diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java index 697b2ca7f..f0a48b87d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/user/SharedUser.java @@ -35,9 +35,6 @@ import org.apache.guacamole.net.auth.RelatedObjectSet; import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.SystemPermissionSet; -import org.apache.guacamole.net.auth.simple.SimpleObjectPermissionSet; -import org.apache.guacamole.net.auth.simple.SimpleRelatedObjectSet; -import org.apache.guacamole.net.auth.simple.SimpleSystemPermissionSet; /** * An immutable implementation of User which defines READ permission for each of @@ -122,7 +119,7 @@ public class SharedUser implements User { @Override public SystemPermissionSet getSystemPermissions() throws GuacamoleException { - return new SimpleSystemPermissionSet(); + return SystemPermissionSet.EMPTY_SET; } @Override @@ -145,22 +142,22 @@ public class SharedUser implements User { @Override public ObjectPermissionSet getUserGroupPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getSharingProfilePermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getActiveConnectionPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public RelatedObjectSet getUserGroups() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + return RelatedObjectSet.EMPTY_SET; } @Override diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/RelatedObjectSet.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/RelatedObjectSet.java index 58bee372e..f49876dfb 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/RelatedObjectSet.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/RelatedObjectSet.java @@ -19,8 +19,10 @@ package org.apache.guacamole.net.auth; +import java.util.Collections; import java.util.Set; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleSecurityException; /** * An arbitrary set of existing objects sharing some common relation. Unlike a @@ -75,4 +77,28 @@ public interface RelatedObjectSet { */ void removeObjects(Set identifiers) throws GuacamoleException; + /** + * An immutable instance of RelatedObjectSEt which contains no objects. + */ + static final RelatedObjectSet EMPTY_SET = new RelatedObjectSet() { + + @Override + public Set getObjects() throws GuacamoleException { + return Collections.emptySet(); + } + + @Override + public void addObjects(Set identifiers) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removeObjects(Set identifiers) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + }; + } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/ObjectPermissionSet.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/ObjectPermissionSet.java index 3c3e910b5..d9ce66616 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/ObjectPermissionSet.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/ObjectPermissionSet.java @@ -20,8 +20,10 @@ package org.apache.guacamole.net.auth.permission; import java.util.Collection; +import java.util.Collections; import java.util.Set; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleSecurityException; /** @@ -126,4 +128,54 @@ public interface ObjectPermissionSet extends PermissionSet { void removePermissions(Set permissions) throws GuacamoleException; + /** + * An immutable instance of ObjectPermissionSet which contains no + * permissions. + */ + static final ObjectPermissionSet EMPTY_SET = new ObjectPermissionSet() { + + @Override + public boolean hasPermission(ObjectPermission.Type permission, + String identifier) throws GuacamoleException { + return false; + } + + @Override + public void addPermission(ObjectPermission.Type permission, + String identifier) throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removePermission(ObjectPermission.Type permission, + String identifier) throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public Collection getAccessibleObjects(Collection permissions, + Collection identifiers) throws GuacamoleException { + return Collections.emptySet(); + } + + @Override + public Set getPermissions() + throws GuacamoleException { + return Collections.emptySet(); + } + + @Override + public void addPermissions(Set permissions) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removePermissions(Set permissions) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + }; + } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/SystemPermissionSet.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/SystemPermissionSet.java index 3f504db48..b58baa609 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/SystemPermissionSet.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/permission/SystemPermissionSet.java @@ -19,8 +19,10 @@ package org.apache.guacamole.net.auth.permission; +import java.util.Collections; import java.util.Set; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleSecurityException; /** @@ -81,4 +83,48 @@ public interface SystemPermissionSet extends PermissionSet { void removePermissions(Set permissions) throws GuacamoleException; + /** + * An immutable instance of SystemPermissionSet which contains no + * permissions. + */ + static final SystemPermissionSet EMPTY_SET = new SystemPermissionSet() { + + @Override + public boolean hasPermission(SystemPermission.Type permission) + throws GuacamoleException { + return false; + } + + @Override + public void addPermission(SystemPermission.Type permission) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removePermission(SystemPermission.Type permission) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public Set getPermissions() + throws GuacamoleException { + return Collections.emptySet(); + } + + @Override + public void addPermissions(Set permissions) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removePermissions(Set permissions) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + }; + } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java index 53a30ce19..1fd9ac721 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java @@ -41,7 +41,10 @@ public class SimpleObjectPermissionSet implements ObjectPermissionSet { private Set permissions = Collections.emptySet(); /** - * Creates a new empty SimpleObjectPermissionSet. + * Creates a new empty SimpleObjectPermissionSet. If you are not extending + * SimpleObjectPermissionSet and only need an immutable, empty + * ObjectPermissionSet, consider using {@link ObjectPermissionSet#EMPTY_SET} + * instead. */ public SimpleObjectPermissionSet() { } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleRelatedObjectSet.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleRelatedObjectSet.java index 72f2da9f1..e1352cdcd 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleRelatedObjectSet.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleRelatedObjectSet.java @@ -37,7 +37,10 @@ public class SimpleRelatedObjectSet implements RelatedObjectSet { private Set identifiers = Collections.emptySet(); /** - * Creates a new empty SimpleObjectPermissionSet. + * Creates a new empty SimpleRelatedObjectSet. If you are not extending + * SimpleRelatedObjectSet and only need an immutable, empty + * RelatedObjectSet, consider using {@link RelatedObjectSet#EMPTY_SET} + * instead. */ public SimpleRelatedObjectSet() { } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleSystemPermissionSet.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleSystemPermissionSet.java index ac82c838b..dd0479bea 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleSystemPermissionSet.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleSystemPermissionSet.java @@ -38,7 +38,10 @@ public class SimpleSystemPermissionSet implements SystemPermissionSet { private Set permissions = Collections.emptySet(); /** - * Creates a new empty SimpleSystemPermissionSet. + * Creates a new empty SimpleSystemPermissionSet. If you are not extending + * SimpleSystemPermissionSet and only need an immutable, empty + * SystemPermissionSet, consider using {@link SystemPermissionSet#EMPTY_SET} + * instead. */ public SimpleSystemPermissionSet() { } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUser.java index cce8bf01b..953039243 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUser.java @@ -193,7 +193,7 @@ public class SimpleUser extends AbstractUser { @Override public SystemPermissionSet getSystemPermissions() throws GuacamoleException { - return new SimpleSystemPermissionSet(); + return SystemPermissionSet.EMPTY_SET; } @Override @@ -217,23 +217,23 @@ public class SimpleUser extends AbstractUser { @Override public ObjectPermissionSet getUserGroupPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getActiveConnectionPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getSharingProfilePermissions() { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public RelatedObjectSet getUserGroups() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + return RelatedObjectSet.EMPTY_SET; } @Override diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserGroup.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserGroup.java index 222320667..83b7ce91f 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserGroup.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserGroup.java @@ -62,57 +62,57 @@ public class SimpleUserGroup extends AbstractIdentifiable implements UserGroup { @Override public SystemPermissionSet getSystemPermissions() throws GuacamoleException { - return new SimpleSystemPermissionSet(); + return SystemPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getConnectionPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getConnectionGroupPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getUserPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getUserGroupPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getActiveConnectionPermissions() throws GuacamoleException { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public ObjectPermissionSet getSharingProfilePermissions() { - return new SimpleObjectPermissionSet(); + return ObjectPermissionSet.EMPTY_SET; } @Override public RelatedObjectSet getUserGroups() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + return RelatedObjectSet.EMPTY_SET; } @Override public RelatedObjectSet getMemberUsers() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + return RelatedObjectSet.EMPTY_SET; } @Override public RelatedObjectSet getMemberUserGroups() throws GuacamoleException { - return new SimpleRelatedObjectSet(); + return RelatedObjectSet.EMPTY_SET; } }