* Abstract servlet which provides an authenticatedService() function that
* is only called if the HTTP request is authenticated, or the current
* HTTP session has already been authenticated.
* Abstract servlet which provides an authenticatedService() function that
* is only called if the HTTP request is authenticated, or the current
* HTTP session has already been authenticated.
* Authorized configurations are retrieved using the authentication provider
* defined in guacamole.properties. The authentication provider has access
* to the request and session, in addition to any submitted username and
* password, in order to authenticate the user.
* Authorized configurations are retrieved using the authentication provider
* defined in guacamole.properties. The authentication provider has access
* to the request and session, in addition to any submitted username and
* password, in order to authenticate the user.
* @author Michael Jumper
*/
public abstract class AuthenticatingHttpServlet extends HttpServlet {
private Logger logger = LoggerFactory.getLogger(AuthenticatingHttpServlet.class);
* @author Michael Jumper
*/
public abstract class AuthenticatingHttpServlet extends HttpServlet {
private Logger logger = LoggerFactory.getLogger(AuthenticatingHttpServlet.class);
/**
* The session attribute holding the map of configurations.
*/
private static final String CONFIGURATIONS_ATTRIBUTE = "GUAC_CONFIGS";
/**
* The session attribute holding the map of configurations.
*/
private static final String CONFIGURATIONS_ATTRIBUTE = "GUAC_CONFIGS";
/**
* The session attribute holding the credentials authorizing this session.
*/
private static final String CREDENTIALS_ATTRIBUTE = "GUAC_CREDS";
/**
* The session attribute holding the credentials authorizing this session.
*/
private static final String CREDENTIALS_ATTRIBUTE = "GUAC_CREDS";
* @param listeners A collection of all listeners that should be notified.
* @param credentials The credentials associated with the authentication
* request that failed.
*/
private void notifyFailed(Collection listeners, Credentials credentials) {
* @param listeners A collection of all listeners that should be notified.
* @param credentials The credentials associated with the authentication
* request that failed.
*/
private void notifyFailed(Collection listeners, Credentials credentials) {
// Build event for auth failure
AuthenticationFailureEvent event = new AuthenticationFailureEvent(credentials);
// Build event for auth failure
AuthenticationFailureEvent event = new AuthenticationFailureEvent(credentials);
* @param listeners A collection of all listeners that should be notified.
* @param credentials The credentials associated with the authentication
* request that succeeded.
* @param listeners A collection of all listeners that should be notified.
* @param credentials The credentials associated with the authentication
* request that succeeded.
*/
private boolean notifySuccess(Collection listeners, Credentials credentials)
throws GuacamoleException {
*/
private boolean notifySuccess(Collection listeners, Credentials credentials)
throws GuacamoleException {
// Build event for auth success
AuthenticationSuccessEvent event = new AuthenticationSuccessEvent(credentials);
// Build event for auth success
AuthenticationSuccessEvent event = new AuthenticationSuccessEvent(credentials);
// Cancel immediately if hook returns false
if (!((AuthenticationSuccessListener) listener).authenticationSucceeded(event))
return false;
// Cancel immediately if hook returns false
if (!((AuthenticationSuccessListener) listener).authenticationSucceeded(event))
return false;
/**
* Sends a predefined, generic error message to the user, along with a
* "403 - Forbidden" HTTP status code in the response.
/**
* Sends a predefined, generic error message to the user, along with a
* "403 - Forbidden" HTTP status code in the response.
* @param response The response to send the error within.
* @throws IOException If an error occurs while sending the error.
*/
private void failAuthentication(HttpServletResponse response) throws IOException {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}
* @param response The response to send the error within.
* @throws IOException If an error occurs while sending the error.
*/
private void failAuthentication(HttpServletResponse response) throws IOException {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
}
* @param session The session to retrieve credentials from.
* @return The credentials associated with the given session.
*/
* @param session The session to retrieve credentials from.
* @return The credentials associated with the given session.
*/
* @param session The session to retrieve configurations from.
* @return The configurations associated with the given session.
*/
protected Map<String, GuacamoleConfiguration> getConfigurations(HttpSession session) {
return (Map<String, GuacamoleConfiguration>) session.getAttribute(CONFIGURATIONS_ATTRIBUTE);
}
* @param session The session to retrieve configurations from.
* @return The configurations associated with the given session.
*/
protected Map<String, GuacamoleConfiguration> getConfigurations(HttpSession session) {
return (Map<String, GuacamoleConfiguration>) session.getAttribute(CONFIGURATIONS_ATTRIBUTE);
}
@Override
protected void service(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
@Override
protected void service(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
// Retrieve username and password from parms
String username = request.getParameter("username");
String password = request.getParameter("password");
// Retrieve username and password from parms
String username = request.getParameter("username");
String password = request.getParameter("password");
// If error retrieving configs, fail authentication, notify listeners
catch (GuacamoleException e) {
logger.error("Error retrieving configuration(s) for user \"{}\".",
// If error retrieving configs, fail authentication, notify listeners
catch (GuacamoleException e) {
logger.error("Error retrieving configuration(s) for user \"{}\".",
// If no configs, fail authentication, notify listeners
if (configs == null) {
logger.warn("Authentication attempt from {} for user \"{}\" failed.",
request.getRemoteAddr(), credentials.getUsername());
// If no configs, fail authentication, notify listeners
if (configs == null) {
logger.warn("Authentication attempt from {} for user \"{}\" failed.",
request.getRemoteAddr(), credentials.getUsername());
notifyFailed(listeners, credentials);
failAuthentication(response);
return;
notifyFailed(listeners, credentials);
failAuthentication(response);
return;
// Cancel authentication success if hook throws exception
logger.error("Successful authentication canceled by error in hook.", e);
failAuthentication(response);
return;
// Cancel authentication success if hook throws exception
logger.error("Successful authentication canceled by error in hook.", e);
failAuthentication(response);
return;