Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id F2BDF200B63 for ; Mon, 1 Aug 2016 02:28:56 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id F150D160A81; Mon, 1 Aug 2016 00:28:56 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id E932C160AA9 for ; Mon, 1 Aug 2016 02:28:55 +0200 (CEST) Received: (qmail 55230 invoked by uid 500); 1 Aug 2016 00:28:55 -0000 Mailing-List: contact commits-help@guacamole.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@guacamole.incubator.apache.org Delivered-To: mailing list commits@guacamole.incubator.apache.org Received: (qmail 55221 invoked by uid 99); 1 Aug 2016 00:28:55 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2016 00:28:55 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id B9F65C1CF3 for ; Mon, 1 Aug 2016 00:28:54 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -4.507 X-Spam-Level: X-Spam-Status: No, score=-4.507 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287] autolearn=disabled Received: from mx2-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 8_EPc7m67t4y for ; Mon, 1 Aug 2016 00:28:53 +0000 (UTC) Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx2-lw-eu.apache.org (ASF Mail Server at mx2-lw-eu.apache.org) with SMTP id 887C660E15 for ; Mon, 1 Aug 2016 00:28:51 +0000 (UTC) Received: (qmail 55067 invoked by uid 99); 1 Aug 2016 00:28:50 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 01 Aug 2016 00:28:50 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id 63BC6E2C1A; Mon, 1 Aug 2016 00:28:50 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: jmuehlner@apache.org To: commits@guacamole.incubator.apache.org Date: Mon, 01 Aug 2016 00:28:53 -0000 Message-Id: <51bb3fdf3ad8475282e8fafafc09c49c@git.apache.org> In-Reply-To: <482c5327d7484811afac4f2551b907c8@git.apache.org> References: <482c5327d7484811afac4f2551b907c8@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [4/7] incubator-guacamole-client git commit: GUACAMOLE-5: Update the SharedUserContext whenever a new share key is used. archived-at: Mon, 01 Aug 2016 00:28:57 -0000 GUACAMOLE-5: Update the SharedUserContext whenever a new share key is used. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/ecaf5be8 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/ecaf5be8 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/ecaf5be8 Branch: refs/heads/master Commit: ecaf5be84eb643b1bf9a697c77daae2845c5d3b2 Parents: 96094a1 Author: Michael Jumper Authored: Fri Jul 29 15:33:13 2016 -0700 Committer: Michael Jumper Committed: Sat Jul 30 23:11:12 2016 -0700 ---------------------------------------------------------------------- .../jdbc/AuthenticationProviderService.java | 32 +++++++++++++++++ .../jdbc/InjectedAuthenticationProvider.java | 6 ++-- .../jdbc/JDBCAuthenticationProviderService.java | 11 ++++++ .../jdbc/sharing/ConnectionSharingService.java | 36 ++++++++++++++------ .../SharedAuthenticationProviderService.java | 17 +++++++++ 5 files changed, 87 insertions(+), 15 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ecaf5be8/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java index 625006b..915c417 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/AuthenticationProviderService.java @@ -81,4 +81,36 @@ public interface AuthenticationProviderService { public UserContext getUserContext(AuthenticationProvider authenticationProvider, AuthenticatedUser authenticatedUser) throws GuacamoleException; + /** + * Returns an updated UserContext instance for the given + * already-authenticated user. If no changes need be made to the + * UserContext, the original UserContext will be returned. + * + * @param authenticationProvider + * The AuthenticationProvider on behalf of which the UserContext is + * being updated. + * + * @param context + * The UserContext to update. + * + * @param authenticatedUser + * The AuthenticatedUser associated with the UserContext being updated. + * + * @param credentials + * The credentials most recently submitted by the user. These + * credentials are not guaranteed to be the same as the credentials + * already associated with the AuthenticatedUser. + * + * @return + * A new UserContext instance for the user identified by the given + * credentials. + * + * @throws GuacamoleException + * If an error occurs during authentication, or if the given + * credentials are invalid or expired. + */ + public UserContext updateUserContext(AuthenticationProvider authenticationProvider, + UserContext context, AuthenticatedUser authenticatedUser, + Credentials credentials) throws GuacamoleException; + } http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ecaf5be8/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java index 92dc098..08defc2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/InjectedAuthenticationProvider.java @@ -97,10 +97,8 @@ public abstract class InjectedAuthenticationProvider implements AuthenticationPr public UserContext updateUserContext(UserContext context, AuthenticatedUser authenticatedUser, Credentials credentials) throws GuacamoleException { - - // No need to update the context - return context; - + return authProviderService.updateUserContext(this, context, + authenticatedUser, credentials); } } http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ecaf5be8/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java index a362e81..20e2f09 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java @@ -28,6 +28,7 @@ import org.apache.guacamole.auth.jdbc.user.UserService; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; +import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; @@ -82,4 +83,14 @@ public class JDBCAuthenticationProviderService implements AuthenticationProvider } + @Override + public UserContext updateUserContext(AuthenticationProvider authenticationProvider, + UserContext context, AuthenticatedUser authenticatedUser, + Credentials credentials) throws GuacamoleException { + + // No need to update the context + return context; + + } + } http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ecaf5be8/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java index 4c5877f..45951ec 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/ConnectionSharingService.java @@ -130,6 +130,29 @@ public class ConnectionSharingService { } /** + * Returns the share key contained within the given credentials. If there is + * no such share key, null is returned. + * + * @param credentials + * The credentials from which the share key should be retrieved. + * + * @return + * The share key contained within the given credentials, or null if + * the credentials do not contain a share key. + */ + public String getShareKey(Credentials credentials) { + + // Pull associated HTTP request + HttpServletRequest request = credentials.getRequest(); + if (request == null) + return null; + + // Retrieve the share key from the request + return request.getParameter(SHARE_KEY_NAME); + + } + + /** * Returns a SharedAuthenticatedUser if the given credentials contain a * valid share key. The returned user will be associated with the single * shared connection to which they have been granted temporary access. If @@ -151,18 +174,9 @@ public class ConnectionSharingService { public SharedAuthenticatedUser retrieveSharedConnectionUser( AuthenticationProvider authProvider, Credentials credentials) { - // Pull associated HTTP request - HttpServletRequest request = credentials.getRequest(); - if (request == null) - return null; - - // Retrieve the share key from the request - String shareKey = request.getParameter(ConnectionSharingService.SHARE_KEY_NAME); - if (shareKey == null) - return null; - // Validate the share key - if (connectionMap.get(shareKey) == null) + String shareKey = getShareKey(credentials); + if (shareKey == null || connectionMap.get(shareKey) == null) return null; // Return temporary in-memory user http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/ecaf5be8/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java index ddcd929..086b432 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharing/SharedAuthenticationProviderService.java @@ -28,6 +28,7 @@ import org.apache.guacamole.auth.jdbc.sharing.user.SharedUserContext; import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticationProvider; import org.apache.guacamole.net.auth.Credentials; +import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.credentials.CredentialsInfo; import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; @@ -94,4 +95,20 @@ public class SharedAuthenticationProviderService implements AuthenticationProvid } + @Override + public UserContext updateUserContext(AuthenticationProvider authenticationProvider, + UserContext context, AuthenticatedUser authenticatedUser, + Credentials credentials) throws GuacamoleException { + + // Retrieve the share key from the request + String shareKey = sharingService.getShareKey(credentials); + + // Update the user context with the share key, if given + if (shareKey != null) + ((SharedUserContext) context).registerShareKey(shareKey); + + return context; + + } + }