guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From feifei0814a <870487...@qq.com>
Subject how to prohibit common users to change ther permissions througth api
Date Wed, 27 Dec 2017 12:03:16 GMT
I installed guacacmole in my vm-computer whose system is Centos7 and I can
log in and connect to appointed computers with mysql database.Now, I am
using python flask framework to add users and connections through api auth.
I can change any users' permission through the original API,it looks
likehttp://192.168.20.137:8080/guacamole/api/session/data/mysql/users/seu_test/permissions/?token=283B83044A770DE379D25780674B99225801C2DC5A03DCF358E349DCF5738E8E
<http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/1.png>
So, any person who knows the api can change his permission, and it is very
dangerous to my python web program.
<http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t476/2.png>
I found a website and also uses guacamole, however common users can not
change their permissions.and the info is:
HTTP Status 500 - org.apache.guacamole.GuacamoleSecurityException:
Permission denied.
*type* Exception report
*message* _org.apache.guacamole.GuacamoleSecurityException: Permission
denied._
*description* _The server encountered an internal error that prevented it
from fulfilling this request._
*exception* 
javax.servlet.ServletException:
org.apache.guacamole.GuacamoleSecurityException: Permission denied.
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:420)
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
*root cause* 
org.apache.guacamole.GuacamoleSecurityException: Permission denied.
org.apache.guacamole.auth.jdbc.permission.ModeledObjectPermissionService.createPermissions(ModeledObjectPermissionService.java:138)
org.apache.guacamole.auth.jdbc.permission.ObjectPermissionSet.addPermissions(ObjectPermissionSet.java:113)
org.apache.guacamole.rest.permission.PermissionSetPatch.apply(PermissionSetPatch.java:87)
org.apache.guacamole.rest.permission.PermissionSetResource.patchPermissions(PermissionSetResource.java:273)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$VoidOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:167)
com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:302)
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:137)
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1511)
com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1442)
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1391)
com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1381)
com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:538)
com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:716)
javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263)
com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178)
com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91)
com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62)
com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)
com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)
*note* _The full stack trace of the root cause is available in the Apache
Tomcat/7.0.69 logs._
Apache Tomcat/7.0.69
 I really want to know if I can have similar function how to change the
source code. Or there is some settings to be set in guacamole which I don't
know.



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Mime
View raw message