From e5e0974c64b13cf174d195d9be383a6058f7ebb6 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 23 Mar 2012 15:08:21 -0700 Subject: [PATCH] Cache credentials in session, provide getters for retrieving configs and credentials from session. --- .../net/basic/AuthenticatingHttpServlet.java | 37 +++++++++++++++----- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java b/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java index 94f0d63..bf227f7 100644 --- a/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java +++ b/src/main/java/net/sourceforge/guacamole/net/basic/AuthenticatingHttpServlet.java @@ -144,6 +144,26 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { response.sendError(HttpServletResponse.SC_FORBIDDEN); } + /** + * Returns the credentials associated with the given session. + * + * @param session The session to retrieve credentials from. + * @return The credentials associated with the given session. + */ + protected Credentials getCredentials(HttpSession session) { + return (Credentials) session.getAttribute("GUAC_CREDS"); + } + + /** + * Returns the configurations associated with the given session. + * + * @param session The session to retrieve configurations from. + * @return The configurations associated with the given session. + */ + protected Map getConfigurations(HttpSession session) { + return (Map) session.getAttribute("GUAC_CONFIGS"); + } + @Override protected void service(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { @@ -151,8 +171,7 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { HttpSession httpSession = request.getSession(true); // Try to get configs from session - Map configs = - (Map) httpSession.getAttribute("GUAC_CONFIGS"); + Map configs = getConfigurations(httpSession); // If no configs, try to authenticate the user to get the configs using // this request. @@ -173,12 +192,12 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { String password = request.getParameter("password"); // Build credentials object - Credentials credentials = new Credentials (); + Credentials credentials = new Credentials(); credentials.setSession(httpSession); credentials.setRequest(request); credentials.setUsername(username); credentials.setPassword(password); - + // Get authorized configs try { configs = authProvider.getAuthorizedConfigurations(credentials); @@ -189,7 +208,8 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { // If error retrieving configs, fail authentication, notify listeners catch (GuacamoleException e) { - logger.error("Error retrieving configuration(s) for user \"{}\".", username); + logger.error("Error retrieving configuration(s) for user \"{}\".", + credentials.getUsername()); notifyFailed(listeners, credentials); failAuthentication(response); @@ -199,7 +219,7 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { // If no configs, fail authentication, notify listeners if (configs == null) { logger.warn("Authentication attempt from {} for user \"{}\" failed.", - request.getRemoteAddr(), username); + request.getRemoteAddr(), credentials.getUsername()); notifyFailed(listeners, credentials); failAuthentication(response); @@ -213,7 +233,7 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { // Otherwise, authentication has been succesful logger.info("User \"{}\" successfully authenticated from {}.", - username, request.getRemoteAddr()); + credentials.getUsername(), request.getRemoteAddr()); // Notify of success, cancel if requested if (!notifySuccess(listeners, credentials)) { @@ -232,8 +252,9 @@ public abstract class AuthenticatingHttpServlet extends HttpServlet { } - // Associate configs with session + // Associate configs and credentials with session httpSession.setAttribute("GUAC_CONFIGS", configs); + httpSession.setAttribute("GUAC_CREDS", credentials); } -- 1.7.10.4