GUACAMOLE-284: Clarify semantics of disabled user accounts. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/862e2c39 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/862e2c39 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/862e2c39
Branch: refs/heads/master Commit: 862e2c398aaa346d59766f7cc3bec61c2e4a4639 Parents: f4fce6a Author: Michael Jumper <mjum...@apache.org> Authored: Sun Jun 4 14:15:47 2017 -0700 Committer: Michael Jumper <mjum...@apache.org> Committed: Sun Jun 4 22:21:19 2017 -0700 ---------------------------------------------------------------------- .../jdbc/JDBCAuthenticationProviderService.java | 6 ++-- .../guacamole/auth/jdbc/user/ModeledUser.java | 18 +++++++----- .../guacamole/auth/jdbc/user/UserModel.java | 31 +++++++++++--------- 3 files changed, 30 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/862e2c39/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java index b753ff8..284a5aa 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java @@ -89,9 +89,9 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser); if (user != null && !user.isDisabled()) { - // Apply account restrictions if this extension authenticated - // the user OR if an account from this extension is explicitly - // required + // Account restrictions specific to this extension apply if this + // extension authenticated the user OR if an account from this + // extension is explicitly required if (authenticatedUser instanceof ModeledAuthenticatedUser || environment.isUserRequired()) { http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/862e2c39/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 745fe5f..0ed115f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -767,24 +767,26 @@ public class ModeledUser extends ModeledDirectoryObject<UserModel> implements Us } /** - * Returns whether the user has been disabled. Disabled users are not - * allowed to login. Although their account data exists, all login attempts - * will fail as if the account does not exist. + * Returns whether this user account has been disabled. The credentials of + * disabled user accounts are treated as invalid, effectively disabling + * that user's access to data for which they would otherwise have + * permission. * * @return - * true if the account is disabled, false otherwise. + * true if this user account has been disabled, false otherwise. */ public boolean isDisabled() { return getModel().isDisabled(); } /** - * Returns whether the user's password has expired. If a user's password is - * expired, it must be immediately changed upon login. A user account with - * an expired password cannot be used until the password has been changed. + * Returns whether this user's password has expired. If a user's password + * is expired, it must be immediately changed upon login. A user account + * with an expired password cannot be used until the password has been + * changed. * * @return - * true if the user's password has expired, false otherwise. + * true if this user's password has expired, false otherwise. */ public boolean isExpired() { return getModel().isExpired(); http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/862e2c39/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java index 2376cae..afaeb55 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java @@ -194,48 +194,51 @@ public class UserModel extends ObjectModel { } /** - * Returns whether the user has been disabled. Disabled users are not - * allowed to login. Although their account data exists, all login attempts - * will fail as if the account does not exist. + * Returns whether this user account has been disabled. The credentials of + * disabled user accounts are treated as invalid, effectively disabling + * that user's access to data for which they would otherwise have + * permission. * * @return - * true if the account is disabled, false otherwise. + * true if this user account is disabled, false otherwise. */ public boolean isDisabled() { return disabled; } /** - * Sets whether the user is disabled. Disabled users are not allowed to - * login. Although their account data exists, all login attempts will fail - * as if the account does not exist. + * Sets whether this user account has been disabled. The credentials of + * disabled user accounts are treated as invalid, effectively disabling + * that user's access to data for which they would otherwise have + * permission. * * @param disabled - * true if the account should be disabled, false otherwise. + * true if this user account should be disabled, false otherwise. */ public void setDisabled(boolean disabled) { this.disabled = disabled; } /** - * Returns whether the user's password has expired. If a user's password is - * expired, it must be immediately changed upon login. A user account with - * an expired password cannot be used until the password has been changed. + * Returns whether this user's password has expired. If a user's password + * is expired, it must be immediately changed upon login. A user account + * with an expired password cannot be used until the password has been + * changed. * * @return - * true if the user's password has expired, false otherwise. + * true if this user's password has expired, false otherwise. */ public boolean isExpired() { return expired; } /** - * Sets whether the user's password is expired. If a user's password is + * Sets whether this user's password is expired. If a user's password is * expired, it must be immediately changed upon login. A user account with * an expired password cannot be used until the password has been changed. * * @param expired - * true to expire the user's password, false otherwise. + * true if this user's password has expired, false otherwise. */ public void setExpired(boolean expired) { this.expired = expired;