You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2019/04/09 18:10:52 UTC
[guacamole-client] branch staging/1.1.0 updated: GUACAMOLE-715:
Provide skeleton ModeledUser when none exists in DB.
This is an automated email from the ASF dual-hosted git repository.
mjumper pushed a commit to branch staging/1.1.0
in repository https://gitbox.apache.org/repos/asf/guacamole-client.git
The following commit(s) were added to refs/heads/staging/1.1.0 by this push:
new 52d6a6a GUACAMOLE-715: Provide skeleton ModeledUser when none exists in DB.
new 60ff499 GUACAMOLE-715: Merge automatic generation of in-memory skeleton users for JDBC auth.
52d6a6a is described below
commit 52d6a6aff8be4b55698145246280cc5ba5abc875
Author: Nick Couchman <ni...@cotyinc.com>
AuthorDate: Tue Apr 9 13:05:33 2019 -0400
GUACAMOLE-715: Provide skeleton ModeledUser when none exists in DB.
---
.../jdbc/JDBCAuthenticationProviderService.java | 24 +++++++-------
.../apache/guacamole/auth/jdbc/user/UserModel.java | 11 +++++++
.../guacamole/auth/jdbc/user/UserService.java | 37 ++++++++++++++++++++++
3 files changed, 60 insertions(+), 12 deletions(-)
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
index 68e2a47..ff605b9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
@@ -96,6 +96,7 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
// Retrieve user account for already-authenticated user
ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser);
+ ModeledUserContext context = userContextProvider.get();
if (user != null && !user.isDisabled()) {
// Enforce applicable account restrictions
@@ -118,24 +119,23 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
userService.resetExpiredPassword(user, authenticatedUser.getCredentials());
}
- // Return all data associated with the authenticated user
- ModeledUserContext context = userContextProvider.get();
- context.init(user.getCurrentUser());
- return context;
-
+ }
+
+ // If no user account is found, and database-specific account
+ // restrictions do not apply, get an empty user.
+ else if (!databaseRestrictionsApplicable) {
+ user = userService.retrieveSkeletonUser(authenticationProvider, authenticatedUser);
}
// Veto authentication result only if database-specific account
// restrictions apply in this situation
- if (databaseRestrictionsApplicable)
+ else
throw new GuacamoleInvalidCredentialsException("Invalid login",
CredentialsInfo.USERNAME_PASSWORD);
-
- // There is no data to be returned for the user, either because they do
- // not exist or because restrictions prevent their data from being
- // retrieved, but no restrictions apply which should prevent the user
- // from authenticating entirely
- return null;
+
+ // Initialize the UserContext with the user account and return it.
+ context.init(user.getCurrentUser());
+ return context;
}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
index 194a26d..3d441d6 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
@@ -127,6 +127,17 @@ public class UserModel extends EntityModel {
public UserModel() {
super(EntityType.USER);
}
+
+ /**
+ * Creates a new user having the provided identifier.
+ *
+ * @param identifier
+ * The identifier of the new user.
+ */
+ public UserModel(String identifier) {
+ super(EntityType.USER);
+ super.setIdentifier(identifier);
+ }
/**
* Returns the hash of this user's password and password salt. This may be
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
index 60bd1e1..0cfe900 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
@@ -423,6 +423,43 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
return user;
}
+
+ /**
+ * Generates an empty (skeleton) user corresponding to the given
+ * AuthenticatedUser. The user will not be stored in the database, and
+ * will only be available in-memory during the time the session is
+ * active.
+ *
+ * @param authenticationProvider
+ * The AuthenticationProvider on behalf of which the user is being
+ * retrieved.
+ *
+ * @param authenticatedUser
+ * The AuthenticatedUser to generate the skeleton account for.
+ *
+ * @return
+ * The empty ModeledUser which corresponds to the given
+ * AuthenticatedUser.
+ *
+ * @throws GuacamoleException
+ * If a ModeledUser object for the user corresponding to the given
+ * AuthenticatedUser cannot be created.
+ */
+ public ModeledUser retrieveSkeletonUser(AuthenticationProvider authenticationProvider,
+ AuthenticatedUser authenticatedUser) throws GuacamoleException {
+
+ // Set up an empty user model
+ ModeledUser user = getObjectInstance(null,
+ new UserModel(authenticatedUser.getIdentifier()));
+
+ // Create user object, and configure cyclic reference
+ user.setCurrentUser(new ModeledAuthenticatedUser(authenticatedUser,
+ authenticationProvider, user));
+
+ // Return the new user.
+ return user;
+
+ }
/**
* Resets the password of the given user to the new password specified via