GUACAMOLE-234: Clean up comments, instanceof, and type-casting.

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java

@@ -32,7 +32,6 @@ import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapException;
 import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
 import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapConnectionConfig;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.guacamole.GuacamoleException;
@@ -44,8 +43,6 @@ import org.apache.guacamole.auth.ldap.user.LDAPUserContext;
 import org.apache.guacamole.auth.ldap.user.UserService;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.Credentials;
-import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
-import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
 import org.apache.guacamole.token.TokenName;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -126,7 +123,7 @@ public class AuthenticationProviderService {
         if (searchBindDN != null) {
 
             // Create an LDAP connection using the search account
-            LdapConnection searchConnection = ldapService.bindAs(
+            LdapNetworkConnection searchConnection = ldapService.bindAs(
                 searchBindDN,
                 confService.getSearchBindPassword()
             );
@@ -183,7 +180,7 @@ public class AuthenticationProviderService {
      * @throws GuacamoleException
      *     If an error occurs while binding to the LDAP server.
      */
-    private LdapConnection bindAs(Credentials credentials)
+    private LdapNetworkConnection bindAs(Credentials credentials)
         throws GuacamoleException {
 
         // Get username and password from credentials
@@ -234,24 +231,11 @@ public class AuthenticationProviderService {
             throws GuacamoleException {
 
         // Attempt bind
-        LdapConnection ldapConnection;
+        LdapNetworkConnection ldapConnection = bindAs(credentials);
-        try {
+        LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
-            ldapConnection = bindAs(credentials);
+        
-        }
-        catch (GuacamoleException e) {
-            logger.error("Cannot bind with LDAP server: {}", e.getMessage());
-            logger.debug("Error binding with LDAP server.", e);
-            ldapConnection = null;
-        }
-
-        // If bind fails, permission to login is denied
-        if (ldapConnection == null)
-            throw new GuacamoleInvalidCredentialsException("Permission denied.", CredentialsInfo.USERNAME_PASSWORD);
-
         try {
 
-            LdapConnectionConfig ldapConnectionConfig =
-                    ((LdapNetworkConnection) ldapConnection).getConfig();
             Dn authDn = new Dn(ldapConnectionConfig.getName());
             
             // Retrieve group membership of the user that just authenticated
@@ -297,7 +281,7 @@ public class AuthenticationProviderService {
      * @throws GuacamoleException
      *     If an error occurs retrieving the user DN or the attributes.
      */
-    private Map<String, String> getAttributeTokens(LdapConnection ldapConnection,
+    private Map<String, String> getAttributeTokens(LdapNetworkConnection ldapConnection,
             String username) throws GuacamoleException {
 
         // Get attributes from configuration information
@@ -357,9 +341,7 @@ public class AuthenticationProviderService {
 
         // Bind using credentials associated with AuthenticatedUser
         Credentials credentials = authenticatedUser.getCredentials();
-        LdapConnection ldapConnection = bindAs(credentials);
+        LdapNetworkConnection ldapConnection = bindAs(credentials);
-        if (ldapConnection == null)
-            return null;
 
         try {
 

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java

@@ -38,6 +38,8 @@ import org.apache.guacamole.GuacamoleServerException;
 import org.apache.guacamole.GuacamoleUnsupportedException;
 import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
 import org.apache.guacamole.auth.ldap.conf.EncryptionMethod;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -121,7 +123,7 @@ public class LDAPConnectionService {
      * @throws GuacamoleException
      *     If an error occurs while binding to the LDAP server.
      */
-    public LdapConnection bindAs(Dn userDN, String password)
+    public LdapNetworkConnection bindAs(Dn userDN, String password)
             throws GuacamoleException {
 
         // Obtain appropriately-configured LdapNetworkConnection instance
@@ -138,9 +140,7 @@ public class LDAPConnectionService {
 
         }
         catch (LdapException e) {
-            logger.error("Unable to connect to LDAP server: {}", e.getMessage());
+            throw new GuacamoleServerException("Error connecting to LDAP server.", e);
-            logger.debug("Failed to connect to LDAP server.", e);
-            return null;
         }
 
         // Bind using provided credentials
@@ -156,8 +156,12 @@ public class LDAPConnectionService {
         // Disconnect if an error occurs during bind
         catch (LdapException e) {
             logger.debug("Unable to bind to LDAP server.", e);
+            throw new GuacamoleInvalidCredentialsException(
+                    "Unable to bind to the LDAP server.",
+                    CredentialsInfo.USERNAME_PASSWORD);
+        }
+        finally {
             disconnect(ldapConnection);
-            return null;
         }
 
         return ldapConnection;
@@ -165,7 +169,7 @@ public class LDAPConnectionService {
     }
     
     /**
-     * Generate a new LdapConnection object for following a referral
+     * Generate a new LdapNetworkConnection object for following a referral
      * with the given LdapUrl, and copy the username and password
      * from the original connection.
      * 
@@ -181,15 +185,15 @@ public class LDAPConnectionService {
      *     limit is reached, this method will throw an exception.
      * 
      * @return
-     *     A LdapConnection object that points at the location
+     *     A LdapNetworkConnection object that points at the location
      *     specified in the referralUrl.
      *     
      * @throws GuacamoleException
      *     If an error occurs parsing out the LdapUrl object or the
      *     maximum number of referral hops is reached.
      */
-    public LdapConnection referralConnection(LdapUrl referralUrl,
+    public LdapNetworkConnection referralConnection(LdapUrl referralUrl,
-            LdapConnectionConfig ldapConfig, Integer hop) 
+            LdapConnectionConfig ldapConfig, int hop) 
             throws GuacamoleException {
        
         if (hop >= confService.getMaxReferralHops())

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java

@@ -37,13 +37,9 @@ import org.apache.directory.api.ldap.model.filter.EqualityNode;
 import org.apache.directory.api.ldap.model.filter.ExprNode;
 import org.apache.directory.api.ldap.model.filter.OrNode;
 import org.apache.directory.api.ldap.model.message.Referral;
-import org.apache.directory.api.ldap.model.message.Response;
 import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchResultEntry;
-import org.apache.directory.api.ldap.model.message.SearchResultReference;
 import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.ldap.model.url.LdapUrl;
-import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapConnectionConfig;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.guacamole.GuacamoleException;
@@ -183,15 +179,14 @@ public class ObjectQueryService {
      *     information required to execute the query cannot be read from
      *     guacamole.properties.
      */
-    public List<Entry> search(LdapConnection ldapConnection,
+    public List<Entry> search(LdapNetworkConnection ldapConnection,
             Dn baseDN, ExprNode query) throws GuacamoleException {
 
         logger.debug("Searching \"{}\" for objects matching \"{}\".", baseDN, query);
 
         try {
 
-            LdapConnectionConfig ldapConnectionConfig =
+            LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
-                    ((LdapNetworkConnection) ldapConnection).getConfig();
             
             // Search within subtree of given base DN
             SearchRequest request = ldapService.getSearchRequest(baseDN,
@@ -204,17 +199,15 @@ public class ObjectQueryService {
             List<Entry> entries = new ArrayList<>();
             while (results.next()) {
 
-                Response response = results.get();
+                if (results.isEntry()) {
-                if (response instanceof SearchResultEntry) {
+                    entries.add(results.getEntry());
-                    entries.add(((SearchResultEntry) response).getEntry());
                 }
-                else if (response instanceof SearchResultReference &&
+                else if (results.isReferral() && request.isFollowReferrals()) {
-                        request.isFollowReferrals()) {
                     
-                    Referral referral = ((SearchResultReference) response).getReferral();
+                    Referral referral = results.getReferral();
                     int referralHop = 0;
                     for (String url : referral.getLdapUrls()) {
-                        LdapConnection referralConnection = ldapService.referralConnection(
+                        LdapNetworkConnection referralConnection = ldapService.referralConnection(
                             new LdapUrl(url), ldapConnectionConfig, referralHop++);
                         entries.addAll(search(referralConnection, baseDN, query));
                     }
@@ -273,7 +266,7 @@ public class ObjectQueryService {
      *     information required to execute the query cannot be read from
      *     guacamole.properties.
      */
-    public List<Entry> search(LdapConnection ldapConnection, Dn baseDN,
+    public List<Entry> search(LdapNetworkConnection ldapConnection, Dn baseDN,
             ExprNode filter, Collection<String> attributes, String attributeValue)
             throws GuacamoleException {
         ExprNode query = generateQuery(filter, attributes, attributeValue);

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapDnGuacamoleProperty.java

@@ -42,7 +42,7 @@ public abstract class LdapDnGuacamoleProperty implements GuacamoleProperty<Dn> {
             return new Dn(value);
         }
         catch (LdapInvalidDnException e) {
-            throw new GuacamoleServerException("Invalid DN specified in configuration.", e);
+            throw new GuacamoleServerException("The DN \"" + value + "\" is invalid.", e);
         }
 
     }

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapFilterGuacamoleProperty.java

@@ -45,7 +45,7 @@ public abstract class LdapFilterGuacamoleProperty implements GuacamoleProperty<E
             return FilterParser.parse(value);
         }
         catch (ParseException e) {
-            throw new GuacamoleServerException("Error parsing filter", e);
+            throw new GuacamoleServerException("\"" + value + "\" is not a valid LDAP filter.", e);
         }
 
     }

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java

@@ -32,7 +32,6 @@ import org.apache.directory.api.ldap.model.filter.EqualityNode;
 import org.apache.directory.api.ldap.model.filter.ExprNode;
 import org.apache.directory.api.ldap.model.filter.OrNode;
 import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.ldap.client.api.LdapConnectionConfig;
 import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider;
@@ -100,7 +99,7 @@ public class ConnectionService {
      *     If an error occurs preventing retrieval of connections.
      */
     public Map<String, Connection> getConnections(AuthenticatedUser user,
-            LdapConnection ldapConnection) throws GuacamoleException {
+            LdapNetworkConnection ldapConnection) throws GuacamoleException {
 
         // Do not return any connections if base DN is not specified
         Dn configurationBaseDN = confService.getConfigurationBaseDN();
@@ -110,8 +109,7 @@ public class ConnectionService {
         try {
 
             // Pull the current user DN from the LDAP connection
-            LdapConnectionConfig ldapConnectionConfig =
+            LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
-                    ((LdapNetworkConnection) ldapConnection).getConfig();
             Dn userDN = new Dn(ldapConnectionConfig.getName());
 
             // getConnections() will only be called after a connection has been
@@ -244,7 +242,7 @@ public class ConnectionService {
      *     If an error occurs retrieving the group base DN.
      */
     private ExprNode getConnectionSearchFilter(Dn userDN,
-            LdapConnection ldapConnection)
+            LdapNetworkConnection ldapConnection)
             throws LdapException, GuacamoleException {
 
         AndNode searchFilter = new AndNode();

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java

@@ -26,13 +26,13 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
 import org.apache.directory.api.ldap.model.filter.EqualityNode;
 import org.apache.directory.api.ldap.model.filter.ExprNode;
 import org.apache.directory.api.ldap.model.filter.NotNode;
 import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.ldap.ObjectQueryService;
@@ -107,7 +107,7 @@ public class UserGroupService {
      * @throws GuacamoleException
      *     If an error occurs preventing retrieval of user groups.
      */
-    public Map<String, UserGroup> getUserGroups(LdapConnection ldapConnection)
+    public Map<String, UserGroup> getUserGroups(LdapNetworkConnection ldapConnection)
             throws GuacamoleException {
 
         // Do not return any user groups if base DN is not specified
@@ -167,7 +167,7 @@ public class UserGroupService {
      * @throws GuacamoleException
      *     If an error occurs preventing retrieval of user groups.
      */
-    public List<Entry> getParentUserGroupEntries(LdapConnection ldapConnection,
+    public List<Entry> getParentUserGroupEntries(LdapNetworkConnection ldapConnection,
             Dn userDN) throws GuacamoleException {
 
         // Do not return any user groups if base DN is not specified
@@ -206,7 +206,7 @@ public class UserGroupService {
      * @throws GuacamoleException
      *     If an error occurs preventing retrieval of user groups.
      */
-    public Set<String> getParentUserGroupIdentifiers(LdapConnection ldapConnection,
+    public Set<String> getParentUserGroupIdentifiers(LdapNetworkConnection ldapConnection,
             Dn userDN) throws GuacamoleException {
 
         Collection<String> attributes = confService.getGroupNameAttributes();

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java

@@ -23,6 +23,7 @@ import com.google.inject.Inject;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Set;
+import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
@@ -72,13 +73,14 @@ public class LDAPAuthenticatedUser extends AbstractAuthenticatedUser {
      *     The unique identifiers of all user groups which affect the
      *     permissions available to this user.
      */
-    public void init(Credentials credentials, Map<String, String> tokens, Set<String> effectiveGroups) {
+    public void init(Credentials credentials, Map<String, String> tokens,
+            Set<String> effectiveGroups) {
         this.credentials = credentials;
         this.tokens = Collections.unmodifiableMap(tokens);
         this.effectiveGroups = effectiveGroups;
         setIdentifier(credentials.getUsername());
     }
-
+    
     /**
      * Returns a Map of all name/value pairs that should be applied as
      * parameter tokens when connections are established using this

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPUserContext.java

@@ -21,7 +21,7 @@ package org.apache.guacamole.auth.ldap.user;
 
 import com.google.inject.Inject;
 import java.util.Collections;
-import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.guacamole.auth.ldap.connection.ConnectionService;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider;
@@ -102,7 +102,7 @@ public class LDAPUserContext extends AbstractUserContext {
 
     /**
      * Initializes this UserContext using the provided AuthenticatedUser and
-     * LdapConnection.
+     * LdapNetworkConnection.
      *
      * @param user
      *     The AuthenticatedUser representing the user that authenticated. This
@@ -117,7 +117,7 @@ public class LDAPUserContext extends AbstractUserContext {
      *     If associated data stored within the LDAP directory cannot be
      *     queried due to an error.
      */
-    public void init(AuthenticatedUser user, LdapConnection ldapConnection)
+    public void init(AuthenticatedUser user, LdapNetworkConnection ldapConnection)
             throws GuacamoleException {
 
         // Query all accessible users

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java

@@ -24,12 +24,12 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
-import org.apache.directory.ldap.client.api.LdapConnection;
 import org.apache.directory.api.ldap.model.entry.Entry;
 import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
 import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
 import org.apache.directory.api.ldap.model.name.Dn;
 import org.apache.directory.api.ldap.model.name.Rdn;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
 import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.GuacamoleServerException;
@@ -79,7 +79,7 @@ public class UserService {
      * @throws GuacamoleException
      *     If an error occurs preventing retrieval of users.
      */
-    public Map<String, User> getUsers(LdapConnection ldapConnection)
+    public Map<String, User> getUsers(LdapNetworkConnection ldapConnection)
             throws GuacamoleException {
 
         // Retrieve all visible user objects
@@ -134,7 +134,7 @@ public class UserService {
      *     If an error occurs while querying the user DNs, or if the username
      *     attribute property cannot be parsed within guacamole.properties.
      */
-    public List<Dn> getUserDNs(LdapConnection ldapConnection,
+    public List<Dn> getUserDNs(LdapNetworkConnection ldapConnection,
             String username) throws GuacamoleException {
 
         // Retrieve user objects having a matching username