequiredProperty(SQLServerGuacamoleProperties.SQLSERVER_PASSWORD);
     }
 

extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/JSONAuthenticationProviderModule.java

@@ -59,7 +59,7 @@ public class JSONAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPAuthenticationProviderModule.java

@@ -60,7 +60,7 @@ public class LDAPAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java

@@ -59,7 +59,7 @@ public class OpenIDAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-quickconnect/src/main/java/org/apache/guacamole/auth/quickconnect/QuickConnectAuthenticationProviderModule.java

@@ -57,7 +57,7 @@ public class QuickConnectAuthenticationProviderModule extends AbstractModule {
             AuthenticationProvider authProvider) throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-radius/src/main/java/org/apache/guacamole/auth/radius/RadiusAuthenticationProviderModule.java

@@ -63,7 +63,7 @@ public class RadiusAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
         
         // Check for MD4 requirement
         RadiusAuthenticationProtocol authProtocol = environment.getProperty(RadiusGuacamoleProperties.RADIUS_AUTH_PROTOCOL);

extensions/guacamole-auth-saml/src/main/java/org/apache/guacamole/auth/saml/SAMLAuthenticationProviderModule.java

@@ -57,7 +57,7 @@ public class SAMLAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;

extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/TOTPAuthenticationProviderModule.java

@@ -59,7 +59,7 @@ public class TOTPAuthenticationProviderModule extends AbstractModule {
             throws GuacamoleException {
 
         // Get local environment
-        this.environment = new LocalEnvironment();
+        this.environment = LocalEnvironment.getInstance();
 
         // Store associated auth provider
         this.authProvider = authProvider;