safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-678: Use new URI property for existing configuration items.

Browse Source
This commit is contained in:
Virtually Nick
2019-03-24 15:53:53 -04:00
parent d761f55cf1
commit 704c7b6d81
9 changed files with 64 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/guacamole-auth-cas/pom.xml
View File

@@ -261,6 +261,14 @@
<version>2.5</version>
<scope>provided</scope>
</dependency>
<!-- Jersey - JAX-RS Implementation -->
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
<version>1.1.1</version>
<scope>provided</scope>
</dependency>
</dependencies>

10
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/CASGuacamoleProperties.java
View File

@@ -19,7 +19,7 @@
package org.apache.guacamole.auth.cas.conf;
import org.apache.guacamole.properties.StringGuacamoleProperty;
import org.apache.guacamole.properties.UriGuacamoleProperty;
/**
* Provides properties required for use of the CAS authentication provider.
@@ -36,8 +36,8 @@ public class CASGuacamoleProperties {
/**
* The authorization endpoint (URI) of the CAS service.
*/
public static final StringGuacamoleProperty CAS_AUTHORIZATION_ENDPOINT =
new StringGuacamoleProperty() {
public static final UriGuacamoleProperty CAS_AUTHORIZATION_ENDPOINT =
new UriGuacamoleProperty() {
@Override
public String getName() { return "cas-authorization-endpoint"; }
@@ -49,8 +49,8 @@ public class CASGuacamoleProperties {
* authentication process is complete. This must be the full URL that a
* user would enter into their browser to access Guacamole.
*/
public static final StringGuacamoleProperty CAS_REDIRECT_URI =
new StringGuacamoleProperty() {
public static final UriGuacamoleProperty CAS_REDIRECT_URI =
new UriGuacamoleProperty() {
@Override
public String getName() { return "cas-redirect-uri"; }

5
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/conf/ConfigurationService.java
View File

@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.cas.conf;
import com.google.inject.Inject;
import java.net.URI;
import java.security.PrivateKey;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
@@ -47,7 +48,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed, or if the authorization
* endpoint property is missing.
*/
public String getAuthorizationEndpoint() throws GuacamoleException {
public URI getAuthorizationEndpoint() throws GuacamoleException {
return environment.getRequiredProperty(CASGuacamoleProperties.CAS_AUTHORIZATION_ENDPOINT);
}
@@ -65,7 +66,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed, or if the redirect URI
* property is missing.
*/
public String getRedirectURI() throws GuacamoleException {
public URI getRedirectURI() throws GuacamoleException {
return environment.getRequiredProperty(CASGuacamoleProperties.CAS_REDIRECT_URI);
}

34
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/form/CASTicketField.java
View File

@@ -19,8 +19,8 @@
package org.apache.guacamole.auth.cas.form;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.net.URI;
import javax.ws.rs.core.UriBuilder;
import org.apache.guacamole.form.Field;
@@ -47,7 +47,7 @@ public class CASTicketField extends Field {
/**
* The full URI which the field should link to.
*/
private final String authorizationURI;
private final URI authorizationURI;
/**
* Creates a new CAS "ticket" field which links to the given CAS
@@ -65,29 +65,15 @@ public class CASTicketField extends Field {
* The URI that the CAS service should redirect to upon successful
* authentication.
*/
public CASTicketField(String authorizationEndpoint, String redirectURI) {
public CASTicketField(URI authorizationEndpoint, URI redirectURI) {
// Init base field properties
super(PARAMETER_NAME, "GUAC_CAS_TICKET");
// Build authorization URI from given values
try {
final StringBuilder sb = new StringBuilder();
sb.append(authorizationEndpoint);
// user might configure the endpoint with a trailing slash
if (sb.charAt(sb.length() - 1) != '/') {
sb.append('/');
}
sb.append(CAS_LOGIN_URI);
sb.append("?service=");
sb.append(URLEncoder.encode(redirectURI, "UTF-8"));
this.authorizationURI = sb.toString();
}
// Java is required to provide UTF-8 support
catch (UnsupportedEncodingException e) {
throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
}
this.authorizationURI = UriBuilder.fromUri(authorizationEndpoint)
.path(CAS_LOGIN_URI)
.queryParam("service", redirectURI)
.build();
}
@@ -99,7 +85,7 @@ public class CASTicketField extends Field {
* The full URI that this field should link to.
*/
public String getAuthorizationURI() {
return authorizationURI;
return authorizationURI.toString();
}
}

9
extensions/guacamole-auth-cas/src/main/java/org/apache/guacamole/auth/cas/ticket/TicketValidationService.java
View File

@@ -21,6 +21,7 @@ package org.apache.guacamole.auth.cas.ticket;
import com.google.common.io.BaseEncoding;
import com.google.inject.Inject;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
@@ -83,13 +84,13 @@ public class TicketValidationService {
// Retrieve the configured CAS URL, establish a ticket validator,
// and then attempt to validate the supplied ticket. If that succeeds,
// grab the principal returned by the validator.
String casServerUrl = confService.getAuthorizationEndpoint();
Cas20ProxyTicketValidator validator = new Cas20ProxyTicketValidator(casServerUrl);
URI casServerUrl = confService.getAuthorizationEndpoint();
Cas20ProxyTicketValidator validator = new Cas20ProxyTicketValidator(casServerUrl.toString());
validator.setAcceptAnyProxy(true);
validator.setEncoding("UTF-8");
try {
String confRedirectURI = confService.getRedirectURI();
Assertion a = validator.validate(ticket, confRedirectURI);
URI confRedirectURI = confService.getRedirectURI();
Assertion a = validator.validate(ticket, confRedirectURI.toString());
AttributePrincipal principal = a.getPrincipal();
// Retrieve username and set the credentials.

8
extensions/guacamole-auth-openid/pom.xml
View File

@@ -246,6 +246,14 @@
<version>2.5</version>
<scope>provided</scope>
</dependency>
<!-- Jersey - JAX-RS Implementation -->
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
<version>1.1.1</version>
<scope>provided</scope>
</dependency>
</dependencies>

20
extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/conf/ConfigurationService.java
View File

@@ -20,10 +20,12 @@
package org.apache.guacamole.auth.openid.conf;
import com.google.inject.Inject;
import java.net.URI;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.environment.Environment;
import org.apache.guacamole.properties.IntegerGuacamoleProperty;
import org.apache.guacamole.properties.StringGuacamoleProperty;
import org.apache.guacamole.properties.UriGuacamoleProperty;
/**
* Service for retrieving configuration information regarding the OpenID
@@ -63,8 +65,8 @@ public class ConfigurationService {
/**
* The authorization endpoint (URI) of the OpenID service.
*/
private static final StringGuacamoleProperty OPENID_AUTHORIZATION_ENDPOINT =
new StringGuacamoleProperty() {
private static final UriGuacamoleProperty OPENID_AUTHORIZATION_ENDPOINT =
new UriGuacamoleProperty() {
@Override
public String getName() { return "openid-authorization-endpoint"; }
@@ -75,8 +77,8 @@ public class ConfigurationService {
* The endpoint (URI) of the JWKS service which defines how received ID
* tokens (JWTs) shall be validated.
*/
private static final StringGuacamoleProperty OPENID_JWKS_ENDPOINT =
new StringGuacamoleProperty() {
private static final UriGuacamoleProperty OPENID_JWKS_ENDPOINT =
new UriGuacamoleProperty() {
@Override
public String getName() { return "openid-jwks-endpoint"; }
@@ -174,8 +176,8 @@ public class ConfigurationService {
* authentication process is complete. This must be the full URL that a
* user would enter into their browser to access Guacamole.
*/
private static final StringGuacamoleProperty OPENID_REDIRECT_URI =
new StringGuacamoleProperty() {
private static final UriGuacamoleProperty OPENID_REDIRECT_URI =
new UriGuacamoleProperty() {
@Override
public String getName() { return "openid-redirect-uri"; }
@@ -200,7 +202,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed, or if the authorization
* endpoint property is missing.
*/
public String getAuthorizationEndpoint() throws GuacamoleException {
public URI getAuthorizationEndpoint() throws GuacamoleException {
return environment.getRequiredProperty(OPENID_AUTHORIZATION_ENDPOINT);
}
@@ -236,7 +238,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed, or if the redirect URI
* property is missing.
*/
public String getRedirectURI() throws GuacamoleException {
public URI getRedirectURI() throws GuacamoleException {
return environment.getRequiredProperty(OPENID_REDIRECT_URI);
}
@@ -270,7 +272,7 @@ public class ConfigurationService {
* If guacamole.properties cannot be parsed, or if the JWKS endpoint
* property is missing.
*/
public String getJWKSEndpoint() throws GuacamoleException {
public URI getJWKSEndpoint() throws GuacamoleException {
return environment.getRequiredProperty(OPENID_JWKS_ENDPOINT);
}

33
extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/form/TokenField.java
View File

@@ -19,8 +19,8 @@
package org.apache.guacamole.auth.openid.form;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.net.URI;
import javax.ws.rs.core.UriBuilder;
import org.apache.guacamole.form.Field;
/**
@@ -38,7 +38,7 @@ public class TokenField extends Field {
/**
* The full URI which the field should link to.
*/
private final String authorizationURI;
private final URI authorizationURI;
/**
* Creates a new field which requests authentication via OpenID connect.
@@ -69,26 +69,19 @@ public class TokenField extends Field {
* A random string unique to this request. To defend against replay
* attacks, this value must cease being valid after its first use.
*/
public TokenField(String authorizationEndpoint, String scope,
String clientID, String redirectURI, String nonce) {
public TokenField(URI authorizationEndpoint, String scope,
String clientID, URI redirectURI, String nonce) {
// Init base field properties
super(PARAMETER_NAME, "GUAC_OPENID_TOKEN");
// Build authorization URI from given values
try {
this.authorizationURI = authorizationEndpoint
+ "?scope=" + URLEncoder.encode(scope, "UTF-8")
+ "&response_type=id_token"
+ "&client_id=" + URLEncoder.encode(clientID, "UTF-8")
+ "&redirect_uri=" + URLEncoder.encode(redirectURI, "UTF-8")
+ "&nonce=" + nonce;
}
// Java is required to provide UTF-8 support
catch (UnsupportedEncodingException e) {
throw new UnsupportedOperationException("Unexpected lack of UTF-8 support.", e);
}
this.authorizationURI = UriBuilder.fromUri(authorizationEndpoint)
.queryParam("scope", scope)
.queryParam("response_type", "id_token")
.queryParam("client_id","clientID")
.queryParam("redirect_uri", redirectURI)
.queryParam("nonce", nonce)
.build();
}
@@ -100,7 +93,7 @@ public class TokenField extends Field {
* The full URI that this field should link to.
*/
public String getAuthorizationURI() {
return authorizationURI;
return authorizationURI.toString();
}
}

2
extensions/guacamole-auth-openid/src/main/java/org/apache/guacamole/auth/openid/token/TokenValidationService.java
View File

@@ -74,7 +74,7 @@ public class TokenValidationService {
public String processUsername(String token) throws GuacamoleException {
// Validating the token requires a JWKS key resolver
HttpsJwks jwks = new HttpsJwks(confService.getJWKSEndpoint());
HttpsJwks jwks = new HttpsJwks(confService.getJWKSEndpoint().toString());
HttpsJwksVerificationKeyResolver resolver = new HttpsJwksVerificationKeyResolver(jwks);
// Create JWT consumer for validating received token