Package org.apache.guacamole.net.auth

Class AbstractUserContext

  • All Implemented Interfaces:
    UserContext
    Direct Known Subclasses:
    SimpleUserContext
    public abstract class AbstractUserContext
extends Object
implements UserContext
    Base implementation of UserContext which provides default implementations of most functions. Implementations must provide their own UserContext.self() and UserContext.getAuthenticationProvider(), but otherwise need only override an implemented function if they wish to actually implement the functionality defined for that function by the UserContext interface.

    • Constructor Detail

      • AbstractUserContext

        public AbstractUserContext()

    • Method Detail

      • getResource

        public Object getResource()
                   throws org.apache.guacamole.GuacamoleException
        Returns an arbitrary REST resource representing this UserContext. The REST resource returned must be properly annotated with JSR-311 annotations, and may serve as the root resource for any number of subresources. The returned resource is ultimately exposed at ".../api/session/ext/IDENTIFIER/", where IDENTIFIER is the identifier of the AuthenticationProvider associated with this UserContext. REST resources returned by this function will only be reachable by authenticated users with valid authentication tokens. REST resources which should be accessible by all users regardless of whether they have authenticated should instead be returned from AuthenticationProvider.getResource().

        This implementation simply returns null. Implementations that wish to expose REST resources specific to a user's session should override this function.

        Specified by:
        getResource in interface UserContext
        Returns:
        An arbitrary REST resource, annotated with JSR-311 annotations, or null if no such resource is defined.
        Throws:
        org.apache.guacamole.GuacamoleException - If the REST resource cannot be returned due to an error.

      • getUserDirectory

        public Directory<User> getUserDirectory()
                                 throws org.apache.guacamole.GuacamoleException
        Retrieves a Directory which can be used to view and manipulate other users, but only as allowed by the permissions given to the user of this UserContext.

        This implementation returns a Directory which contains only the User returned by UserContext.self() (the current user associated with this UserContext. Implementations that wish to expose the existence of other users should override this function.

        Specified by:
        getUserDirectory in interface UserContext
        Returns:
        A Directory whose operations are bound by the restrictions of this UserContext.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getUserGroupDirectory

        public Directory<UserGroup> getUserGroupDirectory()
                                           throws org.apache.guacamole.GuacamoleException
        Retrieves a Directory which can be used to view and manipulate user groups, but only as allowed by the permissions given to the user of this UserContext.

        This implementation simply returns an empty Directory. Implementations that wish to expose user groups should override this function.

        Specified by:
        getUserGroupDirectory in interface UserContext
        Returns:
        A Directory whose operations are bound by the restrictions of this UserContext.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getConnectionDirectory

        public Directory<Connection> getConnectionDirectory()
                                             throws org.apache.guacamole.GuacamoleException
        Retrieves a Directory which can be used to view and manipulate connections and their configurations, but only as allowed by the permissions given to the user.

        This implementation simply returns an empty Directory. Implementations that wish to expose connections should override this function.

        Specified by:
        getConnectionDirectory in interface UserContext
        Returns:
        A Directory whose operations are bound by the permissions of the user.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getConnectionGroupDirectory

        public Directory<ConnectionGroup> getConnectionGroupDirectory()
                                                       throws org.apache.guacamole.GuacamoleException
        Retrieves a Directory which can be used to view and manipulate connection groups and their members, but only as allowed by the permissions given to the user.

        This implementation returns a Directory which contains only the root connection group returned by getRootConnectionGroup(). Implementations that wish to provide a structured connection hierarchy should override this function. If only a flat list of connections will be used, only getConnectionDirectory() needs to be overridden.

        Specified by:
        getConnectionGroupDirectory in interface UserContext
        Returns:
        A Directory whose operations are bound by the permissions of the user.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getActiveConnectionDirectory

        public Directory<ActiveConnection> getActiveConnectionDirectory()
                                                         throws org.apache.guacamole.GuacamoleException
        Retrieves a Directory which can be used to view and manipulate active connections, but only as allowed by the permissions given to the user.

        This implementation simply returns an empty Directory. Implementations that wish to expose the status of active connections should override this function.

        Specified by:
        getActiveConnectionDirectory in interface UserContext
        Returns:
        A Directory whose operations are bound by the permissions of the user.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getSharingProfileDirectory

        public Directory<SharingProfile> getSharingProfileDirectory()
                                                     throws org.apache.guacamole.GuacamoleException
        Retrieves a Directory which can be used to view and manipulate sharing profiles and their configurations, but only as allowed by the permissions given to the user.

        This implementation simply returns an empty Directory. Implementations that wish to provide screen sharing functionality through the use of sharing profiles should override this function.

        Specified by:
        getSharingProfileDirectory in interface UserContext
        Returns:
        A Directory whose operations are bound by the permissions of the user.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getConnectionHistory

        public ActivityRecordSet<ConnectionRecord> getConnectionHistory()
                                                         throws org.apache.guacamole.GuacamoleException
        Retrieves all connection records visible to current user. Connection history records describe the start and end times of connections, and correspond to the times that users connect or disconnect to individual remote desktops. The resulting set of connection records can be further filtered and ordered using the methods defined on ActivityRecordSet.

        This implementation simply returns an empty ActivityRecordSet. Implementations that wish to expose connection usage history should override this function.

        Specified by:
        getConnectionHistory in interface UserContext
        Returns:
        A set of all connection records visible to the current user.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while retrieving the connection records.

      • getUserHistory

        public ActivityRecordSet<ActivityRecord> getUserHistory()
                                                 throws org.apache.guacamole.GuacamoleException
        Retrieves all user history records visible to current user. User history records describe the start and end times of user sessions, and correspond to the times that users logged in or out. The resulting set of user records can be further filtered and ordered using the methods defined on ActivityRecordSet.

        This implementation simply returns an empty ActivityRecordSet. Implementations that wish to expose user login/logout history should override this function.

        Specified by:
        getUserHistory in interface UserContext
        Returns:
        A set of all user records visible to the current user.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while retrieving the user records.

      • getRootConnectionGroup

        public ConnectionGroup getRootConnectionGroup()
                                       throws org.apache.guacamole.GuacamoleException
        Retrieves a connection group which can be used to view and manipulate connections, but only as allowed by the permissions given to the user of this UserContext.

        This implementation returns a new ConnectionGroup with the identifier defined by DEFAULT_ROOT_CONNECTION_GROUP and containing all connections exposed by the Directory returned by getConnectionDirectory(). Implementations that wish to provide a structured connection hierarchy should override this function. If only a flat list of connections will be used, only getConnectionDirectory() needs to be overridden.

        Specified by:
        getRootConnectionGroup in interface UserContext
        Returns:
        A connection group whose operations are bound by the restrictions of this UserContext.
        Throws:
        org.apache.guacamole.GuacamoleException - If an error occurs while creating the Directory.

      • getUserAttributes

        public Collection<Form> getUserAttributes()
        Retrieves a collection of all attributes applicable to users. This collection will contain only those attributes which the current user has general permission to view or modify. If there are no such attributes, this collection will be empty.

        This implementation simply returns an empty Collection. Implementations that wish to expose custom user attributes as fields within user edit screens should override this function.

        Specified by:
        getUserAttributes in interface UserContext
        Returns:
        A collection of all attributes applicable to users.

      • getUserGroupAttributes

        public Collection<Form> getUserGroupAttributes()
        Retrieves a collection of all attributes applicable to user groups. This collection will contain only those attributes which the current user has general permission to view or modify. If there are no such attributes, this collection will be empty.

        This implementation simply returns an empty Collection. Implementations that wish to expose custom user group attributes as fields within user group edit screens should override this function.

        Specified by:
        getUserGroupAttributes in interface UserContext
        Returns:
        A collection of all attributes applicable to user groups.

      • getConnectionAttributes

        public Collection<Form> getConnectionAttributes()
        Retrieves a collection of all attributes applicable to connections. This collection will contain only those attributes which the current user has general permission to view or modify. If there are no such attributes, this collection will be empty.

        This implementation simply returns an empty Collection. Implementations that wish to expose custom connection attributes as fields within connection edit screens should override this function.

        Specified by:
        getConnectionAttributes in interface UserContext
        Returns:
        A collection of all attributes applicable to connections.

      • getConnectionGroupAttributes

        public Collection<Form> getConnectionGroupAttributes()
        Retrieves a collection of all attributes applicable to connection groups. This collection will contain only those attributes which the current user has general permission to view or modify. If there are no such attributes, this collection will be empty.

        This implementation simply returns an empty Collection. Implementations that wish to expose custom connection group attributes as fields within connection group edit screens should override this function.

        Specified by:
        getConnectionGroupAttributes in interface UserContext
        Returns:
        A collection of all attributes applicable to connection groups.

      • getSharingProfileAttributes

        public Collection<Form> getSharingProfileAttributes()
        Retrieves a collection of all attributes applicable to sharing profiles. This collection will contain only those attributes which the current user has general permission to view or modify. If there are no such attributes, this collection will be empty.

        This implementation simply returns an empty Collection. Implementations that wish to expose custom sharing profile attributes as fields within sharing profile edit screens should override this function.

        Specified by:
        getSharingProfileAttributes in interface UserContext
        Returns:
        A collection of all attributes applicable to sharing profile.

      • invalidate

        public void invalidate()
        Invalidates this user context, releasing all associated resources. This function will be invoked when the user logs out, or when their session is automatically invalidated.

        This implementation does nothing. Implementations that wish to perform cleanup tasks when the user associated with this UserContext is being logged out should override this function.

        Specified by:
        invalidate in interface UserContext

      • getPrivileged

        public UserContext getPrivileged()
        Returns a user context which provides privileged access. Unlike the original user context, which is required to enforce its own permissions and act only within the rights of the associated user, the user context returned by this function MAY ignore the restrictions that otherwise limit the current user's access.

        This function is intended to allow extensions which decorate other extensions to act independently of the restrictions that affect the current user. This function will only be invoked by extensions and WILL NOT be invoked directly by the web application. Implementations of this function MAY still enforce access restrictions, particularly if they do not want to grant full, unrestricted access to other extensions.

        A default implementation which simply returns this is provided for compatibility with Apache Guacamole 1.1.0 and older.

        This implementation simply returns this. Implementations that wish to provide additional privileges to extensions requesting privileged access should override this function.

        Specified by:
        getPrivileged in interface UserContext
        Returns:
        A user context instance which MAY ignore some or all restrictions which otherwise limit the current user's access.