GUACAMOLE-5: Update the SharedUserContext whenever a new share key is used.

2025-09-06 05:07:41 +00:00 · 2016-07-29 15:33:13 -07:00
parent 96094a1c58
commit ecaf5be84e
5 changed files with 87 additions and 15 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java
@@ -81,4 +81,36 @@ public interface AuthenticationProviderService  {
    public UserContext getUserContext(AuthenticationProvider authenticationProvider,
            AuthenticatedUser authenticatedUser) throws GuacamoleException;

+    /**
+     * Returns an updated UserContext instance for the given
+     * already-authenticated user. If no changes need be made to the
+     * UserContext, the original UserContext will be returned.
+     *
+     * @param authenticationProvider
+     *     The AuthenticationProvider on behalf of which the UserContext is
+     *     being updated.
+     *
+     * @param context
+     *     The UserContext to update.
+     *
+     * @param authenticatedUser
+     *     The AuthenticatedUser associated with the UserContext being updated.
+     *
+     * @param credentials
+     *     The credentials most recently submitted by the user. These
+     *     credentials are not guaranteed to be the same as the credentials
+     *     already associated with the AuthenticatedUser.
+     *
+     * @return
+     *     A new UserContext instance for the user identified by the given
+     *     credentials.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs during authentication, or if the given
+     *     credentials are invalid or expired.
+     */
+    public UserContext updateUserContext(AuthenticationProvider authenticationProvider,
+            UserContext context, AuthenticatedUser authenticatedUser,
+            Credentials credentials) throws GuacamoleException;
+
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java
@@ -97,10 +97,8 @@ public abstract class InjectedAuthenticationProvider implements AuthenticationPr
    public UserContext updateUserContext(UserContext context,
            AuthenticatedUser authenticatedUser, Credentials credentials)
            throws GuacamoleException {
-
-        // No need to update the context
-        return context;
-
+        return authProviderService.updateUserContext(this, context,
+                authenticatedUser, credentials);
    }

 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java
@@ -28,6 +28,7 @@ import org.apache.guacamole.auth.jdbc.user.UserService;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.UserContext;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;

@@ -82,4 +83,14 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider

    }

+    @Override
+    public UserContext updateUserContext(AuthenticationProvider authenticationProvider,
+            UserContext context, AuthenticatedUser authenticatedUser,
+            Credentials credentials) throws GuacamoleException {
+
+        // No need to update the context
+        return context;
+
+    }
+
 }
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java
@@ -129,6 +129,29 @@ public class ConnectionSharingService {

    }

+    /**
+     * Returns the share key contained within the given credentials. If there is
+     * no such share key, null is returned.
+     *
+     * @param credentials
+     *     The credentials from which the share key should be retrieved.
+     *
+     * @return
+     *     The share key contained within the given credentials, or null if
+     *     the credentials do not contain a share key.
+     */
+    public String getShareKey(Credentials credentials) {
+
+        // Pull associated HTTP request
+        HttpServletRequest request = credentials.getRequest();
+        if (request == null)
+            return null;
+
+        // Retrieve the share key from the request
+        return request.getParameter(SHARE_KEY_NAME);
+
+    }
+
    /**
     * Returns a SharedAuthenticatedUser if the given credentials contain a
     * valid share key. The returned user will be associated with the single
@@ -151,18 +174,9 @@ public class ConnectionSharingService {
    public SharedAuthenticatedUser retrieveSharedConnectionUser(
            AuthenticationProvider authProvider, Credentials credentials) {

-        // Pull associated HTTP request
-        HttpServletRequest request = credentials.getRequest();
-        if (request == null)
-            return null;
-
-        // Retrieve the share key from the request
-        String shareKey = request.getParameter(ConnectionSharingService.SHARE_KEY_NAME);
-        if (shareKey == null)
-            return null;
-
        // Validate the share key
-        if (connectionMap.get(shareKey) == null)
+        String shareKey = getShareKey(credentials);
+        if (shareKey == null || connectionMap.get(shareKey) == null)
            return null;

        // Return temporary in-memory user
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java
@@ -28,6 +28,7 @@ import org.apache.guacamole.auth.jdbc.sharing.user.SharedUserContext;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.UserContext;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;

@@ -94,4 +95,20 @@ public class SharedAuthenticationProviderService implements AuthenticationProvid

    }

+    @Override
+    public UserContext updateUserContext(AuthenticationProvider authenticationProvider,
+            UserContext context, AuthenticatedUser authenticatedUser,
+            Credentials credentials) throws GuacamoleException {
+
+        // Retrieve the share key from the request
+        String shareKey = sharingService.getShareKey(credentials);
+
+        // Update the user context with the share key, if given
+        if (shareKey != null)
+            ((SharedUserContext) context).registerShareKey(shareKey);
+
+        return context;
+
+    }
+
 }