From ea36b4f556e83ca6c0f4c5ad518c2d2a26171805 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 8 Aug 2013 11:52:39 -0700 Subject: [PATCH] Restore caching of credentials in session. Update credentials when context is updated. Add credentials to events. --- .../guacamole/net/event/TunnelCloseEvent.java | 24 +++++++++++++--- .../net/event/TunnelConnectEvent.java | 20 +++++++++++-- .../net/basic/AuthenticatingHttpServlet.java | 21 ++++++++++++-- .../basic/BasicGuacamoleTunnelServlet.java | 28 +++++++++++++------ 4 files changed, 76 insertions(+), 17 deletions(-) diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java index 8aa04b6ed..d820eb22a 100644 --- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java +++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelCloseEvent.java @@ -1,6 +1,7 @@ package net.sourceforge.guacamole.net.event; import net.sourceforge.guacamole.net.GuacamoleTunnel; +import net.sourceforge.guacamole.net.auth.Credentials; import net.sourceforge.guacamole.net.auth.UserContext; /** @@ -11,14 +12,20 @@ import net.sourceforge.guacamole.net.auth.UserContext; * * @author Michael Jumper */ -public class TunnelCloseEvent implements UserEvent, TunnelEvent { +public class TunnelCloseEvent implements UserEvent, CredentialEvent, TunnelEvent { /** - * The UserContext associated with the request that is connecting the + * The UserContext associated with the request that is closing the * tunnel, if any. */ private UserContext context; + /** + * The credentials associated with the request that connected the + * tunnel, if any. + */ + private Credentials credentials; + /** * The tunnel being closed. */ @@ -28,12 +35,16 @@ public class TunnelCloseEvent implements UserEvent, TunnelEvent { * Creates a new TunnelCloseEvent which represents the closing of the * given tunnel via a request associated with the given credentials. * - * @param context The UserContext associated with the request connecting + * @param context The UserContext associated with the request closing * the tunnel. + * @param credentials The credentials associated with the request that + * connected the tunnel. * @param tunnel The tunnel being closed. */ - public TunnelCloseEvent(UserContext context, GuacamoleTunnel tunnel) { + public TunnelCloseEvent(UserContext context, Credentials credentials, + GuacamoleTunnel tunnel) { this.context = context; + this.credentials = credentials; this.tunnel = tunnel; } @@ -42,6 +53,11 @@ public class TunnelCloseEvent implements UserEvent, TunnelEvent { return context; } + @Override + public Credentials getCredentials() { + return credentials; + } + @Override public GuacamoleTunnel getTunnel() { return tunnel; diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java index a5f31131e..75ece170c 100644 --- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java +++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/event/TunnelConnectEvent.java @@ -1,6 +1,7 @@ package net.sourceforge.guacamole.net.event; import net.sourceforge.guacamole.net.GuacamoleTunnel; +import net.sourceforge.guacamole.net.auth.Credentials; import net.sourceforge.guacamole.net.auth.UserContext; /** @@ -12,7 +13,7 @@ import net.sourceforge.guacamole.net.auth.UserContext; * * @author Michael Jumper */ -public class TunnelConnectEvent implements UserEvent, TunnelEvent { +public class TunnelConnectEvent implements UserEvent, CredentialEvent, TunnelEvent { /** * The UserContext associated with the request that is connecting the @@ -20,6 +21,12 @@ public class TunnelConnectEvent implements UserEvent, TunnelEvent { */ private UserContext context; + /** + * The credentials associated with the request that is connecting the + * tunnel, if any. + */ + private Credentials credentials; + /** * The tunnel being connected. */ @@ -31,10 +38,14 @@ public class TunnelConnectEvent implements UserEvent, TunnelEvent { * * @param context The UserContext associated with the request connecting * the tunnel. + * @param credentials The credentials associated with the request connecting + * the tunnel. * @param tunnel The tunnel being connected. */ - public TunnelConnectEvent(UserContext context, GuacamoleTunnel tunnel) { + public TunnelConnectEvent(UserContext context, Credentials credentials, + GuacamoleTunnel tunnel) { this.context = context; + this.credentials = credentials; this.tunnel = tunnel; } @@ -43,6 +54,11 @@ public class TunnelConnectEvent implements UserEvent, TunnelEvent { return context; } + @Override + public Credentials getCredentials() { + return credentials; + } + @Override public GuacamoleTunnel getTunnel() { return tunnel; diff --git a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java index 57a4e4bc7..96205d701 100644 --- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java +++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java @@ -72,6 +72,11 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { */ private static final String CONTEXT_ATTRIBUTE = "GUAC_CONTEXT"; + /** + * The session attribute holding the credentials authorizing this session. + */ + private static final String CREDENTIALS_ATTRIBUTE = "GUAC_CREDS"; + /** * The AuthenticationProvider to use to authenticate all requests. */ @@ -190,6 +195,16 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { } + /** + * Returns the credentials associated with the given session. + * + * @param session The session to retrieve credentials from. + * @return The credentials associated with the given session. + */ + protected Credentials getCredentials(HttpSession session) { + return (Credentials) session.getAttribute(CREDENTIALS_ATTRIBUTE); + } + /** * Returns the UserContext associated with the given session. * @@ -277,8 +292,10 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { } // If auth still OK, associate context with session - else - httpSession.setAttribute(CONTEXT_ATTRIBUTE, context); + else { + httpSession.setAttribute(CONTEXT_ATTRIBUTE, context); + httpSession.setAttribute(CREDENTIALS_ATTRIBUTE, credentials); + } } // end if credentials present diff --git a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java index 363658b17..c66b9f99f 100644 --- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java +++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/BasicGuacamoleTunnelServlet.java @@ -30,6 +30,7 @@ import net.sourceforge.guacamole.GuacamoleSecurityException; import net.sourceforge.guacamole.net.GuacamoleSocket; import net.sourceforge.guacamole.net.GuacamoleTunnel; import net.sourceforge.guacamole.net.auth.Connection; +import net.sourceforge.guacamole.net.auth.Credentials; import net.sourceforge.guacamole.net.auth.Directory; import net.sourceforge.guacamole.net.auth.UserContext; import net.sourceforge.guacamole.net.basic.event.SessionListenerCollection; @@ -85,6 +86,7 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { * * @param listeners A collection of all listeners that should be notified. * @param context The UserContext associated with the current session. + * @param credentials The credentials associated with the current session. * @param tunnel The tunnel being connected. * @return true if all listeners are allowing the tunnel to connect, * or if there are no listeners, and false if any listener is @@ -95,12 +97,13 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { * error, the connect is canceled, and no other * listeners will run. */ - private boolean notifyConnect(Collection listeners, - UserContext context, GuacamoleTunnel tunnel) + private boolean notifyConnect(Collection listeners, UserContext context, + Credentials credentials, GuacamoleTunnel tunnel) throws GuacamoleException { // Build event for auth success - TunnelConnectEvent event = new TunnelConnectEvent(context, tunnel); + TunnelConnectEvent event = new TunnelConnectEvent(context, + credentials, tunnel); // Notify all listeners for (Object listener : listeners) { @@ -123,6 +126,7 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { * * @param listeners A collection of all listeners that should be notified. * @param context The UserContext associated with the current session. + * @param credentials The credentials associated with the current session. * @param tunnel The tunnel being closed. * @return true if all listeners are allowing the tunnel to close, * or if there are no listeners, and false if any listener is @@ -133,12 +137,13 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { * error, the close is canceled, and no other * listeners will run. */ - private boolean notifyClose(Collection listeners, - UserContext context, GuacamoleTunnel tunnel) + private boolean notifyClose(Collection listeners, UserContext context, + Credentials credentials, GuacamoleTunnel tunnel) throws GuacamoleException { // Build event for auth success - TunnelCloseEvent event = new TunnelCloseEvent(context, tunnel); + TunnelCloseEvent event = new TunnelCloseEvent(context, + credentials, tunnel); // Notify all listeners for (Object listener : listeners) { @@ -179,9 +184,14 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { // Get ID of connection String id = request.getParameter("id"); + // Get credentials + final Credentials credentials = getCredentials(httpSession); + // Get context final UserContext context = getUserContext(httpSession); - if (context == null) + + // If no context or no credentials, not logged in + if (context == null || credentials == null) throw new GuacamoleSecurityException("Cannot connect - user not logged in."); // Get connection directory @@ -229,7 +239,7 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { public void close() throws GuacamoleException { // Only close if not canceled - if (!notifyClose(listeners, context, this)) + if (!notifyClose(listeners, context, credentials, this)) throw new GuacamoleException("Tunnel close canceled by listener."); // Close if no exception due to listener @@ -240,7 +250,7 @@ public class BasicGuacamoleTunnelServlet extends AuthenticatingHttpServlet { }; // Notify listeners about connection - if (!notifyConnect(listeners, context, tunnel)) { + if (!notifyConnect(listeners, context, credentials, tunnel)) { logger.info("Connection canceled by listener."); return null; }