GUACAMOLE-1218: Use TokenFilter to inject tokens from configuration attributes

2025-09-06 05:07:41 +00:00 · 2020-12-18 09:01:15 -07:00
parent 6fc7537c08
commit a486408ec1
2 changed files with 11 additions and 7 deletions
--- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/connection/ConnectionService.java
@@ -43,6 +43,7 @@ import org.apache.guacamole.net.auth.GuacamoleProxyConfiguration;
 import org.apache.guacamole.protocol.ConfiguredGuacamoleSocket;
 import org.apache.guacamole.protocol.GuacamoleClientInformation;
 import org.apache.guacamole.protocol.GuacamoleConfiguration;
+import org.apache.guacamole.token.TokenFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -166,7 +167,7 @@ public class ConnectionService {
     *     connect is denied.
     */
    public GuacamoleTunnel connect(UserData.Connection connection,
-            GuacamoleClientInformation info) throws GuacamoleException {
+            GuacamoleClientInformation info, Map<String, String> tokens) throws GuacamoleException {

        // Retrieve proxy configuration from environment
        GuacamoleProxyConfiguration proxyConfig = environment.getDefaultGuacamoleProxyConfiguration();
@@ -176,14 +177,17 @@ public class ConnectionService {
        int port = proxyConfig.getPort();

        // Generate and verify connection configuration
-        GuacamoleConfiguration config = getConfiguration(connection);
-        if (config == null) {
+        GuacamoleConfiguration filteredConfig = getConfiguration(connection);
+        if (filteredConfig == null) {
            logger.debug("Configuration for connection could not be "
                    + "generated. Perhaps the connection being joined is not "
                    + "active?");
            throw new GuacamoleResourceNotFoundException("No such connection");
        }

+        // Apply tokens to config parameters
+        new TokenFilter(tokens).filterValues(filteredConfig.getParameters());
+
        // Determine socket type based on required encryption method
        final ConfiguredGuacamoleSocket socket;
        switch (proxyConfig.getEncryptionMethod()) {
@@ -192,7 +196,7 @@ public class ConnectionService {
            case SSL:
                socket = new ConfiguredGuacamoleSocket(
                    new SSLGuacamoleSocket(hostname, port),
-                    config, info
+                    filteredConfig, info
                );
                break;

@@ -200,7 +204,7 @@ public class ConnectionService {
            case NONE:
                socket = new ConfiguredGuacamoleSocket(
                    new InetGuacamoleSocket(hostname, port),
-                    config, info
+                    filteredConfig, info
                );
                break;

@@ -277,7 +281,7 @@ public class ConnectionService {

        // Track tunnels which join connections, such that they can be
        // automatically closed when the joined connection closes
-        String joinedConnection = config.getConnectionID();
+        String joinedConnection = filteredConfig.getConnectionID();
        if (joinedConnection != null) {

            // Track shadower of joined connection if possible
--- a/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserDataConnection.java
+++ b/extensions/guacamole-auth-json/src/main/java/org/apache/guacamole/auth/json/user/UserDataConnection.java
@@ -180,7 +180,7 @@ public class UserDataConnection implements Connection {
        }

        // Perform connection operation
-        return connectionService.connect(connection, info);
+        return connectionService.connect(connection, info, tokens);

    }