Ticket #362: Streamlined authentication.

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/RESTModule.java

@@ -23,6 +23,7 @@ import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.net.auth.AuthenticationProvider;
 import org.glyptodon.guacamole.net.basic.properties.BasicGuacamoleProperties;
 import org.glyptodon.guacamole.net.basic.rest.auth.AuthTokenGenerator;
+import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
 import org.glyptodon.guacamole.net.basic.rest.auth.BasicTokenUserContextMap;
 import org.glyptodon.guacamole.net.basic.rest.auth.SecureRandomAuthTokenGenerator;
 import org.glyptodon.guacamole.net.basic.rest.auth.TokenUserContextMap;
@@ -64,6 +65,7 @@ public class RESTModule extends AbstractModule {
         bind(AuthenticationProvider.class).toInstance(authProvider);
         bind(TokenUserContextMap.class).toInstance(new BasicTokenUserContextMap());
         bind(ConnectionService.class);
+        bind(AuthenticationService.class);
         
         bind(AuthTokenGenerator.class).to(SecureRandomAuthTokenGenerator.class);
     }

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/auth/AuthenticationService.java

@@ -0,0 +1,64 @@
+package org.glyptodon.guacamole.net.basic.rest.auth;
+
+/*
+ *  Guacamole - Clientless Remote Desktop
+ *  Copyright (C) 2010  Michael Jumper
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published by
+ *  the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+import com.google.inject.Inject;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
+import org.glyptodon.guacamole.net.auth.UserContext;
+import org.glyptodon.guacamole.net.basic.rest.APIError;
+
+/**
+ * A service for performing authentication checks in REST endpoints.
+ * 
+ * @author James Muehlner
+ */
+public class AuthenticationService {
+    
+    /**
+     * The map of auth tokens to users for the REST endpoints.
+     */
+    @Inject
+    private TokenUserContextMap tokenUserMap;
+    
+    /**
+     * Finds the UserContext for a given auth token, if the auth token represents
+     * a currently logged in user. Throws an unauthorized error otherwise.
+     * 
+     * @param authToken The auth token to check against the map of logged in users.
+     * @return The userContext that corresponds to the provided auth token.
+     * @throws WebApplicationException If the auth token does not correspond to
+     *                                 any logged in user.
+     */
+    public UserContext getUserContextFromAuthToken(String authToken) 
+            throws WebApplicationException {
+        
+        // Try to get the userContext from the map of logged in users.
+        UserContext userContext = tokenUserMap.get(authToken);
+       
+        // Authentication failed.
+        if(userContext == null)
+            throw new WebApplicationException(
+                Response.status(Response.Status.UNAUTHORIZED)
+                .entity(new APIError("Permission Denied.")).build());
+        
+        return userContext;
+    }
+    
+}

guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connection/ConnectionRESTService.java

@@ -19,7 +19,6 @@ package org.glyptodon.guacamole.net.basic.rest.connection;
  */
 
 import com.google.inject.Inject;
-import com.google.inject.servlet.RequestScoped;
 import java.util.ArrayList;
 import java.util.List;
 import javax.ws.rs.GET;
@@ -35,7 +34,7 @@ import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.Directory;
 import org.glyptodon.guacamole.net.auth.UserContext;
 import org.glyptodon.guacamole.net.basic.rest.APIError;
-import org.glyptodon.guacamole.net.basic.rest.auth.TokenUserContextMap;
+import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
 
 /**
  * A REST Service for handling connection CRUD operations.
@@ -47,10 +46,10 @@ import org.glyptodon.guacamole.net.basic.rest.auth.TokenUserContextMap;
 public class ConnectionRESTService {
     
     /**
-     * The map of auth tokens to users for the REST endpoints.
+     * A service for authenticating users from auth tokens.
      */
     @Inject
-    private TokenUserContextMap tokenUserMap;
+    private AuthenticationService authenticationService;
     
     /**
      * A service for managing the REST endpoint Connection objects. 
@@ -60,13 +59,7 @@ public class ConnectionRESTService {
     
     @GET
     public List<Connection> getConnections(@QueryParam("token") String authToken, @QueryParam("parentID") String parentID) {
-        UserContext userContext = tokenUserMap.get(authToken);
-       
-        // authentication failed.
-        if(userContext == null)
-            throw new WebApplicationException(
-                Response.status(Response.Status.UNAUTHORIZED)
-                .entity(new APIError("Permission Denied.")).build());
+        UserContext userContext = authenticationService.getUserContextFromAuthToken(authToken);
         
         try {
             // If the parent connection group is passed in, try to find it.
@@ -107,6 +100,6 @@ public class ConnectionRESTService {
                 Response.status(Response.Status.INTERNAL_SERVER_ERROR)
                     .entity(e).build());
         }
-    }   
-    
+    }
+
 }