safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-684: Merge changes giving tentative acceptance of credentials priority over complete refusal.

Browse Source 
As described in the discussion surrounding the original pull request:

 * An extension throws `GuacamoleInsufficientCredentialsException`
   specifically to indicate tentative acceptance of the credentials
   passed thus far.
 * Just as such an extension that fully accepts credentials takes
   priority over an extension that refuses to accept the same, it makes
   sense to allow an extension that *tentatively* accepts those credentials
   to also take priority.

With the above perspective, authentication result priorities are as
follows, with ties broken by the inherent order of the auth providers:

 1. Acceptance (returning an `AuthenticedUser` instance).
 2. Tentative acceptance (throwing
    `GuacamoleInvalidCredentialsException`).
 3. Complete refusal (any other subclass of
    `GuacamoleCredentialsException`).
 4. Neither refusal nor acceptance (returning `null`).

See: https://github.com/apache/guacamole-client/pull/352
This commit is contained in:
Mike Jumper
2019-08-19 00:11:19 -07:00
committed by GitHub
parent df8b8ab0e6 a710558854
commit 339c920a89
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
guacamole/src/main/java/org/apache/guacamole/rest/auth/AuthenticationService.java
View File

@@ -36,6 +36,7 @@ import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.apache.guacamole.net.event.AuthenticationFailureEvent;
import org.apache.guacamole.net.event.AuthenticationSuccessEvent;
@@ -170,7 +171,13 @@ public class AuthenticationService {
return authenticatedUser;
}
// First failure takes priority for now
// Insufficient credentials should take precedence
catch (GuacamoleInsufficientCredentialsException e) {
if (authFailure == null || authFailure instanceof GuacamoleInvalidCredentialsException)
authFailure = e;
}
// Catch other credentials exceptions and assign the first one
catch (GuacamoleCredentialsException e) {
if (authFailure == null)
authFailure = e;