From b336e26cb2e4cda2f309f5cf0c26875099dcdaa7 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sat, 28 Jan 2017 11:23:31 -0800 Subject: [PATCH] GUACAMOLE-47: Store remote address and hostname within Credentials. --- .../guacamole/net/auth/Credentials.java | 65 +++++++++++++++++++ .../guacamole/token/StandardTokens.java | 16 +++-- .../guacamole/rest/auth/TokenRESTService.java | 2 + .../guacamole/rest/user/UserResource.java | 2 + 4 files changed, 78 insertions(+), 7 deletions(-) diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java index e6bb846fb..d9ea2d66f 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/net/auth/Credentials.java @@ -51,6 +51,19 @@ public class Credentials implements Serializable { */ private String password; + /** + * The address of the client end of the connection which provided these + * credentials, if known. + */ + private String remoteAddress; + + /** + * The hostname or, if the hostname cannot be determined, the address of + * the client end of the connection which provided these credentials, if + * known. + */ + private String remoteHostname; + /** * The HttpServletRequest carrying additional credentials, if any. */ @@ -133,4 +146,56 @@ public class Credentials implements Serializable { this.session = session; } + /** + * Returns the address of the client end of the connection which provided + * these credentials, if known. + * + * @return + * The address of the client end of the connection which provided these + * credentials, or null if the address is not known. + */ + public String getRemoteAddress() { + return remoteAddress; + } + + /** + * Sets the address of the client end of the connection which provided + * these credentials. + * + * @param remoteAddress + * The address of the client end of the connection which provided these + * credentials, or null if the address is not known. + */ + public void setRemoteAddress(String remoteAddress) { + this.remoteAddress = remoteAddress; + } + + /** + * Returns the hostname of the client end of the connection which provided + * these credentials, if known. If the hostname of the client cannot be + * determined, but the address is known, the address may be returned + * instead. + * + * @return + * The hostname or address of the client end of the connection which + * provided these credentials, or null if the hostname is not known. + */ + public String getRemoteHostname() { + return remoteHostname; + } + + /** + * Sets the hostname of the client end of the connection which provided + * these credentials, if known. If the hostname of the client cannot be + * determined, but the address is known, the address may be specified + * instead. + * + * @param remoteHostname + * The hostname or address of the client end of the connection which + * provided these credentials, or null if the hostname is not known. + */ + public void setRemoteHostname(String remoteHostname) { + this.remoteHostname = remoteHostname; + } + } diff --git a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java index 2d0dd3401..04058fe08 100644 --- a/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java +++ b/guacamole-ext/src/main/java/org/apache/guacamole/token/StandardTokens.java @@ -21,7 +21,6 @@ package org.apache.guacamole.token; import java.text.SimpleDateFormat; import java.util.Date; -import javax.servlet.http.HttpServletRequest; import org.apache.guacamole.net.auth.Credentials; /** @@ -126,12 +125,15 @@ public class StandardTokens { if (password != null) filter.setToken(PASSWORD_TOKEN, password); - // Add client hostname and ip tokens - HttpServletRequest request = credentials.getRequest(); - if (request != null) { - filter.setToken(CLIENT_HOSTNAME_TOKEN, request.getRemoteHost()); - filter.setToken(CLIENT_ADDRESS_TOKEN, request.getRemoteAddr()); - } + // Add client hostname token + String hostname = credentials.getRemoteHostname(); + if (hostname != null) + filter.setToken(CLIENT_HOSTNAME_TOKEN, hostname); + + // Add client address token + String address = credentials.getRemoteAddress(); + if (address != null) + filter.setToken(CLIENT_ADDRESS_TOKEN, address); // Add any tokens which do not require credentials addStandardTokens(filter); diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java index 14adeb542..2ba6459d5 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/auth/TokenRESTService.java @@ -125,6 +125,8 @@ public class TokenRESTService { credentials.setPassword(password); credentials.setRequest(request); credentials.setSession(request.getSession(true)); + credentials.setRemoteAddress(request.getRemoteAddr()); + credentials.setRemoteHostname(request.getRemoteHost()); return credentials; diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java index 7329a0253..a0ca3ecbd 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/user/UserResource.java @@ -130,6 +130,8 @@ public class UserResource credentials.setPassword(userPasswordUpdate.getOldPassword()); credentials.setRequest(request); credentials.setSession(request.getSession(true)); + credentials.setRemoteAddress(request.getRemoteAddr()); + credentials.setRemoteHostname(request.getRemoteHost()); // Verify that the old password was correct try {