safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1239: Merge support for configuring username case-insensitivity.

Browse Source
This commit is contained in:
Mike Jumper
2024-10-02 09:24:37 -07:00
committed by GitHub
parent 5d44ae4f37 116f709454
commit 02138fb208
70 changed files with 1977 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/user/SSOAuthenticatedUser.java
View File

@@ -23,9 +23,13 @@ import com.google.inject.Inject;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* An AuthenticatedUser whose identity has been supplied by an arbitrary SSO
@@ -35,12 +39,23 @@ import org.apache.guacamole.net.auth.Credentials;
*/
public class SSOAuthenticatedUser extends AbstractAuthenticatedUser {
/**
* Logger for this class.
*/
private static final Logger LOGGER = LoggerFactory.getLogger(SSOAuthenticatedUser.class);
/**
* Reference to the authentication provider associated with this
* authenticated user.
*/
@Inject
private AuthenticationProvider authProvider;
/**
* The environment in which this instance of Guacamole is running.
*/
@Inject
private Environment environment;
/**
* The credentials provided when this user was authenticated.
@@ -112,5 +127,22 @@ public class SSOAuthenticatedUser extends AbstractAuthenticatedUser {
public Set<String> getEffectiveUserGroups() {
return effectiveGroups;
}
@Override
public boolean isCaseSensitive() {
try {
return environment.getCaseSensitiveUsernames();
}
catch (GuacamoleException e) {
// Most SSO systems do not consider usernames to be case-sensitive;
// however, in order to avoid any surprises created by the introduction
// of case-sensitivity, we've opted to continue to evaluate these
// usernames in a case-sensitive manner by default.
LOGGER.error("Error occurred when trying to retrieve case-sensitivity configuration: {}. "
+ "Usernames comparisons will be done in a case-sensitive manner.", e.getMessage());
LOGGER.debug("Exception caught when trying to access the case-sensitivity property.", e);
return true;
}
}
}

10
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/CASAuthenticationProviderModule.java
View File

@@ -20,18 +20,28 @@
package org.apache.guacamole.auth.cas;
import com.google.inject.AbstractModule;
import org.apache.guacamole.auth.cas.conf.CASEnvironment;
import org.apache.guacamole.auth.cas.conf.ConfigurationService;
import org.apache.guacamole.auth.cas.ticket.TicketValidationService;
import org.apache.guacamole.environment.Environment;
/**
* Guice module which configures CAS-specific injections.
*/
public class CASAuthenticationProviderModule extends AbstractModule {
/**
* The configuration environment for this server and extension.
*/
private final Environment environment = new CASEnvironment();
@Override
protected void configure() {
bind(ConfigurationService.class);
bind(TicketValidationService.class);
bind(Environment.class).toInstance(environment);
}
}

53
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASEnvironment.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.cas.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.DelegatingEnvironment;
import org.apache.guacamole.environment.LocalEnvironment;
/**
* An environment for retrieving CAS-related properties from the Guacamole
* configuration.
*/
public class CASEnvironment extends DelegatingEnvironment {
/**
* Create a new instance of the configuration environment for the
* CAS SSO module, pulling the default instance of the LocalEnvironment.
*/
public CASEnvironment() {
super(LocalEnvironment.getInstance());
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// While most SSO systems do not consider usernames case-sensitive,
// this defaults to the global Guacamole configuration, which defaults
// to true, in order to avoid surprising or breaking environments that
// may rely on this behavior. This can be overridden for the entire
// Guacamole instance or for this extension.
return getProperty(CASGuacamoleProperties.CAS_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames());
}
}

13
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.cas.conf;
import org.apache.guacamole.auth.cas.group.GroupFormat;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.EnumGuacamoleProperty;
import org.apache.guacamole.properties.URIGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
@@ -117,5 +118,17 @@ public class CASGuacamoleProperties {
public String getName() { return "cas-group-ldap-attribute"; }
};
/**
* A property used to configure whether or not usernames within the CAS SSO
* module should be treated as case-sensitive.
*/
public static final BooleanGuacamoleProperty CAS_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "cas-case-sensitive-usernames"; }
};
}

9
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java
View File

@@ -22,19 +22,28 @@ package org.apache.guacamole.auth.openid;
import com.google.inject.AbstractModule;
import com.google.inject.Scopes;
import org.apache.guacamole.auth.openid.conf.ConfigurationService;
import org.apache.guacamole.auth.openid.conf.OpenIDEnvironment;
import org.apache.guacamole.auth.sso.NonceService;
import org.apache.guacamole.auth.openid.token.TokenValidationService;
import org.apache.guacamole.environment.Environment;
/**
* Guice module which configures OpenID-specific injections.
*/
public class OpenIDAuthenticationProviderModule extends AbstractModule {
/**
* The configuration environment for this server and extension.
*/
private final Environment environment = new OpenIDEnvironment();
@Override
protected void configure() {
bind(ConfigurationService.class);
bind(NonceService.class).in(Scopes.SINGLETON);
bind(TokenValidationService.class);
bind(Environment.class).toInstance(environment);
}
}

15
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java
View File

@@ -26,6 +26,7 @@ import java.util.Collections;
import java.util.List;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
import org.apache.guacamole.properties.URIGuacamoleProperty;
@@ -217,7 +218,19 @@ public class ConfigurationService {
@Override
public String getName() { return "openid-redirect-uri"; }
};
/**
* A property used to configure whether or not usernames within the OpenID
* SSO module should be treated as case-sensitive.
*/
public static final BooleanGuacamoleProperty OPENID_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "openid-case-sensitive-usernames"; }
};
/**

53
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/conf/OpenIDEnvironment.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.openid.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.DelegatingEnvironment;
import org.apache.guacamole.environment.LocalEnvironment;
/**
* An environment for retrieving OpenID-related properties from the Guacamole
* configuration.
*/
public class OpenIDEnvironment extends DelegatingEnvironment {
/**
* Create a new instance of the configuration environment for the
* OpenID SSO module, pulling the default instance of the LocalEnvironment.
*/
public OpenIDEnvironment() {
super(LocalEnvironment.getInstance());
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// While most SSO systems do not consider usernames case-sensitive,
// this defaults to the global Guacamole configuration, which defaults
// to true, in order to avoid surprising or breaking environments that
// may rely on this behavior. This can be overridden for the entire
// Guacamole instance or for this extension.
return getProperty(ConfigurationService.OPENID_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames());
}
}

9
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/SAMLAuthenticationProviderModule.java
View File

@@ -24,12 +24,19 @@ import org.apache.guacamole.auth.saml.conf.ConfigurationService;
import org.apache.guacamole.auth.saml.acs.AssertionConsumerServiceResource;
import org.apache.guacamole.auth.saml.acs.SAMLAuthenticationSessionManager;
import org.apache.guacamole.auth.saml.acs.SAMLService;
import org.apache.guacamole.auth.saml.conf.SAMLEnvironment;
import org.apache.guacamole.environment.Environment;
/**
* Guice module which configures SAML-specific injections.
*/
public class SAMLAuthenticationProviderModule extends AbstractModule {
/**
* The environment for this server and extension.
*/
private final Environment environment = new SAMLEnvironment();
@Override
protected void configure() {
bind(AssertionConsumerServiceResource.class);
@@ -37,6 +44,8 @@ public class SAMLAuthenticationProviderModule extends AbstractModule {
bind(SAMLAuthenticationSessionManager.class);
bind(SAMLService.class);
bind(Environment.class).toInstance(environment);
requestStaticInjection(SAMLAuthenticationEventListener.class);
}

12
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/ConfigurationService.java
View File

@@ -189,6 +189,18 @@ public class ConfigurationService {
public String getName() { return "saml-private-key-path"; }
};
/**
* A property used to configure whether or not usernames within the SAML SSO
* module should be treated as case-sensitive.
*/
public static final BooleanGuacamoleProperty SAML_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "saml-case-sensitive-usernames"; }
};
/**
* The Guacamole server environment.

53
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-saml/src/main/java/org/apache/guacamole/auth/saml/conf/SAMLEnvironment.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.saml.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.DelegatingEnvironment;
import org.apache.guacamole.environment.LocalEnvironment;
/**
* An environment for retrieving SAML-related properties from the Guacamole
* configuration.
*/
public class SAMLEnvironment extends DelegatingEnvironment {
/**
* Create a new instance of the configuration environment for the
* SAML SSO module, pulling the default instance of the LocalEnvironment.
*/
public SAMLEnvironment() {
super(LocalEnvironment.getInstance());
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// While most SSO systems do not consider usernames case-sensitive,
// this defaults to the global Guacamole configuration, which defaults
// to true, in order to avoid surprising or breaking environments that
// may rely on this behavior. This can be overridden for the entire
// Guacamole instance or for this extension.
return getProperty(ConfigurationService.SAML_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames());
}
}

9
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/SSLAuthenticationProviderModule.java
View File

@@ -22,7 +22,9 @@ package org.apache.guacamole.auth.ssl;
import com.google.inject.AbstractModule;
import com.google.inject.Scopes;
import org.apache.guacamole.auth.ssl.conf.ConfigurationService;
import org.apache.guacamole.auth.ssl.conf.SSLEnvironment;
import org.apache.guacamole.auth.sso.NonceService;
import org.apache.guacamole.environment.Environment;
/**
* Guice module which configures injections specific to SSO using SSL/TLS
@@ -30,12 +32,19 @@ import org.apache.guacamole.auth.sso.NonceService;
*/
public class SSLAuthenticationProviderModule extends AbstractModule {
/**
* The configuration environment of this server and extension.
*/
private final Environment environment = new SSLEnvironment();
@Override
protected void configure() {
bind(ConfigurationService.class);
bind(NonceService.class).in(Scopes.SINGLETON);
bind(SSLAuthenticationSessionManager.class);
bind(Environment.class).toInstance(environment);
requestStaticInjection(SSLAuthenticationEventListener.class);
}

13
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/ConfigurationService.java
View File

@@ -28,6 +28,7 @@ import javax.ws.rs.core.UriBuilder;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleServerException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.properties.BooleanGuacamoleProperty;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
import org.apache.guacamole.properties.URIGuacamoleProperty;
@@ -186,6 +187,18 @@ public class ConfigurationService {
public String getName() { return "ssl-max-domain-validity"; }
};
/**
* A property used to configure whether or not usernames within the SSL SSO
* module should be treated as case-sensitive.
*/
public static final BooleanGuacamoleProperty SSL_CASE_SENSITIVE_USERNAMES =
new BooleanGuacamoleProperty() {
@Override
public String getName() { return "ssl-case-sensitive-usernames"; }
};
/**
* The Guacamole server environment.

53
extensions/guacamole-auth-sso/modules/guacamole-auth-sso-ssl/src/main/java/org/apache/guacamole/auth/ssl/conf/SSLEnvironment.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.guacamole.auth.ssl.conf;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.DelegatingEnvironment;
import org.apache.guacamole.environment.LocalEnvironment;
/**
* An environment for retrieving SSL-related properties from the Guacamole
* configuration.
*/
public class SSLEnvironment extends DelegatingEnvironment {
/**
* Create a new instance of the configuration environment for the
* SSL SSO module, pulling the default instance of the LocalEnvironment.
*/
public SSLEnvironment() {
super(LocalEnvironment.getInstance());
}
@Override
public boolean getCaseSensitiveUsernames() throws GuacamoleException {
// While most SSO systems do not consider usernames case-sensitive,
// this defaults to the global Guacamole configuration, which defaults
// to true, in order to avoid surprising or breaking environments that
// may rely on this behavior. This can be overridden for the entire
// Guacamole instance or for this extension.
return getProperty(ConfigurationService.SSL_CASE_SENSITIVE_USERNAMES,
super.getCaseSensitiveUsernames());
}
}