GUACAMOLE-990: Fire auth success/failure events only after authentication has absolutely succeeded or failed, including the details of any failure.

Previously, these events were fired only after the user's identity had
been determined (or failed to be determined). If we don't wait until
after the user contexts have also been successfully obtained (or failed
to be obtained), then things like MFA will not be taken into account
for auth events.

guacamole-ext/src/main/java/org/apache/guacamole/net/event/AuthenticationFailureEvent.java

@@ -19,28 +19,91 @@
 
 package org.apache.guacamole.net.event;
 
+import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.event.listener.Listener;
 
 /**
  * An event which is triggered whenever a user's credentials fail to be
  * authenticated. The credentials that failed to be authenticated are included
  * within this event, and can be retrieved using getCredentials().
  */
-public class AuthenticationFailureEvent implements CredentialEvent {
+public class AuthenticationFailureEvent implements AuthenticationProviderEvent,
+        CredentialEvent, FailureEvent {
 
     /**
      * The credentials which failed authentication.
      */
-    private Credentials credentials;
+    private final Credentials credentials;
 
     /**
-     * Creates a new AuthenticationFailureEvent which represents the failure
-     * to authenticate the given credentials.
+     * The AuthenticationProvider that encountered the failure. This may be
+     * null if the AuthenticationProvider is not known, such as if the failure
+     * is caused by every AuthenticationProvider passively refusing to
+     * authenticate the user but without explicitly rejecting the user
+     * (returning null for calls to {@link AuthenticationProvider#authenticateUser(org.apache.guacamole.net.auth.Credentials)}),
+     * or if the failure is external to any installed AuthenticationProvider
+     * (such as within a {@link Listener}.
+     */
+    private final AuthenticationProvider authProvider;
+
+    /**
+     * The Throwable that was thrown resulting in the failure, if any. This
+     * may be null if authentication failed without a known error, such as if
+     * the failure is caused by every AuthenticationProvider passively refusing
+     * to authenticate the user but without explicitly rejecting the user
+     * (returning null for calls to {@link AuthenticationProvider#authenticateUser(org.apache.guacamole.net.auth.Credentials)}).
+     */
+    private final Throwable failure;
+
+    /**
+     * Creates a new AuthenticationFailureEvent which represents a failure
+     * to authenticate the given credentials where there is no specific
+     * AuthenticationProvider nor Throwable associated with the failure.
      *
-     * @param credentials The credentials which failed authentication.
+     * @param credentials
+     *     The credentials which failed authentication.
      */
     public AuthenticationFailureEvent(Credentials credentials) {
+        this(credentials, null);
+    }
+
+    /**
+     * Creates a new AuthenticationFailureEvent which represents a failure
+     * to authenticate the given credentials where there is no specific
+     * AuthenticationProvider causing the failure.
+     *
+     * @param credentials
+     *     The credentials which failed authentication.
+     *
+     * @param failure
+     *     The Throwable that was thrown resulting in the failure, or null if
+     *     there is no such Throwable.
+     */
+    public AuthenticationFailureEvent(Credentials credentials, Throwable failure) {
+        this(credentials, null, failure);
+    }
+
+    /**
+     * Creates a new AuthenticationFailureEvent which represents a failure
+     * to authenticate the given credentials.
+     *
+     * @param credentials
+     *     The credentials which failed authentication.
+     *
+     * @param authProvider
+     *     The AuthenticationProvider that caused the failure, or null if there
+     *     is no such AuthenticationProvider.
+     *
+     * @param failure
+     *     The Throwable that was thrown resulting in the failure, or null if
+     *     there is no such Throwable.
+     */
+    public AuthenticationFailureEvent(Credentials credentials,
+            AuthenticationProvider authProvider, Throwable failure) {
         this.credentials = credentials;
+        this.authProvider = authProvider;
+        this.failure = failure;
     }
 
     @Override
@@ -48,4 +111,35 @@ public class AuthenticationFailureEvent implements CredentialEvent {
         return credentials;
     }
 
+    /**
+     * {@inheritDoc}
+     *
+     * <p>NOTE: In the case of an authentication failure, cases where this may
+     * be null include if authentication failed without a definite single
+     * AuthenticationProvider causing that failure, such as if the failure is
+     * caused by every AuthenticationProvider passively refusing to
+     * authenticate the user but without explicitly rejecting the user
+     * (returning null for calls to {@link AuthenticationProvider#authenticateUser(org.apache.guacamole.net.auth.Credentials)}),
+     * or if the failure is external to any installed AuthenticationProvider
+     * (such as within a {@link Listener}.
+     */
+    @Override
+    public AuthenticationProvider getAuthenticationProvider() {
+        return authProvider;
+    }
+
+    /**
+     * {@inheritDoc}
+     *
+     * <p>NOTE: In the case of an authentication failure, cases where this may
+     * be null include if authentication failed without a known error, such as
+     * if the failure is caused by every AuthenticationProvider passively
+     * refusing to authenticate the user but without explicitly rejecting the
+     * user (returning null for calls to {@link AuthenticationProvider#authenticateUser(org.apache.guacamole.net.auth.Credentials)}).
+     */
+    @Override
+    public Throwable getFailure() {
+        return failure;
+    }
+
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/event/AuthenticationProviderEvent.java

@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.net.event;
+
+import org.apache.guacamole.net.auth.AuthenticationProvider;
+
+/**
+ * An event which may be dispatched due to a specific AuthenticationProvider.
+ */
+public interface AuthenticationProviderEvent {
+
+    /**
+     * Returns the AuthenticationProvider that resulted in the event, if any.
+     * If the event occurred without any definite causing
+     * AuthenticationProvider, this may be null.
+     *
+     * @return
+     *     The AuthenticationProvider that resulted in the event, or null if no
+     *     such AuthenticationProvider is known.
+     */
+    AuthenticationProvider getAuthenticationProvider();
+
+}

guacamole-ext/src/main/java/org/apache/guacamole/net/event/AuthenticationSuccessEvent.java

@@ -20,6 +20,7 @@
 package org.apache.guacamole.net.event;
 
 import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
 
 /**
@@ -32,7 +33,8 @@ import org.apache.guacamole.net.auth.Credentials;
  * is effectively <em>vetoed</em> and will be subsequently processed as though the
  * authentication failed.
  */
-public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {
+public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent,
+        AuthenticationProviderEvent {
 
     /**
      * The AuthenticatedUser identifying the user that successfully
@@ -60,7 +62,12 @@ public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {
 
     @Override
     public Credentials getCredentials() {
-        return authenticatedUser.getCredentials();
+        return getAuthenticatedUser().getCredentials();
+    }
+
+    @Override
+    public AuthenticationProvider getAuthenticationProvider() {
+        return getAuthenticatedUser().getAuthenticationProvider();
     }
 
 }

guacamole-ext/src/main/java/org/apache/guacamole/net/event/FailureEvent.java

@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.net.event;
+
+/**
+ * An event which represents failure of an operation, where that failure may
+ * be associated with a particular Throwable.
+ */
+public interface FailureEvent {
+
+    /**
+     * Returns the Throwable that represents the failure that occurred, if any.
+     * If the failure was recognized but without a definite known error, this
+     * may be null.
+     *
+     * @return
+     *     The Throwable that represents the failure that occurred, or null if
+     *     no such Throwable is known.
+     */
+    Throwable getFailure();
+
+}