safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1364: Implicitly invalidate user session if unauthorized upon connect.

Browse Source
This commit is contained in:
Michael Jumper
2015-10-16 14:07:08 -07:00
parent 1f316e5e68
commit 2a155cdbac
1 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
guacamole/src/main/java/org/glyptodon/guacamole/net/basic/TunnelRequestService.java
View File

@@ -27,6 +27,7 @@ import com.google.inject.Singleton;
import java.util.List; import java.util.List;
import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.GuacamoleSecurityException; import org.glyptodon.guacamole.GuacamoleSecurityException;
import org.glyptodon.guacamole.GuacamoleUnauthorizedException;
import org.glyptodon.guacamole.net.DelegatingGuacamoleTunnel; import org.glyptodon.guacamole.net.DelegatingGuacamoleTunnel;
import org.glyptodon.guacamole.net.GuacamoleTunnel; import org.glyptodon.guacamole.net.GuacamoleTunnel;
import org.glyptodon.guacamole.net.auth.Connection; import org.glyptodon.guacamole.net.auth.Connection;
@@ -228,8 +229,8 @@ public class TunnelRequestService {
* @throws GuacamoleException * @throws GuacamoleException
* If an error occurs while obtaining the tunnel. * If an error occurs while obtaining the tunnel.
*/ */
protected GuacamoleTunnel createAssociatedTunnel(final GuacamoleSession session, protected GuacamoleTunnel createAssociatedTunnel(GuacamoleTunnel tunnel,
GuacamoleTunnel tunnel, final TunnelRequest.Type type, final GuacamoleSession session, final TunnelRequest.Type type,
final String id) throws GuacamoleException { final String id) throws GuacamoleException {
// Monitor tunnel closure and data // Monitor tunnel closure and data
@@ -305,13 +306,30 @@ public class TunnelRequestService {
String authProviderIdentifier = request.getAuthenticationProviderIdentifier(); String authProviderIdentifier = request.getAuthenticationProviderIdentifier();
GuacamoleClientInformation info = getClientInformation(request); GuacamoleClientInformation info = getClientInformation(request);
// Create connected tunnel using provided connection ID and client information
GuacamoleSession session = authenticationService.getGuacamoleSession(authToken); GuacamoleSession session = authenticationService.getGuacamoleSession(authToken);
UserContext userContext = retrievalService.retrieveUserContext(session, authProviderIdentifier); UserContext userContext = retrievalService.retrieveUserContext(session, authProviderIdentifier);
GuacamoleTunnel tunnel = createConnectedTunnel(userContext, type, id, info);
// Associate tunnel with session try {
return createAssociatedTunnel(session, tunnel, type, id);
// Create connected tunnel using provided connection ID and client information
GuacamoleTunnel tunnel = createConnectedTunnel(userContext, type, id, info);
// Associate tunnel with session
return createAssociatedTunnel(tunnel, session, type, id);
}
// Ensure any associated session is invalidated if unauthorized
catch (GuacamoleUnauthorizedException e) {
// If there is an associated auth token, invalidate it
if (authenticationService.destroyGuacamoleSession(authToken))
logger.debug("Implicitly invalidated session for token \"{}\".", authToken);
// Continue with exception processing
throw e;
}
} }