GUAC-1132: Handle active connections via permissions. Expose via dedicated object - do not rely on calling them tunnels.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java

@@ -57,6 +57,9 @@ import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionSet;
 import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionSet;
+import org.glyptodon.guacamole.auth.jdbc.activeconnection.ActiveConnectionDirectory;
+import org.glyptodon.guacamole.auth.jdbc.activeconnection.ActiveConnectionService;
+import org.glyptodon.guacamole.auth.jdbc.activeconnection.TrackedActiveConnection;
 import org.glyptodon.guacamole.environment.Environment;
 import org.mybatis.guice.MyBatisModule;
 import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
@@ -120,6 +123,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         addMapperClass(UserPermissionMapper.class);
         
         // Bind core implementations of guacamole-ext classes
+        bind(ActiveConnectionDirectory.class);
         bind(Environment.class).toInstance(environment);
         bind(ConnectionDirectory.class);
         bind(ConnectionGroupDirectory.class);
@@ -131,11 +135,13 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(ModeledUser.class);
         bind(RootConnectionGroup.class);
         bind(SystemPermissionSet.class);
+        bind(TrackedActiveConnection.class);
         bind(UserContext.class);
         bind(UserDirectory.class);
         bind(UserPermissionSet.class);
         
         // Bind services
+        bind(ActiveConnectionService.class);
         bind(ConnectionGroupPermissionService.class);
         bind(ConnectionGroupService.class);
         bind(ConnectionPermissionService.class);

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionDirectory.java

@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.activeconnection;
+
+
+import com.google.inject.Inject;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
+import org.glyptodon.guacamole.net.auth.ActiveConnection;
+import org.glyptodon.guacamole.net.auth.Directory;
+
+/**
+ * Implementation of a Directory which contains all currently-active
+ * connections.
+ *
+ * @author Michael Jumper
+ */
+public class ActiveConnectionDirectory extends RestrictedObject
+    implements Directory<ActiveConnection> {
+
+    /**
+     * Service for retrieving and manipulating active connections.
+     */
+    @Inject
+    private ActiveConnectionService activeConnectionService;
+
+    @Override
+    public ActiveConnection get(String identifier) throws GuacamoleException {
+        return activeConnectionService.retrieveObject(getCurrentUser(), identifier);
+    }
+
+    @Override
+    public Collection<ActiveConnection> getAll(Collection<String> identifiers)
+            throws GuacamoleException {
+        Collection<TrackedActiveConnection> objects = activeConnectionService.retrieveObjects(getCurrentUser(), identifiers);
+        return Collections.<ActiveConnection>unmodifiableCollection(objects);
+    }
+
+    @Override
+    public Set<String> getIdentifiers() throws GuacamoleException {
+        return activeConnectionService.getIdentifiers(getCurrentUser());
+    }
+
+    @Override
+    public void add(ActiveConnection object) throws GuacamoleException {
+        activeConnectionService.createObject(getCurrentUser(), object);
+    }
+
+    @Override
+    public void update(ActiveConnection object) throws GuacamoleException {
+        TrackedActiveConnection connection = (TrackedActiveConnection) object;
+        activeConnectionService.updateObject(getCurrentUser(), connection);
+    }
+
+    @Override
+    public void remove(String identifier) throws GuacamoleException {
+        activeConnectionService.deleteObject(getCurrentUser(), identifier);
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java

@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.activeconnection;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.tunnel.ActiveConnectionRecord;
+import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
+import org.glyptodon.guacamole.net.auth.ActiveConnection;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating active connections.
+ *
+ * @author Michael Jumper
+ */
+public class ActiveConnectionService
+    implements DirectoryObjectService<TrackedActiveConnection, ActiveConnection> { 
+
+    /**
+     * Service for creating and tracking tunnels.
+     */
+    @Inject
+    private GuacamoleTunnelService tunnelService;
+
+    /**
+     * Provider for active connections.
+     */
+    @Inject
+    private Provider<TrackedActiveConnection> trackedActiveConnectionProvider;
+    
+    @Override
+    public TrackedActiveConnection retrieveObject(AuthenticatedUser user,
+            String identifier) throws GuacamoleException {
+
+        // Only administrators may retrieve active connections
+        if (!user.getUser().isAdministrator())
+            throw new GuacamoleSecurityException("Permission denied.");
+
+        // Retrieve record associated with requested connection
+        ActiveConnectionRecord record = tunnelService.getActiveConnection(user, identifier);
+        if (record == null)
+            return null;
+
+        // Return tracked active connection using retrieved record
+        TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get();
+        activeConnection.init(user, record);
+        return activeConnection;
+        
+    }
+    
+    @Override
+    public Collection<TrackedActiveConnection> retrieveObjects(AuthenticatedUser user,
+            Collection<String> identifiers) throws GuacamoleException {
+
+        // Build list of all active connections with given identifiers
+        Collection<TrackedActiveConnection> activeConnections = new ArrayList<TrackedActiveConnection>(identifiers.size());
+        for (String identifier : identifiers) {
+
+            // Add connection to list if it exists
+            TrackedActiveConnection activeConnection = retrieveObject(user, identifier);
+            if (activeConnection != null)
+                activeConnections.add(activeConnection);
+            
+        }
+
+        return activeConnections;
+        
+    }
+
+    @Override
+    public void deleteObject(AuthenticatedUser user, String identifier)
+        throws GuacamoleException {
+
+        // Close connection, if it exists (and we have permission)
+        ActiveConnection activeConnection = retrieveObject(user, identifier);
+        if (activeConnection != null) {
+
+            // Close connection if not already closed
+            GuacamoleTunnel tunnel = activeConnection.getTunnel();
+            if (tunnel != null && tunnel.isOpen())
+                tunnel.close();
+
+        }
+        
+    }
+
+    @Override
+    public Set<String> getIdentifiers(AuthenticatedUser user)
+        throws GuacamoleException {
+
+        // Retrieve all visible connections (permissions enforced by tunnel service)
+        Collection<ActiveConnectionRecord> records = tunnelService.getActiveConnections(user);
+
+        // Build list of identifiers
+        Set<String> identifiers = new HashSet<String>(records.size());
+        for (ActiveConnectionRecord record : records)
+            identifiers.add(record.getUUID().toString());
+
+        return identifiers;
+        
+    }
+
+    @Override
+    public TrackedActiveConnection createObject(AuthenticatedUser user,
+            ActiveConnection object) throws GuacamoleException {
+
+        // Updating active connections is not implemented
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+    @Override
+    public void updateObject(AuthenticatedUser user, TrackedActiveConnection object)
+            throws GuacamoleException {
+
+        // Updating active connections is not implemented
+        throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/TrackedActiveConnection.java

@@ -0,0 +1,155 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.activeconnection;
+
+import java.util.Date;
+import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
+import org.glyptodon.guacamole.auth.jdbc.tunnel.ActiveConnectionRecord;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.net.GuacamoleTunnel;
+import org.glyptodon.guacamole.net.auth.ActiveConnection;
+
+/**
+ * An implementation of the ActiveConnection object which has an associated
+ * ActiveConnectionRecord.
+ *
+ * @author Michael Jumper
+ */
+public class TrackedActiveConnection extends RestrictedObject implements ActiveConnection {
+
+    /**
+     * The identifier of this active connection.
+     */
+    private String identifier;
+
+    /**
+     * The identifier of the associated connection.
+     */
+    private String connectionIdentifier;
+
+    /**
+     * The date and time this active connection began.
+     */
+    private Date startDate;
+
+    /**
+     * The remote host that initiated this connection.
+     */
+    private String remoteHost;
+
+    /**
+     * The username of the user that initiated this connection.
+     */
+    private String username;
+
+    /**
+     * The underlying GuacamoleTunnel.
+     */
+    private GuacamoleTunnel tunnel;
+
+    /**
+     * Initializes this TrackedActiveConnection, copying the data associated
+     * with the given active connection record.
+     *
+     * @param currentUser
+     *     The user that created or retrieved this object.
+     *
+     * @param activeConnectionRecord
+     *     The active connection record to copy.
+     */
+    public void init(AuthenticatedUser currentUser,
+            ActiveConnectionRecord activeConnectionRecord) {
+
+        super.init(currentUser);
+        
+        // Copy all data from given record
+        this.connectionIdentifier = activeConnectionRecord.getConnection().getIdentifier();
+        this.identifier           = activeConnectionRecord.getUUID().toString();
+        this.remoteHost           = activeConnectionRecord.getRemoteHost();
+        this.startDate            = activeConnectionRecord.getStartDate();
+        this.tunnel               = activeConnectionRecord.getTunnel();
+        this.username             = activeConnectionRecord.getUsername();
+
+    }
+
+    @Override
+    public String getIdentifier() {
+        return identifier;
+    }
+
+    @Override
+    public void setIdentifier(String identifier) {
+        this.identifier = identifier;
+    }
+ 
+    @Override
+    public String getConnectionIdentifier() {
+        return connectionIdentifier;
+    }
+
+    @Override
+    public void setConnectionIdentifier(String connnectionIdentifier) {
+        this.connectionIdentifier = connnectionIdentifier;
+    }
+
+    @Override
+    public Date getStartDate() {
+        return startDate;
+    }
+
+    @Override
+    public void setStartDate(Date startDate) {
+        this.startDate = startDate;
+    }
+
+    @Override
+    public String getRemoteHost() {
+        return remoteHost;
+    }
+
+    @Override
+    public void setRemoteHost(String remoteHost) {
+        this.remoteHost = remoteHost;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    @Override
+    public GuacamoleTunnel getTunnel() {
+        return tunnel;
+    }
+
+    @Override
+    public void setTunnel(GuacamoleTunnel tunnel) {
+        this.tunnel = tunnel;
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/activeconnection/package-info.java

@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * Classes related to currently-active connections.
+ */
+package org.glyptodon.guacamole.auth.jdbc.activeconnection;

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnectionRecord.java

@@ -24,7 +24,6 @@ package org.glyptodon.guacamole.auth.jdbc.connection;
 
 
 import java.util.Date;
-import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 
 /**
@@ -52,11 +51,6 @@ public class ModeledConnectionRecord implements ConnectionRecord {
         this.model = model;
     }
 
-    @Override
-    public String getIdentifier() {
-        return model.getConnectionIdentifier();
-    }
-
     @Override
     public Date getStartDate() {
         return model.getStartDate();
@@ -82,9 +76,4 @@ public class ModeledConnectionRecord implements ConnectionRecord {
         return false;
     }
 
-    @Override
-    public GuacamoleTunnel getTunnel() {
-        return null;
-    }
-
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java

@@ -49,7 +49,6 @@ import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
-import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
@@ -100,8 +99,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     /**
      * All active connections through the tunnel having a given UUID.
      */
-    private final Map<String, ConnectionRecord> activeTunnels =
-            new ConcurrentHashMap<String, ConnectionRecord>();
+    private final Map<String, ActiveConnectionRecord> activeTunnels =
+            new ConcurrentHashMap<String, ActiveConnectionRecord>();
     
     /**
      * All active connections to a connection having a given identifier.
@@ -446,7 +445,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     }
 
     @Override
-    public Collection<ConnectionRecord> getActiveConnections(AuthenticatedUser user)
+    public Collection<ActiveConnectionRecord> getActiveConnections(AuthenticatedUser user)
         throws GuacamoleException {
 
         // Only administrators may see all active connections
@@ -458,7 +457,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     }
 
     @Override
-    public ConnectionRecord getActiveConnection(AuthenticatedUser user,
+    public ActiveConnectionRecord getActiveConnection(AuthenticatedUser user,
             String tunnelUUID) throws GuacamoleException {
 
         // Only administrators may see all active connections
@@ -482,7 +481,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     }
 
     @Override
-    public Collection<ConnectionRecord> getActiveConnections(Connection connection) {
+    public Collection<ActiveConnectionRecord> getActiveConnections(Connection connection) {
         return activeConnections.get(connection.getIdentifier());
     }
 
@@ -507,7 +506,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
     }
 
     @Override
-    public Collection<ConnectionRecord> getActiveConnections(ConnectionGroup connectionGroup) {
+    public Collection<ActiveConnectionRecord> getActiveConnections(ConnectionGroup connectionGroup) {
 
         // If not a balancing group, assume no connections
         if (connectionGroup.getType() != ConnectionGroup.Type.BALANCING)

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/ActiveConnectionMultimap.java

@@ -28,8 +28,6 @@ import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
-import org.glyptodon.guacamole.net.auth.ConnectionRecord;
-
 
 /**
  * Mapping of object identifiers to lists of connection records. Records are
@@ -44,8 +42,8 @@ public class ActiveConnectionMultimap {
     /**
      * All active connections to a connection having a given identifier.
      */
-    private final Map<String, Set<ConnectionRecord>> records =
-            new HashMap<String, Set<ConnectionRecord>>();
+    private final Map<String, Set<ActiveConnectionRecord>> records =
+            new HashMap<String, Set<ActiveConnectionRecord>>();
 
     /**
      * Stores the given connection record in the list of active connections
@@ -57,13 +55,13 @@ public class ActiveConnectionMultimap {
      * @param record
      *     The record associated with the active connection.
      */
-    public void put(String identifier, ConnectionRecord record) {
+    public void put(String identifier, ActiveConnectionRecord record) {
         synchronized (records) {
 
             // Get set of active connection records, creating if necessary
-            Set<ConnectionRecord> connections = records.get(identifier);
+            Set<ActiveConnectionRecord> connections = records.get(identifier);
             if (connections == null) {
-                connections = Collections.synchronizedSet(Collections.newSetFromMap(new LinkedHashMap<ConnectionRecord, Boolean>()));
+                connections = Collections.synchronizedSet(Collections.newSetFromMap(new LinkedHashMap<ActiveConnectionRecord, Boolean>()));
                 records.put(identifier, connections);
             }
 
@@ -83,11 +81,11 @@ public class ActiveConnectionMultimap {
      * @param record
      *     The record associated with the active connection.
      */
-    public void remove(String identifier, ConnectionRecord record) {
+    public void remove(String identifier, ActiveConnectionRecord record) {
         synchronized (records) {
 
             // Get set of active connection records
-            Set<ConnectionRecord> connections = records.get(identifier);
+            Set<ActiveConnectionRecord> connections = records.get(identifier);
             assert(connections != null);
 
             // Remove old record
@@ -114,11 +112,11 @@ public class ActiveConnectionMultimap {
      *     the given identifier, or an empty collection if there are no such
      *     records.
      */
-    public Collection<ConnectionRecord> get(String identifier) {
+    public Collection<ActiveConnectionRecord> get(String identifier) {
         synchronized (records) {
 
             // Get set of active connection records
-            Collection<ConnectionRecord> connections = records.get(identifier);
+            Collection<ActiveConnectionRecord> connections = records.get(identifier);
             if (connections != null)
                 return Collections.unmodifiableCollection(connections);
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/ActiveConnectionRecord.java

@@ -164,11 +164,6 @@ public class ActiveConnectionRecord implements ConnectionRecord {
         return balancingGroup != null;
     }
 
-    @Override
-    public String getIdentifier() {
-        return connection.getIdentifier();
-    }
-    
     @Override
     public Date getStartDate() {
         return startDate;
@@ -200,7 +195,14 @@ public class ActiveConnectionRecord implements ConnectionRecord {
         
     }
 
-    @Override
+    /**
+     * Returns the GuacamoleTunnel currently associated with the active
+     * connection represented by this connection record.
+     *
+     * @return
+     *     The GuacamoleTunnel currently associated with the active connection
+     *     represented by this connection record.
+     */
     public GuacamoleTunnel getTunnel() {
         return tunnel;
     }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/GuacamoleTunnelService.java

@@ -30,7 +30,6 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
-import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
 
 
@@ -57,7 +56,7 @@ public interface GuacamoleTunnelService {
      *     If an error occurs while retrieving all active connections, or if
      *     permission is denied.
      */
-    public Collection<ConnectionRecord> getActiveConnections(AuthenticatedUser user)
+    public Collection<ActiveConnectionRecord> getActiveConnections(AuthenticatedUser user)
             throws GuacamoleException;
 
     /**
@@ -80,7 +79,7 @@ public interface GuacamoleTunnelService {
      *     If an error occurs while retrieving all active connections, or if
      *     permission is denied.
      */
-    public ConnectionRecord getActiveConnection(AuthenticatedUser user,
+    public ActiveConnectionRecord getActiveConnection(AuthenticatedUser user,
             String tunnelUUID)
             throws GuacamoleException;
 
@@ -114,7 +113,7 @@ public interface GuacamoleTunnelService {
             throws GuacamoleException;
 
     /**
-     * Returns a connection containing connection records representing all
+     * Returns a collection containing connection records representing all
      * currently-active connections using the given connection. These records
      * will have usernames and start dates, but no end date, and will be
      * sorted in ascending order by start date.
@@ -126,7 +125,7 @@ public interface GuacamoleTunnelService {
      *     A collection containing connection records representing all
      *     currently-active connections.
      */
-    public Collection<ConnectionRecord> getActiveConnections(Connection connection);
+    public Collection<ActiveConnectionRecord> getActiveConnections(Connection connection);
 
     /**
      * Creates a socket for the given user which connects to the given
@@ -171,6 +170,6 @@ public interface GuacamoleTunnelService {
      *     A collection containing connection records representing all
      *     currently-active connections.
      */
-    public Collection<ConnectionRecord> getActiveConnections(ConnectionGroup connectionGroup);
+    public Collection<ActiveConnectionRecord> getActiveConnections(ConnectionGroup connectionGroup);
 
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java

@@ -28,6 +28,7 @@ import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
 import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
 import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleUnsupportedException;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
@@ -160,6 +161,12 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us
         return connectionGroupPermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
+    @Override
+    public ObjectPermissionSet getActiveConnectionPermissions()
+            throws GuacamoleException {
+        throw new GuacamoleUnsupportedException("STUB");
+    }
+
     @Override
     public ObjectPermissionSet getUserPermissions()
             throws GuacamoleException {

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserContext.java

@@ -28,14 +28,12 @@ import org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupDirector
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionDirectory;
 import com.google.inject.Inject;
 import com.google.inject.Provider;
-import java.util.ArrayList;
-import java.util.Collection;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.auth.jdbc.base.RestrictedObject;
-import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
+import org.glyptodon.guacamole.auth.jdbc.activeconnection.ActiveConnectionDirectory;
+import org.glyptodon.guacamole.net.auth.ActiveConnection;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
-import org.glyptodon.guacamole.net.auth.ConnectionRecord;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.User;
 
@@ -49,12 +47,6 @@ import org.glyptodon.guacamole.net.auth.User;
 public class UserContext extends RestrictedObject
     implements org.glyptodon.guacamole.net.auth.UserContext {
 
-    /**
-     * Service for creating and tracking tunnels.
-     */
-    @Inject
-    private GuacamoleTunnelService tunnelService;
-
     /**
      * User directory restricted by the permissions of the user associated
      * with this context.
@@ -76,6 +68,13 @@ public class UserContext extends RestrictedObject
     @Inject
     private ConnectionGroupDirectory connectionGroupDirectory;
 
+    /**
+     * ActiveConnection directory restricted by the permissions of the user
+     * associated with this context.
+     */
+    @Inject
+    private ActiveConnectionDirectory activeConnectionDirectory;
+
     /**
      * Provider for creating the root group.
      */
@@ -91,6 +90,7 @@ public class UserContext extends RestrictedObject
         userDirectory.init(currentUser);
         connectionDirectory.init(currentUser);
         connectionGroupDirectory.init(currentUser);
+        activeConnectionDirectory.init(currentUser);
 
     }
 
@@ -114,6 +114,12 @@ public class UserContext extends RestrictedObject
         return connectionGroupDirectory;
     }
 
+    @Override
+    public Directory<ActiveConnection> getActiveConnectionDirectory()
+            throws GuacamoleException {
+        return activeConnectionDirectory;
+    }
+
     @Override
     public ConnectionGroup getRootConnectionGroup() throws GuacamoleException {
 
@@ -124,29 +130,4 @@ public class UserContext extends RestrictedObject
 
     }
 
-    @Override
-    public Collection<ConnectionRecord> getActiveConnections()
-            throws GuacamoleException {
-        return tunnelService.getActiveConnections(getCurrentUser());
-    }
-
-    @Override
-    public Collection<ConnectionRecord> getActiveConnections(Collection<String> tunnelUUIDs)
-            throws GuacamoleException {
-
-        // Look up active connections for each given tunnel UUID
-        Collection<ConnectionRecord> records = new ArrayList<ConnectionRecord>(tunnelUUIDs.size());
-        for (String tunnelUUID : tunnelUUIDs) {
-
-            // Add corresponding record only if it exists
-            ConnectionRecord record = tunnelService.getActiveConnection(getCurrentUser(), tunnelUUID);
-            if (record != null)
-                records.add(record);
-
-        }
-
-        return records;
-        
-    }
-
 }