mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 05:07:41 +00:00
Fix semantics of update and events now that we know when credentials are present.
This commit is contained in:
Michael Jumper
@@ -8,9 +8,6 @@ import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
* authentication. The credentials that passed authentication are included
|
||||
* within this event, and can be retrieved using getCredentials().
|
||||
*
|
||||
* Note that this event is only triggered when the UserContext is initially
|
||||
* created. Any further updates to the UserContext to not trigger this event.
|
||||
*
|
||||
* @author Michael Jumper
|
||||
*/
|
||||
public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {
|
||||
|
||||
@@ -5,9 +5,9 @@ import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
|
||||
/**
|
||||
* An event which is triggered whenever a tunnel is being closed. The tunnel
|
||||
* being closed can be accessed through getTunnel(), and the set of all
|
||||
* credentials available from the request which is closing the tunnel can be
|
||||
* retrieved using getCredentials().
|
||||
* being closed can be accessed through getTunnel(), and the UserContext
|
||||
* associated with the request which is closing the tunnel can be retrieved
|
||||
* with getUserContext().
|
||||
*
|
||||
* @author Michael Jumper
|
||||
*/
|
||||
|
||||
@@ -5,9 +5,10 @@ import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
|
||||
/**
|
||||
* An event which is triggered whenever a tunnel is being connected. The tunnel
|
||||
* being connected can be accessed through getTunnel(), and the set of all
|
||||
* credentials available from the request which is connecting the tunnel can be
|
||||
* retrieved using getCredentials().
|
||||
* being connected can be accessed through getTunnel(), and the UserContext
|
||||
* associated with the request which is connecting the tunnel can be retrieved
|
||||
* with getUserContext().
|
||||
|
||||
*
|
||||
* @author Michael Jumper
|
||||
*/
|
||||
|
||||
@@ -224,32 +224,48 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
|
||||
}
|
||||
}
|
||||
|
||||
HttpSession httpSession = request.getSession(true);
|
||||
|
||||
// Retrieve username and password from parms
|
||||
String username = request.getParameter("username");
|
||||
String password = request.getParameter("password");
|
||||
|
||||
// Build credentials object
|
||||
Credentials credentials = new Credentials();
|
||||
credentials.setSession(httpSession);
|
||||
credentials.setRequest(request);
|
||||
credentials.setUsername(username);
|
||||
credentials.setPassword(password);
|
||||
|
||||
try {
|
||||
|
||||
SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
|
||||
|
||||
// If no cached context, attempt to get new context
|
||||
// Obtain context from session
|
||||
HttpSession httpSession = request.getSession(true);
|
||||
UserContext context = getUserContext(httpSession);
|
||||
if (context == null) {
|
||||
|
||||
context = authProvider.getUserContext(credentials);
|
||||
// If new credentials present, update/create context
|
||||
if (hasNewCredentials(request)) {
|
||||
|
||||
// Retrieve username and password from parms
|
||||
String username = request.getParameter("username");
|
||||
String password = request.getParameter("password");
|
||||
|
||||
// Build credentials object
|
||||
Credentials credentials = new Credentials();
|
||||
credentials.setSession(httpSession);
|
||||
credentials.setRequest(request);
|
||||
credentials.setUsername(username);
|
||||
credentials.setPassword(password);
|
||||
|
||||
SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
|
||||
|
||||
// If no cached context, attempt to get new context
|
||||
if (context == null)
|
||||
context = authProvider.getUserContext(credentials);
|
||||
|
||||
// Otherwise, update existing context
|
||||
else
|
||||
context = authProvider.updateUserContext(context, credentials);
|
||||
|
||||
// If no context, fail authentication, notify listeners
|
||||
if (context == null) {
|
||||
logger.warn("Authentication attempt from {} for user \"{}\" failed.",
|
||||
request.getRemoteAddr(), credentials.getUsername());
|
||||
|
||||
notifyFailed(listeners, credentials);
|
||||
}
|
||||
|
||||
// Otherwise, associate (possibly updated) context with session
|
||||
// and notify listeners
|
||||
else {
|
||||
|
||||
// If successful, log success and notify listeners
|
||||
if (context != null) {
|
||||
|
||||
// Log successful authentication
|
||||
logger.info("User \"{}\" successfully authenticated from {}.",
|
||||
context.self().getUsername(), request.getRemoteAddr());
|
||||
@@ -259,27 +275,15 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
|
||||
context = null;
|
||||
}
|
||||
|
||||
} // end if auth success
|
||||
httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
// Otherwise, update existing context
|
||||
else if (hasNewCredentials(request))
|
||||
context = authProvider.updateUserContext(context, credentials);
|
||||
} // end if credentials present
|
||||
|
||||
// If no context, fail authentication, notify listeners
|
||||
if (context == null) {
|
||||
logger.warn("Authentication attempt from {} for user \"{}\" failed.",
|
||||
request.getRemoteAddr(), credentials.getUsername());
|
||||
|
||||
notifyFailed(listeners, credentials);
|
||||
sendError(response, HttpServletResponse.SC_FORBIDDEN,
|
||||
"Permission denied.");
|
||||
return;
|
||||
}
|
||||
|
||||
// Associate (possibly updated) context with session
|
||||
httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
|
||||
// If no context, no authorizaton present
|
||||
if (context == null)
|
||||
throw new GuacamoleSecurityException("Not authenticated");
|
||||
|
||||
// Allow servlet to run now that authentication has been validated
|
||||
authenticatedService(context, request, response);
|
||||
|
||||
Reference in New Issue
Block a user