From 58f1093c582ad95e42e78678ef98de7a625b25b2 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 5 Jan 2015 15:37:24 -0800 Subject: [PATCH] GUAC-971: Pull username and password from HTTP "Authorization" header, if present, when username and password are not provided via parameters. --- .../properties/BasicGuacamoleProperties.java | 12 ------- .../net/basic/rest/auth/TokenRESTService.java | 36 ++++++++++++++++++- 2 files changed, 35 insertions(+), 13 deletions(-) diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/properties/BasicGuacamoleProperties.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/properties/BasicGuacamoleProperties.java index a2ae39d51..f2de45e3b 100644 --- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/properties/BasicGuacamoleProperties.java +++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/properties/BasicGuacamoleProperties.java @@ -49,18 +49,6 @@ public class BasicGuacamoleProperties { }; - /** - * Whether HTTP "Authorization" headers should be taken into account when - * authenticating the user. By default, "Authorization" headers are - * ignored. - */ - public static final BooleanGuacamoleProperty ENABLE_HTTP_AUTH = new BooleanGuacamoleProperty() { - - @Override - public String getName() { return "enable-http-auth"; } - - }; - /** * The directory to search for authentication provider classes. */ diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/auth/TokenRESTService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/auth/TokenRESTService.java index 740f74b38..e46b54d1a 100644 --- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/auth/TokenRESTService.java +++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/auth/TokenRESTService.java @@ -23,6 +23,7 @@ package org.glyptodon.guacamole.net.basic.rest.auth; import com.google.inject.Inject; +import java.io.UnsupportedEncodingException; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.DELETE; import javax.ws.rs.FormParam; @@ -33,6 +34,7 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response.Status; +import javax.xml.bind.DatatypeConverter; import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.net.auth.AuthenticationProvider; import org.glyptodon.guacamole.net.auth.Credentials; @@ -111,6 +113,38 @@ public class TokenRESTService { else existingSession = null; + // If no username/password given, try Authorization header + if (username == null && password == null) { + + String authorization = request.getHeader("Authorization"); + if (authorization != null && authorization.startsWith("Basic ")) { + + try { + + // Decode base64 authorization + String basicBase64 = authorization.substring(6); + String basicCredentials = new String(DatatypeConverter.parseBase64Binary(basicBase64), "UTF-8"); + + // Pull username/password from auth data + int colon = basicCredentials.indexOf(':'); + if (colon != -1) { + username = basicCredentials.substring(0, colon); + password = basicCredentials.substring(colon + 1); + } + else + logger.debug("Invalid HTTP Basic \"Authorization\" header received."); + + } + + // UTF-8 support is required by the Java specification + catch (UnsupportedEncodingException e) { + throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e); + } + + } + + } // end Authorization header fallback + // Build credentials Credentials credentials = new Credentials(); credentials.setUsername(username); @@ -155,7 +189,7 @@ public class TokenRESTService { } logger.debug("Login was successful for user \"{}\".", userContext.self().getUsername()); - return new APIAuthToken(authToken, username); + return new APIAuthToken(authToken, userContext.self().getUsername()); }