mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 13:17:41 +00:00
GUACAMOLE-53: Merge addition of session affinity.
This commit is contained in:
James Muehlner
@@ -54,6 +54,12 @@ public class ConnectionGroupModel extends GroupedObjectModel {
|
||||
*/
|
||||
private Integer maxConnectionsPerUser;
|
||||
|
||||
/**
|
||||
* Whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*/
|
||||
private boolean sessionAffinityEnabled;
|
||||
|
||||
/**
|
||||
* Creates a new, empty connection group.
|
||||
*/
|
||||
@@ -156,6 +162,30 @@ public class ConnectionGroupModel extends GroupedObjectModel {
|
||||
this.maxConnectionsPerUser = maxConnectionsPerUser;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*
|
||||
* @return
|
||||
* Whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*/
|
||||
public boolean isSessionAffinityEnabled() {
|
||||
return sessionAffinityEnabled;
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*
|
||||
* @param sessionAffinityEnabled
|
||||
* Whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*/
|
||||
public void setSessionAffinityEnabled(boolean sessionAffinityEnabled) {
|
||||
this.sessionAffinityEnabled = sessionAffinityEnabled;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getIdentifier() {
|
||||
|
||||
|
||||
@@ -26,11 +26,12 @@ import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import org.apache.guacamole.auth.jdbc.connection.ConnectionService;
|
||||
import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
|
||||
import org.apache.guacamole.GuacamoleException;
|
||||
import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
|
||||
import org.apache.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject;
|
||||
import org.apache.guacamole.auth.jdbc.connection.ConnectionService;
|
||||
import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
|
||||
import org.apache.guacamole.form.BooleanField;
|
||||
import org.apache.guacamole.form.Field;
|
||||
import org.apache.guacamole.form.Form;
|
||||
import org.apache.guacamole.form.NumericField;
|
||||
@@ -67,13 +68,21 @@ public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<Connec
|
||||
*/
|
||||
public static final String MAX_CONNECTIONS_PER_USER_NAME = "max-connections-per-user";
|
||||
|
||||
/**
|
||||
* The name of the attribute which controls whether individual users will be
|
||||
* consistently assigned the same connection within a balancing group until
|
||||
* they log out.
|
||||
*/
|
||||
public static final String ENABLE_SESSION_AFFINITY = "enable-session-affinity";
|
||||
|
||||
/**
|
||||
* All attributes related to restricting user accounts, within a logical
|
||||
* form.
|
||||
*/
|
||||
public static final Form CONCURRENCY_LIMITS = new Form("concurrency", Arrays.<Field>asList(
|
||||
new NumericField(MAX_CONNECTIONS_NAME),
|
||||
new NumericField(MAX_CONNECTIONS_PER_USER_NAME)
|
||||
new NumericField(MAX_CONNECTIONS_PER_USER_NAME),
|
||||
new BooleanField(ENABLE_SESSION_AFFINITY, "true")
|
||||
));
|
||||
|
||||
/**
|
||||
@@ -168,6 +177,10 @@ public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<Connec
|
||||
// Set per-user connection limit attribute
|
||||
attributes.put(MAX_CONNECTIONS_PER_USER_NAME, NumericField.format(getModel().getMaxConnectionsPerUser()));
|
||||
|
||||
// Set session affinity attribute
|
||||
attributes.put(ENABLE_SESSION_AFFINITY,
|
||||
getModel().isSessionAffinityEnabled() ? "true" : "");
|
||||
|
||||
return attributes;
|
||||
}
|
||||
|
||||
@@ -188,6 +201,10 @@ public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<Connec
|
||||
logger.debug("Unable to parse numeric attribute.", e);
|
||||
}
|
||||
|
||||
// Translate session affinity attribute
|
||||
getModel().setSessionAffinityEnabled(
|
||||
"true".equals(attributes.get(ENABLE_SESSION_AFFINITY)));
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -240,5 +257,16 @@ public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<Connec
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*
|
||||
* @return
|
||||
* Whether individual users should be consistently assigned the same
|
||||
* connection within a balancing group until they log out.
|
||||
*/
|
||||
public boolean isSessionAffinityEnabled() {
|
||||
return getModel().isSessionAffinityEnabled();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -412,6 +412,43 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Filters the given collection of connection identifiers, returning a new
|
||||
* collection which contains only those identifiers which are preferred. If
|
||||
* no connection identifiers within the given collection are preferred, the
|
||||
* collection is left untouched.
|
||||
*
|
||||
* @param user
|
||||
* The user whose preferred connections should be used to filter the
|
||||
* given collection of connection identifiers.
|
||||
*
|
||||
* @param identifiers
|
||||
* The collection of connection identifiers that should be filtered.
|
||||
*
|
||||
* @return
|
||||
* A collection of connection identifiers containing only the subset of
|
||||
* connection identifiers which are also preferred or, if none of the
|
||||
* provided identifiers are preferred, the original collection of
|
||||
* identifiers.
|
||||
*/
|
||||
private Collection<String> getPreferredConnections(AuthenticatedUser user,
|
||||
Collection<String> identifiers) {
|
||||
|
||||
// Search provided identifiers for any preferred connections
|
||||
for (String identifier : identifiers) {
|
||||
|
||||
// If at least one prefferred connection is found, assume it is the
|
||||
// only preferred connection
|
||||
if (user.isPreferredConnection(identifier))
|
||||
return Collections.singletonList(identifier);
|
||||
|
||||
}
|
||||
|
||||
// No preferred connections were found
|
||||
return identifiers;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a list of all balanced connections within a given connection
|
||||
* group. If the connection group is not balancing, or it contains no
|
||||
@@ -440,6 +477,10 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
if (identifiers.isEmpty())
|
||||
return Collections.<ModeledConnection>emptyList();
|
||||
|
||||
// Restrict to preferred connections if session affinity is enabled
|
||||
if (connectionGroup.isSessionAffinityEnabled())
|
||||
identifiers = getPreferredConnections(user, identifiers);
|
||||
|
||||
// Retrieve all children
|
||||
Collection<ConnectionModel> models = connectionMapper.select(identifiers);
|
||||
List<ModeledConnection> connections = new ArrayList<ModeledConnection>(models.size());
|
||||
@@ -535,6 +576,10 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
|
||||
throw e;
|
||||
}
|
||||
|
||||
// If session affinity is enabled, prefer this connection going forward
|
||||
if (connectionGroup.isSessionAffinityEnabled())
|
||||
user.preferConnection(connection.getIdentifier());
|
||||
|
||||
// Connect to acquired child
|
||||
return assignGuacamoleTunnel(new ActiveConnectionRecord(user, connectionGroup, connection), info);
|
||||
|
||||
|
||||
@@ -19,6 +19,9 @@
|
||||
|
||||
package org.apache.guacamole.auth.jdbc.user;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -73,6 +76,17 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
|
||||
*/
|
||||
private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$");
|
||||
|
||||
/**
|
||||
* The connections which have been committed for use by this user in the
|
||||
* context of a balancing connection group. Balancing connection groups
|
||||
* will preferentially choose connections within this set, unless those
|
||||
* connections are not children of the group in question. If a group DOES
|
||||
* have at least one child connection within this set, no connections that
|
||||
* are not in this set will be used.
|
||||
*/
|
||||
private final Set<String> preferredConnections =
|
||||
Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
|
||||
|
||||
/**
|
||||
* Derives the remote host of the authenticating user from the given
|
||||
* credentials object. The remote host is derived from X-Forwarded-For
|
||||
@@ -157,6 +171,36 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
|
||||
return remoteHost;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns whether the connection having the given identifier has been
|
||||
* marked as preferred for this user's current Guacamole session. A
|
||||
* preferred connection is always chosen in favor of other connections when
|
||||
* it is a child of a balancing connection group.
|
||||
*
|
||||
* @param identifier
|
||||
* The identifier of the connection to test.
|
||||
*
|
||||
* @return
|
||||
* true if the connection having the given identifier has been marked
|
||||
* as preferred, false otherwise.
|
||||
*/
|
||||
public boolean isPreferredConnection(String identifier) {
|
||||
return preferredConnections.contains(identifier);
|
||||
}
|
||||
|
||||
/**
|
||||
* Marks the connection having the given identifier as preferred for this
|
||||
* user's current Guacamole session. A preferred connection is always chosen
|
||||
* in favor of other connections when it is a child of a balancing
|
||||
* connection group.
|
||||
*
|
||||
* @param identifier
|
||||
* The identifier of the connection to prefer.
|
||||
*/
|
||||
public void preferConnection(String identifier) {
|
||||
preferredConnections.add(identifier);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthenticationProvider getAuthenticationProvider() {
|
||||
return authenticationProvider;
|
||||
|
||||
@@ -26,6 +26,7 @@
|
||||
|
||||
"CONNECTION_GROUP_ATTRIBUTES" : {
|
||||
|
||||
"FIELD_HEADER_ENABLE_SESSION_AFFINITY" : "Enable session affinity:",
|
||||
"FIELD_HEADER_MAX_CONNECTIONS" : "Maximum number of connections:",
|
||||
"FIELD_HEADER_MAX_CONNECTIONS_PER_USER" : "Maximum number of connections per user:",
|
||||
|
||||
|
||||
@@ -32,6 +32,8 @@ CREATE TABLE `guacamole_connection_group` (
|
||||
-- Concurrency limits
|
||||
`max_connections` int(11),
|
||||
`max_connections_per_user` int(11),
|
||||
`enable_session_affinity` boolean NOT NULL DEFAULT 0,
|
||||
|
||||
|
||||
PRIMARY KEY (`connection_group_id`),
|
||||
UNIQUE KEY `connection_group_name_parent` (`connection_group_name`, `parent_id`),
|
||||
|
||||
@@ -87,3 +87,10 @@ ALTER TABLE guacamole_connection_history
|
||||
FOREIGN KEY (connection_id)
|
||||
REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL;
|
||||
|
||||
--
|
||||
-- Add session affinity column
|
||||
--
|
||||
|
||||
ALTER TABLE guacamole_connection_group
|
||||
ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT 0;
|
||||
|
||||
|
||||
@@ -25,13 +25,14 @@
|
||||
|
||||
<!-- Result mapper for connection objects -->
|
||||
<resultMap id="ConnectionGroupResultMap" type="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel" >
|
||||
<id column="connection_group_id" property="objectID" jdbcType="INTEGER"/>
|
||||
<result column="connection_group_name" property="name" jdbcType="VARCHAR"/>
|
||||
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
|
||||
<result column="type" property="type" jdbcType="VARCHAR"
|
||||
<id column="connection_group_id" property="objectID" jdbcType="INTEGER"/>
|
||||
<result column="connection_group_name" property="name" jdbcType="VARCHAR"/>
|
||||
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
|
||||
<result column="type" property="type" jdbcType="VARCHAR"
|
||||
javaType="org.apache.guacamole.net.auth.ConnectionGroup$Type"/>
|
||||
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
|
||||
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
|
||||
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
|
||||
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
|
||||
<result column="enable_session_affinity" property="sessionAffinityEnabled" jdbcType="BOOLEAN"/>
|
||||
</resultMap>
|
||||
|
||||
<!-- Select all connection group identifiers -->
|
||||
@@ -79,7 +80,8 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
FROM guacamole_connection_group
|
||||
WHERE connection_group_id IN
|
||||
<foreach collection="identifiers" item="identifier"
|
||||
@@ -98,7 +100,8 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
FROM guacamole_connection_group
|
||||
JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
|
||||
WHERE guacamole_connection_group.connection_group_id IN
|
||||
@@ -120,7 +123,8 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
FROM guacamole_connection_group
|
||||
WHERE
|
||||
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=VARCHAR}</if>
|
||||
@@ -144,14 +148,16 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
)
|
||||
VALUES (
|
||||
#{object.name,jdbcType=VARCHAR},
|
||||
#{object.parentIdentifier,jdbcType=VARCHAR},
|
||||
#{object.type,jdbcType=VARCHAR},
|
||||
#{object.maxConnections,jdbcType=INTEGER},
|
||||
#{object.maxConnectionsPerUser,jdbcType=INTEGER}
|
||||
#{object.maxConnectionsPerUser,jdbcType=INTEGER},
|
||||
#{object.sessionAffinityEnabled,jdbcType=BOOLEAN}
|
||||
)
|
||||
|
||||
</insert>
|
||||
@@ -163,8 +169,9 @@
|
||||
parent_id = #{object.parentIdentifier,jdbcType=VARCHAR},
|
||||
type = #{object.type,jdbcType=VARCHAR},
|
||||
max_connections = #{object.maxConnections,jdbcType=INTEGER},
|
||||
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER}
|
||||
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER},
|
||||
enable_session_affinity = #{object.sessionAffinityEnabled,jdbcType=BOOLEAN}
|
||||
WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}
|
||||
</update>
|
||||
|
||||
</mapper>
|
||||
</mapper>
|
||||
|
||||
@@ -63,6 +63,7 @@ CREATE TABLE guacamole_connection_group (
|
||||
-- Concurrency limits
|
||||
max_connections integer,
|
||||
max_connections_per_user integer,
|
||||
enable_session_affinity boolean NOT NULL DEFAULT FALSE,
|
||||
|
||||
PRIMARY KEY (connection_group_id),
|
||||
|
||||
|
||||
@@ -88,3 +88,10 @@ ALTER TABLE guacamole_connection_history
|
||||
FOREIGN KEY (connection_id)
|
||||
REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL;
|
||||
|
||||
--
|
||||
-- Add session affinity column
|
||||
--
|
||||
|
||||
ALTER TABLE guacamole_connection_group
|
||||
ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT FALSE;
|
||||
|
||||
|
||||
@@ -25,13 +25,14 @@
|
||||
|
||||
<!-- Result mapper for connection objects -->
|
||||
<resultMap id="ConnectionGroupResultMap" type="org.apache.guacamole.auth.jdbc.connectiongroup.ConnectionGroupModel" >
|
||||
<id column="connection_group_id" property="objectID" jdbcType="INTEGER"/>
|
||||
<result column="connection_group_name" property="name" jdbcType="VARCHAR"/>
|
||||
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
|
||||
<result column="type" property="type" jdbcType="VARCHAR"
|
||||
<id column="connection_group_id" property="objectID" jdbcType="INTEGER"/>
|
||||
<result column="connection_group_name" property="name" jdbcType="VARCHAR"/>
|
||||
<result column="parent_id" property="parentIdentifier" jdbcType="INTEGER"/>
|
||||
<result column="type" property="type" jdbcType="VARCHAR"
|
||||
javaType="org.apache.guacamole.net.auth.ConnectionGroup$Type"/>
|
||||
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
|
||||
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
|
||||
<result column="max_connections" property="maxConnections" jdbcType="INTEGER"/>
|
||||
<result column="max_connections_per_user" property="maxConnectionsPerUser" jdbcType="INTEGER"/>
|
||||
<result column="enable_session_affinity" property="sessionAffinityEnabled" jdbcType="BOOLEAN"/>
|
||||
</resultMap>
|
||||
|
||||
<!-- Select all connection group identifiers -->
|
||||
@@ -79,7 +80,8 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
FROM guacamole_connection_group
|
||||
WHERE connection_group_id IN
|
||||
<foreach collection="identifiers" item="identifier"
|
||||
@@ -98,7 +100,8 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
FROM guacamole_connection_group
|
||||
JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id
|
||||
WHERE guacamole_connection_group.connection_group_id IN
|
||||
@@ -120,7 +123,8 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
FROM guacamole_connection_group
|
||||
WHERE
|
||||
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
|
||||
@@ -144,14 +148,16 @@
|
||||
parent_id,
|
||||
type,
|
||||
max_connections,
|
||||
max_connections_per_user
|
||||
max_connections_per_user,
|
||||
enable_session_affinity
|
||||
)
|
||||
VALUES (
|
||||
#{object.name,jdbcType=VARCHAR},
|
||||
#{object.parentIdentifier,jdbcType=INTEGER}::integer,
|
||||
#{object.type,jdbcType=VARCHAR}::guacamole_connection_group_type,
|
||||
#{object.maxConnections,jdbcType=INTEGER},
|
||||
#{object.maxConnectionsPerUser,jdbcType=INTEGER}
|
||||
#{object.maxConnectionsPerUser,jdbcType=INTEGER},
|
||||
#{object.sessionAffinityEnabled,jdbcType=BOOLEAN}
|
||||
)
|
||||
|
||||
</insert>
|
||||
@@ -163,8 +169,9 @@
|
||||
parent_id = #{object.parentIdentifier,jdbcType=INTEGER}::integer,
|
||||
type = #{object.type,jdbcType=VARCHAR}::guacamole_connection_group_type,
|
||||
max_connections = #{object.maxConnections,jdbcType=INTEGER},
|
||||
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER}
|
||||
max_connections_per_user = #{object.maxConnectionsPerUser,jdbcType=INTEGER},
|
||||
enable_session_affinity = #{object.sessionAffinityEnabled,jdbcType=BOOLEAN}
|
||||
WHERE connection_group_id = #{object.objectID,jdbcType=INTEGER}::integer
|
||||
</update>
|
||||
|
||||
</mapper>
|
||||
</mapper>
|
||||
|
||||
Reference in New Issue
Block a user