guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mike.jum...@guac-dev.org>
Subject Re: Restrict user by IP
Date Wed, 21 Jun 2017 16:34:13 GMT
On Sun, Jun 18, 2017 at 11:49 PM, Suncatcher16 <suncatcher16@outlook.com>
wrote:

> I wanna restrict certain users of Guacamole by IP-address. In particular, I
> want *guacadmin* (user with admin privileges) can access Guacamole
> (settings) only from LAN, whilst other users (with standard privileges) can
> access from Internet too.
> I didn't find appropriate setting in config. Is this possible on
> Guacamole-level? Or should I set up this in Tomcat?
>
>
There is no setting for this, but you can write an extension which provides
such behavior.

If you implement an AuthenticationProvider which does not attempt to
authenticate users (returns null for authenticateUser()), you can leverage
getUserContext() to veto the authentication result of other extensions. Any
exception thrown within getUserContext() will result in the entire
authentication process being canceled and the user auth attempt rejected.
>From within getUserContext(), you can check the IP address of the request
using the Credentials object associated with the AuthenticatedUser.

- Mike

Mime
View raw message