mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 21:27:40 +00:00
GUACAMOLE-70: Allow access to be restricted to strictly the users in the database.
This commit is contained in:
Michael Jumper
@@ -60,8 +60,7 @@ public interface AuthenticationProviderService {
|
||||
|
||||
/**
|
||||
* Returning a new UserContext instance for the given already-authenticated
|
||||
* user. A new placeholder account will be created for any user that does
|
||||
* not already exist within the database.
|
||||
* user.
|
||||
*
|
||||
* @param authenticationProvider
|
||||
* The AuthenticationProvider on behalf of which the UserContext is
|
||||
@@ -72,7 +71,7 @@ public interface AuthenticationProviderService {
|
||||
*
|
||||
* @return
|
||||
* A new UserContext instance for the user identified by the given
|
||||
* credentials.
|
||||
* credentials, or null if no such user exists within the database.
|
||||
*
|
||||
* @throws GuacamoleException
|
||||
* If an error occurs during authentication, or if the given
|
||||
|
||||
@@ -22,6 +22,7 @@ package org.apache.guacamole.auth.jdbc;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Provider;
|
||||
import org.apache.guacamole.GuacamoleException;
|
||||
import org.apache.guacamole.auth.jdbc.sharing.user.SharedAuthenticatedUser;
|
||||
import org.apache.guacamole.auth.jdbc.user.ModeledUser;
|
||||
import org.apache.guacamole.auth.jdbc.user.ModeledUserContext;
|
||||
import org.apache.guacamole.auth.jdbc.user.UserService;
|
||||
@@ -41,6 +42,12 @@ import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsExce
|
||||
*/
|
||||
public class JDBCAuthenticationProviderService implements AuthenticationProviderService {
|
||||
|
||||
/**
|
||||
* The environment of the Guacamole server.
|
||||
*/
|
||||
@Inject
|
||||
private JDBCEnvironment environment;
|
||||
|
||||
/**
|
||||
* Service for accessing users.
|
||||
*/
|
||||
@@ -73,8 +80,23 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider
|
||||
|
||||
// Retrieve user account for already-authenticated user
|
||||
ModeledUser user = userService.retrieveUser(authenticationProvider, authenticatedUser);
|
||||
if (user == null)
|
||||
return null;
|
||||
if (user == null) {
|
||||
|
||||
// Do not invalidate the authentication result of users who were
|
||||
// authenticated via our own connection sharing links
|
||||
if (authenticatedUser instanceof SharedAuthenticatedUser)
|
||||
return null;
|
||||
|
||||
// Simply return no data if a database user account is not required
|
||||
if (!environment.isUserRequired())
|
||||
return null;
|
||||
|
||||
// Otherwise, invalidate the authentication result, as database user
|
||||
// accounts are absolutely required
|
||||
throw new GuacamoleInvalidCredentialsException("Invalid login",
|
||||
CredentialsInfo.USERNAME_PASSWORD);
|
||||
|
||||
}
|
||||
|
||||
// Link to user context
|
||||
ModeledUserContext context = userContextProvider.get();
|
||||
|
||||
@@ -41,6 +41,20 @@ public abstract class JDBCEnvironment extends LocalEnvironment {
|
||||
super();
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether a database user account is required for authentication to
|
||||
* succeed, even if another authentication provider has already
|
||||
* authenticated the user.
|
||||
*
|
||||
* @return
|
||||
* true if database user accounts are required for absolutely all
|
||||
* authentication attempts, false otherwise.
|
||||
*
|
||||
* @throws GuacamoleException
|
||||
* If an error occurs while retrieving the property.
|
||||
*/
|
||||
public abstract boolean isUserRequired() throws GuacamoleException;
|
||||
|
||||
/**
|
||||
* Returns the maximum number of concurrent connections to allow overall.
|
||||
* As this limit applies globally (independent of which connection is in
|
||||
|
||||
Reference in New Issue
Block a user