Merge changes from patch branch back to main.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java

@@ -77,10 +77,15 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
      * @param identifiers
      *     The identifiers of the objects to return.
      * 
+     * @param caseSensitive
+     *     true if the query should evaluate identifiers in a case-sensitive
+     *     manner, otherwise false.
+     *
      * @return 
      *     A Collection of all objects having the given identifiers.
      */
-    Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers);
+    Collection<ModelType> select(@Param("identifiers") Collection<String> identifiers,
+                                 @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Selects all objects which have the given identifiers and are explicitly
@@ -100,12 +105,17 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
      *     The identifiers of any known effective groups that should be taken
      *     into account, such as those defined externally to the database.
      * 
+     * @param caseSensitive
+     *     true if the query should evaluate identifiers in a case-sensitive
+     *     manner, otherwise false.
+     *
      * @return 
      *     A Collection of all objects having the given identifiers.
      */
     Collection<ModelType> selectReadable(@Param("user") UserModel user,
             @Param("identifiers") Collection<String> identifiers,
-            @Param("effectiveGroups") Collection<String> effectiveGroups);
+            @Param("effectiveGroups") Collection<String> effectiveGroups,
+            @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Inserts the given object into the database. If the object already
@@ -126,10 +136,15 @@ public interface ModeledDirectoryObjectMapper<ModelType> {
      * @param identifier
      *     The identifier of the object to delete.
      * 
+     * @param caseSensitive
+     *     true if the query should evaluate the identifier in a
+     *     case-sensitive manner, otherwise false.
+     *
      * @return
      *     The number of rows deleted.
      */
-    int delete(@Param("identifier") String identifier);
+    int delete(@Param("identifier") String identifier,
+               @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Updates the given existing object in the database. If the object does 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java

@@ -116,6 +116,24 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
     protected abstract InternalType getObjectInstance(ModeledAuthenticatedUser currentUser,
             ModelType model) throws GuacamoleException;
     
+    /**
+     * Returns whether or not identifiers for objects provided by this service
+     * are handled in a case-sensitive manner or not.
+     * 
+     * @return
+     *     "true" if identifiers handled by this object service should be
+     *     treated as case-sensitive, otherwise false.
+     * 
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving relevant configuration information.
+     */
+    protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
+        
+        // By default identifiers are not case-sensitive.
+        return false;
+        
+    }
+    
     /**
      * Returns an instance of a model object which is based on the given
      * object.
@@ -408,6 +426,8 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
 
         boolean userIsPrivileged = user.isPrivileged();
         
+        boolean caseSensitive = getCaseSensitiveIdentifiers();
+
         // Process the filteredIdentifiers in batches using Lists.partition() and flatMap
         Collection<ModelType> allObjects = Lists.partition(filteredIdentifiers, batchSize).stream()
                 .flatMap(chunk -> {
@@ -415,12 +435,12 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
 
                     // Bypass permission checks if the user is privileged
                     if (userIsPrivileged)
-                        objects = getObjectMapper().select(chunk);
+                        objects = getObjectMapper().select(chunk, caseSensitive);
 
                     // Otherwise only return explicitly readable identifiers
                     else
                         objects = getObjectMapper().selectReadable(user.getUser().getModel(),
-                                chunk, user.getEffectiveUserGroups());
+                                chunk, user.getEffectiveUserGroups(), caseSensitive);
 
                     return objects.stream();
                 })
@@ -510,7 +530,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
         beforeDelete(user, identifier);
         
         // Delete object
-        getObjectMapper().delete(identifier);
+        getObjectMapper().delete(identifier, getCaseSensitiveIdentifiers());
 
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ObjectRelationMapper.java

@@ -49,11 +49,17 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
      *     The identifiers of the objects on the child side of the one-to-many
      *     relationship represented by the RelatedObjectSet.
      * 
+     * @param caseSensitive
+     *     true if child identifiers should be treated as case-sensitive when
+     *     performing lookups on them, or false if the queries should be done
+     *     case-insensitively.
+     *
      * @return
      *     The number of rows inserted.
      */
     int insert(@Param("parent") ParentModelType parent,
-            @Param("children") Collection<String> children);
+               @Param("children") Collection<String> children,
+               @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Deletes rows as necessary to modify the one-to-many relationship
@@ -70,11 +76,17 @@ public interface ObjectRelationMapper<ParentModelType extends ObjectModel> {
      *     The identifiers of the objects on the child side of the one-to-many
      *     relationship represented by the RelatedObjectSet.
      * 
+     * @param caseSensitive
+     *     true if child identifiers should be treated as case-sensitive when
+     *     performing lookups on them, or false if the queries should be done
+     *     case-insensitively.
+     *
      * @return
      *     The number of rows deleted.
      */
     int delete(@Param("parent") ParentModelType parent,
-            @Param("children") Collection<String> children);
+               @Param("children") Collection<String> children,
+               @Param("caseSensitive") boolean caseSensitive);
 
     /**
      * Retrieves the identifiers of all objects on the child side of the

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java

@@ -75,6 +75,24 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
         this.parent = parent;
     }
 
+    /**
+     * Return "true" if identifiers within a related object set should be treated
+     * as case-sensitive, otherwise false.
+     * 
+     * @return
+     *     "true" if identifiers should be treated as case-sensitive, otherwise
+     *     "false".
+     * 
+     * @throws GuacamoleException 
+     *     If an error occurs retrieving configuration information on
+     *     case-sensitivity.
+     */
+    protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
+        
+        // Identifiers are not case-sensitive by default.
+        return false;
+    }
+    
     /**
      * Returns the mapper which provides low-level access to the database
      * models which drive the relation represented by this RelatedObjectSet.
@@ -184,7 +202,7 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
 
         // Create relations only if permission is granted
         if (canAlterRelation(identifiers))
-            getObjectRelationMapper().insert(parent.getModel(), identifiers);
+            getObjectRelationMapper().insert(parent.getModel(), identifiers, getCaseSensitiveIdentifiers());
 
         // User lacks permission to add user groups
         else
@@ -201,7 +219,7 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
 
         // Delete relations only if permission is granted
         if (canAlterRelation(identifiers))
-            getObjectRelationMapper().delete(parent.getModel(), identifiers);
+            getObjectRelationMapper().delete(parent.getModel(), identifiers, getCaseSensitiveIdentifiers());
 
         // User lacks permission to remove user groups
         else

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.java

@@ -155,6 +155,6 @@ public interface UserPermissionMapper extends ObjectPermissionMapper {
             @Param("permissions") Collection<ObjectPermission.Type> permissions,
             @Param("identifiers") Collection<String> identifiers,
             @Param("effectiveGroups") Collection<String> effectiveGroups,
-            @Param("caseSenstive") boolean caseSensitive);
+            @Param("caseSensitive") boolean caseSensitive);
     
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java

@@ -638,7 +638,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
             identifiers = getPreferredConnections(user, identifiers);
 
         // Retrieve all children
-        Collection<ConnectionModel> models = connectionMapper.select(identifiers);
+        Collection<ConnectionModel> models = connectionMapper.select(identifiers, false);
         List<ModeledConnection> connections = new ArrayList<ModeledConnection>(models.size());
 
         // Convert each retrieved model to a modeled connection
@@ -679,7 +679,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
         // Produce collection of readable connection identifiers
         Collection<ConnectionModel> connections =
                 connectionMapper.selectReadable(user.getUser().getModel(),
-                        identifiers, user.getEffectiveUserGroups());
+                        identifiers, user.getEffectiveUserGroups(), false);
 
         // Ensure set contains only identifiers of readable connections
         identifiers.clear();

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserMapper.java

@@ -19,7 +19,6 @@
 
 package org.apache.guacamole.auth.jdbc.user;
 
-import java.util.Collection;
 import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.ibatis.annotations.Param;
 
@@ -36,7 +35,7 @@ public interface UserMapper extends ModeledDirectoryObjectMapper<UserModel> {
      *     The username of the user to return.
      * 
      * @param caseSensitive
-     *     true if the search should evaluate usernames in a case-sensitive
+     *     true if the search should evaluate the username in a case-sensitive
      *     manner, otherwise false.
      *
      * @return
@@ -45,71 +44,4 @@ public interface UserMapper extends ModeledDirectoryObjectMapper<UserModel> {
     UserModel selectOne(@Param("username") String username,
                         @Param("caseSensitive") boolean caseSensitive);
 
-    /**
-     * Selects all users which have the given identifiers. If an identifier
-     * has no corresponding object, it will be ignored. This should only be
-     * called on behalf of a system administrator. If users are needed by a
-     * non-administrative user who must have explicit read rights, use
-     * selectReadable() instead.
-     *
-     * @param identifiers
-     *     The identifiers of the users to return.
-     * 
-     * @param caseSensitive
-     *     true if the query should evaluate username identifiers in a
-     *     case-sensitive manner, otherwise false.
-     *
-     * @return 
-     *     A Collection of all objects having the given identifiers.
-     */
-    Collection<UserModel> select(@Param("identifiers") Collection<String> identifiers,
-                                 @Param("caseSensitive") boolean caseSensitive);
-    
-    /**
-     * Selects all users which have the given identifiers and are explicitly
-     * readable by the given user. If an identifier has no corresponding
-     * object, or the corresponding user is unreadable, it will be ignored.
-     * If users are needed by a system administrator (who, by definition,
-     * does not need explicit read rights), use select() instead.
-     *
-     * @param user
-     *    The user whose permissions should determine whether an object 
-     *    is returned.
-     *
-     * @param identifiers
-     *     The identifiers of the users to return.
-     *
-     * @param effectiveGroups
-     *     The identifiers of any known effective groups that should be taken
-     *     into account, such as those defined externally to the database.
-     * 
-     * @param caseSensitive
-     *     true if the query should evaluate username identifiers in a
-     *     case-sensitive manner, otherwise false.
-     *
-     * @return 
-     *     A Collection of all objects having the given identifiers.
-     */
-    Collection<UserModel> selectReadable(@Param("user") UserModel user,
-            @Param("identifiers") Collection<String> identifiers,
-            @Param("effectiveGroups") Collection<String> effectiveGroups,
-            @Param("caseSensitive") boolean caseSensitive);
-    
-    /**
-     * Deletes the given user from the database. If the user does not 
-     * exist, this operation has no effect.
-     *
-     * @param identifier
-     *     The identifier of the user to delete.
-     * 
-     * @param caseSensitive
-     *     true if the query should evaluate username identifiers in a
-     *     case-sensitive manner, otherwise false.
-     *
-     * @return
-     *     The number of rows deleted.
-     */
-    int delete(@Param("identifier") String identifier,
-            @Param("caseSensitive") boolean caseSensitive);
-
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java

@@ -218,6 +218,11 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
         
     }
     
+    @Override
+    protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
+        return environment.getCaseSensitiveUsernames();
+    }
+
     @Override
     protected boolean hasCreatePermission(ModeledAuthenticatedUser user)
             throws GuacamoleException {

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserMapper.java

@@ -27,59 +27,4 @@ import org.apache.ibatis.annotations.Param;
  * Mapper for the one-to-many relationship between a user group and its user
  * members.
  */
-public interface UserGroupMemberUserMapper extends ObjectRelationMapper<UserGroupModel> {
-
-    /**
-     * Inserts rows as necessary to establish the one-to-many relationship
-     * represented by the RelatedObjectSet between the given parent and
-     * children. If the relation for any parent/child pair is already present,
-     * no attempt is made to insert a new row for that relation.
-     *
-     * @param parent
-     *     The model of the object on the parent side of the one-to-many
-     *     relationship represented by the RelatedObjectSet.
-     *
-     * @param children
-     *     The identifiers of the objects on the child side of the one-to-many
-     *     relationship represented by the RelatedObjectSet.
-     * 
-     * @param caseSensitive
-     *     True if username case should be respected when looking up the username
-     *     in the guacamole_entity table, or false if the query to the
-     *     guacamole_entity table should be done case-insensitively.
-     *
-     * @return
-     *     The number of rows inserted.
-     */
-    int insert(@Param("parent") UserGroupModel parent,
-            @Param("children") Collection<String> children,
-            @Param("caseSensitive") boolean caseSensitive);
-    
-    /**
-     * Deletes rows as necessary to modify the one-to-many relationship
-     * represented by the RelatedObjectSet between the given parent and
-     * children. If the relation for any parent/child pair does not exist,
-     * that specific relation is ignored, and deletion proceeds with the
-     * remaining relations.
-     *
-     * @param parent
-     *     The model of the object on the parent side of the one-to-many
-     *     relationship represented by the RelatedObjectSet.
-     *
-     * @param children
-     *     The identifiers of the objects on the child side of the one-to-many
-     *     relationship represented by the RelatedObjectSet.
-     * 
-     * @param caseSensitive
-     *     True if username case should be respected when looking up the username
-     *     in the guacamole_entity table, or false if the query to the
-     *     guacamole_entity table should be done case-insensitively.
-     *
-     * @return
-     *     The number of rows deleted.
-     */
-    int delete(@Param("parent") UserGroupModel parent,
-            @Param("children") Collection<String> children,
-            @Param("caseSesitive") boolean caseSensitive);
-    
-}
+public interface UserGroupMemberUserMapper extends ObjectRelationMapper<UserGroupModel> {}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/usergroup/UserGroupMemberUserSet.java

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.usergroup;
 
 import com.google.inject.Inject;
 import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
 import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
 import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -37,6 +38,17 @@ public class UserGroupMemberUserSet extends RelatedObjectSet<ModeledUserGroup, U
     @Inject
     private UserGroupMemberUserMapper userGroupMemberUserMapper;
     
+    /**
+     * The server environment for retrieving configuration information.
+     */
+    @Inject
+    private JDBCEnvironment environment;
+
+    @Override
+    protected boolean getCaseSensitiveIdentifiers() throws GuacamoleException {
+        return environment.getCaseSensitiveUsernames();
+    }
+    
     @Override
     protected ObjectRelationMapper<UserGroupModel> getObjectRelationMapper() {
         return userGroupMemberUserMapper;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/MySQLAuthenticationProviderModule.java

@@ -30,12 +30,19 @@ import org.apache.guacamole.auth.mysql.conf.MySQLDriver;
 import org.apache.guacamole.auth.mysql.conf.MySQLEnvironment;
 import org.apache.guacamole.auth.mysql.conf.MySQLSSLMode;
 import org.mybatis.guice.datasource.helper.JdbcHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Guice module which configures MySQL-specific injections.
  */
 public class MySQLAuthenticationProviderModule implements Module {
 
+    /**
+     * Logger for this class.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(MySQLAuthenticationProviderModule.class);
+    
     /**
      * MyBatis-specific configuration properties.
      */
@@ -138,6 +145,15 @@ public class MySQLAuthenticationProviderModule implements Module {
         if (serverTz != null)
             driverProperties.setProperty("serverTimezone", serverTz.getID());
         
+        // Check for case-sensitivity and warn admin
+        if (environment.getCaseSensitiveUsernames())
+            LOGGER.warn("The MySQL module is currently configured to support "
+                    + "case-sensitive username comparisons, however, the default "
+                    + "collations for MySQL databases do not support "
+                    + "case-sensitive string comparisons. If you want usernames "
+                    + "within Guacamole to be treated as case-sensitive, further "
+                    + "database configuration may be required.");
+
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/java/org/apache/guacamole/auth/mysql/conf/MySQLEnvironment.java

@@ -446,23 +446,12 @@ public class MySQLEnvironment extends JDBCEnvironment {
     @Override
     public boolean getCaseSensitiveUsernames() throws GuacamoleException {
         
-        // Get the configured value for the property.
-        boolean caseSensitiveUsernames = getProperty(
+        // Return the configured value for the property, or the global value.
+        return getProperty(
                 MySQLGuacamoleProperties.MYSQL_CASE_SENSITIVE_USERNAMES,
                 super.getCaseSensitiveUsernames()
         );
         
-        // If property has been set to true, warn the admin.
-        if (caseSensitiveUsernames)
-            logger.warn("You have enabled case-sensitive usernames; however, "
-                    + "MySQL's default collations do not support case-sensitive "
-                    + "string comparisons. If you really want case-sensitive "
-                    + "usernames you will need to configure your database "
-                    + "appropriately.");
-        
-        // Return the configured setting.
-        return caseSensitiveUsernames;
-        
     }
 
     /**

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/SQLServerAuthenticationProviderModule.java

@@ -28,12 +28,19 @@ import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.sqlserver.conf.SQLServerDriver;
 import org.apache.guacamole.auth.sqlserver.conf.SQLServerEnvironment;
 import org.mybatis.guice.datasource.helper.JdbcHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 /**
  * Guice module which configures SQLServer-specific injections.
  */
 public class SQLServerAuthenticationProviderModule implements Module {
 
+    /**
+     * Logger for this class.
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(SQLServerAuthenticationProviderModule.class);
+    
     /**
      * MyBatis-specific configuration properties.
      */
@@ -89,6 +96,15 @@ public class SQLServerAuthenticationProviderModule implements Module {
         // Capture which driver to use for the connection.
         this.sqlServerDriver = environment.getSQLServerDriver();
         
+        // Check for case-sensitivity and warn admin.
+        if (environment.getCaseSensitiveUsernames())
+            LOGGER.warn("The SQL Server module is currently configured to support "
+                    + "case-sensitive username comparisons, however, the default "
+                    + "collations for SQL Server databases do not support "
+                    + "case-sensitive string comparisons. If you want usernames "
+                    + "within Guacamole to be treated as case-sensitive, further "
+                    + "database configuration may be required.");
+
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/java/org/apache/guacamole/auth/sqlserver/conf/SQLServerEnvironment.java

@@ -338,15 +338,6 @@ public class SQLServerEnvironment extends JDBCEnvironment {
                 super.getCaseSensitiveUsernames()
         );
         
-        // If property has been set to true, warn the admin.
-        if (caseSensitiveUsernames)
-            logger.warn("You have configured this extension for case-sensitive "
-                        + "username comparisons, however, the default collations "
-                        + "for SQL Server databases do not support case-sensitive "
-                        + "string comparisons. Further database configuration may "
-                        + "be required in order for case-sensitive username "
-                        + "comparisons to function correctly.");
-        
         // Return as configured
         return caseSensitiveUsernames;