mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 13:17:41 +00:00
Fix semantics of update and events now that we know when credentials are present.
This commit is contained in:
Michael Jumper
@@ -8,9 +8,6 @@ import net.sourceforge.guacamole.net.auth.UserContext;
|
|||||||
* authentication. The credentials that passed authentication are included
|
* authentication. The credentials that passed authentication are included
|
||||||
* within this event, and can be retrieved using getCredentials().
|
* within this event, and can be retrieved using getCredentials().
|
||||||
*
|
*
|
||||||
* Note that this event is only triggered when the UserContext is initially
|
|
||||||
* created. Any further updates to the UserContext to not trigger this event.
|
|
||||||
*
|
|
||||||
* @author Michael Jumper
|
* @author Michael Jumper
|
||||||
*/
|
*/
|
||||||
public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {
|
public class AuthenticationSuccessEvent implements UserEvent, CredentialEvent {
|
||||||
|
|||||||
@@ -5,9 +5,9 @@ import net.sourceforge.guacamole.net.auth.UserContext;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* An event which is triggered whenever a tunnel is being closed. The tunnel
|
* An event which is triggered whenever a tunnel is being closed. The tunnel
|
||||||
* being closed can be accessed through getTunnel(), and the set of all
|
* being closed can be accessed through getTunnel(), and the UserContext
|
||||||
* credentials available from the request which is closing the tunnel can be
|
* associated with the request which is closing the tunnel can be retrieved
|
||||||
* retrieved using getCredentials().
|
* with getUserContext().
|
||||||
*
|
*
|
||||||
* @author Michael Jumper
|
* @author Michael Jumper
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -5,9 +5,10 @@ import net.sourceforge.guacamole.net.auth.UserContext;
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* An event which is triggered whenever a tunnel is being connected. The tunnel
|
* An event which is triggered whenever a tunnel is being connected. The tunnel
|
||||||
* being connected can be accessed through getTunnel(), and the set of all
|
* being connected can be accessed through getTunnel(), and the UserContext
|
||||||
* credentials available from the request which is connecting the tunnel can be
|
* associated with the request which is connecting the tunnel can be retrieved
|
||||||
* retrieved using getCredentials().
|
* with getUserContext().
|
||||||
|
|
||||||
*
|
*
|
||||||
* @author Michael Jumper
|
* @author Michael Jumper
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -224,32 +224,48 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
HttpSession httpSession = request.getSession(true);
|
|
||||||
|
|
||||||
// Retrieve username and password from parms
|
|
||||||
String username = request.getParameter("username");
|
|
||||||
String password = request.getParameter("password");
|
|
||||||
|
|
||||||
// Build credentials object
|
|
||||||
Credentials credentials = new Credentials();
|
|
||||||
credentials.setSession(httpSession);
|
|
||||||
credentials.setRequest(request);
|
|
||||||
credentials.setUsername(username);
|
|
||||||
credentials.setPassword(password);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
|
||||||
SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
|
// Obtain context from session
|
||||||
|
HttpSession httpSession = request.getSession(true);
|
||||||
// If no cached context, attempt to get new context
|
|
||||||
UserContext context = getUserContext(httpSession);
|
UserContext context = getUserContext(httpSession);
|
||||||
if (context == null) {
|
|
||||||
|
|
||||||
context = authProvider.getUserContext(credentials);
|
// If new credentials present, update/create context
|
||||||
|
if (hasNewCredentials(request)) {
|
||||||
|
|
||||||
|
// Retrieve username and password from parms
|
||||||
|
String username = request.getParameter("username");
|
||||||
|
String password = request.getParameter("password");
|
||||||
|
|
||||||
|
// Build credentials object
|
||||||
|
Credentials credentials = new Credentials();
|
||||||
|
credentials.setSession(httpSession);
|
||||||
|
credentials.setRequest(request);
|
||||||
|
credentials.setUsername(username);
|
||||||
|
credentials.setPassword(password);
|
||||||
|
|
||||||
|
SessionListenerCollection listeners = new SessionListenerCollection(httpSession);
|
||||||
|
|
||||||
|
// If no cached context, attempt to get new context
|
||||||
|
if (context == null)
|
||||||
|
context = authProvider.getUserContext(credentials);
|
||||||
|
|
||||||
|
// Otherwise, update existing context
|
||||||
|
else
|
||||||
|
context = authProvider.updateUserContext(context, credentials);
|
||||||
|
|
||||||
|
// If no context, fail authentication, notify listeners
|
||||||
|
if (context == null) {
|
||||||
|
logger.warn("Authentication attempt from {} for user \"{}\" failed.",
|
||||||
|
request.getRemoteAddr(), credentials.getUsername());
|
||||||
|
|
||||||
|
notifyFailed(listeners, credentials);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Otherwise, associate (possibly updated) context with session
|
||||||
|
// and notify listeners
|
||||||
|
else {
|
||||||
|
|
||||||
// If successful, log success and notify listeners
|
|
||||||
if (context != null) {
|
|
||||||
|
|
||||||
// Log successful authentication
|
// Log successful authentication
|
||||||
logger.info("User \"{}\" successfully authenticated from {}.",
|
logger.info("User \"{}\" successfully authenticated from {}.",
|
||||||
context.self().getUsername(), request.getRemoteAddr());
|
context.self().getUsername(), request.getRemoteAddr());
|
||||||
@@ -259,27 +275,15 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet {
|
|||||||
context = null;
|
context = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
} // end if auth success
|
httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Otherwise, update existing context
|
} // end if credentials present
|
||||||
else if (hasNewCredentials(request))
|
|
||||||
context = authProvider.updateUserContext(context, credentials);
|
|
||||||
|
|
||||||
// If no context, fail authentication, notify listeners
|
// If no context, no authorizaton present
|
||||||
if (context == null) {
|
if (context == null)
|
||||||
logger.warn("Authentication attempt from {} for user \"{}\" failed.",
|
throw new GuacamoleSecurityException("Not authenticated");
|
||||||
request.getRemoteAddr(), credentials.getUsername());
|
|
||||||
|
|
||||||
notifyFailed(listeners, credentials);
|
|
||||||
sendError(response, HttpServletResponse.SC_FORBIDDEN,
|
|
||||||
"Permission denied.");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Associate (possibly updated) context with session
|
|
||||||
httpSession.setAttribute(CONTEXT_ATTRIBUTE, context);
|
|
||||||
|
|
||||||
// Allow servlet to run now that authentication has been validated
|
// Allow servlet to run now that authentication has been validated
|
||||||
authenticatedService(context, request, response);
|
authenticatedService(context, request, response);
|
||||||
|
|||||||
Reference in New Issue
Block a user