mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 13:17:41 +00:00
GUACAMOLE-524: Deprecate and replace StandardTokens with arbitrary tokens provided to Connectable.connect().
This commit is contained in:
Michael Jumper
@@ -499,6 +499,10 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
|
||||
* @param info
|
||||
* Information associated with the connecting client.
|
||||
*
|
||||
* @param tokens
|
||||
* A Map containing the token names and corresponding values to be
|
||||
* applied as parameter tokens when establishing the connection.
|
||||
*
|
||||
* @return
|
||||
* A connected GuacamoleTunnel associated with a newly-established
|
||||
* connection.
|
||||
@@ -507,12 +511,12 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
|
||||
* If permission to connect to this connection is denied.
|
||||
*/
|
||||
public GuacamoleTunnel connect(ModeledAuthenticatedUser user,
|
||||
ModeledConnection connection, GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
ModeledConnection connection, GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
|
||||
// Connect only if READ permission is granted
|
||||
if (hasObjectPermission(user, connection.getIdentifier(), ObjectPermission.Type.READ))
|
||||
return tunnelService.getGuacamoleTunnel(user, connection, info);
|
||||
return tunnelService.getGuacamoleTunnel(user, connection, info, tokens);
|
||||
|
||||
// The user does not have permission to connect
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
|
||||
@@ -259,8 +259,9 @@ public class ModeledConnection extends ModeledChildDirectoryObject<ConnectionMod
|
||||
}
|
||||
|
||||
@Override
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info) throws GuacamoleException {
|
||||
return connectionService.connect(getCurrentUser(), this, info);
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
return connectionService.connect(getCurrentUser(), this, info, tokens);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.jdbc.connectiongroup;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
|
||||
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
|
||||
@@ -243,6 +244,10 @@ public class ConnectionGroupService extends ModeledChildDirectoryObjectService<M
|
||||
* @param info
|
||||
* Information associated with the connecting client.
|
||||
*
|
||||
* @param tokens
|
||||
* A Map containing the token names and corresponding values to be
|
||||
* applied as parameter tokens when establishing the connection.
|
||||
*
|
||||
* @return
|
||||
* A connected GuacamoleTunnel associated with a newly-established
|
||||
* connection.
|
||||
@@ -251,12 +256,12 @@ public class ConnectionGroupService extends ModeledChildDirectoryObjectService<M
|
||||
* If permission to connect to this connection is denied.
|
||||
*/
|
||||
public GuacamoleTunnel connect(ModeledAuthenticatedUser user,
|
||||
ModeledConnectionGroup connectionGroup, GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
ModeledConnectionGroup connectionGroup, GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
|
||||
// Connect only if READ permission is granted
|
||||
if (hasObjectPermission(user, connectionGroup.getIdentifier(), ObjectPermission.Type.READ))
|
||||
return tunnelService.getGuacamoleTunnel(user, connectionGroup, info);
|
||||
return tunnelService.getGuacamoleTunnel(user, connectionGroup, info, tokens);
|
||||
|
||||
// The user does not have permission to connect
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
|
||||
@@ -135,9 +135,9 @@ public class ModeledConnectionGroup extends ModeledChildDirectoryObject<Connecti
|
||||
}
|
||||
|
||||
@Override
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
return connectionGroupService.connect(getCurrentUser(), this, info);
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
return connectionGroupService.connect(getCurrentUser(), this, info, tokens);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -122,8 +122,8 @@ public class RootConnectionGroup extends RestrictedObject
|
||||
}
|
||||
|
||||
@Override
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
|
||||
@@ -131,9 +131,9 @@ public class SharedConnection implements Connection {
|
||||
}
|
||||
|
||||
@Override
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
return tunnelService.getGuacamoleTunnel(user, definition, info);
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
return tunnelService.getGuacamoleTunnel(user, definition, info, tokens);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -98,8 +98,8 @@ public class SharedRootConnectionGroup implements ConnectionGroup {
|
||||
}
|
||||
|
||||
@Override
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
public GuacamoleTunnel connect(GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
|
||||
@@ -52,7 +52,6 @@ import org.apache.guacamole.net.auth.ConnectionGroup;
|
||||
import org.apache.guacamole.protocol.ConfiguredGuacamoleSocket;
|
||||
import org.apache.guacamole.protocol.GuacamoleClientInformation;
|
||||
import org.apache.guacamole.protocol.GuacamoleConfiguration;
|
||||
import org.apache.guacamole.token.StandardTokens;
|
||||
import org.apache.guacamole.token.TokenFilter;
|
||||
import org.mybatis.guice.transactional.Transactional;
|
||||
import org.apache.guacamole.auth.jdbc.connection.ConnectionParameterMapper;
|
||||
@@ -233,13 +232,6 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
for (ConnectionParameterModel parameter : parameters)
|
||||
config.setParameter(parameter.getName(), parameter.getValue());
|
||||
|
||||
// Build token filter containing credential tokens
|
||||
TokenFilter tokenFilter = new TokenFilter();
|
||||
StandardTokens.addStandardTokens(tokenFilter, user);
|
||||
|
||||
// Filter the configuration
|
||||
tokenFilter.filterValues(config.getParameters());
|
||||
|
||||
return config;
|
||||
|
||||
}
|
||||
@@ -279,13 +271,6 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
for (SharingProfileParameterModel parameter : parameters)
|
||||
config.setParameter(parameter.getName(), parameter.getValue());
|
||||
|
||||
// Build token filter containing credential tokens
|
||||
TokenFilter tokenFilter = new TokenFilter();
|
||||
StandardTokens.addStandardTokens(tokenFilter, user);
|
||||
|
||||
// Filter the configuration
|
||||
tokenFilter.filterValues(config.getParameters());
|
||||
|
||||
return config;
|
||||
|
||||
}
|
||||
@@ -454,6 +439,10 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
* Information describing the Guacamole client connecting to the given
|
||||
* connection.
|
||||
*
|
||||
* @param tokens
|
||||
* A Map containing the token names and corresponding values to be
|
||||
* applied as parameter tokens when establishing the connection.
|
||||
*
|
||||
* @param interceptErrors
|
||||
* Whether errors from the upstream remote desktop should be
|
||||
* intercepted and rethrown as GuacamoleUpstreamExceptions.
|
||||
@@ -467,7 +456,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
* while connection configuration information is being retrieved.
|
||||
*/
|
||||
private GuacamoleTunnel assignGuacamoleTunnel(ActiveConnectionRecord activeConnection,
|
||||
GuacamoleClientInformation info, boolean interceptErrors) throws GuacamoleException {
|
||||
GuacamoleClientInformation info, Map<String, String> tokens,
|
||||
boolean interceptErrors) throws GuacamoleException {
|
||||
|
||||
// Record new active connection
|
||||
Runnable cleanupTask = new ConnectionCleanupTask(activeConnection);
|
||||
@@ -504,6 +494,13 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
|
||||
}
|
||||
|
||||
// Build token filter containing credential tokens
|
||||
TokenFilter tokenFilter = new TokenFilter();
|
||||
tokenFilter.setTokens(tokens);
|
||||
|
||||
// Filter the configuration
|
||||
tokenFilter.filterValues(config.getParameters());
|
||||
|
||||
// Obtain socket which will automatically run the cleanup task
|
||||
ConfiguredGuacamoleSocket socket = new ConfiguredGuacamoleSocket(
|
||||
getUnconfiguredGuacamoleSocket(connection.getGuacamoleProxyConfiguration(),
|
||||
@@ -651,8 +648,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
@Override
|
||||
@Transactional
|
||||
public GuacamoleTunnel getGuacamoleTunnel(final ModeledAuthenticatedUser user,
|
||||
final ModeledConnection connection, GuacamoleClientInformation info)
|
||||
throws GuacamoleException {
|
||||
final ModeledConnection connection, GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException {
|
||||
|
||||
// Acquire access to single connection, ignoring the failover-only flag
|
||||
acquire(user, Collections.singletonList(connection), true);
|
||||
@@ -660,7 +657,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
// Connect only if the connection was successfully acquired
|
||||
ActiveConnectionRecord connectionRecord = activeConnectionRecordProvider.get();
|
||||
connectionRecord.init(user, connection);
|
||||
return assignGuacamoleTunnel(connectionRecord, info, false);
|
||||
return assignGuacamoleTunnel(connectionRecord, info, tokens, false);
|
||||
|
||||
}
|
||||
|
||||
@@ -673,7 +670,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
@Transactional
|
||||
public GuacamoleTunnel getGuacamoleTunnel(ModeledAuthenticatedUser user,
|
||||
ModeledConnectionGroup connectionGroup,
|
||||
GuacamoleClientInformation info) throws GuacamoleException {
|
||||
GuacamoleClientInformation info, Map<String, String> tokens)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Track failures in upstream (remote desktop) connections
|
||||
boolean upstreamHasFailed = false;
|
||||
@@ -706,7 +704,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
// Connect to acquired child
|
||||
ActiveConnectionRecord connectionRecord = activeConnectionRecordProvider.get();
|
||||
connectionRecord.init(user, connectionGroup, connection);
|
||||
GuacamoleTunnel tunnel = assignGuacamoleTunnel(connectionRecord, info, connections.size() > 1);
|
||||
GuacamoleTunnel tunnel = assignGuacamoleTunnel(connectionRecord,
|
||||
info, tokens, connections.size() > 1);
|
||||
|
||||
// If session affinity is enabled, prefer this connection going forward
|
||||
if (connectionGroup.isSessionAffinityEnabled())
|
||||
@@ -755,7 +754,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
@Transactional
|
||||
public GuacamoleTunnel getGuacamoleTunnel(RemoteAuthenticatedUser user,
|
||||
SharedConnectionDefinition definition,
|
||||
GuacamoleClientInformation info)
|
||||
GuacamoleClientInformation info, Map<String, String> tokens)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Create a connection record which describes the shared connection
|
||||
@@ -764,7 +763,7 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
definition.getSharingProfile());
|
||||
|
||||
// Connect to shared connection described by the created record
|
||||
GuacamoleTunnel tunnel = assignGuacamoleTunnel(connectionRecord, info, false);
|
||||
GuacamoleTunnel tunnel = assignGuacamoleTunnel(connectionRecord, info, tokens, false);
|
||||
|
||||
// Register tunnel, such that it is closed when the
|
||||
// SharedConnectionDefinition is invalidated
|
||||
|
||||
@@ -20,6 +20,7 @@
|
||||
package org.apache.guacamole.auth.jdbc.tunnel;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
|
||||
import org.apache.guacamole.auth.jdbc.connection.ModeledConnection;
|
||||
import org.apache.guacamole.auth.jdbc.connectiongroup.ModeledConnectionGroup;
|
||||
@@ -73,6 +74,10 @@ public interface GuacamoleTunnelService {
|
||||
* Information describing the Guacamole client connecting to the given
|
||||
* connection.
|
||||
*
|
||||
* @param tokens
|
||||
* A Map containing the token names and corresponding values to be
|
||||
* applied as parameter tokens when establishing the connection.
|
||||
*
|
||||
* @return
|
||||
* A new GuacamoleTunnel which is configured and connected to the given
|
||||
* connection.
|
||||
@@ -82,8 +87,8 @@ public interface GuacamoleTunnelService {
|
||||
* rules.
|
||||
*/
|
||||
GuacamoleTunnel getGuacamoleTunnel(ModeledAuthenticatedUser user,
|
||||
ModeledConnection connection, GuacamoleClientInformation info)
|
||||
throws GuacamoleException;
|
||||
ModeledConnection connection, GuacamoleClientInformation info,
|
||||
Map<String, String> tokens) throws GuacamoleException;
|
||||
|
||||
/**
|
||||
* Returns a collection containing connection records representing all
|
||||
@@ -117,6 +122,10 @@ public interface GuacamoleTunnelService {
|
||||
* Information describing the Guacamole client connecting to the given
|
||||
* connection group.
|
||||
*
|
||||
* @param tokens
|
||||
* A Map containing the token names and corresponding values to be
|
||||
* applied as parameter tokens when establishing the connection.
|
||||
*
|
||||
* @return
|
||||
* A new GuacamoleTunnel which is configured and connected to the given
|
||||
* connection group.
|
||||
@@ -127,7 +136,7 @@ public interface GuacamoleTunnelService {
|
||||
*/
|
||||
GuacamoleTunnel getGuacamoleTunnel(ModeledAuthenticatedUser user,
|
||||
ModeledConnectionGroup connectionGroup,
|
||||
GuacamoleClientInformation info)
|
||||
GuacamoleClientInformation info, Map<String, String> tokens)
|
||||
throws GuacamoleException;
|
||||
|
||||
/**
|
||||
@@ -163,6 +172,10 @@ public interface GuacamoleTunnelService {
|
||||
* Information describing the Guacamole client connecting to the given
|
||||
* connection.
|
||||
*
|
||||
* @param tokens
|
||||
* A Map containing the token names and corresponding values to be
|
||||
* applied as parameter tokens when establishing the connection.
|
||||
*
|
||||
* @return
|
||||
* A new GuacamoleTunnel which is configured and connected to the given
|
||||
* active connection.
|
||||
@@ -173,7 +186,7 @@ public interface GuacamoleTunnelService {
|
||||
*/
|
||||
GuacamoleTunnel getGuacamoleTunnel(RemoteAuthenticatedUser user,
|
||||
SharedConnectionDefinition definition,
|
||||
GuacamoleClientInformation info)
|
||||
GuacamoleClientInformation info, Map<String, String> tokens)
|
||||
throws GuacamoleException;
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user