GUACAMOLE-524: Accept only supported attributes via setAttributes(). Do not replace existing attributes.

2025-09-06 13:17:41 +00:00 · 2018-10-01 12:10:37 -07:00
parent 220d9b2994
commit aae17f3a9f
3 changed files with 13 additions and 17 deletions
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
@@ -232,10 +232,7 @@ public class AuthenticationProviderService {
        try {
            // Return AuthenticatedUser if bind succeeds
            AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
-            authenticatedUser.init(credentials);
-
-            // Set attributes
-            authenticatedUser.setAttributes(getLDAPAttributes(ldapConnection, credentials.getUsername()));
+            authenticatedUser.init(credentials, getLDAPAttributes(ldapConnection, credentials.getUsername()));

            return authenticatedUser;

--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java
@@ -20,7 +20,6 @@
 package org.apache.guacamole.auth.ldap.user;

 import com.google.inject.Inject;
-import java.util.HashMap;
 import java.util.Map;
 import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
@@ -47,16 +46,22 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser {
    /**
     * Arbitrary attributes associated with this AuthenticatedUser object.
     */
-    private Map<String, String> attributes = new HashMap<String, String>();
+    private Map<String, String> attributes;

    /**
-     * Initializes this AuthenticatedUser using the given credentials.
+     * Initializes this AuthenticatedUser using the given credentials and
+     * arbitrary attributes.
     *
     * @param credentials
     *     The credentials provided when this user was authenticated.
+     *
+     * @param attributes
+     *     The map of arbitrary attribute name/value pairs to associate with
+     *     this AuthenticatedUser.
     */
-    public void init(Credentials credentials) {
+    public void init(Credentials credentials, Map<String, String> attributes) {
        this.credentials = credentials;
+        this.attributes = attributes;
        setIdentifier(credentials.getUsername());
    }

@@ -67,7 +72,7 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser {

    @Override
    public void setAttributes(Map<String, String> attributes) {
-        this.attributes = attributes;
+        // All attributes are read-only
    }

    @Override