safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1364: Implicitly invalidate user session if unauthorized upon disconnect.

Browse Source
This commit is contained in:
Michael Jumper
2015-10-16 14:55:19 -07:00
parent 2a155cdbac
commit 7ae531d3c2
1 changed files with 29 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
guacamole/src/main/java/org/glyptodon/guacamole/net/basic/TunnelRequestService.java
View File

@@ -212,6 +212,12 @@ public class TunnelRequestService {
* @param tunnel * @param tunnel
* The connected tunnel to wrap and monitor. * The connected tunnel to wrap and monitor.
* *
* @param authToken
* The authentication token associated with the given session. If
* provided, this token will be automatically invalidated (and the
* corresponding session destroyed) if tunnel errors imply that the
* user is no longer authorized.
*
* @param session * @param session
* The Guacamole session to associate the tunnel with. * The Guacamole session to associate the tunnel with.
* *
@@ -230,8 +236,9 @@ public class TunnelRequestService {
* If an error occurs while obtaining the tunnel. * If an error occurs while obtaining the tunnel.
*/ */
protected GuacamoleTunnel createAssociatedTunnel(GuacamoleTunnel tunnel, protected GuacamoleTunnel createAssociatedTunnel(GuacamoleTunnel tunnel,
final GuacamoleSession session, final TunnelRequest.Type type, final String authToken, final GuacamoleSession session,
final String id) throws GuacamoleException { final TunnelRequest.Type type, final String id)
throws GuacamoleException {
// Monitor tunnel closure and data // Monitor tunnel closure and data
GuacamoleTunnel monitoredTunnel = new DelegatingGuacamoleTunnel(tunnel) { GuacamoleTunnel monitoredTunnel = new DelegatingGuacamoleTunnel(tunnel) {
@@ -269,12 +276,28 @@ public class TunnelRequestService {
} }
try {
// Close and clean up tunnel // Close and clean up tunnel
session.removeTunnel(getUUID().toString()); session.removeTunnel(getUUID().toString());
super.close(); super.close();
} }
// Ensure any associated session is invalidated if unauthorized
catch (GuacamoleUnauthorizedException e) {
// If there is an associated auth token, invalidate it
if (authenticationService.destroyGuacamoleSession(authToken))
logger.debug("Implicitly invalidated session for token \"{}\".", authToken);
// Continue with exception processing
throw e;
}
}
}; };
// Associate tunnel with session // Associate tunnel with session
@@ -315,7 +338,7 @@ public class TunnelRequestService {
GuacamoleTunnel tunnel = createConnectedTunnel(userContext, type, id, info); GuacamoleTunnel tunnel = createConnectedTunnel(userContext, type, id, info);
// Associate tunnel with session // Associate tunnel with session
return createAssociatedTunnel(tunnel, session, type, id); return createAssociatedTunnel(tunnel, authToken, session, type, id);
} }