GUAC-1132: Associate tunnels with records, not sockets. Provide tunnel for connect().

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java

@@ -40,7 +40,7 @@ import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObjectService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -403,19 +403,19 @@ public class ConnectionService extends GroupedDirectoryObjectService<ModeledConn
      *     Information associated with the connecting client.
      *
      * @return
-     *     A connected GuacamoleSocket associated with a newly-established
+     *     A connected GuacamoleTunnel associated with a newly-established
      *     connection.
      *
      * @throws GuacamoleException
      *     If permission to connect to this connection is denied.
      */
-    public GuacamoleSocket connect(AuthenticatedUser user,
+    public GuacamoleTunnel connect(AuthenticatedUser user,
             ModeledConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
         // Connect only if READ permission is granted
         if (hasObjectPermission(user, connection.getIdentifier(), ObjectPermission.Type.READ))
-            return socketService.getGuacamoleSocket(user, connection, info);
+            return socketService.getGuacamoleTunnel(user, connection, info);
 
         // The user does not have permission to connect
         throw new GuacamoleSecurityException("Permission denied.");

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java

@@ -28,7 +28,7 @@ import java.util.List;
 import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObject;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
@@ -114,7 +114,7 @@ public class ModeledConnection extends GroupedDirectoryObject<ConnectionModel>
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
+    public GuacamoleTunnel connect(GuacamoleClientInformation info) throws GuacamoleException {
         return connectionService.connect(getCurrentUser(), this, info);
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java

@@ -24,7 +24,7 @@ package org.glyptodon.guacamole.auth.jdbc.connection;
 
 
 import java.util.Date;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 /**
@@ -84,7 +84,7 @@ public class ModeledConnectionRecord implements ConnectionRecord {
     }
 
     @Override
-    public GuacamoleSocket getSocket() {
+    public GuacamoleTunnel getTunnel() {
         return null;
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java

@@ -35,7 +35,7 @@ import org.glyptodon.guacamole.GuacamoleUnsupportedException;
 import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObjectService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -235,19 +235,19 @@ public class ConnectionGroupService extends GroupedDirectoryObjectService<Modele
      *     Information associated with the connecting client.
      *
      * @return
-     *     A connected GuacamoleSocket associated with a newly-established
+     *     A connected GuacamoleTunnel associated with a newly-established
      *     connection.
      *
      * @throws GuacamoleException
      *     If permission to connect to this connection is denied.
      */
-    public GuacamoleSocket connect(AuthenticatedUser user,
+    public GuacamoleTunnel connect(AuthenticatedUser user,
             ModeledConnectionGroup connectionGroup, GuacamoleClientInformation info)
             throws GuacamoleException {
 
         // Connect only if READ permission is granted
         if (hasObjectPermission(user, connectionGroup.getIdentifier(), ObjectPermission.Type.READ))
-            return socketService.getGuacamoleSocket(user, connectionGroup, info);
+            return socketService.getGuacamoleTunnel(user, connectionGroup, info);
 
         // The user does not have permission to connect
         throw new GuacamoleSecurityException("Permission denied.");

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java

@@ -28,7 +28,7 @@ import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
 import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObject;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
@@ -76,7 +76,7 @@ public class ModeledConnectionGroup extends GroupedDirectoryObject<ConnectionGro
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info)
+    public GuacamoleTunnel connect(GuacamoleClientInformation info)
             throws GuacamoleException {
         return connectionGroupService.connect(getCurrentUser(), this, info);
     }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/RootConnectionGroup.java

@@ -28,7 +28,7 @@ import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
@@ -125,7 +125,7 @@ public class RootConnectionGroup extends RestrictedObject
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info)
+    public GuacamoleTunnel connect(GuacamoleClientInformation info)
             throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/AbstractGuacamoleSocketService.java

@@ -46,6 +46,8 @@ import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
+import org.glyptodon.guacamole.net.SynchronizedGuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -344,7 +346,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
     }
 
     /**
-     * Creates a socket for the given user which connects to the given
+     * Creates a tunnel for the given user which connects to the given
      * connection, which MUST already be acquired via acquire(). The given
      * client information will be passed to guacd when the connection is
      * established.
@@ -360,14 +362,14 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
      *     connection.
      *
      * @return
-     *     A new GuacamoleSocket which is configured and connected to the given
+     *     A new GuacamoleTunnel which is configured and connected to the given
      *     connection.
      *
      * @throws GuacamoleException
      *     If an error occurs while the connection is being established, or
      *     while connection configuration information is being retrieved.
      */
-    private GuacamoleSocket assignGuacamoleSocket(ActiveConnectionRecord activeConnection,
+    private GuacamoleTunnel assignGuacamoleTunnel(ActiveConnectionRecord activeConnection,
             GuacamoleClientInformation info)
             throws GuacamoleException {
 
@@ -388,9 +390,10 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
                 info
             );
 
-            // Assign and return new socket
+            // Assign and return new tunnel 
-            activeConnection.setSocket(socket);
+            GuacamoleTunnel tunnel = new SynchronizedGuacamoleTunnel(socket);
-            return socket;
+            activeConnection.setTunnel(tunnel);
+            return tunnel;
             
         }
 
@@ -459,13 +462,13 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
 
     @Override
     @Transactional
-    public GuacamoleSocket getGuacamoleSocket(final AuthenticatedUser user,
+    public GuacamoleTunnel getGuacamoleTunnel(final AuthenticatedUser user,
             final ModeledConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException {
 
         // Acquire and connect to single connection
         acquire(user, Collections.singletonList(connection));
-        return assignGuacamoleSocket(new ActiveConnectionRecord(user, connection), info);
+        return assignGuacamoleTunnel(new ActiveConnectionRecord(user, connection), info);
 
     }
 
@@ -476,7 +479,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
 
     @Override
     @Transactional
-    public GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
+    public GuacamoleTunnel getGuacamoleTunnel(AuthenticatedUser user,
             ModeledConnectionGroup connectionGroup,
             GuacamoleClientInformation info) throws GuacamoleException {
 
@@ -490,7 +493,7 @@ public abstract class AbstractGuacamoleSocketService implements GuacamoleSocketS
 
         // Acquire and connect to any child
         ModeledConnection connection = acquire(user, connections);
-        return assignGuacamoleSocket(new ActiveConnectionRecord(user, connectionGroup, connection), info);
+        return assignGuacamoleTunnel(new ActiveConnectionRecord(user, connectionGroup, connection), info);
 
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/ActiveConnectionRecord.java

@@ -26,7 +26,7 @@ import java.util.Date;
 import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection;
 import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 
@@ -63,10 +63,10 @@ public class ActiveConnectionRecord implements ConnectionRecord {
     private final Date startDate = new Date();
 
     /**
-     * The GuacamoleSocket used by the connection associated with this
+     * The GuacamoleTunnel used by the connection associated with this
      * connection record.
      */
-    private GuacamoleSocket socket;
+    private GuacamoleTunnel tunnel;
     
     /**
      * Creates a new connection record associated with the given user,
@@ -194,18 +194,18 @@ public class ActiveConnectionRecord implements ConnectionRecord {
     }
 
     @Override
-    public GuacamoleSocket getSocket() {
+    public GuacamoleTunnel getTunnel() {
-        return socket;
+        return tunnel;
     }
 
     /**
-     * Associates the given GuacamoleSocket with this connection record.
+     * Associates the given GuacamoleTunnel with this connection record.
      *
-     * @param socket
+     * @param tunnel
-     *     The GuacamoleSocket to associate with this connection record.
+     *     The GuacamoleTunnel to associate with this connection record.
      */
-    public void setSocket(GuacamoleSocket socket) {
+    public void setTunnel(GuacamoleTunnel tunnel) {
-        this.socket = socket;
+        this.tunnel = tunnel;
     }
 
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/socket/GuacamoleSocketService.java

@@ -27,7 +27,7 @@ import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.auth.jdbc.connection.ModeledConnection;
 import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -78,14 +78,14 @@ public interface GuacamoleSocketService {
      *     connection.
      *
      * @return
-     *     A new GuacamoleSocket which is configured and connected to the given
+     *     A new GuacamoleTunnel which is configured and connected to the given
      *     connection.
      *
      * @throws GuacamoleException
      *     If the connection cannot be established due to concurrent usage
      *     rules.
      */
-    GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
+    GuacamoleTunnel getGuacamoleTunnel(AuthenticatedUser user,
             ModeledConnection connection, GuacamoleClientInformation info)
             throws GuacamoleException;
 
@@ -122,14 +122,14 @@ public interface GuacamoleSocketService {
      *     connection group.
      *
      * @return
-     *     A new GuacamoleSocket which is configured and connected to the given
+     *     A new GuacamoleTunnel which is configured and connected to the given
      *     connection group.
      *
      * @throws GuacamoleException
      *     If the connection cannot be established due to concurrent usage
      *     rules, or if the connection group is not balancing.
      */
-    GuacamoleSocket getGuacamoleSocket(AuthenticatedUser user,
+    GuacamoleTunnel getGuacamoleTunnel(AuthenticatedUser user,
             ModeledConnectionGroup connectionGroup,
             GuacamoleClientInformation info)
             throws GuacamoleException;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java

@@ -125,8 +125,16 @@ public class UserContext extends RestrictedObject
     }
 
     @Override
-    public Collection<ConnectionRecord> getActiveConnections() throws GuacamoleException {
+    public Collection<ConnectionRecord> getActiveConnections()
+            throws GuacamoleException {
         return socketService.getActiveConnections(getCurrentUser());
     }
 
+    @Override
+    public ConnectionRecord getActiveConnection(String tunnelUUID)
+            throws GuacamoleException {
+        // STUB
+        return null;
+    }
+
 }

guacamole-common/src/main/java/org/glyptodon/guacamole/net/DelegatingGuacamoleTunnel.java

@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.net;
+
+import java.util.UUID;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.io.GuacamoleReader;
+import org.glyptodon.guacamole.io.GuacamoleWriter;
+
+/**
+ * GuacamoleTunnel implementation which simply delegates all function calls to
+ * an underlying GuacamoleTunnel.
+ *
+ * @author Michael Jumper
+ */
+public class DelegatingGuacamoleTunnel implements GuacamoleTunnel {
+
+    /**
+     * The wrapped GuacamoleTunnel.
+     */
+    private final GuacamoleTunnel tunnel;
+
+    /**
+     * Wraps the given tunnel such that all function calls against this tunnel
+     * will be delegated to it.
+     *
+     * @param tunnel
+     *     The GuacamoleTunnel to wrap.
+     */
+    public DelegatingGuacamoleTunnel(GuacamoleTunnel tunnel) {
+        this.tunnel = tunnel;
+    }
+
+    @Override
+    public GuacamoleReader acquireReader() {
+        return tunnel.acquireReader();
+    }
+
+    @Override
+    public void releaseReader() {
+        tunnel.releaseReader();
+    }
+
+    @Override
+    public boolean hasQueuedReaderThreads() {
+        return tunnel.hasQueuedReaderThreads();
+    }
+
+    @Override
+    public GuacamoleWriter acquireWriter() {
+        return tunnel.acquireWriter();
+    }
+
+    @Override
+    public void releaseWriter() {
+        tunnel.releaseWriter();
+    }
+
+    @Override
+    public boolean hasQueuedWriterThreads() {
+        return tunnel.hasQueuedWriterThreads();
+    }
+
+    @Override
+    public UUID getUUID() {
+        return tunnel.getUUID();
+    }
+
+    @Override
+    public GuacamoleSocket getSocket() {
+        return tunnel.getSocket();
+    }
+
+    @Override
+    public void close() throws GuacamoleException {
+        tunnel.close();
+    }
+
+    @Override
+    public boolean isOpen() {
+        return tunnel.isOpen();
+    }
+
+}

guacamole-common/src/main/java/org/glyptodon/guacamole/net/GuacamoleTunnel.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2013 Glyptodon LLC
+ * Copyright (C) 2015 Glyptodon LLC
  *
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -24,7 +24,6 @@ package org.glyptodon.guacamole.net;
 
 
 import java.util.UUID;
-import java.util.concurrent.locks.ReentrantLock;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.io.GuacamoleReader;
 import org.glyptodon.guacamole.io.GuacamoleWriter;
@@ -35,46 +34,7 @@ import org.glyptodon.guacamole.io.GuacamoleWriter;
  *
  * @author Michael Jumper
  */
-public class GuacamoleTunnel {
+public interface GuacamoleTunnel {
-
-    /**
-     * The UUID associated with this tunnel. Every tunnel must have a
-     * corresponding UUID such that tunnel read/write requests can be
-     * directed to the proper tunnel.
-     */
-    private UUID uuid;
-
-    /**
-     * The GuacamoleSocket that tunnel should use for communication on
-     * behalf of the connecting user.
-     */
-    private GuacamoleSocket socket;
-
-    /**
-     * Lock acquired when a read operation is in progress.
-     */
-    private ReentrantLock readerLock;
-
-    /**
-     * Lock acquired when a write operation is in progress.
-     */
-    private ReentrantLock writerLock;
-
-    /**
-     * Creates a new GuacamoleTunnel which synchronizes access to the
-     * Guacamole instruction stream associated with the given GuacamoleSocket.
-     *
-     * @param socket The GuacamoleSocket to provide synchronized access for.
-     */
-    public GuacamoleTunnel(GuacamoleSocket socket) {
-
-        this.socket = socket;
-        uuid = UUID.randomUUID();
-
-        readerLock = new ReentrantLock();
-        writerLock = new ReentrantLock();
-
-    }
 
     /**
      * Acquires exclusive read access to the Guacamole instruction stream
@@ -83,19 +43,14 @@ public class GuacamoleTunnel {
      * @return A GuacamoleReader for reading from the Guacamole instruction
      *         stream.
      */
-    public GuacamoleReader acquireReader() {
+    GuacamoleReader acquireReader();
-        readerLock.lock();
-        return socket.getReader();
-    }
 
     /**
      * Relinquishes exclusive read access to the Guacamole instruction
      * stream. This function should be called whenever a thread finishes using
      * a GuacamoleTunnel's GuacamoleReader.
      */
-    public void releaseReader() {
+    void releaseReader();
-        readerLock.unlock();
-    }
 
     /**
      * Returns whether there are threads waiting for read access to the
@@ -104,9 +59,7 @@ public class GuacamoleTunnel {
      * @return true if threads are waiting for read access the Guacamole
      *         instruction stream, false otherwise.
      */
-    public boolean hasQueuedReaderThreads() {
+    public boolean hasQueuedReaderThreads();
-        return readerLock.hasQueuedThreads();
-    }
 
     /**
      * Acquires exclusive write access to the Guacamole instruction stream
@@ -115,19 +68,14 @@ public class GuacamoleTunnel {
      * @return A GuacamoleWriter for writing to the Guacamole instruction
      *         stream.
      */
-    public GuacamoleWriter acquireWriter() {
+    public GuacamoleWriter acquireWriter();
-        writerLock.lock();
-        return socket.getWriter();
-    }
 
     /**
      * Relinquishes exclusive write access to the Guacamole instruction
      * stream. This function should be called whenever a thread finishes using
      * a GuacamoleTunnel's GuacamoleWriter.
      */
-    public void releaseWriter() {
+    public void releaseWriter();
-        writerLock.unlock();
-    }
 
     /**
      * Returns whether there are threads waiting for write access to the
@@ -136,18 +84,14 @@ public class GuacamoleTunnel {
      * @return true if threads are waiting for write access the Guacamole
      *         instruction stream, false otherwise.
      */
-    public boolean hasQueuedWriterThreads() {
+    public boolean hasQueuedWriterThreads();
-        return writerLock.hasQueuedThreads();
-    }
 
     /**
      * Returns the unique identifier associated with this GuacamoleTunnel.
      *
      * @return The unique identifier associated with this GuacamoleTunnel.
      */
-    public UUID getUUID() {
+    public UUID getUUID();
-        return uuid;
-    }
 
     /**
      * Returns the GuacamoleSocket used by this GuacamoleTunnel for reading
@@ -155,9 +99,7 @@ public class GuacamoleTunnel {
      *
      * @return The GuacamoleSocket used by this GuacamoleTunnel.
      */
-    public GuacamoleSocket getSocket() {
+    public GuacamoleSocket getSocket();
-        return socket;
-    }
 
     /**
      * Release all resources allocated to this GuacamoleTunnel.
@@ -165,17 +107,13 @@ public class GuacamoleTunnel {
      * @throws GuacamoleException if an error occurs while releasing
      *                            resources.
      */
-    public void close() throws GuacamoleException {
+    public void close() throws GuacamoleException;
-        socket.close();
-    }
 
     /**
      * Returns whether this GuacamoleTunnel is open, or has been closed.
      *
      * @return true if this GuacamoleTunnel is open, false if it is closed.
      */
-    public boolean isOpen() {
+    public boolean isOpen();
-        return socket.isOpen();
-    }
 
 }

guacamole-common/src/main/java/org/glyptodon/guacamole/net/SynchronizedGuacamoleTunnel.java

@@ -0,0 +1,181 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.net;
+
+
+import java.util.UUID;
+import java.util.concurrent.locks.ReentrantLock;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.io.GuacamoleReader;
+import org.glyptodon.guacamole.io.GuacamoleWriter;
+
+/**
+ * GuacamoleTunnel implementation which synchronizes access to the underlying
+ * reader and write with reentrant locks.
+ *
+ * @author Michael Jumper
+ */
+public class SynchronizedGuacamoleTunnel implements GuacamoleTunnel {
+
+    /**
+     * The UUID associated with this tunnel. Every tunnel must have a
+     * corresponding UUID such that tunnel read/write requests can be
+     * directed to the proper tunnel.
+     */
+    private final UUID uuid;
+
+    /**
+     * The GuacamoleSocket that tunnel should use for communication on
+     * behalf of the connecting user.
+     */
+    private final GuacamoleSocket socket;
+
+    /**
+     * Lock acquired when a read operation is in progress.
+     */
+    private final ReentrantLock readerLock;
+
+    /**
+     * Lock acquired when a write operation is in progress.
+     */
+    private final ReentrantLock writerLock;
+
+    /**
+     * Creates a new GuacamoleTunnel which synchronizes access to the
+     * Guacamole instruction stream associated with the given GuacamoleSocket.
+     *
+     * @param socket The GuacamoleSocket to provide synchronized access for.
+     */
+    public SynchronizedGuacamoleTunnel(GuacamoleSocket socket) {
+
+        this.socket = socket;
+        uuid = UUID.randomUUID();
+
+        readerLock = new ReentrantLock();
+        writerLock = new ReentrantLock();
+
+    }
+
+    /**
+     * Acquires exclusive read access to the Guacamole instruction stream
+     * and returns a GuacamoleReader for reading from that stream.
+     *
+     * @return A GuacamoleReader for reading from the Guacamole instruction
+     *         stream.
+     */
+    public GuacamoleReader acquireReader() {
+        readerLock.lock();
+        return socket.getReader();
+    }
+
+    /**
+     * Relinquishes exclusive read access to the Guacamole instruction
+     * stream. This function should be called whenever a thread finishes using
+     * a GuacamoleTunnel's GuacamoleReader.
+     */
+    public void releaseReader() {
+        readerLock.unlock();
+    }
+
+    /**
+     * Returns whether there are threads waiting for read access to the
+     * Guacamole instruction stream.
+     *
+     * @return true if threads are waiting for read access the Guacamole
+     *         instruction stream, false otherwise.
+     */
+    public boolean hasQueuedReaderThreads() {
+        return readerLock.hasQueuedThreads();
+    }
+
+    /**
+     * Acquires exclusive write access to the Guacamole instruction stream
+     * and returns a GuacamoleWriter for writing to that stream.
+     *
+     * @return A GuacamoleWriter for writing to the Guacamole instruction
+     *         stream.
+     */
+    public GuacamoleWriter acquireWriter() {
+        writerLock.lock();
+        return socket.getWriter();
+    }
+
+    /**
+     * Relinquishes exclusive write access to the Guacamole instruction
+     * stream. This function should be called whenever a thread finishes using
+     * a GuacamoleTunnel's GuacamoleWriter.
+     */
+    public void releaseWriter() {
+        writerLock.unlock();
+    }
+
+    /**
+     * Returns whether there are threads waiting for write access to the
+     * Guacamole instruction stream.
+     *
+     * @return true if threads are waiting for write access the Guacamole
+     *         instruction stream, false otherwise.
+     */
+    public boolean hasQueuedWriterThreads() {
+        return writerLock.hasQueuedThreads();
+    }
+
+    /**
+     * Returns the unique identifier associated with this GuacamoleTunnel.
+     *
+     * @return The unique identifier associated with this GuacamoleTunnel.
+     */
+    public UUID getUUID() {
+        return uuid;
+    }
+
+    /**
+     * Returns the GuacamoleSocket used by this GuacamoleTunnel for reading
+     * and writing.
+     *
+     * @return The GuacamoleSocket used by this GuacamoleTunnel.
+     */
+    public GuacamoleSocket getSocket() {
+        return socket;
+    }
+
+    /**
+     * Release all resources allocated to this GuacamoleTunnel.
+     *
+     * @throws GuacamoleException if an error occurs while releasing
+     *                            resources.
+     */
+    public void close() throws GuacamoleException {
+        socket.close();
+    }
+
+    /**
+     * Returns whether this GuacamoleTunnel is open, or has been closed.
+     *
+     * @return true if this GuacamoleTunnel is open, false if it is closed.
+     */
+    public boolean isOpen() {
+        return socket.isOpen();
+    }
+
+}

guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/Connectable.java

@@ -23,7 +23,7 @@
 package org.glyptodon.guacamole.net.auth;
 
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
 /**
@@ -42,13 +42,13 @@ public interface Connectable {
      *     Information associated with the connecting client.
      *
      * @return
-     *     A fully-established GuacamoleSocket.
+     *     A fully-established GuacamoleTunnel.
      *
      * @throws GuacamoleException
      *     If an error occurs while connecting to guacd, or if permission to
      *     connect is denied.
      */
-    public GuacamoleSocket connect(GuacamoleClientInformation info)
+    public GuacamoleTunnel connect(GuacamoleClientInformation info)
             throws GuacamoleException;
 
     /**

guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/ConnectionRecord.java

@@ -23,7 +23,7 @@
 package org.glyptodon.guacamole.net.auth;
 
 import java.util.Date;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 
 /**
  * A logging record describing when a user started and ended usage of a
@@ -88,14 +88,14 @@ public interface ConnectionRecord {
     public boolean isActive();
 
     /**
-     * Returns the connected GuacamoleSocket of the connection associated with
+     * Returns the connected GuacamoleTunnel of the connection associated with
      * this record, if any. If the connection is not active, or access to
      * the socket is denied, null is returned.
      *
      * @return
-     *     The connected GuacamoleSocket, if any, or null if the connection is
+     *     The connected GuacamoleTunnel, if any, or null if the connection is
      *     not active or permission is denied.
      */
-    public GuacamoleSocket getSocket();
+    public GuacamoleTunnel getTunnel();
 
 }

guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/UserContext.java

@@ -112,4 +112,25 @@ public interface UserContext {
     Collection<ConnectionRecord> getActiveConnections()
             throws GuacamoleException;
 
+    /**
+     * Returns the connection record associated with the active connection
+     * having the tunnel with the given UUID. The active connection will only
+     * be returned if the current user has access.
+     *
+     * @param tunnelUUID
+     *     The UUID of the tunnel whose associated connection record should be
+     *     returned.
+     *
+     * @return
+     *     The connection record associated with the active connection having
+     *     the tunnel with the given UUID, if any, or null if no such
+     *     connection exists.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while reading active connection records, or if
+     *     permission is denied.
+     */
+    ConnectionRecord getActiveConnection(String tunnelUUID)
+            throws GuacamoleException;
+
 }

guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleConnection.java

@@ -28,8 +28,10 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.environment.Environment;
 import org.glyptodon.guacamole.environment.LocalEnvironment;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.InetGuacamoleSocket;
 import org.glyptodon.guacamole.net.SSLGuacamoleSocket;
+import org.glyptodon.guacamole.net.SynchronizedGuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.AbstractConnection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
@@ -84,7 +86,7 @@ public class SimpleConnection extends AbstractConnection {
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info)
+    public GuacamoleTunnel connect(GuacamoleClientInformation info)
             throws GuacamoleException {
 
         Environment env = new LocalEnvironment();
@@ -93,18 +95,23 @@ public class SimpleConnection extends AbstractConnection {
         String hostname = env.getProperty(Environment.GUACD_HOSTNAME);
         int port = env.getProperty(Environment.GUACD_PORT);
 
+        GuacamoleSocket socket;
+        
         // If guacd requires SSL, use it
         if (env.getProperty(Environment.GUACD_SSL, false))
-            return new ConfiguredGuacamoleSocket(
+            socket = new ConfiguredGuacamoleSocket(
                 new SSLGuacamoleSocket(hostname, port),
                 config, info
             );
 
-        // Return connected socket
+        // Otherwise, just connect directly via TCP
-        return new ConfiguredGuacamoleSocket(
+        else
-            new InetGuacamoleSocket(hostname, port),
+            socket = new ConfiguredGuacamoleSocket(
-            config, info
+                new InetGuacamoleSocket(hostname, port),
-        );
+                config, info
+            );
+
+        return new SynchronizedGuacamoleTunnel(socket);
         
     }
 

guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleConnectionGroup.java

@@ -27,7 +27,7 @@ import java.util.HashSet;
 import java.util.Set;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.AbstractConnectionGroup;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
@@ -102,7 +102,7 @@ public class SimpleConnectionGroup extends AbstractConnectionGroup {
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info) 
+    public GuacamoleTunnel connect(GuacamoleClientInformation info) 
             throws GuacamoleException {
         throw new GuacamoleSecurityException("Permission denied.");
     }

guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleUserContext.java

@@ -174,4 +174,10 @@ public class SimpleUserContext implements UserContext {
         return Collections.EMPTY_LIST;
     }
 
+    @Override
+    public ConnectionRecord getActiveConnection(String tunnelUUID)
+            throws GuacamoleException {
+        return null;
+    }
+
 }

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/TunnelRequestService.java

@@ -31,7 +31,7 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.GuacamoleUnauthorizedException;
 import org.glyptodon.guacamole.io.GuacamoleReader;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.DelegatingGuacamoleTunnel;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
@@ -204,7 +204,7 @@ public class TunnelRequestService {
             info.getVideoMimetypes().addAll(video_mimetypes);
 
         // Create connected socket from identifier
-        GuacamoleSocket socket;
+        GuacamoleTunnel tunnel;
         switch (id_type) {
 
             // Connection identifiers
@@ -221,8 +221,8 @@ public class TunnelRequestService {
                     throw new GuacamoleSecurityException("Requested connection is not authorized.");
                 }
 
-                // Connect socket
+                // Connect tunnel
-                socket = connection.connect(info);
+                tunnel = connection.connect(info);
                 logger.info("User \"{}\" successfully connected to \"{}\".", context.self().getIdentifier(), id);
                 break;
             }
@@ -241,8 +241,8 @@ public class TunnelRequestService {
                     throw new GuacamoleSecurityException("Requested connection group is not authorized.");
                 }
 
-                // Connect socket
+                // Connect tunnel
-                socket = group.connect(info);
+                tunnel = group.connect(info);
                 logger.info("User \"{}\" successfully connected to group \"{}\".", context.self().getIdentifier(), id);
                 break;
             }
@@ -253,8 +253,8 @@ public class TunnelRequestService {
 
         }
 
-        // Associate socket with tunnel
+        // Track tunnel open/close
-        GuacamoleTunnel tunnel = new GuacamoleTunnel(socket) {
+        GuacamoleTunnel monitoredTunnel = new DelegatingGuacamoleTunnel(tunnel) {
 
             @Override
             public GuacamoleReader acquireReader() {
@@ -308,13 +308,13 @@ public class TunnelRequestService {
         };
 
         // Notify listeners about connection
-        if (!notifyConnect(session, tunnel)) {
+        if (!notifyConnect(session, monitoredTunnel)) {
             logger.info("Successful connection canceled by hook.");
             return null;
         }
 
-        session.addTunnel(tunnel);
+        session.addTunnel(monitoredTunnel);
-        return tunnel;
+        return monitoredTunnel;
 
     }
 

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connection/APIConnectionWrapper.java

@@ -26,7 +26,7 @@ import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
@@ -116,7 +116,7 @@ public class APIConnectionWrapper implements Connection {
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
+    public GuacamoleTunnel connect(GuacamoleClientInformation info) throws GuacamoleException {
         throw new UnsupportedOperationException("Operation not supported.");
     }
 

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/APIConnectionGroupWrapper.java

@@ -24,7 +24,7 @@ package org.glyptodon.guacamole.net.basic.rest.connectiongroup;
 
 import java.util.Set;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.net.GuacamoleSocket;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
@@ -106,7 +106,7 @@ public class APIConnectionGroupWrapper implements ConnectionGroup {
     }
 
     @Override
-    public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
+    public GuacamoleTunnel connect(GuacamoleClientInformation info) throws GuacamoleException {
         throw new UnsupportedOperationException("Operation not supported.");
     }