GUAC-832: Use "enable-http-auth" property to control whether the "Authorization" header is considered during authentication.

2025-09-07 13:41:21 +00:00 · 2014-08-22 14:47:21 -07:00
parent 045d5375e3
commit 2db4a783d7
2 changed files with 27 additions and 3 deletions
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/AuthenticatingHttpServlet.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/AuthenticatingHttpServlet.java
@@ -91,15 +91,26 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
     */
    private AuthenticationProvider authProvider;

+    /**
+     * Whether HTTP authentication should be used (the "Authorization" header).
+     */
+    private boolean useHttpAuthentication;
+
    @Override
    public void init() throws ServletException {

-        // Get auth provider instance
+        // Parse Guacamole configuration
        try {
+
+            // Get auth provider instance
            authProvider = GuacamoleProperties.getRequiredProperty(BasicGuacamoleProperties.AUTH_PROVIDER);
+
+            // Enable HTTP auth, if requested
+            useHttpAuthentication = GuacamoleProperties.getProperty(BasicGuacamoleProperties.ENABLE_HTTP_AUTH, false);
+
        }
        catch (GuacamoleException e) {
-            logger.error("Error getting authentication provider from properties.", e);
+            logger.error("Error reading Guacamole configuration.", e);
            throw new ServletException(e);
        }

@@ -283,7 +294,7 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
                String password = request.getParameter("password");

                // If no username/password given, try Authorization header
-                if (username == null && password == null) {
+                if (useHttpAuthentication && username == null && password == null) {

                    String authorization = request.getHeader("Authorization");
                    if (authorization != null && authorization.startsWith("Basic ")) {
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/properties/BasicGuacamoleProperties.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/properties/BasicGuacamoleProperties.java
@@ -22,6 +22,7 @@

 package org.glyptodon.guacamole.net.basic.properties;

+import org.glyptodon.guacamole.properties.BooleanGuacamoleProperty;
 import org.glyptodon.guacamole.properties.FileGuacamoleProperty;
 import org.glyptodon.guacamole.properties.LongGuacamoleProperty;

@@ -48,6 +49,18 @@ public class BasicGuacamoleProperties {

    };

+    /**
+     * Whether HTTP "Authorization" headers should be taken into account when
+     * authenticating the user. By default, "Authorization" headers are
+     * ignored.
+     */
+    public static final BooleanGuacamoleProperty ENABLE_HTTP_AUTH = new BooleanGuacamoleProperty() {
+
+        @Override
+        public String getName() { return "enable-http-auth"; }
+
+    };
+
    /**
     * The directory to search for authentication provider classes.
     */