safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-31 17:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-524: Deprecate and replace StandardTokens with arbitrary tokens provided to Connectable.connect().

Browse Source
This commit is contained in:
Michael Jumper
2018-10-04 00:41:07 -07:00
parent 3089e71e60
commit 1210d5624c
22 changed files with 268 additions and 154 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Connectable.java
View File

@@ -19,6 +19,7 @@
package org.apache.guacamole.net.auth;
import java.util.Map;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.GuacamoleTunnel;
import org.apache.guacamole.protocol.GuacamoleClientInformation;
@@ -31,11 +32,21 @@ public interface Connectable {
/**
* Establishes a connection to guacd using the information associated with
* this object. The connection will be provided the given client
* information.
* information. Implementations which support parameter tokens should
* apply the given tokens when configuring the connection, such as with a
* {@link org.apache.guacamole.token.TokenFilter}.
*
* @see <a href="http://guacamole.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens">Parameter Tokens</a>
*
* @param info
* Information associated with the connecting client.
*
* @param tokens
* A Map containing the token names and corresponding values to be
* applied as parameter tokens when establishing the connection. If the
* implementation does not support parameter tokens, this Map may be
* ignored.
*
* @return
* A fully-established GuacamoleTunnel.
*
@@ -43,8 +54,8 @@ public interface Connectable {
* If an error occurs while connecting to guacd, or if permission to
* connect is denied.
*/
public GuacamoleTunnel connect(GuacamoleClientInformation info)
throws GuacamoleException;
public GuacamoleTunnel connect(GuacamoleClientInformation info,
Map<String, String> tokens) throws GuacamoleException;
/**
* Returns the number of active connections associated with this object.

6
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/DelegatingConnection.java
View File

@@ -128,9 +128,9 @@ public class DelegatingConnection implements Connection {
}
@Override
public GuacamoleTunnel connect(GuacamoleClientInformation info)
throws GuacamoleException {
return connection.connect(info);
public GuacamoleTunnel connect(GuacamoleClientInformation info,
Map<String, String> tokens) throws GuacamoleException {
return connection.connect(info, tokens);
}
@Override

5
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/DelegatingConnectionGroup.java
View File

@@ -119,8 +119,9 @@ public class DelegatingConnectionGroup implements ConnectionGroup {
}
@Override
public GuacamoleTunnel connect(GuacamoleClientInformation info) throws GuacamoleException {
return connectionGroup.connect(info);
public GuacamoleTunnel connect(GuacamoleClientInformation info,
Map<String, String> tokens) throws GuacamoleException {
return connectionGroup.connect(info, tokens);
}
@Override

77
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
View File

@@ -31,8 +31,6 @@ import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.protocol.GuacamoleConfiguration;
import org.apache.guacamole.token.StandardTokens;
import org.apache.guacamole.token.TokenFilter;
/**
* Provides means of retrieving a set of named GuacamoleConfigurations for a
@@ -140,84 +138,13 @@ public abstract class SimpleAuthenticationProvider
}
/**
* Given an arbitrary credentials object, returns a Map containing all
* configurations authorized by those credentials, filtering those
* configurations using a TokenFilter and the standard credential tokens
* (like ${GUAC_USERNAME} and ${GUAC_PASSWORD}). The keys of this Map
* are Strings which uniquely identify each configuration.
*
* @param credentials
* The credentials to use to retrieve authorized configurations.
*
* @return
* A Map of all configurations authorized by the given credentials, or
* null if the credentials given are not authorized.
*
* @throws GuacamoleException
* If an error occurs while retrieving configurations.
*/
private Map<String, GuacamoleConfiguration>
getFilteredAuthorizedConfigurations(Credentials credentials)
throws GuacamoleException {
// Get configurations
Map<String, GuacamoleConfiguration> configs =
getAuthorizedConfigurations(credentials);
// Return as unauthorized if not authorized to retrieve configs
if (configs == null)
return null;
// Build credential TokenFilter
TokenFilter tokenFilter = new TokenFilter();
StandardTokens.addStandardTokens(tokenFilter, credentials);
// Filter each configuration
for (GuacamoleConfiguration config : configs.values())
tokenFilter.filterValues(config.getParameters());
return configs;
}
/**
* Given a user who has already been authenticated, returns a Map
* containing all configurations for which that user is authorized,
* filtering those configurations using a TokenFilter and the standard
* credential tokens (like ${GUAC_USERNAME} and ${GUAC_PASSWORD}). The keys
* of this Map are Strings which uniquely identify each configuration.
*
* @param authenticatedUser
* The user whose authorized configurations are to be retrieved.
*
* @return
* A Map of all configurations authorized for use by the given user, or
* null if the user is not authorized to use any configurations.
*
* @throws GuacamoleException
* If an error occurs while retrieving configurations.
*/
private Map<String, GuacamoleConfiguration>
getFilteredAuthorizedConfigurations(AuthenticatedUser authenticatedUser)
throws GuacamoleException {
// Pull cached configurations, if any
if (authenticatedUser instanceof SimpleAuthenticatedUser && authenticatedUser.getAuthenticationProvider() == this)
return ((SimpleAuthenticatedUser) authenticatedUser).getAuthorizedConfigurations();
// Otherwise, pull using credentials
return getFilteredAuthorizedConfigurations(authenticatedUser.getCredentials());
}
@Override
public AuthenticatedUser authenticateUser(final Credentials credentials)
throws GuacamoleException {
// Get configurations
Map<String, GuacamoleConfiguration> configs =
getFilteredAuthorizedConfigurations(credentials);
getAuthorizedConfigurations(credentials);
// Return as unauthorized if not authorized to retrieve configs
if (configs == null)
@@ -233,7 +160,7 @@ public abstract class SimpleAuthenticationProvider
// Get configurations
Map<String, GuacamoleConfiguration> configs =
getFilteredAuthorizedConfigurations(authenticatedUser);
getAuthorizedConfigurations(authenticatedUser.getCredentials());
// Return as unauthorized if not authorized to retrieve configs
if (configs == null)

20
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleConnection.java
View File

@@ -38,9 +38,14 @@ import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
import org.apache.guacamole.protocol.ConfiguredGuacamoleSocket;
import org.apache.guacamole.protocol.GuacamoleClientInformation;
import org.apache.guacamole.protocol.GuacamoleConfiguration;
import org.apache.guacamole.token.TokenFilter;
/**
* An extremely basic Connection implementation.
* An extremely basic Connection implementation. The underlying connection to
* guacd is established using the configuration information provided in
* guacamole.properties. Parameter tokens provided to connect() are
* automatically applied. Tracking of active connections and connection history
* is not provided.
*/
public class SimpleConnection extends AbstractConnection {
@@ -95,8 +100,8 @@ public class SimpleConnection extends AbstractConnection {
}
@Override
public GuacamoleTunnel connect(GuacamoleClientInformation info)
throws GuacamoleException {
public GuacamoleTunnel connect(GuacamoleClientInformation info,
Map<String, String> tokens) throws GuacamoleException {
// Retrieve proxy configuration from environment
Environment environment = new LocalEnvironment();
@@ -106,6 +111,11 @@ public class SimpleConnection extends AbstractConnection {
String hostname = proxyConfig.getHostname();
int port = proxyConfig.getPort();
// Apply tokens to config parameters
GuacamoleConfiguration filteredConfig = new GuacamoleConfiguration(config);
TokenFilter tokenFilter = new TokenFilter();
tokenFilter.filterValues(config.getParameters());
GuacamoleSocket socket;
// Determine socket type based on required encryption method
@@ -115,7 +125,7 @@ public class SimpleConnection extends AbstractConnection {
case SSL:
socket = new ConfiguredGuacamoleSocket(
new SSLGuacamoleSocket(hostname, port),
config, info
filteredConfig, info
);
break;
@@ -123,7 +133,7 @@ public class SimpleConnection extends AbstractConnection {
case NONE:
socket = new ConfiguredGuacamoleSocket(
new InetGuacamoleSocket(hostname, port),
config, info
filteredConfig, info
);
break;

4
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleConnectionGroup.java
View File

@@ -109,8 +109,8 @@ public class SimpleConnectionGroup extends AbstractConnectionGroup {
}
@Override
public GuacamoleTunnel connect(GuacamoleClientInformation info)
throws GuacamoleException {
public GuacamoleTunnel connect(GuacamoleClientInformation info,
Map<String, String> tokens) throws GuacamoleException {
throw new GuacamoleSecurityException("Permission denied.");
}

5
guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java
View File

@@ -29,7 +29,12 @@ import org.apache.guacamole.net.auth.Credentials;
/**
* Utility class which provides access to standardized token names, as well as
* facilities for generating those tokens from common objects.
*
* @deprecated Standard tokens are now supplied by default to the connect()
* functions of connections and connection groups. Manually generating the
* standard tokens is not necessary.
*/
@Deprecated
public class StandardTokens {
/**