guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joachim Lindenberg" <joac...@lindenberg.one>
Subject AW: Authentication mechanism.. Was: New user questions...
Date Mon, 05 Mar 2018 06:53:54 GMT
Hello Mike,

thanks for the pointer to Connectable interface. However I also don´t want to re-implement
a lot that is already working, and connections work. And in fact I did that experiment with
abusing a property getter and it works – quick and dirty. After doing that my biggest issue
is, that I cannot detect disconnects of specific connections which lets me really consider
better approaches. (I would probably not suspend immediately on tunnel close on the server
part but give a grace period for reconnections).

Now I am wondering whether Connectable is the right pointer or whether http://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/event/listener/Listener.html
(listening for http://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/event/TunnelEvent.html)
would be a better alternative. There is a getTunnel() method, but class org.apache.guacamole.net.GuacamoleTunnel
is not in the Javadocs, and in fact I would need the configuration or at least the connection
name.

I assume the same extension can implement authentication and listener?

Thanks & Best Regards,

Joachim

 

Von: Mike Jumper [mailto:mike.jumper@guac-dev.org] 
Gesendet: Sonntag, 4. März 2018 21:30
An: user@guacamole.apache.org
Betreff: Re: Authentication mechanism.. Was: New user questions...

 

On Sun, Mar 4, 2018 at 12:18 AM, Joachim Lindenberg <joachim@lindenberg.one <mailto:joachim@lindenberg.one>
> wrote:

Hi Nick,

you remember correct. It is an attempt to conserve resources (CPU and memory) on the Hyper-V
host. I am suspending/saving VMs regularly if there are no terminal sessions (I am monitoring
port 2179 of the host), and obviously this is based on assumptions how the VMs are used (mainly
interactively).

Actually my authentication mechanism already returns the state of a VM and I could save it.
If only there was a defined API call when a user selects a connection in which I can check
state and trigger a change (just another service call).

 

There is no need for an additional service call. Rather than adding side effects to getters,
you should instead look into the "connect()" function provided by the Connectable interface,
inherited by both Connection and ConnectionGroup:

 

http://guacamole.apache.org/doc/guacamole-ext/org/apache/guacamole/net/auth/Connectable.html#connect-org.apache.guacamole.protocol.GuacamoleClientInformation-

 

This is the function which actually provides the semantics you're looking for. It is invoked
in an imperative manner to fulfill a request to establish a connection and is the sole means
of doing so.

 

Based on observations, guacamole only obtains properties if a user selected a connection,
but that is not an observation I would like to rely on long term. My proposal would be to
have another method in the authentication interface or simpleauthentication super class (as
I am only implementing that, but in fact it could be another interface implemented in the
same extension) that gets called with the selected configuration and the credentials used.

 

You will likely need to move away from using the Simple* classes, which intentionally mask
much of the complexity available within the Guacamole extension API, and instead implement
AuthenticationProvider, UserContext, etc. as necessary to achieve what you're looking for.
The SimpleAuthenticationProvider class provides a simple means of adding custom auth, but
it is inherently limited. For more complex use cases, you will need to branch out and look
deeper.

 

- Mike

 


Mime
View raw message