src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java

   1
   2 package net.sourceforge.guacamole.net.basic;
   3
   4 import java.io.IOException;
   5 import java.util.Map;
   6 import javax.servlet.ServletException;
   7 import javax.servlet.http.HttpServlet;
   8 import javax.servlet.http.HttpServletRequest;
   9 import javax.servlet.http.HttpServletResponse;
  10 import javax.servlet.http.HttpSession;
  11 import net.sourceforge.guacamole.GuacamoleException;
  12 import net.sourceforge.guacamole.net.auth.AuthenticationProvider;
  13 import net.sourceforge.guacamole.net.auth.Credentials;
  14 import net.sourceforge.guacamole.net.basic.properties.BasicGuacamoleProperties;
  15 import net.sourceforge.guacamole.properties.GuacamoleProperties;
  16 import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
  17 import org.slf4j.Logger;
  18 import org.slf4j.LoggerFactory;
  19
  20 /**
  21  * Abstract servlet which provides an authenticatedService() function that
  22  * is only called if the HTTP request is authenticated, or the current
  23  * HTTP session has already been authenticated.
  24  *
  25  * Authorized configurations are retrieved using the authentication provider
  26  * defined in guacamole.properties. The authentication provider has access
  27  * to the request and session, in addition to any submitted username and
  28  * password, in order to authenticate the user.
  29  *
  30  * All authorized configurations will be stored in the current HttpSession.
  31  *
  32  * Success and failure are logged.
  33  *
  34  * @author Michael Jumper
  35  */
  36 public abstract class AuthenticatingHttpServlet extends HttpServlet {
  37
  38     private Logger logger = LoggerFactory.getLogger(AuthenticatingHttpServlet.class);
  39
  40     private static final String AUTH_ERROR_MESSAGE =
  41             "User not logged in or authentication failed.";
  42
  43     private AuthenticationProvider authProvider;
  44
  45     @Override
  46     public void init() throws ServletException {
  47
  48         // Get auth provider instance
  49         try {
  50             authProvider = GuacamoleProperties.getRequiredProperty(BasicGuacamoleProperties.AUTH_PROVIDER);
  51         }
  52         catch (GuacamoleException e) {
  53             logger.error("Error getting authentication provider from properties.", e);
  54             throw new ServletException(e);
  55         }
  56
  57     }
  58
  59     @Override
  60     protected void service(HttpServletRequest request, HttpServletResponse response)
  61     throws IOException, ServletException {
  62
  63         HttpSession httpSession = request.getSession(true);
  64
  65         // Try to get configs from session
  66         Map<String, GuacamoleConfiguration> configs =
  67                 (Map<String, GuacamoleConfiguration>) httpSession.getAttribute("GUAC_CONFIGS");
  68
  69         // If no configs, try to authenticate the user to get the configs using
  70         // this request.
  71         if (configs == null) {
  72
  73             // Retrieve username and password from parms
  74             String username = request.getParameter("username");
  75             String password = request.getParameter("password");
  76
  77             // Build credentials object
  78             Credentials credentials = new Credentials ();
  79             credentials.setSession(httpSession);
  80             credentials.setRequest(request);
  81             credentials.setUsername(username);
  82             credentials.setPassword(password);
  83
  84             // Get authorized configs
  85             try {
  86                 configs = authProvider.getAuthorizedConfigurations(credentials);
  87             }
  88             catch (GuacamoleException e) {
  89                 logger.error("Error retrieving configuration(s) for user {}.", username);
  90
  91                 response.setHeader("X-Guacamole-Error-Message", AUTH_ERROR_MESSAGE);
  92                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
  93                 return;
  94             }
  95
  96             if (configs == null) {
  97                 logger.warn("Authentication attempt from {} for user \"{}\" failed.",
  98                         request.getRemoteAddr(), username);
  99
 100                 response.setHeader("X-Guacamole-Error-Message", AUTH_ERROR_MESSAGE);
 101                 response.sendError(HttpServletResponse.SC_FORBIDDEN);
 102                 return;
 103             }
 104
 105             logger.info("User \"{}\" successfully authenticated from {}.",
 106                     username, request.getRemoteAddr());
 107
 108             // Associate configs with session
 109             httpSession.setAttribute("GUAC_CONFIGS", configs);
 110
 111         }
 112
 113         // Allow servlet to run now that authentication has been validated
 114         authenticatedService(configs, request, response);
 115
 116     }
 117
 118     protected abstract void authenticatedService(
 119             Map<String, GuacamoleConfiguration> configs,
 120             HttpServletRequest request, HttpServletResponse response)
 121             throws ServletException, IOException;
 122
 123 }