2 package net.sourceforge.guacamole.net.authentication.basic;
5 * Guacamole - Clientless Remote Desktop
6 * Copyright (C) 2010 Michael Jumper
8 * This program is free software: you can redistribute it and/or modify
9 * it under the terms of the GNU Affero General Public License as published by
10 * the Free Software Foundation, either version 3 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU Affero General Public License for more details.
18 * You should have received a copy of the GNU Affero General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>.
22 import java.io.IOException;
23 import java.lang.reflect.InvocationTargetException;
24 import javax.servlet.ServletException;
25 import javax.servlet.http.HttpServlet;
26 import javax.servlet.http.HttpServletRequest;
27 import javax.servlet.http.HttpServletResponse;
28 import javax.servlet.http.HttpSession;
29 import net.sourceforge.guacamole.GuacamoleException;
30 import net.sourceforge.guacamole.net.Configuration;
32 public class BasicLogin extends HttpServlet {
34 private Config config;
37 public void init() throws ServletException {
39 config = new Config();
41 catch (GuacamoleException e) {
42 throw new ServletException(e);
47 private class Config extends Configuration {
49 private AuthenticationProvider authProvider;
51 public Config() throws GuacamoleException {
53 // Get auth provider instance
55 String authProviderClassName = readParameter("auth-provider");
56 Object obj = Class.forName(authProviderClassName).getConstructor().newInstance();
57 if (!(obj instanceof AuthenticationProvider))
58 throw new GuacamoleException("Specified session provider class is not a GuacamoleSessionProvider");
60 authProvider = (AuthenticationProvider) obj;
62 catch (ClassNotFoundException e) {
63 throw new GuacamoleException("Session provider class not found", e);
65 catch (NoSuchMethodException e) {
66 throw new GuacamoleException("Default constructor for session provider not present", e);
68 catch (SecurityException e) {
69 throw new GuacamoleException("Creation of session provider disallowed; check your security settings", e);
71 catch (InstantiationException e) {
72 throw new GuacamoleException("Unable to instantiate session provider", e);
74 catch (IllegalAccessException e) {
75 throw new GuacamoleException("Unable to access default constructor of session provider", e);
77 catch (InvocationTargetException e) {
78 throw new GuacamoleException("Internal error in constructor of session provider", e.getTargetException());
83 public AuthenticationProvider getAuthenticationProvider() {
89 public static interface AuthenticationProvider {
90 public AuthorizedConfiguration getAuthorizedConfiguration(String username, String password) throws GuacamoleException;
93 // Added to session when session validated
94 public static class AuthorizedConfiguration {
96 private String protocol;
97 private String hostname;
99 private String password;
101 public AuthorizedConfiguration(String protocol, String hostname, int port, String password) {
102 this.protocol = protocol;
103 this.hostname = hostname;
105 this.password = password;
108 public String getHostname() {
112 public String getPassword() {
116 public int getPort() {
120 public String getProtocol() {
127 protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
129 // Retrieve username and password from parms
130 String username = req.getParameter("username");
131 String password = req.getParameter("password");
133 // Validate username and password
136 AuthorizedConfiguration info = config.getAuthenticationProvider().getAuthorizedConfiguration(username, password);
139 // Store authorized configuration
140 HttpSession session = req.getSession(true);
141 session.setAttribute(
151 // Report "forbidden" on any failure
152 resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Login invalid");
154 catch (GuacamoleException e) {
155 throw new ServletException("Error validating credentials", e);