From 15240cc7b11479bdb393e7665167c68dcf91ecaa Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 12:21:24 -0800
Subject: [PATCH 01/12] GUAC-1103: Add stubbed PostgreSQL authentication by
 copying the MySQL auth. Has not yet been tested against an actual DB nor the
 PostgreSQL JDBC driver.

---
 .../guacamole-auth-jdbc-postgresql/.gitignore |   2 +
 .../guacamole-auth-jdbc-postgresql/pom.xml    |  78 ++++++
 .../schema/001-create-schema.sql              | 228 ++++++++++++++++++
 .../schema/002-create-admin-user.sql          |  38 +++
 .../PostgreSQLAuthenticationProvider.java     | 151 ++++++++++++
 ...ostgreSQLAuthenticationProviderModule.java |  99 ++++++++
 .../PostgreSQLGuacamoleProperties.java        | 127 ++++++++++
 .../auth/postgresql/package-info.java         |  26 ++
 .../auth/jdbc/connection/ConnectionMapper.xml | 158 ++++++++++++
 .../connection/ConnectionRecordMapper.xml     |  75 ++++++
 .../auth/jdbc/connection/ParameterMapper.xml  |  71 ++++++
 .../connectiongroup/ConnectionGroupMapper.xml | 159 ++++++++++++
 .../ConnectionGroupPermissionMapper.xml       | 120 +++++++++
 .../permission/ConnectionPermissionMapper.xml | 120 +++++++++
 .../permission/SystemPermissionMapper.xml     |  93 +++++++
 .../jdbc/permission/UserPermissionMapper.xml  | 129 ++++++++++
 .../guacamole/auth/jdbc/user/UserMapper.xml   | 135 +++++++++++
 extensions/guacamole-auth-jdbc/pom.xml        |   3 +-
 18 files changed, 1811 insertions(+), 1 deletion(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/.gitignore
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/pom.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLGuacamoleProperties.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/package-info.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/.gitignore b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/.gitignore
new file mode 100644
index 000000000..42f4a1a64
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/.gitignore
@@ -0,0 +1,2 @@
+target/
+*~
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/pom.xml
new file mode 100644
index 000000000..2329087cd
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/pom.xml
@@ -0,0 +1,78 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.glyptodon.guacamole</groupId>
+    <artifactId>guacamole-auth-jdbc-postgresql</artifactId>
+    <packaging>jar</packaging>
+    <name>guacamole-auth-jdbc-postgresql</name>
+    <url>http://guac-dev.org/</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    </properties>
+
+    <parent>
+        <groupId>org.glyptodon.guacamole</groupId>
+        <artifactId>guacamole-auth-jdbc</artifactId>
+        <version>0.9.5</version>
+        <relativePath>../../</relativePath>
+    </parent>
+
+    <build>
+        <plugins>
+
+            <!-- Written for 1.6 -->
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                    <source>1.6</source>
+                    <target>1.6</target>
+                </configuration>
+            </plugin>
+
+            <!-- Assembly plugin - for easy distribution -->
+            <plugin>
+                <artifactId>maven-assembly-plugin</artifactId>
+                <version>2.2-beta-5</version>
+                <executions>
+                    <execution>
+                        <id>jar-with-dependencies</id>
+                        <phase>package</phase>
+                        <goals>
+                            <goal>single</goal>
+                        </goals>
+                        <configuration>
+                            <finalName>extension/${project.artifactId}-${project.version}</finalName>
+                            <appendAssemblyId>false</appendAssemblyId>
+                            <descriptorRefs>
+                                <descriptorRef>jar-with-dependencies</descriptorRef>
+                            </descriptorRefs>
+                        </configuration>
+                    </execution>                    
+                </executions>
+            </plugin>
+
+        </plugins>
+    </build>
+
+    <dependencies>
+
+        <!-- Guacamole Extension API -->
+        <dependency>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-ext</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <!-- Guacamole JDBC Authentication -->
+        <dependency>
+            <groupId>org.glyptodon.guacamole</groupId>
+            <artifactId>guacamole-auth-jdbc-base</artifactId>
+            <version>0.9.5</version>
+        </dependency>
+
+    </dependencies>
+
+</project>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
new file mode 100644
index 000000000..5c23bfc90
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
@@ -0,0 +1,228 @@
+--
+-- Copyright (C) 2013 Glyptodon LLC
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a copy
+-- of this software and associated documentation files (the "Software"), to deal
+-- in the Software without restriction, including without limitation the rights
+-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+-- copies of the Software, and to permit persons to whom the Software is
+-- furnished to do so, subject to the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included in
+-- all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+-- THE SOFTWARE.
+--
+
+--
+-- Table of connection groups. Each connection group has a name.
+--
+
+CREATE TABLE `guacamole_connection_group` (
+
+  `connection_group_id`   int(11)      NOT NULL AUTO_INCREMENT,
+  `parent_id`             int(11),
+  `connection_group_name` varchar(128) NOT NULL,
+  `type`                  enum('ORGANIZATIONAL',
+                               'BALANCING') NOT NULL DEFAULT 'ORGANIZATIONAL',
+
+  PRIMARY KEY (`connection_group_id`),
+  UNIQUE KEY `connection_group_name_parent` (`connection_group_name`, `parent_id`),
+
+  CONSTRAINT `guacamole_connection_group_ibfk_1`
+    FOREIGN KEY (`parent_id`)
+    REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of connections. Each connection has a name, protocol, and
+-- associated set of parameters.
+-- A connection may belong to a connection group.
+--
+
+CREATE TABLE `guacamole_connection` (
+
+  `connection_id`       int(11)      NOT NULL AUTO_INCREMENT,
+  `connection_name`     varchar(128) NOT NULL,
+  `parent_id`           int(11),
+  `protocol`            varchar(32)  NOT NULL,
+  
+  PRIMARY KEY (`connection_id`),
+  UNIQUE KEY `connection_name_parent` (`connection_name`, `parent_id`),
+
+  CONSTRAINT `guacamole_connection_ibfk_1`
+    FOREIGN KEY (`parent_id`)
+    REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of users. Each user has a unique username and a hashed password
+-- with corresponding salt.
+--
+
+CREATE TABLE `guacamole_user` (
+
+  `user_id`       int(11)      NOT NULL AUTO_INCREMENT,
+  `username`      varchar(128) NOT NULL,
+  `password_hash` binary(32)   NOT NULL,
+  `password_salt` binary(32)   NOT NULL,
+
+  PRIMARY KEY (`user_id`),
+  UNIQUE KEY `username` (`username`)
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of connection parameters. Each parameter is simply a name/value pair
+-- associated with a connection.
+--
+
+CREATE TABLE `guacamole_connection_parameter` (
+
+  `connection_id`   int(11)       NOT NULL,
+  `parameter_name`  varchar(128)  NOT NULL,
+  `parameter_value` varchar(4096) NOT NULL,
+
+  PRIMARY KEY (`connection_id`,`parameter_name`),
+
+  CONSTRAINT `guacamole_connection_parameter_ibfk_1`
+    FOREIGN KEY (`connection_id`)
+    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of connection permissions. Each connection permission grants a user
+-- specific access to a connection.
+--
+
+CREATE TABLE `guacamole_connection_permission` (
+
+  `user_id`       int(11) NOT NULL,
+  `connection_id` int(11) NOT NULL,
+  `permission`    enum('READ',
+                       'UPDATE',
+                       'DELETE',
+                       'ADMINISTER') NOT NULL,
+
+  PRIMARY KEY (`user_id`,`connection_id`,`permission`),
+
+  CONSTRAINT `guacamole_connection_permission_ibfk_1`
+    FOREIGN KEY (`connection_id`)
+    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE,
+
+  CONSTRAINT `guacamole_connection_permission_ibfk_2`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of connection group permissions. Each group permission grants a user
+-- specific access to a connection group.
+--
+
+CREATE TABLE `guacamole_connection_group_permission` (
+
+  `user_id`             int(11) NOT NULL,
+  `connection_group_id` int(11) NOT NULL,
+  `permission`          enum('READ',
+                             'UPDATE',
+                             'DELETE',
+                             'ADMINISTER') NOT NULL,
+
+  PRIMARY KEY (`user_id`,`connection_group_id`,`permission`),
+
+  CONSTRAINT `guacamole_connection_group_permission_ibfk_1`
+    FOREIGN KEY (`connection_group_id`)
+    REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE,
+
+  CONSTRAINT `guacamole_connection_group_permission_ibfk_2`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of system permissions. Each system permission grants a user a
+-- system-level privilege of some kind.
+--
+
+CREATE TABLE `guacamole_system_permission` (
+
+  `user_id`    int(11) NOT NULL,
+  `permission` enum('CREATE_CONNECTION',
+		    'CREATE_CONNECTION_GROUP',
+                    'CREATE_USER',
+                    'ADMINISTER') NOT NULL,
+
+  PRIMARY KEY (`user_id`,`permission`),
+
+  CONSTRAINT `guacamole_system_permission_ibfk_1`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of user permissions. Each user permission grants a user access to
+-- another user (the "affected" user) for a specific type of operation.
+--
+
+CREATE TABLE `guacamole_user_permission` (
+
+  `user_id`          int(11) NOT NULL,
+  `affected_user_id` int(11) NOT NULL,
+  `permission`       enum('READ',
+                          'UPDATE',
+                          'DELETE',
+                          'ADMINISTER') NOT NULL,
+
+  PRIMARY KEY (`user_id`,`affected_user_id`,`permission`),
+
+  CONSTRAINT `guacamole_user_permission_ibfk_1`
+    FOREIGN KEY (`affected_user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE,
+
+  CONSTRAINT `guacamole_user_permission_ibfk_2`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Table of connection history records. Each record defines a specific user's
+-- session, including the connection used, the start time, and the end time
+-- (if any).
+--
+
+CREATE TABLE `guacamole_connection_history` (
+
+  `history_id`    int(11)  NOT NULL AUTO_INCREMENT,
+  `user_id`       int(11)  NOT NULL,
+  `connection_id` int(11)  NOT NULL,
+  `start_date`    datetime NOT NULL,
+  `end_date`      datetime DEFAULT NULL,
+
+  PRIMARY KEY (`history_id`),
+  KEY `user_id` (`user_id`),
+  KEY `connection_id` (`connection_id`),
+
+  CONSTRAINT `guacamole_connection_history_ibfk_1`
+    FOREIGN KEY (`user_id`)
+    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE,
+
+  CONSTRAINT `guacamole_connection_history_ibfk_2`
+    FOREIGN KEY (`connection_id`)
+    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE
+
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
new file mode 100644
index 000000000..997a48841
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
@@ -0,0 +1,38 @@
+--
+-- Copyright (C) 2013 Glyptodon LLC
+--
+-- Permission is hereby granted, free of charge, to any person obtaining a copy
+-- of this software and associated documentation files (the "Software"), to deal
+-- in the Software without restriction, including without limitation the rights
+-- to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+-- copies of the Software, and to permit persons to whom the Software is
+-- furnished to do so, subject to the following conditions:
+--
+-- The above copyright notice and this permission notice shall be included in
+-- all copies or substantial portions of the Software.
+--
+-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+-- IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+-- AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+-- LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+-- OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+-- THE SOFTWARE.
+--
+
+-- Create default user "guacadmin" with password "guacadmin"
+insert into guacamole_user values(1, 'guacadmin',
+    x'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960',  -- 'guacadmin'
+    x'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264');
+
+-- Grant this user create permissions
+insert into guacamole_system_permission values(1, 'CREATE_CONNECTION');
+insert into guacamole_system_permission values(1, 'CREATE_CONNECTION_GROUP');
+insert into guacamole_system_permission values(1, 'CREATE_USER');
+insert into guacamole_system_permission values(1, 'ADMINISTER');
+
+-- Grant admin permission to read/update/administer self
+insert into guacamole_user_permission values(1, 1, 'READ');
+insert into guacamole_user_permission values(1, 1, 'UPDATE');
+insert into guacamole_user_permission values(1, 1, 'ADMINISTER');
+
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
new file mode 100644
index 000000000..65bd2270a
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProvider.java
@@ -0,0 +1,151 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.postgresql;
+
+import com.google.inject.Guice;
+import com.google.inject.Injector;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
+import org.glyptodon.guacamole.net.auth.Credentials;
+import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.auth.jdbc.JDBCAuthenticationProviderModule;
+import org.glyptodon.guacamole.auth.jdbc.socket.BalancedGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.socket.MultiseatGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.socket.SingleSeatGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.socket.UnrestrictedGuacamoleSocketService;
+import org.glyptodon.guacamole.auth.jdbc.user.UserContextService;
+import org.glyptodon.guacamole.environment.Environment;
+import org.glyptodon.guacamole.environment.LocalEnvironment;
+
+/**
+ * Provides a PostgreSQL-based implementation of the AuthenticationProvider
+ * functionality.
+ *
+ * @author James Muehlner
+ * @author Michael Jumper
+ */
+public class PostgreSQLAuthenticationProvider implements AuthenticationProvider {
+
+    /**
+     * Injector which will manage the object graph of this authentication
+     * provider.
+     */
+    private final Injector injector;
+
+    /**
+     * Returns the appropriate socket service class given the Guacamole
+     * environment. The class is chosen based on configuration options that
+     * dictate concurrent usage policy.
+     *
+     * @param environment
+     *     The environment of the Guacamole server.
+     *
+     * @return
+     *     The socket service class that matches the concurrent usage policy
+     *     options set in the Guacamole environment.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while reading the configuration options.
+     */
+    private Class<? extends GuacamoleSocketService>
+        getSocketServiceClass(Environment environment)
+                throws GuacamoleException {
+
+        // Read concurrency-related properties
+        boolean disallowSimultaneous = environment.getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_DISALLOW_SIMULTANEOUS_CONNECTIONS, false);
+        boolean disallowDuplicate    = environment.getProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_DISALLOW_DUPLICATE_CONNECTIONS, true);
+
+        if (disallowSimultaneous) {
+
+            // Connections may not be used concurrently
+            if (disallowDuplicate)
+                return SingleSeatGuacamoleSocketService.class;
+
+            // Connections are reserved for a single user when in use
+            else
+                return BalancedGuacamoleSocketService.class;
+
+        }
+
+        else {
+
+            // Connections may be used concurrently, but only once per user
+            if (disallowDuplicate)
+                return MultiseatGuacamoleSocketService.class;
+
+            // Connection use is not restricted
+            else
+                return UnrestrictedGuacamoleSocketService.class;
+
+        }
+         
+    }
+    
+    /**
+     * Creates a new PostgreSQLAuthenticationProvider that reads and writes
+     * authentication data to a PostgreSQL database defined by properties in
+     * guacamole.properties.
+     *
+     * @throws GuacamoleException
+     *     If a required property is missing, or an error occurs while parsing
+     *     a property.
+     */
+    public PostgreSQLAuthenticationProvider() throws GuacamoleException {
+
+        // Get local environment
+        Environment environment = new LocalEnvironment();
+
+        // Set up Guice injector.
+        injector = Guice.createInjector(
+
+            // Configure PostgreSQL-specific authentication
+            new PostgreSQLAuthenticationProviderModule(environment),
+
+            // Configure JDBC authentication core
+            new JDBCAuthenticationProviderModule(environment, getSocketServiceClass(environment))
+
+        );
+
+    }
+
+    @Override
+    public UserContext getUserContext(Credentials credentials)
+            throws GuacamoleException {
+
+        // Create UserContext based on credentials, if valid
+        UserContextService userContextService = injector.getInstance(UserContextService.class);
+        return userContextService.getUserContext(credentials);
+
+    }
+
+    @Override
+    public UserContext updateUserContext(UserContext context,
+        Credentials credentials) throws GuacamoleException {
+
+        // No need to update the context
+        return context;
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
new file mode 100644
index 000000000..2decdf9a6
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLAuthenticationProviderModule.java
@@ -0,0 +1,99 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.postgresql;
+
+import com.google.inject.Binder;
+import com.google.inject.Module;
+import com.google.inject.name.Names;
+import java.util.Properties;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.environment.Environment;
+import org.mybatis.guice.datasource.helper.JdbcHelper;
+
+/**
+ * Guice module which configures PostgreSQL-specific injections.
+ *
+ * @author James Muehlner
+ * @author Michael Jumper
+ */
+public class PostgreSQLAuthenticationProviderModule implements Module {
+
+    /**
+     * MyBatis-specific configuration properties.
+     */
+    private final Properties myBatisProperties = new Properties();
+
+    /**
+     * PostgreSQL-specific driver configuration properties.
+     */
+    private final Properties driverProperties = new Properties();
+    
+    /**
+     * Creates a new PostgreSQL authentication provider module that configures
+     * driver and MyBatis properties using the given environment.
+     *
+     * @param environment
+     *     The environment to use when configuring MyBatis and the underlying
+     *     JDBC driver.
+     *
+     * @throws GuacamoleException
+     *     If a required property is missing, or an error occurs while parsing
+     *     a property.
+     */
+    public PostgreSQLAuthenticationProviderModule(Environment environment)
+            throws GuacamoleException {
+
+        // Set the PostgreSQL-specific properties for MyBatis.
+        myBatisProperties.setProperty("mybatis.environment.id", "guacamole");
+        myBatisProperties.setProperty("JDBC.host", environment.getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_HOSTNAME));
+        myBatisProperties.setProperty("JDBC.port", String.valueOf(environment.getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_PORT)));
+        myBatisProperties.setProperty("JDBC.schema", environment.getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_DATABASE));
+        myBatisProperties.setProperty("JDBC.username", environment.getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_USERNAME));
+        myBatisProperties.setProperty("JDBC.password", environment.getRequiredProperty(PostgreSQLGuacamoleProperties.POSTGRESQL_PASSWORD));
+        myBatisProperties.setProperty("JDBC.autoCommit", "false");
+        myBatisProperties.setProperty("mybatis.pooled.pingEnabled", "true");
+        myBatisProperties.setProperty("mybatis.pooled.pingQuery", "SELECT 1");
+
+        // Use UTF-8 in database
+        driverProperties.setProperty("characterEncoding","UTF-8");
+
+
+    }
+
+    @Override
+    public void configure(Binder binder) {
+
+        // Bind PostgreSQL-specific properties
+        JdbcHelper.PostgreSQL.configure(binder);
+        
+        // Bind MyBatis properties
+        Names.bindProperties(binder, myBatisProperties);
+
+        // Bing JDBC driver properties
+        binder.bind(Properties.class)
+            .annotatedWith(Names.named("JDBC.driverProperties"))
+            .toInstance(driverProperties);
+
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLGuacamoleProperties.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLGuacamoleProperties.java
new file mode 100644
index 000000000..abb5a1249
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/PostgreSQLGuacamoleProperties.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.postgresql;
+
+import org.glyptodon.guacamole.properties.BooleanGuacamoleProperty;
+import org.glyptodon.guacamole.properties.IntegerGuacamoleProperty;
+import org.glyptodon.guacamole.properties.StringGuacamoleProperty;
+
+/**
+ * Properties used by the PostgreSQL Authentication plugin.
+ *
+ * @author James Muehlner
+ * @author Michael Jumper
+ */
+public class PostgreSQLGuacamoleProperties {
+
+    /**
+     * This class should not be instantiated.
+     */
+    private PostgreSQLGuacamoleProperties() {}
+
+    /**
+     * The URL of the PostgreSQL server hosting the Guacamole authentication tables.
+     */
+    public static final StringGuacamoleProperty POSTGRESQL_HOSTNAME =
+            new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-hostname"; }
+
+    };
+
+    /**
+     * The port of the PostgreSQL server hosting the Guacamole authentication
+     * tables.
+     */
+    public static final IntegerGuacamoleProperty POSTGRESQL_PORT =
+            new IntegerGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-port"; }
+
+    };
+
+    /**
+     * The name of the PostgreSQL database containing the Guacamole
+     * authentication tables.
+     */
+    public static final StringGuacamoleProperty POSTGRESQL_DATABASE =
+            new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-database"; }
+
+    };
+
+    /**
+     * The username used to authenticate to the PostgreSQL database containing
+     * the Guacamole authentication tables.
+     */
+    public static final StringGuacamoleProperty POSTGRESQL_USERNAME =
+            new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-username"; }
+
+    };
+
+    /**
+     * The password used to authenticate to the PostgreSQL database containing
+     * the Guacamole authentication tables.
+     */
+    public static final StringGuacamoleProperty POSTGRESQL_PASSWORD =
+            new StringGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-password"; }
+
+    };
+
+    /**
+     * Whether or not multiple users accessing the same connection at the same
+     * time should be disallowed.
+     */
+    public static final BooleanGuacamoleProperty
+            POSTGRESQL_DISALLOW_SIMULTANEOUS_CONNECTIONS =
+            new BooleanGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-disallow-simultaneous-connections"; }
+
+    };
+
+    /**
+     * Whether or not the same user accessing the same connection or connection
+     * group at the same time should be disallowed.
+     */
+    public static final BooleanGuacamoleProperty
+            POSTGRESQL_DISALLOW_DUPLICATE_CONNECTIONS =
+            new BooleanGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "postgresql-disallow-duplicate-connections"; }
+
+    };
+    
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/package-info.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/package-info.java
new file mode 100644
index 000000000..1a939e1a6
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/java/org/glyptodon/guacamole/auth/postgresql/package-info.java
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+/**
+ * The PostgreSQL authentication provider.
+ */
+package org.glyptodon.guacamole.auth.postgresql;
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
new file mode 100644
index 000000000..2211da069
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
@@ -0,0 +1,158 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionMapper" >
+
+    <!-- Result mapper for connection objects -->
+    <resultMap id="ConnectionResultMap" type="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel" >
+        <id     column="connection_id"   property="objectID"         jdbcType="INTEGER"/>
+        <result column="connection_name" property="name"             jdbcType="VARCHAR"/>
+        <result column="parent_id"       property="parentIdentifier" jdbcType="INTEGER"/>
+        <result column="protocol"        property="protocol"         jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all connection identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT connection_id 
+        FROM guacamole_connection
+    </select>
+
+    <!-- Select identifiers of all readable connections -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT connection_id
+        FROM guacamole_connection_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all connection identifiers within a particular connection group -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT connection_id 
+        FROM guacamole_connection
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+    </select>
+
+    <!-- Select identifiers of all readable connections within a particular connection group -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT guacamole_connection.connection_id
+        FROM guacamole_connection
+        JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple connections by identifier -->
+    <select id="select" resultMap="ConnectionResultMap">
+
+        SELECT
+            connection_id,
+            connection_name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        WHERE connection_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple connections by identifier only if readable -->
+    <select id="selectReadable" resultMap="ConnectionResultMap">
+
+        SELECT
+            guacamole_connection.connection_id,
+            connection_name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
+        WHERE guacamole_connection.connection_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Select single connection by name -->
+    <select id="selectOneByName" resultMap="ConnectionResultMap">
+
+        SELECT
+            connection_id,
+            connection_name,
+            parent_id,
+            protocol 
+        FROM guacamole_connection
+        WHERE 
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND connection_name = #{name,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete single connection by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection
+        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single connection -->
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel">
+
+        INSERT INTO guacamole_connection (
+            connection_name,
+            parent_id,
+            protocol 
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.protocol,jdbcType=VARCHAR}
+        )
+
+    </insert>
+
+    <!-- Update single connection -->
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel">
+        UPDATE guacamole_connection
+        SET connection_name = #{object.name,jdbcType=VARCHAR},
+            parent_id       = #{object.parentIdentifier,jdbcType=VARCHAR},
+            protocol        = #{object.protocol,jdbcType=VARCHAR}
+        WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
+    </update>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
new file mode 100644
index 000000000..b5775f607
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
@@ -0,0 +1,75 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordMapper" >
+
+    <!-- Result mapper for system permissions -->
+    <resultMap id="ConnectionRecordResultMap" type="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordModel">
+        <result column="connection_id" property="connectionIdentifier" jdbcType="INTEGER"/>
+        <result column="user_id"       property="userID"               jdbcType="INTEGER"/>
+        <result column="username"      property="username"             jdbcType="VARCHAR"/>
+        <result column="start_date"    property="startDate"            jdbcType="TIMESTAMP"/>
+        <result column="end_date"      property="endDate"              jdbcType="TIMESTAMP"/>
+    </resultMap>
+
+    <!-- Select all connection records from a given connection -->
+    <select id="select" resultMap="ConnectionRecordResultMap">
+
+        SELECT
+            connection_id,
+            guacamole_connection_history.user_id,
+            username,
+            start_date,
+            end_date
+        FROM guacamole_connection_history
+        JOIN guacamole_user ON guacamole_connection_history.user_id = guacamole_user.user_id
+        WHERE
+            connection_id = #{identifier,jdbcType=VARCHAR}
+        ORDER BY
+            start_date DESC,
+            end_date DESC
+
+    </select>
+
+    <!-- Insert the given connection record -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionRecordModel">
+
+        INSERT INTO guacamole_connection_history (
+            connection_id,
+            user_id,
+            start_date,
+            end_date
+        )
+        VALUES (
+            #{record.connectionIdentifier,jdbcType=VARCHAR},
+            #{record.userID,jdbcType=INTEGER},
+            #{record.startDate,jdbcType=TIMESTAMP},
+            #{record.endDate,jdbcType=TIMESTAMP}
+        )
+
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
new file mode 100644
index 000000000..ccd386c14
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connection.ParameterMapper">
+
+    <!-- Result mapper for connection parameters -->
+    <resultMap id="ParameterResultMap" type="org.glyptodon.guacamole.auth.jdbc.connection.ParameterModel">
+        <result column="connection_id"   property="connectionIdentifier" jdbcType="INTEGER"/>
+        <result column="parameter_name"  property="name"                 jdbcType="VARCHAR"/>
+        <result column="parameter_value" property="value"                jdbcType="VARCHAR"/>
+    </resultMap>
+
+    <!-- Select all parameters of a given connection -->
+    <select id="select" resultMap="ParameterResultMap">
+        SELECT
+            connection_id,
+            parameter_name,
+            parameter_value
+        FROM guacamole_connection_parameter
+        WHERE
+            connection_id = #{identifier,jdbcType=VARCHAR}
+    </select>
+
+    <!-- Delete all parameters of a given connection -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection_parameter
+        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert all given parameters -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ParameterModel">
+
+        INSERT INTO guacamole_connection_parameter (
+            connection_id,
+            parameter_name,
+            parameter_value
+        )
+        VALUES 
+            <foreach collection="parameters" item="parameter" separator=",">
+                (#{parameter.connectionIdentifier,jdbcType=VARCHAR},
+                 #{parameter.name,jdbcType=VARCHAR},
+                 #{parameter.value,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
new file mode 100644
index 000000000..4eb20da1c
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -0,0 +1,159 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupMapper" >
+
+    <!-- Result mapper for connection objects -->
+    <resultMap id="ConnectionGroupResultMap" type="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel" >
+        <id     column="connection_group_id"   property="objectID"         jdbcType="INTEGER"/>
+        <result column="connection_group_name" property="name"             jdbcType="VARCHAR"/>
+        <result column="parent_id"             property="parentIdentifier" jdbcType="INTEGER"/>
+        <result column="type"                  property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.ConnectionGroup$Type"/>
+    </resultMap>
+
+    <!-- Select all connection group identifiers -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT connection_group_id 
+        FROM guacamole_connection_group
+    </select>
+
+    <!-- Select identifiers of all readable connection groups -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT connection_group_id
+        FROM guacamole_connection_group_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select all connection identifiers within a particular connection group -->
+    <select id="selectIdentifiersWithin" resultType="string">
+        SELECT connection_group_id 
+        FROM guacamole_connection_group
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+    </select>
+
+    <!-- Select identifiers of all readable connection groups within a particular connection group -->
+    <select id="selectReadableIdentifiersWithin" resultType="string">
+        SELECT guacamole_connection_group.connection_group_id
+        FROM guacamole_connection_group
+        JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
+        WHERE
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+    </select>
+
+    <!-- Select multiple connection groups by identifier -->
+    <select id="select" resultMap="ConnectionGroupResultMap">
+
+        SELECT
+            connection_group_id,
+            connection_group_name,
+            parent_id,
+            type
+        FROM guacamole_connection_group
+        WHERE connection_group_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple connection groups by identifier only if readable -->
+    <select id="selectReadable" resultMap="ConnectionGroupResultMap">
+
+        SELECT
+            guacamole_connection_group.connection_group_id,
+            connection_group_name,
+            parent_id,
+            type 
+        FROM guacamole_connection_group
+        JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
+        WHERE guacamole_connection_group.connection_group_id IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'READ'
+
+    </select>
+
+    <!-- Select single connection group by name -->
+    <select id="selectOneByName" resultMap="ConnectionGroupResultMap">
+
+        SELECT
+            connection_group_id,
+            connection_group_name,
+            parent_id,
+            type
+        FROM guacamole_connection_group
+        WHERE 
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier == null">parent_id IS NULL</if>
+            AND connection_group_name = #{name,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete single connection group by identifier -->
+    <delete id="delete">
+        DELETE FROM guacamole_connection_group
+        WHERE connection_group_id = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single connection -->
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
+
+        INSERT INTO guacamole_connection_group (
+            connection_group_name,
+            parent_id,
+            type
+        )
+        VALUES (
+            #{object.name,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.type,jdbcType=VARCHAR}
+        )
+
+    </insert>
+
+    <!-- Update single connection group -->
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
+        UPDATE guacamole_connection_group
+        SET connection_group_name = #{object.name,jdbcType=VARCHAR},
+            parent_id             = #{object.parentIdentifier,jdbcType=VARCHAR},
+            type                  = #{object.type,jdbcType=VARCHAR}
+        WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
+    </update>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
new file mode 100644
index 000000000..40ada12a5
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper" >
+
+    <!-- Result mapper for connection permissions -->
+    <resultMap id="ConnectionGroupPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"             property="userID"           jdbcType="INTEGER"/>
+        <result column="username"            property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"          property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="connection_group_id" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="ConnectionGroupPermissionResultMap">
+
+        SELECT
+            guacamole_connection_group_permission.user_id,
+            username,
+            permission,
+            connection_group_id
+        FROM guacamole_connection_group_permission
+        JOIN guacamole_user ON guacamole_connection_group_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
+
+        SELECT
+            guacamole_connection_group_permission.user_id,
+            username,
+            permission,
+            connection_group_id
+        FROM guacamole_connection_group_permission
+        JOIN guacamole_user ON guacamole_connection_group_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+            AND connection_group_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT connection_group_id 
+        FROM guacamole_connection_group_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND connection_group_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_connection_group_permission
+        WHERE (user_id, permission, connection_group_id) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_connection_group_permission (
+            user_id,
+            permission,
+            connection_group_id
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
new file mode 100644
index 000000000..9935f3cfd
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -0,0 +1,120 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper" >
+
+    <!-- Result mapper for connection permissions -->
+    <resultMap id="ConnectionPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"       property="userID"           jdbcType="INTEGER"/>
+        <result column="username"      property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"    property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="connection_id" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="ConnectionPermissionResultMap">
+
+        SELECT
+            guacamole_connection_permission.user_id,
+            username,
+            permission,
+            connection_id
+        FROM guacamole_connection_permission
+        JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="ConnectionPermissionResultMap">
+
+        SELECT
+            guacamole_connection_permission.user_id,
+            username,
+            permission,
+            connection_id
+        FROM guacamole_connection_permission
+        JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+            AND connection_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT connection_id 
+        FROM guacamole_connection_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND connection_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_connection_permission
+        WHERE (user_id, permission, connection_id) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_connection_permission (
+            user_id,
+            permission,
+            connection_id
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
new file mode 100644
index 000000000..55eacd072
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionMapper" >
+
+    <!-- Result mapper for system permissions -->
+    <resultMap id="SystemPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
+        <result column="user_id"    property="userID"   jdbcType="INTEGER"/>
+        <result column="username"   property="username" jdbcType="VARCHAR"/>
+        <result column="permission" property="type"     jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.SystemPermission$Type"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="SystemPermissionResultMap">
+
+        SELECT
+            guacamole_system_permission.user_id,
+            username,
+            permission
+        FROM guacamole_system_permission
+        JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
+        WHERE guacamole_system_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="SystemPermissionResultMap">
+
+        SELECT
+            guacamole_system_permission.user_id,
+            username,
+            permission
+        FROM guacamole_system_permission
+        JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
+        WHERE
+            guacamole_system_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
+
+        DELETE FROM guacamole_system_permission
+        WHERE (user_id, permission) IN
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="," close=")">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR})
+            </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
+
+        INSERT IGNORE INTO guacamole_system_permission (
+            user_id,
+            permission
+        )
+        VALUES
+            <foreach collection="permissions" item="permission" separator=",">
+                (#{permission.userID,jdbcType=INTEGER},
+                 #{permission.type,jdbcType=VARCHAR})
+            </foreach>
+
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
new file mode 100644
index 000000000..038bb814f
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper" >
+
+    <!-- Result mapper for user permissions -->
+    <resultMap id="UserPermissionResultMap" type="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+        <result column="user_id"           property="userID"           jdbcType="INTEGER"/>
+        <result column="username"          property="username"         jdbcType="VARCHAR"/>
+        <result column="permission"        property="type"             jdbcType="VARCHAR"
+                javaType="org.glyptodon.guacamole.net.auth.permission.ObjectPermission$Type"/>
+        <result column="affected_username" property="objectIdentifier" jdbcType="INTEGER"/>
+    </resultMap>
+
+    <!-- Select all permissions for a given user -->
+    <select id="select" resultMap="UserPermissionResultMap">
+
+        SELECT
+            guacamole_user_permission.user_id,
+            guacamole_user.username,
+            permission,
+            affected.username AS affected_username
+        FROM guacamole_user_permission
+        JOIN guacamole_user          ON guacamole_user_permission.user_id          = guacamole_user.user_id
+        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        WHERE guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+
+    </select>
+
+    <!-- Select the single permission matching the given criteria -->
+    <select id="selectOne" resultMap="UserPermissionResultMap">
+
+        SELECT
+            guacamole_user_permission.user_id,
+            guacamole_user.username,
+            permission,
+            affected.username AS affected_username
+        FROM guacamole_user_permission
+        JOIN guacamole_user          ON guacamole_user_permission.user_id          = guacamole_user.user_id
+        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = #{type,jdbcType=VARCHAR}
+            AND affected.username = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT username
+        FROM guacamole_user_permission
+        JOIN guacamole_user ON guacamole_user_permission.affected_user_id = guacamole_user.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND username IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>
+
+    </select>
+
+    <!-- Delete all given permissions -->
+    <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        DELETE FROM guacamole_user_permission
+        USING guacamole_user_permission
+        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        WHERE
+            (guacamole_user_permission.user_id, permission, affected.username) IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    (#{permission.userID,jdbcType=INTEGER},
+                     #{permission.type,jdbcType=VARCHAR},
+                     #{permission.objectIdentifier,jdbcType=VARCHAR})
+                </foreach>
+
+    </delete>
+
+    <!-- Insert all given permissions -->
+    <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
+
+        INSERT IGNORE INTO guacamole_user_permission (
+            user_id,
+            permission,
+            affected_user_id
+        )
+        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="UNION ALL" close=")">
+                SELECT #{permission.userID,jdbcType=INTEGER}           AS user_id,
+                       #{permission.type,jdbcType=VARCHAR}             AS permission,
+                       #{permission.objectIdentifier,jdbcType=VARCHAR} AS username
+            </foreach>
+        AS permissions
+        JOIN guacamole_user ON guacamole_user.username = permissions.username; 
+
+    </insert>
+
+</mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
new file mode 100644
index 000000000..5170d43ee
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+    "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+   Copyright (C) 2015 Glyptodon LLC
+
+   Permission is hereby granted, free of charge, to any person obtaining a copy
+   of this software and associated documentation files (the "Software"), to deal
+   in the Software without restriction, including without limitation the rights
+   to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+   copies of the Software, and to permit persons to whom the Software is
+   furnished to do so, subject to the following conditions:
+
+   The above copyright notice and this permission notice shall be included in
+   all copies or substantial portions of the Software.
+
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+   IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+   FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+   AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+   LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+   OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+   THE SOFTWARE.
+-->
+
+<mapper namespace="org.glyptodon.guacamole.auth.jdbc.user.UserMapper" >
+
+    <!-- Result mapper for user objects -->
+    <resultMap id="UserResultMap" type="org.glyptodon.guacamole.auth.jdbc.user.UserModel" >
+        <id     column="user_id"       property="objectID"     jdbcType="INTEGER"/>
+        <result column="username"      property="identifier"   jdbcType="VARCHAR"/>
+        <result column="password_hash" property="passwordHash" jdbcType="BINARY"/>
+        <result column="password_salt" property="passwordSalt" jdbcType="BINARY"/>
+    </resultMap>
+
+    <!-- Select all usernames -->
+    <select id="selectIdentifiers" resultType="string">
+        SELECT username
+        FROM guacamole_user
+    </select>
+
+    <!-- Select usernames of all readable users -->
+    <select id="selectReadableIdentifiers" resultType="string">
+        SELECT username
+        FROM guacamole_user
+        JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'read'
+    </select>
+
+    <!-- Select multiple users by username -->
+    <select id="select" resultMap="UserResultMap">
+
+        SELECT
+            user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        WHERE username IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+
+    </select>
+
+    <!-- Select multiple users by username only if readable -->
+    <select id="selectReadable" resultMap="UserResultMap">
+
+        SELECT
+            guacamole_user.user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
+        WHERE username IN
+            <foreach collection="identifiers" item="identifier"
+                     open="(" separator="," close=")">
+                #{identifier,jdbcType=VARCHAR}
+            </foreach>
+            AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND permission = 'read'
+
+    </select>
+
+    <!-- Select single user by username -->
+    <select id="selectOne" resultMap="UserResultMap">
+
+        SELECT
+            user_id,
+            username,
+            password_hash,
+            password_salt
+        FROM guacamole_user
+        WHERE
+            username = #{username,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Delete single user by username -->
+    <delete id="delete">
+        DELETE FROM guacamole_user
+        WHERE username = #{identifier,jdbcType=VARCHAR}
+    </delete>
+
+    <!-- Insert single user -->
+    <insert id="insert" useGeneratedKeys="true" keyProperty="object.objectID"
+            parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
+
+        INSERT INTO guacamole_user (
+            username,
+            password_hash,
+            password_salt
+        )
+        VALUES (
+            #{object.identifier,jdbcType=VARCHAR},
+            #{object.passwordHash,jdbcType=BINARY},
+            #{object.passwordSalt,jdbcType=BINARY}
+        )
+
+    </insert>
+
+    <!-- Update single user -->
+    <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.user.UserModel">
+        UPDATE guacamole_user
+        SET password_hash = #{object.passwordHash,jdbcType=BINARY},
+            password_salt = #{object.passwordSalt,jdbcType=BINARY}
+        WHERE user_id = #{object.objectID,jdbcType=VARCHAR}
+    </update>
+
+</mapper>
diff --git a/extensions/guacamole-auth-jdbc/pom.xml b/extensions/guacamole-auth-jdbc/pom.xml
index c6c622994..49fb5c124 100644
--- a/extensions/guacamole-auth-jdbc/pom.xml
+++ b/extensions/guacamole-auth-jdbc/pom.xml
@@ -20,8 +20,9 @@
         <!-- Base JDBC classes -->
         <module>modules/guacamole-auth-jdbc-base</module>
 
-        <!-- MySQL authentication -->
+        <!-- Database-specific implementations -->
         <module>modules/guacamole-auth-jdbc-mysql</module>
+        <module>modules/guacamole-auth-jdbc-postgresql</module>
 
     </modules>
 

From 4e08c10f9451abf422f0459a5eb48a5f12abdc28 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 15:15:38 -0800
Subject: [PATCH 02/12] GUAC-1103: Translate copied MySQL schema to PostgreSQL.

---
 .../schema/001-create-schema.sql              | 271 ++++++++++--------
 .../schema/002-create-admin-user.sql          |   6 +-
 2 files changed, 161 insertions(+), 116 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
index 5c23bfc90..a52fefecc 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
@@ -1,5 +1,5 @@
 --
--- Copyright (C) 2013 Glyptodon LLC
+-- Copyright (C) 2015 Glyptodon LLC
 --
 -- Permission is hereby granted, free of charge, to any person obtaining a copy
 -- of this software and associated documentation files (the "Software"), to deal
@@ -20,26 +20,62 @@
 -- THE SOFTWARE.
 --
 
+--
+-- Connection group types
+--
+
+CREATE TYPE guacamole_connection_group_type AS ENUM(
+    'ORGANIZATIONAL',
+    'BALANCING'
+);
+
+--
+-- Object permission types
+--
+
+CREATE TYPE guacamole_object_permission_type AS ENUM(
+    'READ',
+    'UPDATE',
+    'DELETE',
+    'ADMINISTER'
+);
+
+--
+-- System permission types
+--
+
+CREATE TYPE guacamole_system_permission_type AS ENUM(
+    'CREATE_CONNECTION',
+    'CREATE_CONNECTION_GROUP',
+    'CREATE_USER',
+    'ADMINISTER'
+);
+
 --
 -- Table of connection groups. Each connection group has a name.
 --
 
-CREATE TABLE `guacamole_connection_group` (
+CREATE TABLE guacamole_connection_group (
 
-  `connection_group_id`   int(11)      NOT NULL AUTO_INCREMENT,
-  `parent_id`             int(11),
-  `connection_group_name` varchar(128) NOT NULL,
-  `type`                  enum('ORGANIZATIONAL',
-                               'BALANCING') NOT NULL DEFAULT 'ORGANIZATIONAL',
+  connection_group_id   serial       NOT NULL,
+  parent_id             integer,
+  connection_group_name varchar(128) NOT NULL,
+  type                  guacamole_connection_group_type
+                        NOT NULL DEFAULT 'ORGANIZATIONAL',
 
-  PRIMARY KEY (`connection_group_id`),
-  UNIQUE KEY `connection_group_name_parent` (`connection_group_name`, `parent_id`),
+  PRIMARY KEY (connection_group_id),
 
-  CONSTRAINT `guacamole_connection_group_ibfk_1`
-    FOREIGN KEY (`parent_id`)
-    REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE
+  CONSTRAINT connection_group_name_parent
+    UNIQUE (connection_group_name, parent_id),
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+  CONSTRAINT guacamole_connection_group_ibfk_1
+    FOREIGN KEY (parent_id)
+    REFERENCES guacamole_connection_group (connection_group_id)
+    ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_connection_group(parent_id);
 
 --
 -- Table of connections. Each connection has a name, protocol, and
@@ -47,156 +83,164 @@ CREATE TABLE `guacamole_connection_group` (
 -- A connection may belong to a connection group.
 --
 
-CREATE TABLE `guacamole_connection` (
+CREATE TABLE guacamole_connection (
 
-  `connection_id`       int(11)      NOT NULL AUTO_INCREMENT,
-  `connection_name`     varchar(128) NOT NULL,
-  `parent_id`           int(11),
-  `protocol`            varchar(32)  NOT NULL,
+  connection_id       serial       NOT NULL,
+  connection_name     varchar(128) NOT NULL,
+  parent_id           integer,
+  protocol            varchar(32)  NOT NULL,
   
-  PRIMARY KEY (`connection_id`),
-  UNIQUE KEY `connection_name_parent` (`connection_name`, `parent_id`),
+  PRIMARY KEY (connection_id),
+
+  CONSTRAINT connection_name_parent
+    UNIQUE (connection_name, parent_id),
 
-  CONSTRAINT `guacamole_connection_ibfk_1`
-    FOREIGN KEY (`parent_id`)
-    REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE
+  CONSTRAINT guacamole_connection_ibfk_1
+    FOREIGN KEY (parent_id)
+    REFERENCES guacamole_connection_group (connection_group_id)
+    ON DELETE CASCADE
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+);
+
+CREATE INDEX ON guacamole_connection(parent_id);
 
 --
 -- Table of users. Each user has a unique username and a hashed password
 -- with corresponding salt.
 --
 
-CREATE TABLE `guacamole_user` (
+CREATE TABLE guacamole_user (
+
+  user_id       serial       NOT NULL,
+  username      varchar(128) NOT NULL,
+  password_hash bytea        NOT NULL,
+  password_salt bytea        NOT NULL,
 
-  `user_id`       int(11)      NOT NULL AUTO_INCREMENT,
-  `username`      varchar(128) NOT NULL,
-  `password_hash` binary(32)   NOT NULL,
-  `password_salt` binary(32)   NOT NULL,
+  PRIMARY KEY (user_id),
 
-  PRIMARY KEY (`user_id`),
-  UNIQUE KEY `username` (`username`)
+  CONSTRAINT username
+    UNIQUE (username)
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+);
 
 --
 -- Table of connection parameters. Each parameter is simply a name/value pair
 -- associated with a connection.
 --
 
-CREATE TABLE `guacamole_connection_parameter` (
+CREATE TABLE guacamole_connection_parameter (
+
+  connection_id   integer       NOT NULL,
+  parameter_name  varchar(128)  NOT NULL,
+  parameter_value varchar(4096) NOT NULL,
 
-  `connection_id`   int(11)       NOT NULL,
-  `parameter_name`  varchar(128)  NOT NULL,
-  `parameter_value` varchar(4096) NOT NULL,
+  PRIMARY KEY (connection_id,parameter_name),
 
-  PRIMARY KEY (`connection_id`,`parameter_name`),
+  CONSTRAINT guacamole_connection_parameter_ibfk_1
+    FOREIGN KEY (connection_id)
+    REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
 
-  CONSTRAINT `guacamole_connection_parameter_ibfk_1`
-    FOREIGN KEY (`connection_id`)
-    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE
+);
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+CREATE INDEX ON guacamole_connection_parameter(connection_id);
 
 --
 -- Table of connection permissions. Each connection permission grants a user
 -- specific access to a connection.
 --
 
-CREATE TABLE `guacamole_connection_permission` (
+CREATE TABLE guacamole_connection_permission (
 
-  `user_id`       int(11) NOT NULL,
-  `connection_id` int(11) NOT NULL,
-  `permission`    enum('READ',
-                       'UPDATE',
-                       'DELETE',
-                       'ADMINISTER') NOT NULL,
+  user_id       integer NOT NULL,
+  connection_id integer NOT NULL,
+  permission    guacamole_object_permission_type NOT NULL,
 
-  PRIMARY KEY (`user_id`,`connection_id`,`permission`),
+  PRIMARY KEY (user_id,connection_id,permission),
 
-  CONSTRAINT `guacamole_connection_permission_ibfk_1`
-    FOREIGN KEY (`connection_id`)
-    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE,
+  CONSTRAINT guacamole_connection_permission_ibfk_1
+    FOREIGN KEY (connection_id)
+    REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE,
 
-  CONSTRAINT `guacamole_connection_permission_ibfk_2`
-    FOREIGN KEY (`user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+  CONSTRAINT guacamole_connection_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+);
+
+CREATE INDEX ON guacamole_connection_permission(connection_id);
+CREATE INDEX ON guacamole_connection_permission(user_id);
 
 --
 -- Table of connection group permissions. Each group permission grants a user
 -- specific access to a connection group.
 --
 
-CREATE TABLE `guacamole_connection_group_permission` (
+CREATE TABLE guacamole_connection_group_permission (
+
+  user_id             integer NOT NULL,
+  connection_group_id integer NOT NULL,
+  permission          guacamole_object_permission_type NOT NULL,
 
-  `user_id`             int(11) NOT NULL,
-  `connection_group_id` int(11) NOT NULL,
-  `permission`          enum('READ',
-                             'UPDATE',
-                             'DELETE',
-                             'ADMINISTER') NOT NULL,
+  PRIMARY KEY (user_id,connection_group_id,permission),
 
-  PRIMARY KEY (`user_id`,`connection_group_id`,`permission`),
+  CONSTRAINT guacamole_connection_group_permission_ibfk_1
+    FOREIGN KEY (connection_group_id)
+    REFERENCES guacamole_connection_group (connection_group_id) ON DELETE CASCADE,
 
-  CONSTRAINT `guacamole_connection_group_permission_ibfk_1`
-    FOREIGN KEY (`connection_group_id`)
-    REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE,
+  CONSTRAINT guacamole_connection_group_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
 
-  CONSTRAINT `guacamole_connection_group_permission_ibfk_2`
-    FOREIGN KEY (`user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+);
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+CREATE INDEX ON guacamole_connection_group_permission(connection_group_id);
+CREATE INDEX ON guacamole_connection_group_permission(user_id);
 
 --
 -- Table of system permissions. Each system permission grants a user a
 -- system-level privilege of some kind.
 --
 
-CREATE TABLE `guacamole_system_permission` (
+CREATE TABLE guacamole_system_permission (
+
+  user_id    integer NOT NULL,
+  permission guacamole_system_permission_type NOT NULL,
 
-  `user_id`    int(11) NOT NULL,
-  `permission` enum('CREATE_CONNECTION',
-		    'CREATE_CONNECTION_GROUP',
-                    'CREATE_USER',
-                    'ADMINISTER') NOT NULL,
+  PRIMARY KEY (user_id,permission),
 
-  PRIMARY KEY (`user_id`,`permission`),
+  CONSTRAINT guacamole_system_permission_ibfk_1
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
 
-  CONSTRAINT `guacamole_system_permission_ibfk_1`
-    FOREIGN KEY (`user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+);
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+CREATE INDEX ON guacamole_system_permission(user_id);
 
 --
 -- Table of user permissions. Each user permission grants a user access to
 -- another user (the "affected" user) for a specific type of operation.
 --
 
-CREATE TABLE `guacamole_user_permission` (
+CREATE TABLE guacamole_user_permission (
 
-  `user_id`          int(11) NOT NULL,
-  `affected_user_id` int(11) NOT NULL,
-  `permission`       enum('READ',
-                          'UPDATE',
-                          'DELETE',
-                          'ADMINISTER') NOT NULL,
+  user_id          integer NOT NULL,
+  affected_user_id integer NOT NULL,
+  permission       guacamole_object_permission_type NOT NULL,
 
-  PRIMARY KEY (`user_id`,`affected_user_id`,`permission`),
+  PRIMARY KEY (user_id,affected_user_id,permission),
 
-  CONSTRAINT `guacamole_user_permission_ibfk_1`
-    FOREIGN KEY (`affected_user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE,
+  CONSTRAINT guacamole_user_permission_ibfk_1
+    FOREIGN KEY (affected_user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE,
 
-  CONSTRAINT `guacamole_user_permission_ibfk_2`
-    FOREIGN KEY (`user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE
+  CONSTRAINT guacamole_user_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+);
+
+CREATE INDEX ON guacamole_user_permission(affected_user_id);
+CREATE INDEX ON guacamole_user_permission(user_id);
 
 --
 -- Table of connection history records. Each record defines a specific user's
@@ -204,25 +248,26 @@ CREATE TABLE `guacamole_user_permission` (
 -- (if any).
 --
 
-CREATE TABLE `guacamole_connection_history` (
+CREATE TABLE guacamole_connection_history (
+
+  history_id    serial      NOT NULL,
+  user_id       integer     NOT NULL,
+  connection_id integer     NOT NULL,
+  start_date    timestamptz NOT NULL,
+  end_date      timestamptz DEFAULT NULL,
 
-  `history_id`    int(11)  NOT NULL AUTO_INCREMENT,
-  `user_id`       int(11)  NOT NULL,
-  `connection_id` int(11)  NOT NULL,
-  `start_date`    datetime NOT NULL,
-  `end_date`      datetime DEFAULT NULL,
+  PRIMARY KEY (history_id),
 
-  PRIMARY KEY (`history_id`),
-  KEY `user_id` (`user_id`),
-  KEY `connection_id` (`connection_id`),
+  CONSTRAINT guacamole_connection_history_ibfk_1
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE,
 
-  CONSTRAINT `guacamole_connection_history_ibfk_1`
-    FOREIGN KEY (`user_id`)
-    REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE,
+  CONSTRAINT guacamole_connection_history_ibfk_2
+    FOREIGN KEY (connection_id)
+    REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
 
-  CONSTRAINT `guacamole_connection_history_ibfk_2`
-    FOREIGN KEY (`connection_id`)
-    REFERENCES `guacamole_connection` (`connection_id`) ON DELETE CASCADE
+);
 
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+CREATE INDEX ON guacamole_connection_history(user_id);
+CREATE INDEX ON guacamole_connection_history(connection_id);
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
index 997a48841..9b912548d 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
@@ -1,5 +1,5 @@
 --
--- Copyright (C) 2013 Glyptodon LLC
+-- Copyright (C) 2015 Glyptodon LLC
 --
 -- Permission is hereby granted, free of charge, to any person obtaining a copy
 -- of this software and associated documentation files (the "Software"), to deal
@@ -22,8 +22,8 @@
 
 -- Create default user "guacadmin" with password "guacadmin"
 insert into guacamole_user values(1, 'guacadmin',
-    x'CA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960',  -- 'guacadmin'
-    x'FE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264');
+    E'\\xCA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960',  -- 'guacadmin'
+    E'\\xFE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264');
 
 -- Grant this user create permissions
 insert into guacamole_system_permission values(1, 'CREATE_CONNECTION');

From 06a7ab4cec58e591b27ef1d782a7402a63dca0a6 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 17:39:43 -0800
Subject: [PATCH 03/12] GUAC-1103: Explicitly cast permission types.

---
 .../permission/ConnectionGroupPermissionMapper.xml   |  8 ++++----
 .../jdbc/permission/ConnectionPermissionMapper.xml   |  8 ++++----
 .../auth/jdbc/permission/SystemPermissionMapper.xml  |  6 +++---
 .../auth/jdbc/permission/UserPermissionMapper.xml    | 12 ++++++------
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
index 40ada12a5..1d10233a9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -61,7 +61,7 @@
         JOIN guacamole_user ON guacamole_connection_group_permission.user_id = guacamole_user.user_id
         WHERE
             guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = #{type,jdbcType=VARCHAR}
+            AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
             AND connection_group_id = #{identifier,jdbcType=VARCHAR}
 
     </select>
@@ -81,7 +81,7 @@
             AND permission IN
                 <foreach collection="permissions" item="permission"
                          open="(" separator="," close=")">
-                    #{permission,jdbcType=VARCHAR}
+                    #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type
                 </foreach>
 
     </select>
@@ -94,7 +94,7 @@
             <foreach collection="permissions" item="permission"
                      open="(" separator="," close=")">
                 (#{permission.userID,jdbcType=INTEGER},
-                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
                  #{permission.objectIdentifier,jdbcType=VARCHAR})
             </foreach>
 
@@ -111,7 +111,7 @@
         VALUES
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
-                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
                  #{permission.objectIdentifier,jdbcType=VARCHAR})
             </foreach>
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
index 9935f3cfd..4bd33de78 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -61,7 +61,7 @@
         JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id
         WHERE
             guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = #{type,jdbcType=VARCHAR}
+            AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
             AND connection_id = #{identifier,jdbcType=VARCHAR}
 
     </select>
@@ -81,7 +81,7 @@
             AND permission IN
                 <foreach collection="permissions" item="permission"
                          open="(" separator="," close=")">
-                    #{permission,jdbcType=VARCHAR}
+                    #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type
                 </foreach>
 
     </select>
@@ -94,7 +94,7 @@
             <foreach collection="permissions" item="permission"
                      open="(" separator="," close=")">
                 (#{permission.userID,jdbcType=INTEGER},
-                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
                  #{permission.objectIdentifier,jdbcType=VARCHAR})
             </foreach>
 
@@ -111,7 +111,7 @@
         VALUES
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
-                 #{permission.type,jdbcType=VARCHAR},
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
                  #{permission.objectIdentifier,jdbcType=VARCHAR})
             </foreach>
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
index 55eacd072..d472dc2ba 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
@@ -58,7 +58,7 @@
         JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id
         WHERE
             guacamole_system_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = #{type,jdbcType=VARCHAR}
+            AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type
 
     </select>
 
@@ -70,7 +70,7 @@
             <foreach collection="permissions" item="permission"
                      open="(" separator="," close=")">
                 (#{permission.userID,jdbcType=INTEGER},
-                 #{permission.type,jdbcType=VARCHAR})
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_system_permission_type)
             </foreach>
 
     </delete>
@@ -85,7 +85,7 @@
         VALUES
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
-                 #{permission.type,jdbcType=VARCHAR})
+                 #{permission.type,jdbcType=VARCHAR}::guacamole_system_permission_type)
             </foreach>
 
     </insert>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
index 038bb814f..b995dae19 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -63,7 +63,7 @@
         JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
         WHERE
             guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = #{type,jdbcType=VARCHAR}
+            AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
             AND affected.username = #{identifier,jdbcType=VARCHAR}
 
     </select>
@@ -84,7 +84,7 @@
             AND permission IN
                 <foreach collection="permissions" item="permission"
                          open="(" separator="," close=")">
-                    #{permission,jdbcType=VARCHAR}
+                    #{permission,jdbcType=VARCHAR}::guacamole_object_permission_type
                 </foreach>
 
     </select>
@@ -100,7 +100,7 @@
                 <foreach collection="permissions" item="permission"
                          open="(" separator="," close=")">
                     (#{permission.userID,jdbcType=INTEGER},
-                     #{permission.type,jdbcType=VARCHAR},
+                     #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
                      #{permission.objectIdentifier,jdbcType=VARCHAR})
                 </foreach>
 
@@ -117,9 +117,9 @@
         SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM
             <foreach collection="permissions" item="permission"
                      open="(" separator="UNION ALL" close=")">
-                SELECT #{permission.userID,jdbcType=INTEGER}           AS user_id,
-                       #{permission.type,jdbcType=VARCHAR}             AS permission,
-                       #{permission.objectIdentifier,jdbcType=VARCHAR} AS username
+                SELECT #{permission.userID,jdbcType=INTEGER}                                 AS user_id,
+                       #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type AS permission,
+                       #{permission.objectIdentifier,jdbcType=VARCHAR}                       AS username
             </foreach>
         AS permissions
         JOIN guacamole_user ON guacamole_user.username = permissions.username; 

From 4a0213397b4609010c2dc08e40f562c1123d4953 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 18:00:12 -0800
Subject: [PATCH 04/12] GUAC-1103: Convert string identifiers to integer where
 known to be integers.

---
 .../auth/jdbc/connection/ConnectionMapper.xml    | 16 ++++++++--------
 .../jdbc/connection/ConnectionRecordMapper.xml   |  4 ++--
 .../auth/jdbc/connection/ParameterMapper.xml     |  6 +++---
 .../connectiongroup/ConnectionGroupMapper.xml    | 16 ++++++++--------
 .../ConnectionGroupPermissionMapper.xml          |  8 ++++----
 .../permission/ConnectionPermissionMapper.xml    |  8 ++++----
 .../jdbc/permission/UserPermissionMapper.xml     |  8 ++++----
 7 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
index 2211da069..249ca6e78 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
@@ -54,7 +54,7 @@
         SELECT connection_id 
         FROM guacamole_connection
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
     </select>
 
@@ -64,7 +64,7 @@
         FROM guacamole_connection
         JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -82,7 +82,7 @@
         WHERE connection_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=VARCHAR}
+                #{identifier,jdbcType=INTEGER}
             </foreach>
 
     </select>
@@ -100,7 +100,7 @@
         WHERE guacamole_connection.connection_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=VARCHAR}
+                #{identifier,jdbcType=INTEGER}
             </foreach>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -117,7 +117,7 @@
             protocol 
         FROM guacamole_connection
         WHERE 
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND connection_name = #{name,jdbcType=VARCHAR}
 
@@ -126,7 +126,7 @@
     <!-- Delete single connection by identifier -->
     <delete id="delete">
         DELETE FROM guacamole_connection
-        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+        WHERE connection_id = #{identifier,jdbcType=INTEGER}
     </delete>
 
     <!-- Insert single connection -->
@@ -140,7 +140,7 @@
         )
         VALUES (
             #{object.name,jdbcType=VARCHAR},
-            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=INTEGER},
             #{object.protocol,jdbcType=VARCHAR}
         )
 
@@ -150,7 +150,7 @@
     <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel">
         UPDATE guacamole_connection
         SET connection_name = #{object.name,jdbcType=VARCHAR},
-            parent_id       = #{object.parentIdentifier,jdbcType=VARCHAR},
+            parent_id       = #{object.parentIdentifier,jdbcType=INTEGER},
             protocol        = #{object.protocol,jdbcType=VARCHAR}
         WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
     </update>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
index b5775f607..41601b731 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
@@ -47,7 +47,7 @@
         FROM guacamole_connection_history
         JOIN guacamole_user ON guacamole_connection_history.user_id = guacamole_user.user_id
         WHERE
-            connection_id = #{identifier,jdbcType=VARCHAR}
+            connection_id = #{identifier,jdbcType=INTEGER}
         ORDER BY
             start_date DESC,
             end_date DESC
@@ -64,7 +64,7 @@
             end_date
         )
         VALUES (
-            #{record.connectionIdentifier,jdbcType=VARCHAR},
+            #{record.connectionIdentifier,jdbcType=INTEGER},
             #{record.userID,jdbcType=INTEGER},
             #{record.startDate,jdbcType=TIMESTAMP},
             #{record.endDate,jdbcType=TIMESTAMP}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
index ccd386c14..55212d026 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
@@ -41,13 +41,13 @@
             parameter_value
         FROM guacamole_connection_parameter
         WHERE
-            connection_id = #{identifier,jdbcType=VARCHAR}
+            connection_id = #{identifier,jdbcType=INTEGER}
     </select>
 
     <!-- Delete all parameters of a given connection -->
     <delete id="delete">
         DELETE FROM guacamole_connection_parameter
-        WHERE connection_id = #{identifier,jdbcType=VARCHAR}
+        WHERE connection_id = #{identifier,jdbcType=INTEGER}
     </delete>
 
     <!-- Insert all given parameters -->
@@ -60,7 +60,7 @@
         )
         VALUES 
             <foreach collection="parameters" item="parameter" separator=",">
-                (#{parameter.connectionIdentifier,jdbcType=VARCHAR},
+                (#{parameter.connectionIdentifier,jdbcType=INTEGER},
                  #{parameter.name,jdbcType=VARCHAR},
                  #{parameter.value,jdbcType=VARCHAR})
             </foreach>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 4eb20da1c..63bd1abae 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -55,7 +55,7 @@
         SELECT connection_group_id 
         FROM guacamole_connection_group
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
     </select>
 
@@ -65,7 +65,7 @@
         FROM guacamole_connection_group
         JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -83,7 +83,7 @@
         WHERE connection_group_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=VARCHAR}
+                #{identifier,jdbcType=INTEGER}
             </foreach>
 
     </select>
@@ -101,7 +101,7 @@
         WHERE guacamole_connection_group.connection_group_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=VARCHAR}
+                #{identifier,jdbcType=INTEGER}
             </foreach>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -118,7 +118,7 @@
             type
         FROM guacamole_connection_group
         WHERE 
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND connection_group_name = #{name,jdbcType=VARCHAR}
 
@@ -127,7 +127,7 @@
     <!-- Delete single connection group by identifier -->
     <delete id="delete">
         DELETE FROM guacamole_connection_group
-        WHERE connection_group_id = #{identifier,jdbcType=VARCHAR}
+        WHERE connection_group_id = #{identifier,jdbcType=INTEGER}
     </delete>
 
     <!-- Insert single connection -->
@@ -141,7 +141,7 @@
         )
         VALUES (
             #{object.name,jdbcType=VARCHAR},
-            #{object.parentIdentifier,jdbcType=VARCHAR},
+            #{object.parentIdentifier,jdbcType=INTEGER},
             #{object.type,jdbcType=VARCHAR}
         )
 
@@ -151,7 +151,7 @@
     <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
         UPDATE guacamole_connection_group
         SET connection_group_name = #{object.name,jdbcType=VARCHAR},
-            parent_id             = #{object.parentIdentifier,jdbcType=VARCHAR},
+            parent_id             = #{object.parentIdentifier,jdbcType=INTEGER},
             type                  = #{object.type,jdbcType=VARCHAR}
         WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
     </update>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
index 1d10233a9..aad1dc09f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -62,7 +62,7 @@
         WHERE
             guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
-            AND connection_group_id = #{identifier,jdbcType=VARCHAR}
+            AND connection_group_id = #{identifier,jdbcType=INTEGER}
 
     </select>
 
@@ -76,7 +76,7 @@
             AND connection_group_id IN
                 <foreach collection="identifiers" item="identifier"
                          open="(" separator="," close=")">
-                    #{identifier,jdbcType=VARCHAR}
+                    #{identifier,jdbcType=INTEGER}
                 </foreach>
             AND permission IN
                 <foreach collection="permissions" item="permission"
@@ -95,7 +95,7 @@
                      open="(" separator="," close=")">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+                 #{permission.objectIdentifier,jdbcType=INTEGER}::integer)
             </foreach>
 
     </delete>
@@ -112,7 +112,7 @@
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+                 #{permission.objectIdentifier,jdbcType=INTEGER})
             </foreach>
 
     </insert>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
index 4bd33de78..f45778516 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -62,7 +62,7 @@
         WHERE
             guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
-            AND connection_id = #{identifier,jdbcType=VARCHAR}
+            AND connection_id = #{identifier,jdbcType=INTEGER}
 
     </select>
 
@@ -76,7 +76,7 @@
             AND connection_id IN
                 <foreach collection="identifiers" item="identifier"
                          open="(" separator="," close=")">
-                    #{identifier,jdbcType=VARCHAR}
+                    #{identifier,jdbcType=INTEGER}
                 </foreach>
             AND permission IN
                 <foreach collection="permissions" item="permission"
@@ -95,7 +95,7 @@
                      open="(" separator="," close=")">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+                 #{permission.objectIdentifier,jdbcType=INTEGER})
             </foreach>
 
     </delete>
@@ -112,7 +112,7 @@
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=VARCHAR})
+                 #{permission.objectIdentifier,jdbcType=INTEGER})
             </foreach>
 
     </insert>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
index b995dae19..14ac6d9cb 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -64,7 +64,7 @@
         WHERE
             guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
-            AND affected.username = #{identifier,jdbcType=VARCHAR}
+            AND affected.username = #{identifier,jdbcType=INTEGER}
 
     </select>
 
@@ -79,7 +79,7 @@
             AND username IN
                 <foreach collection="identifiers" item="identifier"
                          open="(" separator="," close=")">
-                    #{identifier,jdbcType=VARCHAR}
+                    #{identifier,jdbcType=INTEGER}
                 </foreach>
             AND permission IN
                 <foreach collection="permissions" item="permission"
@@ -101,7 +101,7 @@
                          open="(" separator="," close=")">
                     (#{permission.userID,jdbcType=INTEGER},
                      #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                     #{permission.objectIdentifier,jdbcType=VARCHAR})
+                     #{permission.objectIdentifier,jdbcType=INTEGER})
                 </foreach>
 
     </delete>
@@ -119,7 +119,7 @@
                      open="(" separator="UNION ALL" close=")">
                 SELECT #{permission.userID,jdbcType=INTEGER}                                 AS user_id,
                        #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type AS permission,
-                       #{permission.objectIdentifier,jdbcType=VARCHAR}                       AS username
+                       #{permission.objectIdentifier,jdbcType=INTEGER}                       AS username
             </foreach>
         AS permissions
         JOIN guacamole_user ON guacamole_user.username = permissions.username; 

From 233c12b2a15d4e0c98f13cc5cc6a0edc075f4c63 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 19:46:33 -0800
Subject: [PATCH 05/12] GUAC-1103: Add PostgreSQL to .tar.gz assembly.

---
 .../guacamole-auth-jdbc/src/main/assembly/dist.xml  | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml b/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
index 2d20b63a0..a416ea191 100644
--- a/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
+++ b/extensions/guacamole-auth-jdbc/src/main/assembly/dist.xml
@@ -27,6 +27,19 @@
                 </includes>
             </fileSet>
 
+            <!-- PostgreSQL implementation -->
+            <fileSet>
+                <outputDirectory>/postgresql/schema</outputDirectory>
+                <directory>modules/guacamole-auth-jdbc-postgresql/schema</directory>
+            </fileSet>
+            <fileSet>
+                <directory>modules/guacamole-auth-jdbc-postgresql/target/extension</directory>
+                <outputDirectory>/postgresql</outputDirectory>
+                <includes>
+                    <include>*.jar</include>
+                </includes>
+            </fileSet>
+
     </fileSets>
 
 </assembly>

From dbab6acd2cf303c0f00a7c2478bc36fd1c7710e7 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 19:47:42 -0800
Subject: [PATCH 06/12] GUAC-1103: No INSERT IGNORE in postgres.

---
 .../auth/jdbc/permission/ConnectionGroupPermissionMapper.xml    | 2 +-
 .../auth/jdbc/permission/ConnectionPermissionMapper.xml         | 2 +-
 .../guacamole/auth/jdbc/permission/SystemPermissionMapper.xml   | 2 +-
 .../guacamole/auth/jdbc/permission/UserPermissionMapper.xml     | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
index aad1dc09f..0d9f25bec 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -103,7 +103,7 @@
     <!-- Insert all given permissions -->
     <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
 
-        INSERT IGNORE INTO guacamole_connection_group_permission (
+        INSERT INTO guacamole_connection_group_permission (
             user_id,
             permission,
             connection_group_id
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
index f45778516..79e99e18d 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -103,7 +103,7 @@
     <!-- Insert all given permissions -->
     <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
 
-        INSERT IGNORE INTO guacamole_connection_permission (
+        INSERT INTO guacamole_connection_permission (
             user_id,
             permission,
             connection_id
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
index d472dc2ba..f1222012c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
@@ -78,7 +78,7 @@
     <!-- Insert all given permissions -->
     <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionModel">
 
-        INSERT IGNORE INTO guacamole_system_permission (
+        INSERT INTO guacamole_system_permission (
             user_id,
             permission
         )
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
index 14ac6d9cb..e16f02291 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -109,7 +109,7 @@
     <!-- Insert all given permissions -->
     <insert id="insert" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
 
-        INSERT IGNORE INTO guacamole_user_permission (
+        INSERT INTO guacamole_user_permission (
             user_id,
             permission,
             affected_user_id

From 187f61b4837427f5391bb11d9d40b652d9c5070b Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 2 Mar 2015 20:03:44 -0800
Subject: [PATCH 07/12] GUAC-1103: Explicitly cast strings to integers.

---
 .../auth/jdbc/connection/ConnectionMapper.xml  | 18 +++++++++---------
 .../jdbc/connection/ConnectionRecordMapper.xml |  4 ++--
 .../auth/jdbc/connection/ParameterMapper.xml   |  6 +++---
 .../connectiongroup/ConnectionGroupMapper.xml  | 16 ++++++++--------
 .../ConnectionGroupPermissionMapper.xml        |  6 +++---
 .../permission/ConnectionPermissionMapper.xml  |  8 ++++----
 6 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
index 249ca6e78..11d18a9b4 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.xml
@@ -54,7 +54,7 @@
         SELECT connection_id 
         FROM guacamole_connection
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
     </select>
 
@@ -64,7 +64,7 @@
         FROM guacamole_connection
         JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -82,7 +82,7 @@
         WHERE connection_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=INTEGER}
+                #{identifier,jdbcType=INTEGER}::integer
             </foreach>
 
     </select>
@@ -100,7 +100,7 @@
         WHERE guacamole_connection.connection_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=INTEGER}
+                #{identifier,jdbcType=INTEGER}::integer
             </foreach>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -117,7 +117,7 @@
             protocol 
         FROM guacamole_connection
         WHERE 
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND connection_name = #{name,jdbcType=VARCHAR}
 
@@ -126,7 +126,7 @@
     <!-- Delete single connection by identifier -->
     <delete id="delete">
         DELETE FROM guacamole_connection
-        WHERE connection_id = #{identifier,jdbcType=INTEGER}
+        WHERE connection_id = #{identifier,jdbcType=INTEGER}::integer
     </delete>
 
     <!-- Insert single connection -->
@@ -140,7 +140,7 @@
         )
         VALUES (
             #{object.name,jdbcType=VARCHAR},
-            #{object.parentIdentifier,jdbcType=INTEGER},
+            #{object.parentIdentifier,jdbcType=INTEGER}::integer,
             #{object.protocol,jdbcType=VARCHAR}
         )
 
@@ -150,9 +150,9 @@
     <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connection.ConnectionModel">
         UPDATE guacamole_connection
         SET connection_name = #{object.name,jdbcType=VARCHAR},
-            parent_id       = #{object.parentIdentifier,jdbcType=INTEGER},
+            parent_id       = #{object.parentIdentifier,jdbcType=INTEGER}::integer,
             protocol        = #{object.protocol,jdbcType=VARCHAR}
-        WHERE connection_id = #{object.objectID,jdbcType=INTEGER}
+        WHERE connection_id = #{object.objectID,jdbcType=INTEGER}::integer
     </update>
 
 </mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
index 41601b731..de5f53076 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
@@ -47,7 +47,7 @@
         FROM guacamole_connection_history
         JOIN guacamole_user ON guacamole_connection_history.user_id = guacamole_user.user_id
         WHERE
-            connection_id = #{identifier,jdbcType=INTEGER}
+            connection_id = #{identifier,jdbcType=INTEGER}::integer
         ORDER BY
             start_date DESC,
             end_date DESC
@@ -64,7 +64,7 @@
             end_date
         )
         VALUES (
-            #{record.connectionIdentifier,jdbcType=INTEGER},
+            #{record.connectionIdentifier,jdbcType=INTEGER}::integer,
             #{record.userID,jdbcType=INTEGER},
             #{record.startDate,jdbcType=TIMESTAMP},
             #{record.endDate,jdbcType=TIMESTAMP}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
index 55212d026..e3fe5d8e9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connection/ParameterMapper.xml
@@ -41,13 +41,13 @@
             parameter_value
         FROM guacamole_connection_parameter
         WHERE
-            connection_id = #{identifier,jdbcType=INTEGER}
+            connection_id = #{identifier,jdbcType=INTEGER}::integer
     </select>
 
     <!-- Delete all parameters of a given connection -->
     <delete id="delete">
         DELETE FROM guacamole_connection_parameter
-        WHERE connection_id = #{identifier,jdbcType=INTEGER}
+        WHERE connection_id = #{identifier,jdbcType=INTEGER}::integer
     </delete>
 
     <!-- Insert all given parameters -->
@@ -60,7 +60,7 @@
         )
         VALUES 
             <foreach collection="parameters" item="parameter" separator=",">
-                (#{parameter.connectionIdentifier,jdbcType=INTEGER},
+                (#{parameter.connectionIdentifier,jdbcType=INTEGER}::integer,
                  #{parameter.name,jdbcType=VARCHAR},
                  #{parameter.value,jdbcType=VARCHAR})
             </foreach>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 63bd1abae..0c5195990 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -55,7 +55,7 @@
         SELECT connection_group_id 
         FROM guacamole_connection_group
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
     </select>
 
@@ -65,7 +65,7 @@
         FROM guacamole_connection_group
         JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
         WHERE
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -101,7 +101,7 @@
         WHERE guacamole_connection_group.connection_group_id IN
             <foreach collection="identifiers" item="identifier"
                      open="(" separator="," close=")">
-                #{identifier,jdbcType=INTEGER}
+                #{identifier,jdbcType=INTEGER}::integer
             </foreach>
             AND user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = 'READ'
@@ -118,7 +118,7 @@
             type
         FROM guacamole_connection_group
         WHERE 
-            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}</if>
+            <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
             <if test="parentIdentifier == null">parent_id IS NULL</if>
             AND connection_group_name = #{name,jdbcType=VARCHAR}
 
@@ -127,7 +127,7 @@
     <!-- Delete single connection group by identifier -->
     <delete id="delete">
         DELETE FROM guacamole_connection_group
-        WHERE connection_group_id = #{identifier,jdbcType=INTEGER}
+        WHERE connection_group_id = #{identifier,jdbcType=INTEGER}::integer
     </delete>
 
     <!-- Insert single connection -->
@@ -141,7 +141,7 @@
         )
         VALUES (
             #{object.name,jdbcType=VARCHAR},
-            #{object.parentIdentifier,jdbcType=INTEGER},
+            #{object.parentIdentifier,jdbcType=INTEGER}::integer,
             #{object.type,jdbcType=VARCHAR}
         )
 
@@ -151,9 +151,9 @@
     <update id="update" parameterType="org.glyptodon.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel">
         UPDATE guacamole_connection_group
         SET connection_group_name = #{object.name,jdbcType=VARCHAR},
-            parent_id             = #{object.parentIdentifier,jdbcType=INTEGER},
+            parent_id             = #{object.parentIdentifier,jdbcType=INTEGER}::integer,
             type                  = #{object.type,jdbcType=VARCHAR}
-        WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
+        WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}::integer
     </update>
 
 </mapper>
\ No newline at end of file
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
index 0d9f25bec..33b3562ed 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -62,7 +62,7 @@
         WHERE
             guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
-            AND connection_group_id = #{identifier,jdbcType=INTEGER}
+            AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer
 
     </select>
 
@@ -76,7 +76,7 @@
             AND connection_group_id IN
                 <foreach collection="identifiers" item="identifier"
                          open="(" separator="," close=")">
-                    #{identifier,jdbcType=INTEGER}
+                    #{identifier,jdbcType=INTEGER}::integer
                 </foreach>
             AND permission IN
                 <foreach collection="permissions" item="permission"
@@ -112,7 +112,7 @@
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=INTEGER})
+                 #{permission.objectIdentifier,jdbcType=INTEGER}::integer)
             </foreach>
 
     </insert>
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
index 79e99e18d..4ed1ad7e9 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -62,7 +62,7 @@
         WHERE
             guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
             AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
-            AND connection_id = #{identifier,jdbcType=INTEGER}
+            AND connection_id = #{identifier,jdbcType=INTEGER}::integer
 
     </select>
 
@@ -76,7 +76,7 @@
             AND connection_id IN
                 <foreach collection="identifiers" item="identifier"
                          open="(" separator="," close=")">
-                    #{identifier,jdbcType=INTEGER}
+                    #{identifier,jdbcType=INTEGER}::integer
                 </foreach>
             AND permission IN
                 <foreach collection="permissions" item="permission"
@@ -95,7 +95,7 @@
                      open="(" separator="," close=")">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=INTEGER})
+                 #{permission.objectIdentifier,jdbcType=INTEGER}::integer)
             </foreach>
 
     </delete>
@@ -112,7 +112,7 @@
             <foreach collection="permissions" item="permission" separator=",">
                 (#{permission.userID,jdbcType=INTEGER},
                  #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type,
-                 #{permission.objectIdentifier,jdbcType=INTEGER})
+                 #{permission.objectIdentifier,jdbcType=INTEGER}::integer)
             </foreach>
 
     </insert>

From 4fb2f4e04773bfd10685890846eae34099891507 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 5 Mar 2015 11:45:03 -0800
Subject: [PATCH 08/12] GUAC-1103: Allow unsalted passwords from external
 systems.

---
 .../security/PasswordEncryptionService.java   | 13 ++++++++----
 .../SHA256PasswordEncryptionService.java      | 20 +++++++++----------
 .../schema/001-create-schema.sql              |  6 ++++--
 .../schema/001-create-schema.sql              |  6 ++++--
 4 files changed, 27 insertions(+), 18 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
index ef3099468..2e78725ef 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/PasswordEncryptionService.java
@@ -30,11 +30,16 @@ public interface PasswordEncryptionService {
 
     /**
      * Creates a password hash based on the provided username, password, and
-     * salt.
+     * salt. If the provided salt is null, only the password itself is hashed.
      *
-     * @param password The password to hash.
-     * @param salt The salt to use when hashing the password.
-     * @return The generated password hash.
+     * @param password
+     *     The password to hash.
+     *
+     * @param salt
+     *     The salt to use when hashing the password, if any.
+     *
+     * @return
+     *     The generated password hash.
      */
     public byte[] createPasswordHash(String password, byte[] salt);
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
index cfe5bc45f..577bdb0ef 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/security/SHA256PasswordEncryptionService.java
@@ -38,26 +38,26 @@ public byte[] createPasswordHash(String password, byte[] salt) {
 
         try {
 
-            // Build salted password
+            // Build salted password, if a salt was provided
             StringBuilder builder = new StringBuilder();
             builder.append(password);
-            builder.append(DatatypeConverter.printHexBinary(salt));
 
-            // Hash UTF-8 bytes of salted password
+            if (salt != null)
+                builder.append(DatatypeConverter.printHexBinary(salt));
+
+            // Hash UTF-8 bytes of possibly-salted password
             MessageDigest md = MessageDigest.getInstance("SHA-256");
             md.update(builder.toString().getBytes("UTF-8"));
             return md.digest();
 
         }
 
-        // Should not happen
-        catch (UnsupportedEncodingException ex) {
-            throw new RuntimeException(ex);
+        // Throw hard errors if standard pieces of Java are missing
+        catch (UnsupportedEncodingException e) {
+            throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
         }
-
-        // Should not happen
-        catch (NoSuchAlgorithmException ex) {
-            throw new RuntimeException(ex);
+        catch (NoSuchAlgorithmException e) {
+            throw new UnsupportedOperationException("Unexpected lack of SHA-256 support.", e);
         }
 
     }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
index 5c23bfc90..0a50bb379 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/schema/001-create-schema.sql
@@ -65,7 +65,9 @@ CREATE TABLE `guacamole_connection` (
 
 --
 -- Table of users. Each user has a unique username and a hashed password
--- with corresponding salt.
+-- with corresponding salt. Although the authentication system will always set
+-- salted passwords, other systems may set unsalted passwords by simply not
+-- providing the salt.
 --
 
 CREATE TABLE `guacamole_user` (
@@ -73,7 +75,7 @@ CREATE TABLE `guacamole_user` (
   `user_id`       int(11)      NOT NULL AUTO_INCREMENT,
   `username`      varchar(128) NOT NULL,
   `password_hash` binary(32)   NOT NULL,
-  `password_salt` binary(32)   NOT NULL,
+  `password_salt` binary(32),
 
   PRIMARY KEY (`user_id`),
   UNIQUE KEY `username` (`username`)
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
index a52fefecc..4e4297693 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
@@ -106,7 +106,9 @@ CREATE INDEX ON guacamole_connection(parent_id);
 
 --
 -- Table of users. Each user has a unique username and a hashed password
--- with corresponding salt.
+-- with corresponding salt. Although the authentication system will always set
+-- salted passwords, other systems may set unsalted passwords by simply not
+-- providing the salt.
 --
 
 CREATE TABLE guacamole_user (
@@ -114,7 +116,7 @@ CREATE TABLE guacamole_user (
   user_id       serial       NOT NULL,
   username      varchar(128) NOT NULL,
   password_hash bytea        NOT NULL,
-  password_salt bytea        NOT NULL,
+  password_salt bytea,
 
   PRIMARY KEY (user_id),
 

From 8f557ed338c10a64aea678543af1bcf91eb80847 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 6 Mar 2015 12:48:06 -0800
Subject: [PATCH 09/12] GUAC-1103: Fix guacadmin user creation script. Must not
 insert IDs directly into serial columns - doing so clashes with the sequence
 resulting in PK failures upon insert.

---
 .../schema/002-create-admin-user.sql          | 33 ++++++++++++++-----
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
index 9b912548d..16eafbe73 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
@@ -20,19 +20,34 @@
 -- THE SOFTWARE.
 --
 
+
 -- Create default user "guacadmin" with password "guacadmin"
-insert into guacamole_user values(1, 'guacadmin',
+INSERT INTO guacamole_user (username, password_hash, password_salt)
+VALUES ('guacadmin',
     E'\\xCA458A7D494E3BE824F5E1E175A1556C0F8EEF2C2D7DF3633BEC4A29C4411960',  -- 'guacadmin'
     E'\\xFE24ADC5E11E2B25288D1704ABE67A79E342ECC26064CE69C5B3177795A82264');
 
--- Grant this user create permissions
-insert into guacamole_system_permission values(1, 'CREATE_CONNECTION');
-insert into guacamole_system_permission values(1, 'CREATE_CONNECTION_GROUP');
-insert into guacamole_system_permission values(1, 'CREATE_USER');
-insert into guacamole_system_permission values(1, 'ADMINISTER');
+-- Grant this user all system permissions
+INSERT INTO guacamole_system_permission
+SELECT user_id, permission::guacamole_system_permission_type
+FROM (
+    VALUES
+        ('guacadmin', 'CREATE_CONNECTION'),
+        ('guacadmin', 'CREATE_CONNECTION_GROUP'),
+        ('guacadmin', 'CREATE_USER'),
+        ('guacadmin', 'ADMINISTER')
+) permissions (username, permission)
+JOIN guacamole_user ON permissions.username = guacamole_user.username;
 
 -- Grant admin permission to read/update/administer self
-insert into guacamole_user_permission values(1, 1, 'READ');
-insert into guacamole_user_permission values(1, 1, 'UPDATE');
-insert into guacamole_user_permission values(1, 1, 'ADMINISTER');
+INSERT INTO guacamole_user_permission
+SELECT guacamole_user.user_id, affected.user_id, permission::guacamole_object_permission_type
+FROM (
+    VALUES
+        ('guacadmin', 'guacadmin', 'READ'),
+        ('guacadmin', 'guacadmin', 'UPDATE'),
+        ('guacadmin', 'guacadmin', 'ADMINISTER')
+) permissions (username, affected_username, permission)
+JOIN guacamole_user          ON permissions.username = guacamole_user.username
+JOIN guacamole_user affected ON permissions.affected_username = affected.username;
 

From db6a9f07a3083b36f94bbbe8ea457d5b8546a1da Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 6 Mar 2015 12:50:33 -0800
Subject: [PATCH 10/12] GUAC-1103: Fix case of user READ permission.

---
 .../org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml     | 4 ++--
 .../org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml     | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
index 69c49d060..7c5b7357f 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -47,7 +47,7 @@
         JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
         WHERE
             guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = 'read'
+            AND permission = 'READ'
     </select>
 
     <!-- Select multiple users by username -->
@@ -83,7 +83,7 @@
                 #{identifier,jdbcType=VARCHAR}
             </foreach>
             AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = 'read'
+            AND permission = 'READ'
 
     </select>
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
index 5170d43ee..41416f7db 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.xml
@@ -47,7 +47,7 @@
         JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
         WHERE
             guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = 'read'
+            AND permission = 'READ'
     </select>
 
     <!-- Select multiple users by username -->
@@ -83,7 +83,7 @@
                 #{identifier,jdbcType=VARCHAR}
             </foreach>
             AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
-            AND permission = 'read'
+            AND permission = 'READ'
 
     </select>
 

From ee3d8f77c23698c37435c3faf0fc57a3d3344226 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 6 Mar 2015 13:03:41 -0800
Subject: [PATCH 11/12] GUAC-1103: Add missing typecase for connection group
 type.

---
 .../auth/jdbc/connectiongroup/ConnectionGroupMapper.xml       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
index 0c5195990..f437e51a0 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
@@ -142,7 +142,7 @@
         VALUES (
             #{object.name,jdbcType=VARCHAR},
             #{object.parentIdentifier,jdbcType=INTEGER}::integer,
-            #{object.type,jdbcType=VARCHAR}
+            #{object.type,jdbcType=VARCHAR}::guacamole_connection_group_type
         )
 
     </insert>
@@ -152,7 +152,7 @@
         UPDATE guacamole_connection_group
         SET connection_group_name = #{object.name,jdbcType=VARCHAR},
             parent_id             = #{object.parentIdentifier,jdbcType=INTEGER}::integer,
-            type                  = #{object.type,jdbcType=VARCHAR}
+            type                  = #{object.type,jdbcType=VARCHAR}::guacamole_connection_group_type
         WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}::integer
     </update>
 

From 40bdfb57b3928295263bdd7d19e30c4c63487208 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Fri, 6 Mar 2015 13:14:33 -0800
Subject: [PATCH 12/12] GUAC-1103: Update README to include PostgresQL.

---
 extensions/guacamole-auth-jdbc/README | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/README b/extensions/guacamole-auth-jdbc/README
index d4fa250aa..0fee7bc93 100644
--- a/extensions/guacamole-auth-jdbc/README
+++ b/extensions/guacamole-auth-jdbc/README
@@ -51,8 +51,8 @@ in the library directory configured in guacamole.properties.
     created in the target/ subdirectory of the current directory.
 
 4) Extract the .tar.gz file now present in the target/ directory, and
-   place the .jar files in the extracted lib/ subdirectory in the library 
-   directory specified in guacamole.properties.
+   place the .jar files from the extracted database-specific subdirectory in
+   the library directory specified in guacamole.properties.
 
     You will likely need to do this as root.
 
@@ -60,10 +60,10 @@ in the library directory configured in guacamole.properties.
     guacamole.properties, you will need to specify one. The directory
     is specified using the "lib-directory" property.
 
-5) Set up your MySQL database to authenticate Guacamole users
+5) Set up your database to authenticate Guacamole users
 
     A schema file is provided in the schema directory for creating
-    the guacamole authentication tables in your MySQL database.
+    the guacamole authentication tables in your database of choice.
 
     Additionally, a script is provided to create a default admin user
     with username 'guacadmin' and password 'guacadmin'. This user can 
@@ -90,6 +90,17 @@ in the library directory configured in guacamole.properties.
 
     mysql-disallow-simultaneous-connections: true
 
+    For PostgreSQL, the properties are the same, but have different prefixes:
+
+    # Database connection configuration
+    postgresql-hostname:      database.host.name
+    postgresql-port:          5432
+    postgresql-database:      guacamole.database.name
+    postgresql-username:      user
+    postgresql-password:      pass
+
+    postgresql-disallow-simultaneous-connections: true
+
 
 ------------------------------------------------------------
  Reporting problems