2 package net.sourceforge.guacamole.net.basic;
4 import java.io.IOException;
6 import javax.servlet.ServletException;
7 import javax.servlet.http.HttpServlet;
8 import javax.servlet.http.HttpServletRequest;
9 import javax.servlet.http.HttpServletResponse;
10 import javax.servlet.http.HttpSession;
11 import net.sourceforge.guacamole.GuacamoleException;
12 import net.sourceforge.guacamole.net.auth.AuthenticationProvider;
13 import net.sourceforge.guacamole.net.auth.Credentials;
14 import net.sourceforge.guacamole.net.basic.properties.BasicGuacamoleProperties;
15 import net.sourceforge.guacamole.properties.GuacamoleProperties;
16 import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
17 import org.slf4j.Logger;
18 import org.slf4j.LoggerFactory;
21 * Abstract servlet which provides an authenticatedService() function that
22 * is only called if the HTTP request is authenticated, or the current
23 * HTTP session has already been authenticated.
25 * Authorized configurations are retrieved using the authentication provider
26 * defined in guacamole.properties. The authentication provider has access
27 * to the request and session, in addition to any submitted username and
28 * password, in order to authenticate the user.
30 * All authorized configurations will be stored in the current HttpSession.
32 * Success and failure are logged.
34 * @author Michael Jumper
36 public abstract class AuthenticatingHttpServlet extends HttpServlet {
38 private Logger logger = LoggerFactory.getLogger(AuthenticatingHttpServlet.class);
40 private AuthenticationProvider authProvider;
43 public void init() throws ServletException {
45 // Get auth provider instance
47 authProvider = GuacamoleProperties.getRequiredProperty(BasicGuacamoleProperties.AUTH_PROVIDER);
49 catch (GuacamoleException e) {
50 logger.error("Error getting authentication provider from properties.", e);
51 throw new ServletException(e);
57 protected void service(HttpServletRequest request, HttpServletResponse response)
58 throws IOException, ServletException {
60 HttpSession httpSession = request.getSession(true);
62 // Try to get configs from session
63 Map<String, GuacamoleConfiguration> configs =
64 (Map<String, GuacamoleConfiguration>) httpSession.getAttribute("GUAC_CONFIGS");
66 // If no configs, try to authenticate the user to get the configs using
68 if (configs == null) {
70 // Retrieve username and password from parms
71 String username = request.getParameter("username");
72 String password = request.getParameter("password");
74 // Build credentials object
75 Credentials credentials = new Credentials ();
76 credentials.setSession(httpSession);
77 credentials.setRequest(request);
78 credentials.setUsername(username);
79 credentials.setPassword(password);
81 // Get authorized configs
83 configs = authProvider.getAuthorizedConfigurations(credentials);
85 catch (GuacamoleException e) {
86 logger.error("Error retrieving configuration(s) for user {}.", username);
87 response.sendError(HttpServletResponse.SC_FORBIDDEN);
91 if (configs == null) {
92 logger.warn("Authentication attempt from {} for user \"{}\".",
93 request.getRemoteAddr(), username);
94 response.sendError(HttpServletResponse.SC_FORBIDDEN);
98 logger.info("User \"{}\" successfully authenticated from {}.",
99 username, request.getRemoteAddr());
101 // Associate configs with session
102 httpSession.setAttribute("GUAC_CONFIGS", configs);
106 // Allow servlet to run now that authentication has been validated
107 authenticatedService(configs, request, response);
111 protected abstract void authenticatedService(
112 Map<String, GuacamoleConfiguration> configs,
113 HttpServletRequest request, HttpServletResponse response)
114 throws ServletException, IOException;