2 package net.sourceforge.guacamole.net.basic;
4 import java.io.IOException;
6 import javax.servlet.ServletException;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import javax.servlet.http.HttpSession;
11 import net.sourceforge.guacamole.GuacamoleException;
12 import net.sourceforge.guacamole.net.auth.AuthenticationProvider;
13 import net.sourceforge.guacamole.net.auth.Credentials;
14 import net.sourceforge.guacamole.net.basic.properties.BasicGuacamoleProperties;
15 import net.sourceforge.guacamole.properties.GuacamoleProperties;
16 import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
17 import org.slf4j.Logger;
18 import org.slf4j.LoggerFactory;
21 * Abstract servlet which provides an authenticatedService() function that
22 * is only called if the HTTP request is authenticated, or the current
23 * HTTP session has already been authenticated.
25 * Authorized configurations are retrieved using the authentication provider
26 * defined in guacamole.properties. The authentication provider has access
27 * to the request and session, in addition to any submitted username and
28 * password, in order to authenticate the user.
30 * All authorized configurations will be stored in the current HttpSession.
32 * Success and failure are logged.
34 * @author Michael Jumper
36 public abstract class AuthenticatingHttpServlet extends HttpServlet {
38 private Logger logger = LoggerFactory.getLogger(AuthenticatingHttpServlet.class);
40 private static final String AUTH_ERROR_MESSAGE =
41 "User not logged in or authentication failed.";
43 private AuthenticationProvider authProvider;
46 public void init() throws ServletException {
48 // Get auth provider instance
50 authProvider = GuacamoleProperties.getRequiredProperty(BasicGuacamoleProperties.AUTH_PROVIDER);
52 catch (GuacamoleException e) {
53 logger.error("Error getting authentication provider from properties.", e);
54 throw new ServletException(e);
60 protected void service(HttpServletRequest request, HttpServletResponse response)
61 throws IOException, ServletException {
63 HttpSession httpSession = request.getSession(true);
65 // Try to get configs from session
66 Map<String, GuacamoleConfiguration> configs =
67 (Map<String, GuacamoleConfiguration>) httpSession.getAttribute("GUAC_CONFIGS");
69 // If no configs, try to authenticate the user to get the configs using
71 if (configs == null) {
73 // Retrieve username and password from parms
74 String username = request.getParameter("username");
75 String password = request.getParameter("password");
77 // Build credentials object
78 Credentials credentials = new Credentials ();
79 credentials.setSession(httpSession);
80 credentials.setRequest(request);
81 credentials.setUsername(username);
82 credentials.setPassword(password);
84 // Get authorized configs
86 configs = authProvider.getAuthorizedConfigurations(credentials);
88 catch (GuacamoleException e) {
89 logger.error("Error retrieving configuration(s) for user {}.", username);
91 response.setHeader("X-Guacamole-Error-Message", AUTH_ERROR_MESSAGE);
92 response.sendError(HttpServletResponse.SC_FORBIDDEN);
96 if (configs == null) {
97 logger.warn("Authentication attempt from {} for user \"{}\" failed.",
98 request.getRemoteAddr(), username);
100 response.setHeader("X-Guacamole-Error-Message", AUTH_ERROR_MESSAGE);
101 response.sendError(HttpServletResponse.SC_FORBIDDEN);
105 logger.info("User \"{}\" successfully authenticated from {}.",
106 username, request.getRemoteAddr());
108 // Associate configs with session
109 httpSession.setAttribute("GUAC_CONFIGS", configs);
113 // Allow servlet to run now that authentication has been validated
114 authenticatedService(configs, request, response);
118 protected abstract void authenticatedService(
119 Map<String, GuacamoleConfiguration> configs,
120 HttpServletRequest request, HttpServletResponse response)
121 throws ServletException, IOException;