GUACAMOLE-234: Clean up comments, instanceof, and type-casting.
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
index fd18489..ef01acd 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java
@@ -32,7 +32,6 @@
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.GuacamoleException;
@@ -44,8 +43,6 @@
import org.apache.guacamole.auth.ldap.user.UserService;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
-import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
-import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.apache.guacamole.token.TokenName;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -126,7 +123,7 @@
if (searchBindDN != null) {
// Create an LDAP connection using the search account
- LdapConnection searchConnection = ldapService.bindAs(
+ LdapNetworkConnection searchConnection = ldapService.bindAs(
searchBindDN,
confService.getSearchBindPassword()
);
@@ -183,7 +180,7 @@
* @throws GuacamoleException
* If an error occurs while binding to the LDAP server.
*/
- private LdapConnection bindAs(Credentials credentials)
+ private LdapNetworkConnection bindAs(Credentials credentials)
throws GuacamoleException {
// Get username and password from credentials
@@ -234,24 +231,11 @@
throws GuacamoleException {
// Attempt bind
- LdapConnection ldapConnection;
- try {
- ldapConnection = bindAs(credentials);
- }
- catch (GuacamoleException e) {
- logger.error("Cannot bind with LDAP server: {}", e.getMessage());
- logger.debug("Error binding with LDAP server.", e);
- ldapConnection = null;
- }
-
- // If bind fails, permission to login is denied
- if (ldapConnection == null)
- throw new GuacamoleInvalidCredentialsException("Permission denied.", CredentialsInfo.USERNAME_PASSWORD);
-
+ LdapNetworkConnection ldapConnection = bindAs(credentials);
+ LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
+
try {
- LdapConnectionConfig ldapConnectionConfig =
- ((LdapNetworkConnection) ldapConnection).getConfig();
Dn authDn = new Dn(ldapConnectionConfig.getName());
// Retrieve group membership of the user that just authenticated
@@ -297,7 +281,7 @@
* @throws GuacamoleException
* If an error occurs retrieving the user DN or the attributes.
*/
- private Map<String, String> getAttributeTokens(LdapConnection ldapConnection,
+ private Map<String, String> getAttributeTokens(LdapNetworkConnection ldapConnection,
String username) throws GuacamoleException {
// Get attributes from configuration information
@@ -357,9 +341,7 @@
// Bind using credentials associated with AuthenticatedUser
Credentials credentials = authenticatedUser.getCredentials();
- LdapConnection ldapConnection = bindAs(credentials);
- if (ldapConnection == null)
- return null;
+ LdapNetworkConnection ldapConnection = bindAs(credentials);
try {
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
index 7bf09c6..744936d 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPConnectionService.java
@@ -38,6 +38,8 @@
import org.apache.guacamole.GuacamoleUnsupportedException;
import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
import org.apache.guacamole.auth.ldap.conf.EncryptionMethod;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -121,7 +123,7 @@
* @throws GuacamoleException
* If an error occurs while binding to the LDAP server.
*/
- public LdapConnection bindAs(Dn userDN, String password)
+ public LdapNetworkConnection bindAs(Dn userDN, String password)
throws GuacamoleException {
// Obtain appropriately-configured LdapNetworkConnection instance
@@ -138,9 +140,7 @@
}
catch (LdapException e) {
- logger.error("Unable to connect to LDAP server: {}", e.getMessage());
- logger.debug("Failed to connect to LDAP server.", e);
- return null;
+ throw new GuacamoleServerException("Error connecting to LDAP server.", e);
}
// Bind using provided credentials
@@ -156,8 +156,12 @@
// Disconnect if an error occurs during bind
catch (LdapException e) {
logger.debug("Unable to bind to LDAP server.", e);
+ throw new GuacamoleInvalidCredentialsException(
+ "Unable to bind to the LDAP server.",
+ CredentialsInfo.USERNAME_PASSWORD);
+ }
+ finally {
disconnect(ldapConnection);
- return null;
}
return ldapConnection;
@@ -165,7 +169,7 @@
}
/**
- * Generate a new LdapConnection object for following a referral
+ * Generate a new LdapNetworkConnection object for following a referral
* with the given LdapUrl, and copy the username and password
* from the original connection.
*
@@ -181,15 +185,15 @@
* limit is reached, this method will throw an exception.
*
* @return
- * A LdapConnection object that points at the location
+ * A LdapNetworkConnection object that points at the location
* specified in the referralUrl.
*
* @throws GuacamoleException
* If an error occurs parsing out the LdapUrl object or the
* maximum number of referral hops is reached.
*/
- public LdapConnection referralConnection(LdapUrl referralUrl,
- LdapConnectionConfig ldapConfig, Integer hop)
+ public LdapNetworkConnection referralConnection(LdapUrl referralUrl,
+ LdapConnectionConfig ldapConfig, int hop)
throws GuacamoleException {
if (hop >= confService.getMaxReferralHops())
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
index b67bb0a..6df617a 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ObjectQueryService.java
@@ -37,13 +37,9 @@
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.OrNode;
import org.apache.directory.api.ldap.model.message.Referral;
-import org.apache.directory.api.ldap.model.message.Response;
import org.apache.directory.api.ldap.model.message.SearchRequest;
-import org.apache.directory.api.ldap.model.message.SearchResultEntry;
-import org.apache.directory.api.ldap.model.message.SearchResultReference;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.url.LdapUrl;
-import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.GuacamoleException;
@@ -183,15 +179,14 @@
* information required to execute the query cannot be read from
* guacamole.properties.
*/
- public List<Entry> search(LdapConnection ldapConnection,
+ public List<Entry> search(LdapNetworkConnection ldapConnection,
Dn baseDN, ExprNode query) throws GuacamoleException {
logger.debug("Searching \"{}\" for objects matching \"{}\".", baseDN, query);
try {
- LdapConnectionConfig ldapConnectionConfig =
- ((LdapNetworkConnection) ldapConnection).getConfig();
+ LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
// Search within subtree of given base DN
SearchRequest request = ldapService.getSearchRequest(baseDN,
@@ -204,17 +199,15 @@
List<Entry> entries = new ArrayList<>();
while (results.next()) {
- Response response = results.get();
- if (response instanceof SearchResultEntry) {
- entries.add(((SearchResultEntry) response).getEntry());
+ if (results.isEntry()) {
+ entries.add(results.getEntry());
}
- else if (response instanceof SearchResultReference &&
- request.isFollowReferrals()) {
+ else if (results.isReferral() && request.isFollowReferrals()) {
- Referral referral = ((SearchResultReference) response).getReferral();
+ Referral referral = results.getReferral();
int referralHop = 0;
for (String url : referral.getLdapUrls()) {
- LdapConnection referralConnection = ldapService.referralConnection(
+ LdapNetworkConnection referralConnection = ldapService.referralConnection(
new LdapUrl(url), ldapConnectionConfig, referralHop++);
entries.addAll(search(referralConnection, baseDN, query));
}
@@ -273,7 +266,7 @@
* information required to execute the query cannot be read from
* guacamole.properties.
*/
- public List<Entry> search(LdapConnection ldapConnection, Dn baseDN,
+ public List<Entry> search(LdapNetworkConnection ldapConnection, Dn baseDN,
ExprNode filter, Collection<String> attributes, String attributeValue)
throws GuacamoleException {
ExprNode query = generateQuery(filter, attributes, attributeValue);
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapDnGuacamoleProperty.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapDnGuacamoleProperty.java
index f9be1ae..c782c97 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapDnGuacamoleProperty.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapDnGuacamoleProperty.java
@@ -42,7 +42,7 @@
return new Dn(value);
}
catch (LdapInvalidDnException e) {
- throw new GuacamoleServerException("Invalid DN specified in configuration.", e);
+ throw new GuacamoleServerException("The DN \"" + value + "\" is invalid.", e);
}
}
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapFilterGuacamoleProperty.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapFilterGuacamoleProperty.java
index 3c99b11..01b41c9 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapFilterGuacamoleProperty.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/conf/LdapFilterGuacamoleProperty.java
@@ -45,7 +45,7 @@
return FilterParser.parse(value);
}
catch (ParseException e) {
- throw new GuacamoleServerException("Error parsing filter", e);
+ throw new GuacamoleServerException("\"" + value + "\" is not a valid LDAP filter.", e);
}
}
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
index ec48fae..dbd1b03 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java
@@ -32,7 +32,6 @@
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.OrNode;
import org.apache.directory.api.ldap.model.name.Dn;
-import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.ldap.client.api.LdapConnectionConfig;
import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider;
@@ -100,7 +99,7 @@
* If an error occurs preventing retrieval of connections.
*/
public Map<String, Connection> getConnections(AuthenticatedUser user,
- LdapConnection ldapConnection) throws GuacamoleException {
+ LdapNetworkConnection ldapConnection) throws GuacamoleException {
// Do not return any connections if base DN is not specified
Dn configurationBaseDN = confService.getConfigurationBaseDN();
@@ -110,8 +109,7 @@
try {
// Pull the current user DN from the LDAP connection
- LdapConnectionConfig ldapConnectionConfig =
- ((LdapNetworkConnection) ldapConnection).getConfig();
+ LdapConnectionConfig ldapConnectionConfig = ldapConnection.getConfig();
Dn userDN = new Dn(ldapConnectionConfig.getName());
// getConnections() will only be called after a connection has been
@@ -244,7 +242,7 @@
* If an error occurs retrieving the group base DN.
*/
private ExprNode getConnectionSearchFilter(Dn userDN,
- LdapConnection ldapConnection)
+ LdapNetworkConnection ldapConnection)
throws LdapException, GuacamoleException {
AndNode searchFilter = new AndNode();
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
index 986181b..cf29a2b 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/group/UserGroupService.java
@@ -26,13 +26,13 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.filter.EqualityNode;
import org.apache.directory.api.ldap.model.filter.ExprNode;
import org.apache.directory.api.ldap.model.filter.NotNode;
import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.ldap.ObjectQueryService;
@@ -107,7 +107,7 @@
* @throws GuacamoleException
* If an error occurs preventing retrieval of user groups.
*/
- public Map<String, UserGroup> getUserGroups(LdapConnection ldapConnection)
+ public Map<String, UserGroup> getUserGroups(LdapNetworkConnection ldapConnection)
throws GuacamoleException {
// Do not return any user groups if base DN is not specified
@@ -167,7 +167,7 @@
* @throws GuacamoleException
* If an error occurs preventing retrieval of user groups.
*/
- public List<Entry> getParentUserGroupEntries(LdapConnection ldapConnection,
+ public List<Entry> getParentUserGroupEntries(LdapNetworkConnection ldapConnection,
Dn userDN) throws GuacamoleException {
// Do not return any user groups if base DN is not specified
@@ -206,7 +206,7 @@
* @throws GuacamoleException
* If an error occurs preventing retrieval of user groups.
*/
- public Set<String> getParentUserGroupIdentifiers(LdapConnection ldapConnection,
+ public Set<String> getParentUserGroupIdentifiers(LdapNetworkConnection ldapConnection,
Dn userDN) throws GuacamoleException {
Collection<String> attributes = confService.getGroupNameAttributes();
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java
index cafc461..db36fc0 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPAuthenticatedUser.java
@@ -23,6 +23,7 @@
import java.util.Collections;
import java.util.Map;
import java.util.Set;
+import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
@@ -72,13 +73,14 @@
* The unique identifiers of all user groups which affect the
* permissions available to this user.
*/
- public void init(Credentials credentials, Map<String, String> tokens, Set<String> effectiveGroups) {
+ public void init(Credentials credentials, Map<String, String> tokens,
+ Set<String> effectiveGroups) {
this.credentials = credentials;
this.tokens = Collections.unmodifiableMap(tokens);
this.effectiveGroups = effectiveGroups;
setIdentifier(credentials.getUsername());
}
-
+
/**
* Returns a Map of all name/value pairs that should be applied as
* parameter tokens when connections are established using this
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPUserContext.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPUserContext.java
index b87bca0..b5c789e 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPUserContext.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/LDAPUserContext.java
@@ -21,7 +21,7 @@
import com.google.inject.Inject;
import java.util.Collections;
-import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.auth.ldap.connection.ConnectionService;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.ldap.LDAPAuthenticationProvider;
@@ -102,7 +102,7 @@
/**
* Initializes this UserContext using the provided AuthenticatedUser and
- * LdapConnection.
+ * LdapNetworkConnection.
*
* @param user
* The AuthenticatedUser representing the user that authenticated. This
@@ -117,7 +117,7 @@
* If associated data stored within the LDAP directory cannot be
* queried due to an error.
*/
- public void init(AuthenticatedUser user, LdapConnection ldapConnection)
+ public void init(AuthenticatedUser user, LdapNetworkConnection ldapConnection)
throws GuacamoleException {
// Query all accessible users
diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java
index 9377231..ba29983 100644
--- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java
+++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserService.java
@@ -24,12 +24,12 @@
import java.util.Collection;
import java.util.List;
import java.util.Map;
-import org.apache.directory.ldap.client.api.LdapConnection;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
import org.apache.directory.api.ldap.model.name.Dn;
import org.apache.directory.api.ldap.model.name.Rdn;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
import org.apache.guacamole.auth.ldap.conf.ConfigurationService;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
@@ -79,7 +79,7 @@
* @throws GuacamoleException
* If an error occurs preventing retrieval of users.
*/
- public Map<String, User> getUsers(LdapConnection ldapConnection)
+ public Map<String, User> getUsers(LdapNetworkConnection ldapConnection)
throws GuacamoleException {
// Retrieve all visible user objects
@@ -134,7 +134,7 @@
* If an error occurs while querying the user DNs, or if the username
* attribute property cannot be parsed within guacamole.properties.
*/
- public List<Dn> getUserDNs(LdapConnection ldapConnection,
+ public List<Dn> getUserDNs(LdapNetworkConnection ldapConnection,
String username) throws GuacamoleException {
// Retrieve user objects having a matching username