From 38eb97b42245699988cfa1fefe7bf80eeea3c56c Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Fri, 8 Jun 2018 12:30:15 -0400 Subject: [PATCH 01/25] GUACAMOLE-524: Added reading of LDAP attributes in guacamole.properties named 'ldap-user-attributes'. Added method getAttributes() in ConfigurationService to read environment property LDAPGuacamoleProperties.LDAP_USER_ATTRIBUTES. These attributes are arbitrary LDAP attributes that will be mapped to the user in credentials and tokens. --- .../auth/ldap/ConfigurationService.java | 18 +++++++++++++++++- .../auth/ldap/LDAPGuacamoleProperties.java | 10 ++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index 2ab7aadf6..4b82e3da2 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -227,7 +227,7 @@ public class ConfigurationService { private int getMaxResults() throws GuacamoleException { return environment.getProperty( LDAPGuacamoleProperties.LDAP_MAX_SEARCH_RESULTS, - 1000 + 1000 ); } @@ -344,4 +344,20 @@ public class ConfigurationService { ); } + /** + * Returns names for custom LDAP user attributes. + * + * @return + * LDAP user attributes as defined in the guacamole.properties file + * as ldap-user-attributes: '' + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + public List getAttributes() throws GuacamoleException { + return environment.getProperty( + LDAPGuacamoleProperties.LDAP_USER_ATTRIBUTES + ); + } + } diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index 0d3823fed..55ed37b41 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -205,4 +205,14 @@ public class LDAPGuacamoleProperties { }; + /** + * Custom attribute or attributes in Guacamole user's record in the + * LDAP directory. + */ + public static final StringListProperty LDAP_USER_ATTRIBUTES = new StringListProperty() { + + @Override + public String getName() { return "ldap-user-attributes"; } + + }; } From 5ca32a221afb9ff478e8b460e45fc14e790bcc5d Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Fri, 8 Jun 2018 12:34:06 -0400 Subject: [PATCH 02/25] GUACAMOLE-524: Add LDAP attributes to credentials. AuthenticationProviderService gets LDAP attributes from confService and queries the LDAP server to find values on user for specified attributes. Added a Map to Credentials named ldapAttrs and a getLDAPAttributes() and setLDAPAttributes() to manipulate ldapAttrs on credentials. Once AuthenticationProviderService gets the values for the LDAP attributes it sets ldapAttrs on the credentials object. --- .../ldap/AuthenticationProviderService.java | 71 ++++++++++++++++++- .../guacamole/net/auth/Credentials.java | 25 ++++++- 2 files changed, 94 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index a25c697e6..2d28c79be 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -26,12 +26,21 @@ import java.util.List; import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; import org.apache.guacamole.auth.ldap.user.UserContext; import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.auth.ldap.user.UserService; import org.apache.guacamole.net.auth.Credentials; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.util.HashMap; +import java.util.Map; +import java.util.List; +import java.util.Iterator; +import com.novell.ldap.LDAPAttributeSet; +import com.novell.ldap.LDAPEntry; +import com.novell.ldap.LDAPAttribute; +import com.novell.ldap.LDAPException; /** * Service providing convenience functions for the LDAP AuthenticationProvider @@ -189,7 +198,7 @@ public class AuthenticationProviderService { /** * Returns an AuthenticatedUser representing the user authenticated by the - * given credentials. + * given credentials. Also adds custom LDAP attributes to credentials object. * * @param credentials * The credentials to use for authentication. @@ -221,6 +230,14 @@ public class AuthenticationProviderService { throw new GuacamoleInvalidCredentialsException("Permission denied.", CredentialsInfo.USERNAME_PASSWORD); try { + try { + String username = credentials.getUsername(); + Map ldapAttrs = getLDAPAttributes(ldapConnection, username); + credentials.setLDAPAttributes(ldapAttrs); + } + catch (LDAPException e) { + throw new GuacamoleServerException("Error while querying for LDAP User Attributes.", e); + } // Return AuthenticatedUser if bind succeeds AuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); @@ -236,6 +253,58 @@ public class AuthenticationProviderService { } + /** + * Returns all custom LDAP attributes on the user currently bound under + * the given LDAP connection. The custom attributes are specified in + * guacamole.properties. + * + * @param ldapConnection + * LDAP connection to find the custom LDAP attributes. + * @param username + * The username of the user whose attributes are queried. + * + * @return + * All attributes on the user currently bound under the + * given LDAP connection, as a map of attribute name to + * corresponding attribute value. + * + * @throws LDAPException + * If an error occurs while searching for the user attributes. + * + * @throws GuacamoleException + * If an error occurs retrieving the user DN. + */ + private Map getLDAPAttributes(LDAPConnection ldapConnection, + String username) throws LDAPException, GuacamoleException { + + // Get attributes from configuration information + List attrList = confService.getAttributes(); + + // If there are no attributes there is no reason to search LDAP + if (attrList.size() == 0) + return null; + + // Build LDAP query parameters + String[] attrArray = attrList.toArray(new String[attrList.size()]); + String userDN = getUserBindDN(username); + + // Get LDAP attributes by querying LDAP + LDAPEntry userEntry = ldapConnection.read(userDN, attrArray); + LDAPAttributeSet attrSet = userEntry.getAttributeSet(); + + // Add each attribute into Map + Map attrMap = new HashMap(); + Iterator attrIterator = attrSet.iterator(); + while (attrIterator.hasNext()) { + LDAPAttribute attr = (LDAPAttribute)attrIterator.next(); + String attrName = attr.getName(); + String attrValue = attr.getStringValue(); + attrMap.put(attrName, attrValue); + } + + return attrMap; + } + /** * Returns a UserContext object initialized with data accessible to the * given AuthenticatedUser. diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java index 142c51653..076970737 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java @@ -22,7 +22,7 @@ package org.apache.guacamole.net.auth; import java.io.Serializable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; - +import java.util.Map; /** * Simple arbitrary set of credentials, including a username/password pair, @@ -72,6 +72,29 @@ public class Credentials implements Serializable { */ private transient HttpSession session; + /** + * Arbitrary LDAP attributes specified in guacamole.properties + */ + private Map ldapAttrs; + + /** + * Returns the lDAP attributes associated with this set of credentials. + * @return The LDAP attributes Map associated with this set of credentials, + * or null if no LDAP Attributes have been set. + */ + public Map getLDAPAttributes() { + return ldapAttrs; + } + + /** + * Sets the LDAP attributes associated with this set of credentials. + * @param attributes The LDAP attributes to associate with this set of + * credentials. + */ + public void setLDAPAttributes(Map attributes) { + this.ldapAttrs = attributes; + } + /** * Returns the password associated with this set of credentials. * @return The password associated with this username/password pair, or From ad6be801311b3be14dde68be02f2b72dcdc1d8f9 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Fri, 8 Jun 2018 12:40:02 -0400 Subject: [PATCH 03/25] GUACAMOLE-524: Add LDAP attribute tokens to StandardTokens. In method addStandardTokens(TokenFilter, Credentials), adds each LDAP attribute from credentials.getLDAPAttributes(). Name of token is "USER_ATTR:" + name of attribute and value is the value of the attribute. --- .../guacamole/token/StandardTokens.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index b1b280bee..af8a23124 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -23,6 +23,10 @@ import java.text.SimpleDateFormat; import java.util.Date; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.Credentials; +import java.util.Map; +import java.util.Set; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * Utility class which provides access to standardized token names, as well as @@ -74,6 +78,12 @@ public class StandardTokens { */ private static final String TIME_FORMAT = "HHmmss"; + /** + * Standard prefix to append to beginning of the name of each custom + * LDAP attribute before adding attributes as tokens. + */ + private static final String LDAP_ATTR_PREFIX = "USER_ATTR:"; + /** * This utility class should not be instantiated. */ @@ -134,6 +144,15 @@ public class StandardTokens { if (address != null) filter.setToken(CLIENT_ADDRESS_TOKEN, address); + // Add each custom client LDAP attribute token + Map ldapAttrs = credentials.getLDAPAttributes(); + if (ldapAttrs != null) { + for (Map.Entry attr : ldapAttrs.entrySet()) { + String tokenName = LDAP_ATTR_PREFIX + attr.getKey().toUpperCase(); + filter.setToken(tokenName, attr.getValue()); + } + } + // Add any tokens which do not require credentials addStandardTokens(filter); From 4c1281d8c24fce8a597e1465624010a2c438851b Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Mon, 11 Jun 2018 11:17:06 -0400 Subject: [PATCH 04/25] GUACAMOLE-524: Removed changes to Credentials --- .../guacamole/net/auth/Credentials.java | 25 +------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java index 076970737..142c51653 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java @@ -22,7 +22,7 @@ package org.apache.guacamole.net.auth; import java.io.Serializable; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; -import java.util.Map; + /** * Simple arbitrary set of credentials, including a username/password pair, @@ -72,29 +72,6 @@ public class Credentials implements Serializable { */ private transient HttpSession session; - /** - * Arbitrary LDAP attributes specified in guacamole.properties - */ - private Map ldapAttrs; - - /** - * Returns the lDAP attributes associated with this set of credentials. - * @return The LDAP attributes Map associated with this set of credentials, - * or null if no LDAP Attributes have been set. - */ - public Map getLDAPAttributes() { - return ldapAttrs; - } - - /** - * Sets the LDAP attributes associated with this set of credentials. - * @param attributes The LDAP attributes to associate with this set of - * credentials. - */ - public void setLDAPAttributes(Map attributes) { - this.ldapAttrs = attributes; - } - /** * Returns the password associated with this set of credentials. * @return The password associated with this username/password pair, or From 165d3d0d0de0d6cfd2f089138974fd152feb8ca6 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Mon, 11 Jun 2018 14:59:12 -0400 Subject: [PATCH 05/25] GUACAMOLE-524: Add Custom Attributes to Tokens Added method to add custom map of tokens to StandardTokens. --- .../guacamole/token/StandardTokens.java | 43 ++++++++++++------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index af8a23124..b34b99544 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -25,8 +25,6 @@ import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.Credentials; import java.util.Map; import java.util.Set; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; /** * Utility class which provides access to standardized token names, as well as @@ -79,11 +77,10 @@ public class StandardTokens { private static final String TIME_FORMAT = "HHmmss"; /** - * Standard prefix to append to beginning of the name of each custom - * LDAP attribute before adding attributes as tokens. + * The prefix of the arbitrary attribute tokens. */ - private static final String LDAP_ATTR_PREFIX = "USER_ATTR:"; - + public static final String ATTR_TOKEN_PREFIX = "GUAC_ATTR:"; + /** * This utility class should not be instantiated. */ @@ -144,15 +141,6 @@ public class StandardTokens { if (address != null) filter.setToken(CLIENT_ADDRESS_TOKEN, address); - // Add each custom client LDAP attribute token - Map ldapAttrs = credentials.getLDAPAttributes(); - if (ldapAttrs != null) { - for (Map.Entry attr : ldapAttrs.entrySet()) { - String tokenName = LDAP_ATTR_PREFIX + attr.getKey().toUpperCase(); - filter.setToken(tokenName, attr.getValue()); - } - } - // Add any tokens which do not require credentials addStandardTokens(filter); @@ -185,4 +173,29 @@ public class StandardTokens { } + /** + * Add attribute tokens to StandardTokens. These are arbitrary + * key/value pairs that may be configured by the various authentication + * extensions. + * + * @param filter + * The TokenFilter to add attributes tokens to. + * + * @param attributes + * The map of key/value pairs to add tokens for. + */ + public static void addAttributeTokens(TokenFilter filter, + Map attributes) { + + if (attributes != null) { + for (Map.Entry entry : attributes.entrySet()) { + String key = entry.getKey().toString(); + String tokenName = ATTR_TOKEN_PREFIX + key.toUpperCase(); + String tokenValue = entry.getValue().toString(); + filter.setToken(tokenName, tokenValue); + } + } + + } + } From 64e29b952bba5231d43c73b51dc5bef0377188e9 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Mon, 11 Jun 2018 15:05:20 -0400 Subject: [PATCH 06/25] GUACAMOLE-524: Add arbitrary attributes on AuthenticatedUser Add attribute map to AuthenticatedUser along with methods for retrieving and setting map. Also, make AuthenticatedUser implement Attributes. --- .../auth/ldap/user/AuthenticatedUser.java | 75 ++++++++++++++++++- 1 file changed, 74 insertions(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java index 669efcd54..86c4de1dc 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java @@ -20,7 +20,10 @@ package org.apache.guacamole.auth.ldap.user; import com.google.inject.Inject; +import java.util.Map; +import java.util.HashMap; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; +import org.apache.guacamole.net.auth.Attributes; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; @@ -28,7 +31,8 @@ import org.apache.guacamole.net.auth.Credentials; * An LDAP-specific implementation of AuthenticatedUser, associating a * particular set of credentials with the LDAP authentication provider. */ -public class AuthenticatedUser extends AbstractAuthenticatedUser { +public class AuthenticatedUser extends AbstractAuthenticatedUser + implements Attributes { /** * Reference to the authentication provider associated with this @@ -42,6 +46,11 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { */ private Credentials credentials; + /** + * Arbitrary attributes associated with this AuthenticatedUser object. + */ + private Map attributes = new HashMap(); + /** * Initializes this AuthenticatedUser using the given credentials. * @@ -53,6 +62,70 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { setIdentifier(credentials.getUsername()); } + /** + * Get a map of attributes associated with this AuthenticatedUser. + * + * @return + * The Map of arbitrary attributes associated with this + * AuthenticatedUser object. + */ + public Map getAttributes() { + return attributes; + } + + /** + * Sets a map of attributes associated with this AuthenticatedUser. + * + * @param attributes + * A map of attribute key/value pairs to add to this AuthenticatedUser. + */ + public void setAttributes(Map attributes) { + this.attributes = attributes; + } + + /** + * Add the Map of attributes to the current set, without completely + * replacing the existing set. However, if duplicate keys exist the new + * values will replace any existing ones. + * + * @param attributes + * A Map of attributes to add to the existing attributes, without + * completely overwriting them. + */ + public void addAttributes(Map attributes) { + this.attributes.putAll(attributes); + } + + /** + * Retrieve a single attribute value from the map of arbitrary attributes + * stored in this AuthenticatedUser object. + * + * @param key + * The key of the attribute to retrieve. + * + * @return + * The value of the attribute with the specified key. + */ + public String getAttribute(String key) { + return attributes.get(key); + } + + /** + * Set the attribute of the given key to the given value, either adding + * a new value if the specified key does not exist, or replacing an existing + * value. + * + * @param key + * The key name of the attribute to set (or overwrite, if it + * already exists). + * + * @param value + * The value of the attribute to set or overwrite. + */ + public void setAttribute(String key, String value) { + attributes.put(key, value); + } + @Override public AuthenticationProvider getAuthenticationProvider() { return authProvider; From f5f9f627868e4cfd2028cd081b912c2b40fcf406 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Mon, 11 Jun 2018 15:14:18 -0400 Subject: [PATCH 07/25] GUACAMOLE-524: Changed to use AuthenticatedUser instead of Credentials Fixed up some code style and add attributes in AuthenticatedUser object. --- .../ldap/AuthenticationProviderService.java | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index 2d28c79be..090dd9396 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -22,7 +22,14 @@ package org.apache.guacamole.auth.ldap; import com.google.inject.Inject; import com.google.inject.Provider; import com.novell.ldap.LDAPConnection; +import com.novell.ldap.LDAPAttributeSet; +import com.novell.ldap.LDAPEntry; +import com.novell.ldap.LDAPAttribute; +import com.novell.ldap.LDAPException; +import java.util.HashMap; import java.util.List; +import java.util.Iterator; +import java.util.Map; import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; import org.apache.guacamole.auth.ldap.user.UserContext; import org.apache.guacamole.GuacamoleException; @@ -33,14 +40,6 @@ import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import java.util.HashMap; -import java.util.Map; -import java.util.List; -import java.util.Iterator; -import com.novell.ldap.LDAPAttributeSet; -import com.novell.ldap.LDAPEntry; -import com.novell.ldap.LDAPAttribute; -import com.novell.ldap.LDAPException; /** * Service providing convenience functions for the LDAP AuthenticationProvider @@ -230,22 +229,21 @@ public class AuthenticationProviderService { throw new GuacamoleInvalidCredentialsException("Permission denied.", CredentialsInfo.USERNAME_PASSWORD); try { - try { - String username = credentials.getUsername(); - Map ldapAttrs = getLDAPAttributes(ldapConnection, username); - credentials.setLDAPAttributes(ldapAttrs); - } - catch (LDAPException e) { - throw new GuacamoleServerException("Error while querying for LDAP User Attributes.", e); - } - // Return AuthenticatedUser if bind succeeds AuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); authenticatedUser.init(credentials); + + //set attributes + String username = credentials.getUsername(); + Map attrs = getLDAPAttributes(ldapConnection, username); + authenticatedUser.setAttributes(attrs); + return authenticatedUser; } - + catch (LDAPException e) { + throw new GuacamoleServerException("Error while querying for User Attributes.", e); + } // Always disconnect finally { ldapService.disconnect(ldapConnection); @@ -275,13 +273,13 @@ public class AuthenticationProviderService { * If an error occurs retrieving the user DN. */ private Map getLDAPAttributes(LDAPConnection ldapConnection, - String username) throws LDAPException, GuacamoleException { + String username) throws LDAPException { // Get attributes from configuration information List attrList = confService.getAttributes(); // If there are no attributes there is no reason to search LDAP - if (attrList.size() == 0) + if (attrList == null || attrList.isEmpty()) return null; // Build LDAP query parameters @@ -294,9 +292,8 @@ public class AuthenticationProviderService { // Add each attribute into Map Map attrMap = new HashMap(); - Iterator attrIterator = attrSet.iterator(); - while (attrIterator.hasNext()) { - LDAPAttribute attr = (LDAPAttribute)attrIterator.next(); + for (Object attrObj : attrSet) { + LDAPAttribute attr = (LDAPAttribute)attrObj; String attrName = attr.getName(); String attrValue = attr.getStringValue(); attrMap.put(attrName, attrValue); From 3abc996658df828885b452c42e59ab847ce33680 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Mon, 11 Jun 2018 15:15:31 -0400 Subject: [PATCH 08/25] GUACAMOLE-524: Add custom attribute tokens with tokenFilter --- .../guacamole/auth/ldap/connection/ConnectionService.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index 3ce00e3f2..67df3bf15 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -36,6 +36,7 @@ import org.apache.guacamole.auth.ldap.EscapingService; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.net.auth.AuthenticatedUser; +//import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.simple.SimpleConnection; import org.apache.guacamole.protocol.GuacamoleConfiguration; @@ -126,6 +127,10 @@ public class ConnectionService { TokenFilter tokenFilter = new TokenFilter(); StandardTokens.addStandardTokens(tokenFilter, user); + // Add custom attribute tokens + Map attrs = ( (org.apache.guacamole.auth.ldap.user.AuthenticatedUser) user).getAttributes(); + StandardTokens.addAttributeTokens(tokenFilter, attrs); + // Produce connections for each readable configuration Map connections = new HashMap(); while (results.hasMore()) { @@ -295,4 +300,3 @@ public class ConnectionService { } } - From 862ab91432ed8638ecea0fd187d95eafa49c58fe Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:33:14 -0400 Subject: [PATCH 09/25] GUACAMOLE-524: Implemented getAttributes and setAttributes to satisfy Attributes interface addition --- .../jdbc/user/RemoteAuthenticatedUser.java | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java index 24118af45..3b16a992b 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java @@ -19,6 +19,8 @@ package org.apache.guacamole.auth.jdbc.user; +import java.util.HashMap; +import java.util.Map; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.http.HttpServletRequest; @@ -67,6 +69,21 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { */ private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$"); + /** + * Arbitrary attributes associated with this RemoteAuthenticatedUser object. + */ + private Map attributes = new HashMap(); + + @Override + public Map getAttributes() { + return attributes; + } + + @Override + public void setAttributes(Map attributes) { + this.attributes = attributes; + } + /** * Derives the remote host of the authenticating user from the given * credentials object. The remote host is derived from X-Forwarded-For @@ -98,7 +115,7 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { return request.getRemoteAddr(); } - + /** * Creates a new RemoteAuthenticatedUser, deriving the associated remote * host from the given credentials. @@ -106,7 +123,7 @@ public abstract class RemoteAuthenticatedUser implements AuthenticatedUser { * @param authenticationProvider * The AuthenticationProvider that has authenticated the given user. * - * @param credentials + * @param credentials * The credentials given by the user when they authenticated. */ public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider, From 3548f8c6550e645b7a27683f7b3c4ab67d936f7d Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:37:31 -0400 Subject: [PATCH 10/25] GUACAMOLE-524: Removed implements Attributes and fixed up code --- .../apache/guacamole/auth/ldap/user/AuthenticatedUser.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java index 86c4de1dc..fceaf9dbd 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java @@ -20,8 +20,8 @@ package org.apache.guacamole.auth.ldap.user; import com.google.inject.Inject; -import java.util.Map; import java.util.HashMap; +import java.util.Map; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; import org.apache.guacamole.net.auth.Attributes; import org.apache.guacamole.net.auth.AuthenticationProvider; @@ -31,8 +31,7 @@ import org.apache.guacamole.net.auth.Credentials; * An LDAP-specific implementation of AuthenticatedUser, associating a * particular set of credentials with the LDAP authentication provider. */ -public class AuthenticatedUser extends AbstractAuthenticatedUser - implements Attributes { +public class AuthenticatedUser extends AbstractAuthenticatedUser { /** * Reference to the authentication provider associated with this @@ -69,6 +68,7 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser * The Map of arbitrary attributes associated with this * AuthenticatedUser object. */ + @Override public Map getAttributes() { return attributes; } @@ -79,6 +79,7 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser * @param attributes * A map of attribute key/value pairs to add to this AuthenticatedUser. */ + @Override public void setAttributes(Map attributes) { this.attributes = attributes; } From d27f8f9b3ec375b1d7204345e971427fef499fee Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:40:50 -0400 Subject: [PATCH 11/25] GUACAMOLE-524: Removed weird casting --- .../guacamole/auth/ldap/connection/ConnectionService.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index 67df3bf15..e6e5c5c13 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -36,7 +36,6 @@ import org.apache.guacamole.auth.ldap.EscapingService; import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleServerException; import org.apache.guacamole.net.auth.AuthenticatedUser; -//import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.simple.SimpleConnection; import org.apache.guacamole.protocol.GuacamoleConfiguration; @@ -128,7 +127,7 @@ public class ConnectionService { StandardTokens.addStandardTokens(tokenFilter, user); // Add custom attribute tokens - Map attrs = ( (org.apache.guacamole.auth.ldap.user.AuthenticatedUser) user).getAttributes(); + Map attrs = user.getAttributes(); StandardTokens.addAttributeTokens(tokenFilter, attrs); // Produce connections for each readable configuration From 00b33daea7f678d2af56d43427d8dd8edd12531a Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:42:30 -0400 Subject: [PATCH 12/25] GUACAMOLE-524: Fixed try block, exceptions, and import order --- .../ldap/AuthenticationProviderService.java | 33 ++++++++++--------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index 090dd9396..8e51c37df 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -27,8 +27,8 @@ import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPAttribute; import com.novell.ldap.LDAPException; import java.util.HashMap; -import java.util.List; import java.util.Iterator; +import java.util.List; import java.util.Map; import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; import org.apache.guacamole.auth.ldap.user.UserContext; @@ -241,9 +241,6 @@ public class AuthenticationProviderService { return authenticatedUser; } - catch (LDAPException e) { - throw new GuacamoleServerException("Error while querying for User Attributes.", e); - } // Always disconnect finally { ldapService.disconnect(ldapConnection); @@ -258,6 +255,7 @@ public class AuthenticationProviderService { * * @param ldapConnection * LDAP connection to find the custom LDAP attributes. + * * @param username * The username of the user whose attributes are queried. * @@ -273,7 +271,7 @@ public class AuthenticationProviderService { * If an error occurs retrieving the user DN. */ private Map getLDAPAttributes(LDAPConnection ldapConnection, - String username) throws LDAPException { + String username) throws GuacamoleException { // Get attributes from configuration information List attrList = confService.getAttributes(); @@ -286,17 +284,22 @@ public class AuthenticationProviderService { String[] attrArray = attrList.toArray(new String[attrList.size()]); String userDN = getUserBindDN(username); - // Get LDAP attributes by querying LDAP - LDAPEntry userEntry = ldapConnection.read(userDN, attrArray); - LDAPAttributeSet attrSet = userEntry.getAttributeSet(); - - // Add each attribute into Map Map attrMap = new HashMap(); - for (Object attrObj : attrSet) { - LDAPAttribute attr = (LDAPAttribute)attrObj; - String attrName = attr.getName(); - String attrValue = attr.getStringValue(); - attrMap.put(attrName, attrValue); + try { + // Get LDAP attributes by querying LDAP + LDAPEntry userEntry = ldapConnection.read(userDN, attrArray); + LDAPAttributeSet attrSet = userEntry.getAttributeSet(); + + // Add each attribute into Map + for (Object attrObj : attrSet) { + LDAPAttribute attr = (LDAPAttribute)attrObj; + String attrName = attr.getName(); + String attrValue = attr.getStringValue(); + attrMap.put(attrName, attrValue); + } + } + catch (LDAPException e) { + throw new GuacamoleServerException("Error while querying for User Attributes.", e); } return attrMap; From fa33c98ddc641c8598ee0025afc98c1d75298f4c Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:44:10 -0400 Subject: [PATCH 13/25] GUACAMOLE-524: Implements Attributes and provides getAttributes and setAttributes default methods --- .../guacamole/net/auth/AbstractAuthenticatedUser.java | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java index 36c4571e0..f0691e131 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java @@ -20,6 +20,7 @@ package org.apache.guacamole.net.auth; import java.util.Collections; +import java.util.Map; import java.util.Set; /** @@ -41,4 +42,12 @@ public abstract class AbstractAuthenticatedUser extends AbstractIdentifiable // Nothing to invalidate } + public Map getAttributes() { + return Collections.emptyMap(); + } + + public void setAttributes(Map attributes) { + //do nothing + } + } From cde13be0cf3755f3a41dff588e36e9c31f5cce5c Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:45:06 -0400 Subject: [PATCH 14/25] GUACAMOLE-524: Add implements Attributes --- .../java/org/apache/guacamole/net/auth/AuthenticatedUser.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java index a799937e8..14f25978a 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AuthenticatedUser.java @@ -25,7 +25,7 @@ import java.util.Set; * A user of the Guacamole web application who has been authenticated by an * AuthenticationProvider. */ -public interface AuthenticatedUser extends Identifiable { +public interface AuthenticatedUser extends Identifiable, Attributes { /** * The identifier reserved for representing a user that has authenticated From 36bbdce7b1be9f90195ad7d673537aa785217b97 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 11:46:21 -0400 Subject: [PATCH 15/25] GUACAMOLE-524: Fix order of imports. --- .../java/org/apache/guacamole/token/StandardTokens.java | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index b34b99544..d61e617f5 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -21,11 +21,10 @@ package org.apache.guacamole.token; import java.text.SimpleDateFormat; import java.util.Date; -import org.apache.guacamole.net.auth.AuthenticatedUser; -import org.apache.guacamole.net.auth.Credentials; import java.util.Map; import java.util.Set; - +import org.apache.guacamole.net.auth.AuthenticatedUser; +import org.apache.guacamole.net.auth.Credentials; /** * Utility class which provides access to standardized token names, as well as * facilities for generating those tokens from common objects. @@ -80,7 +79,7 @@ public class StandardTokens { * The prefix of the arbitrary attribute tokens. */ public static final String ATTR_TOKEN_PREFIX = "GUAC_ATTR:"; - + /** * This utility class should not be instantiated. */ From 4791adaa46c8d9e3a0fc9cfcea38e10abf408913 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Tue, 12 Jun 2018 16:21:52 -0400 Subject: [PATCH 16/25] GUACAMOLE-524: Fixed up code style and comments Also added Override tag in AbstractAuthenticatedUser on getAttributes and setAttributes. --- .../auth/ldap/AuthenticationProviderService.java | 9 ++++----- .../guacamole/auth/ldap/ConfigurationService.java | 3 +-- .../guacamole/auth/ldap/user/AuthenticatedUser.java | 13 ------------- .../net/auth/AbstractAuthenticatedUser.java | 2 ++ .../org/apache/guacamole/token/StandardTokens.java | 1 + 5 files changed, 8 insertions(+), 20 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index 8e51c37df..fa7ed932d 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -197,7 +197,8 @@ public class AuthenticationProviderService { /** * Returns an AuthenticatedUser representing the user authenticated by the - * given credentials. Also adds custom LDAP attributes to credentials object. + * given credentials. Also adds custom LDAP attributes to the + * AuthenticatedUser. * * @param credentials * The credentials to use for authentication. @@ -233,7 +234,7 @@ public class AuthenticationProviderService { AuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); authenticatedUser.init(credentials); - //set attributes + // Set attributes String username = credentials.getUsername(); Map attrs = getLDAPAttributes(ldapConnection, username); authenticatedUser.setAttributes(attrs); @@ -293,9 +294,7 @@ public class AuthenticationProviderService { // Add each attribute into Map for (Object attrObj : attrSet) { LDAPAttribute attr = (LDAPAttribute)attrObj; - String attrName = attr.getName(); - String attrValue = attr.getStringValue(); - attrMap.put(attrName, attrValue); + attrMap.put(attr.getName(), attr.getStringValue()); } } catch (LDAPException e) { diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java index 4b82e3da2..de7c71ce2 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/ConfigurationService.java @@ -348,8 +348,7 @@ public class ConfigurationService { * Returns names for custom LDAP user attributes. * * @return - * LDAP user attributes as defined in the guacamole.properties file - * as ldap-user-attributes: '' + * Custom LDAP user attributes as configured in guacamole.properties. * * @throws GuacamoleException * If guacamole.properties cannot be parsed. diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java index fceaf9dbd..5b3115a71 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java @@ -61,24 +61,11 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { setIdentifier(credentials.getUsername()); } - /** - * Get a map of attributes associated with this AuthenticatedUser. - * - * @return - * The Map of arbitrary attributes associated with this - * AuthenticatedUser object. - */ @Override public Map getAttributes() { return attributes; } - /** - * Sets a map of attributes associated with this AuthenticatedUser. - * - * @param attributes - * A map of attribute key/value pairs to add to this AuthenticatedUser. - */ @Override public void setAttributes(Map attributes) { this.attributes = attributes; diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java index f0691e131..828ad8904 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/AbstractAuthenticatedUser.java @@ -42,10 +42,12 @@ public abstract class AbstractAuthenticatedUser extends AbstractIdentifiable // Nothing to invalidate } + @Override public Map getAttributes() { return Collections.emptyMap(); } + @Override public void setAttributes(Map attributes) { //do nothing } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index d61e617f5..1039091e7 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -25,6 +25,7 @@ import java.util.Map; import java.util.Set; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.Credentials; + /** * Utility class which provides access to standardized token names, as well as * facilities for generating those tokens from common objects. From 58c8f3e111325575fce70788278c6fe73375025e Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Wed, 13 Jun 2018 10:34:41 -0400 Subject: [PATCH 17/25] GUACAMOLE-524: Fixed Javadoc and removed unnecessary methods --- .../ldap/AuthenticationProviderService.java | 2 +- .../auth/ldap/user/AuthenticatedUser.java | 43 ------------------- 2 files changed, 1 insertion(+), 44 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index fa7ed932d..834dbb924 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -269,7 +269,7 @@ public class AuthenticationProviderService { * If an error occurs while searching for the user attributes. * * @throws GuacamoleException - * If an error occurs retrieving the user DN. + * If an error occurs retrieving the user DN or the attributes. */ private Map getLDAPAttributes(LDAPConnection ldapConnection, String username) throws GuacamoleException { diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java index 5b3115a71..914d4cd01 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java @@ -71,49 +71,6 @@ public class AuthenticatedUser extends AbstractAuthenticatedUser { this.attributes = attributes; } - /** - * Add the Map of attributes to the current set, without completely - * replacing the existing set. However, if duplicate keys exist the new - * values will replace any existing ones. - * - * @param attributes - * A Map of attributes to add to the existing attributes, without - * completely overwriting them. - */ - public void addAttributes(Map attributes) { - this.attributes.putAll(attributes); - } - - /** - * Retrieve a single attribute value from the map of arbitrary attributes - * stored in this AuthenticatedUser object. - * - * @param key - * The key of the attribute to retrieve. - * - * @return - * The value of the attribute with the specified key. - */ - public String getAttribute(String key) { - return attributes.get(key); - } - - /** - * Set the attribute of the given key to the given value, either adding - * a new value if the specified key does not exist, or replacing an existing - * value. - * - * @param key - * The key name of the attribute to set (or overwrite, if it - * already exists). - * - * @param value - * The value of the attribute to set or overwrite. - */ - public void setAttribute(String key, String value) { - attributes.put(key, value); - } - @Override public AuthenticationProvider getAuthenticationProvider() { return authProvider; From 590f7311dba07bcb574b0fa53de6e9cdb199754e Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Wed, 13 Jun 2018 11:31:03 -0400 Subject: [PATCH 18/25] GUACAMOLE-524: Updated comments and imports --- .../guacamole/auth/ldap/AuthenticationProviderService.java | 3 --- .../org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java | 1 - 2 files changed, 4 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index 834dbb924..ee5226eac 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -265,9 +265,6 @@ public class AuthenticationProviderService { * given LDAP connection, as a map of attribute name to * corresponding attribute value. * - * @throws LDAPException - * If an error occurs while searching for the user attributes. - * * @throws GuacamoleException * If an error occurs retrieving the user DN or the attributes. */ diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java index 914d4cd01..8e9926753 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/AuthenticatedUser.java @@ -23,7 +23,6 @@ import com.google.inject.Inject; import java.util.HashMap; import java.util.Map; import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; -import org.apache.guacamole.net.auth.Attributes; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; From 3d4f465c1076a851db8b40535370b6f9e23c533d Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Wed, 13 Jun 2018 14:12:50 -0400 Subject: [PATCH 19/25] GUACAMOLE-524: Fixed Order of imports --- .../guacamole/auth/ldap/AuthenticationProviderService.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index ee5226eac..08455696b 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -21,11 +21,12 @@ package org.apache.guacamole.auth.ldap; import com.google.inject.Inject; import com.google.inject.Provider; -import com.novell.ldap.LDAPConnection; -import com.novell.ldap.LDAPAttributeSet; -import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPAttribute; +import com.novell.ldap.LDAPAttributeSet; +import com.novell.ldap.LDAPConnection; +import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; +import com.novell.ldap.LDAPReferralException; import java.util.HashMap; import java.util.Iterator; import java.util.List; From 49c3f11854fadd87e3e4cff38d75a11a4d98bc74 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Thu, 14 Jun 2018 11:08:50 -0400 Subject: [PATCH 20/25] GUACAMOLE-524: Changed addStandardTokens so user.getAttributes is called --- .../guacamole/auth/ldap/connection/ConnectionService.java | 4 ---- .../main/java/org/apache/guacamole/token/StandardTokens.java | 2 ++ 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java index e6e5c5c13..a282f3036 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/connection/ConnectionService.java @@ -126,10 +126,6 @@ public class ConnectionService { TokenFilter tokenFilter = new TokenFilter(); StandardTokens.addStandardTokens(tokenFilter, user); - // Add custom attribute tokens - Map attrs = user.getAttributes(); - StandardTokens.addAttributeTokens(tokenFilter, attrs); - // Produce connections for each readable configuration Map connections = new HashMap(); while (results.hasMore()) { diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index 1039091e7..760748179 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -171,6 +171,8 @@ public class StandardTokens { // Add tokens specific to credentials addStandardTokens(filter, user.getCredentials()); + // Add custom attribute tokens + addAttributeTokens(filter, user.getAttributes()); } /** From 653b4e0134cbef23bcb0f228caf80ad84a0e67cb Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Thu, 14 Jun 2018 11:15:57 -0400 Subject: [PATCH 21/25] Updated JavaDoc for addStandardTokens --- .../java/org/apache/guacamole/token/StandardTokens.java | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index 760748179..b98badec1 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -150,10 +150,11 @@ public class StandardTokens { * Adds tokens which are standardized by guacamole-ext to the given * TokenFilter using the values from the given AuthenticatedUser object, * including any associated credentials. These standardized tokens include - * the current username (GUAC_USERNAME), password (GUAC_PASSWORD), and the - * server date and time (GUAC_DATE and GUAC_TIME respectively). If either - * the username or password are not set within the given user or their - * provided credentials, the corresponding token(s) will remain unset. + * the current username (GUAC_USERNAME), password (GUAC_PASSWORD), the + * server date and time (GUAC_DATE and GUAC_TIME respectively), and custom + * user attributes. If either the username or password are not set within + * the given user or their provided credentials, the corresponding token(s) + * will remain unset. * * @param filter * The TokenFilter to add standard tokens to. From 0964c46f4fa30f2a5cfa8b750055b2027f6476d9 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Fri, 15 Jun 2018 09:37:01 -0400 Subject: [PATCH 22/25] GUACAMOLE-524: Fixed RegEx for attribute tokens by removing ':' --- .../main/java/org/apache/guacamole/token/StandardTokens.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index b98badec1..5c64324e1 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -79,7 +79,7 @@ public class StandardTokens { /** * The prefix of the arbitrary attribute tokens. */ - public static final String ATTR_TOKEN_PREFIX = "GUAC_ATTR:"; + public static final String ATTR_TOKEN_PREFIX = "GUAC_ATTR_"; /** * This utility class should not be instantiated. From f24a6a8b9dbe76543e1af9c1c70616049d05312e Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Fri, 15 Jun 2018 10:49:05 -0400 Subject: [PATCH 23/25] GUACAMOLE-524: Added attributes in ModeledAuthenticatedUser --- .../auth/jdbc/user/ModeledAuthenticatedUser.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java index 8c201d004..019c9ae38 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java @@ -26,6 +26,11 @@ import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import java.util.Map; + + /** * Associates a user with the credentials they used to authenticate, their * corresponding ModeledUser, and the AuthenticationProvider which produced @@ -79,6 +84,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials()); this.modelAuthenticationProvider = modelAuthenticationProvider; this.user = user; + this.setAttributes(authenticatedUser.getAttributes()); } /** @@ -93,7 +99,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { * A ModeledUser object which is backed by the data associated with * this user in the database. * - * @param credentials + * @param credentials * The credentials given by the user when they authenticated. */ public ModeledAuthenticatedUser(AuthenticationProvider authenticationProvider, @@ -107,7 +113,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { * Returns a ModeledUser object which is backed by the data associated with * this user within the database. * - * @return + * @return * A ModeledUser object which is backed by the data associated with * this user in the database. */ From cb4f284760c6782ebd50d381db96b263dc5a24fd Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Fri, 15 Jun 2018 12:20:02 -0400 Subject: [PATCH 24/25] GUACAMOLE-524: Changed this to super and removed debugging stuff --- .../guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java index 019c9ae38..f51d08677 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledAuthenticatedUser.java @@ -26,11 +26,6 @@ import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import java.util.Map; - - /** * Associates a user with the credentials they used to authenticate, their * corresponding ModeledUser, and the AuthenticationProvider which produced @@ -84,7 +79,7 @@ public class ModeledAuthenticatedUser extends RemoteAuthenticatedUser { super(authenticatedUser.getAuthenticationProvider(), authenticatedUser.getCredentials()); this.modelAuthenticationProvider = modelAuthenticationProvider; this.user = user; - this.setAttributes(authenticatedUser.getAttributes()); + super.setAttributes(authenticatedUser.getAttributes()); } /** From 927c04b9d47aaa0089133ce7b4ae9e32d92b70b9 Mon Sep 17 00:00:00 2001 From: Jared Frees Date: Thu, 21 Jun 2018 11:02:18 -0400 Subject: [PATCH 25/25] GUACAMOLE-524: Removed unused imports, fixed comments, and condensed code --- .../guacamole/auth/ldap/AuthenticationProviderService.java | 6 +----- .../apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java | 4 ++-- .../java/org/apache/guacamole/token/StandardTokens.java | 2 +- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java index 08455696b..547b71db5 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/AuthenticationProviderService.java @@ -26,9 +26,7 @@ import com.novell.ldap.LDAPAttributeSet; import com.novell.ldap.LDAPConnection; import com.novell.ldap.LDAPEntry; import com.novell.ldap.LDAPException; -import com.novell.ldap.LDAPReferralException; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; import org.apache.guacamole.auth.ldap.user.AuthenticatedUser; @@ -236,9 +234,7 @@ public class AuthenticationProviderService { authenticatedUser.init(credentials); // Set attributes - String username = credentials.getUsername(); - Map attrs = getLDAPAttributes(ldapConnection, username); - authenticatedUser.setAttributes(attrs); + authenticatedUser.setAttributes(getLDAPAttributes(ldapConnection, credentials.getUsername())); return authenticatedUser; diff --git a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java index 55ed37b41..6372d81e0 100644 --- a/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java +++ b/extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/LDAPGuacamoleProperties.java @@ -206,8 +206,8 @@ public class LDAPGuacamoleProperties { }; /** - * Custom attribute or attributes in Guacamole user's record in the - * LDAP directory. + * Custom attribute or attributes to query from Guacamole user's record in + * the LDAP directory. */ public static final StringListProperty LDAP_USER_ATTRIBUTES = new StringListProperty() { diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index 5c64324e1..8faca158f 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -182,7 +182,7 @@ public class StandardTokens { * extensions. * * @param filter - * The TokenFilter to add attributes tokens to. + * The TokenFilter to add attribute tokens to. * * @param attributes * The map of key/value pairs to add tokens for.