Repository: incubator-guacamole-client Updated Branches: refs/heads/master d358449c7 -> d7b339137
GUACAMOLE-195: Add module to support HTTP header-based authentication. Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/fdc654b9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/fdc654b9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/fdc654b9 Branch: refs/heads/master Commit: fdc654b945c9510f83562708ba305425536accd6 Parents: 8de93ad Author: Nick Couchman <nick.couch...@yahoo.com> Authored: Wed Jan 25 14:00:04 2017 -0500 Committer: Nick Couchman <nick.couch...@yahoo.com> Committed: Tue Jan 31 22:22:30 2017 -0500 ---------------------------------------------------------------------- extensions/guacamole-auth-http/.gitignore | 9 + extensions/guacamole-auth-http/LICENSE | 201 +++++++++++++++++++ extensions/guacamole-auth-http/README.md | 2 + extensions/guacamole-auth-http/pom.xml | 141 +++++++++++++ .../src/main/assembly/dist.xml | 53 +++++ .../http/AuthenticationProviderService.java | 92 +++++++++ .../auth/http/ConfigurationService.java | 58 ++++++ .../auth/http/HTTPAuthenticationProvider.java | 110 ++++++++++ .../http/HTTPAuthenticationProviderModule.java | 83 ++++++++ .../auth/http/HTTPGuacamoleProperties.java | 50 +++++ .../auth/http/user/AuthenticatedUser.java | 76 +++++++ .../src/main/resources/guac-manifest.json | 12 ++ 12 files changed, 887 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/.gitignore ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/.gitignore b/extensions/guacamole-auth-http/.gitignore new file mode 100644 index 0000000..1cdc9f7 --- /dev/null +++ b/extensions/guacamole-auth-http/.gitignore @@ -0,0 +1,9 @@ +target/ +pom.xml.tag +pom.xml.releaseBackup +pom.xml.versionsBackup +pom.xml.next +release.properties +dependency-reduced-pom.xml +buildNumber.properties +.mvn/timing.properties http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/LICENSE ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/LICENSE b/extensions/guacamole-auth-http/LICENSE new file mode 100644 index 0000000..8dada3e --- /dev/null +++ b/extensions/guacamole-auth-http/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/README.md ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/README.md b/extensions/guacamole-auth-http/README.md new file mode 100644 index 0000000..032bbc9 --- /dev/null +++ b/extensions/guacamole-auth-http/README.md @@ -0,0 +1,2 @@ +# guacamole-auth-http +Basic HTTP Authentication Module for Guacamole http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/pom.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/pom.xml b/extensions/guacamole-auth-http/pom.xml new file mode 100644 index 0000000..6893e16 --- /dev/null +++ b/extensions/guacamole-auth-http/pom.xml @@ -0,0 +1,141 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 + http://maven.apache.org/maven-v4_0_0.xsd";> + + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.guacamole</groupId> + <artifactId>guacamole-auth-http</artifactId> + <packaging>jar</packaging> + <version>0.9.11-incubating</version> + <name>guacamole-auth-http</name> + <url>http://guacamole.incubator.apache.org/</url> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + </properties> + + <build> + <plugins> + + <!-- Written for 1.6 --> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <version>3.3</version> + <configuration> + <source>1.6</source> + <target>1.6</target> + <compilerArgs> + <arg>-Xlint:all</arg> + <arg>-Werror</arg> + </compilerArgs> + <fork>true</fork> + </configuration> + </plugin> + + <!-- Copy dependencies prior to packaging --> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-dependency-plugin</artifactId> + <version>2.10</version> + <executions> + <execution> + <id>unpack-dependencies</id> + <phase>prepare-package</phase> + <goals> + <goal>unpack-dependencies</goal> + </goals> + <configuration> + <includeScope>runtime</includeScope> + <outputDirectory>${project.build.directory}/classes</outputDirectory> + </configuration> + </execution> + </executions> + </plugin> + + <!-- Assembly plugin - for easy distribution --> + <plugin> + <artifactId>maven-assembly-plugin</artifactId> + <version>2.5.3</version> + <configuration> + <finalName>${project.artifactId}-${project.version}</finalName> + <appendAssemblyId>false</appendAssemblyId> + <descriptors> + <descriptor>src/main/assembly/dist.xml</descriptor> + </descriptors> + </configuration> + <executions> + <execution> + <id>make-dist-archive</id> + <phase>package</phase> + <goals> + <goal>single</goal> + </goals> + </execution> + </executions> + </plugin> + + </plugins> + </build> + + <dependencies> + + <!-- Guacamole Java API --> + <dependency> + <groupId>org.apache.guacamole</groupId> + <artifactId>guacamole-common</artifactId> + <version>0.9.11-incubating</version> + <scope>provided</scope> + </dependency> + + <!-- Guacamole Extension API --> + <dependency> + <groupId>org.apache.guacamole</groupId> + <artifactId>guacamole-ext</artifactId> + <version>0.9.11-incubating</version> + <scope>provided</scope> + </dependency> + <!-- Guice --> + <dependency> + <groupId>com.google.inject</groupId> + <artifactId>guice</artifactId> + <version>3.0</version> + </dependency> + <dependency> + <groupId>com.google.inject.extensions</groupId> + <artifactId>guice-multibindings</artifactId> + <version>3.0</version> + </dependency> + + <!-- Java servlet API --> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <version>2.5</version> + <scope>provided</scope> + </dependency> + + + </dependencies> + +</project> http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/assembly/dist.xml ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/assembly/dist.xml b/extensions/guacamole-auth-http/src/main/assembly/dist.xml new file mode 100644 index 0000000..ffcb1a6 --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/assembly/dist.xml @@ -0,0 +1,53 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<assembly + xmlns="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:schemaLocation="http://maven.apache.org/plugins/maven-assembly-plugin/assembly/1.1.0 http://maven.apache.org/xsd/assembly-1.1.0.xsd";> + + <id>dist</id> + <baseDirectory>${project.artifactId}-${project.version}</baseDirectory> + + <!-- Output tar.gz --> + <formats> + <format>tar.gz</format> + </formats> + + <!-- Include licenses and extension .jar --> + <fileSets> + + <!-- Include licenses --> + <!--<fileSet> + <outputDirectory></outputDirectory> + <directory>src/licenses</directory> + </fileSet>--> + + <!-- Include extension .jar --> + <fileSet> + <directory>target</directory> + <outputDirectory></outputDirectory> + <includes> + <include>*.jar</include> + </includes> + </fileSet> + + </fileSets> + +</assembly> http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/AuthenticationProviderService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/AuthenticationProviderService.java b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/AuthenticationProviderService.java new file mode 100644 index 0000000..d91c217 --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/AuthenticationProviderService.java @@ -0,0 +1,92 @@ +/* + * Copyright (C) 2015 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.apache.guacamole.auth.http; + +import com.google.inject.Inject; +import com.google.inject.Provider; +import javax.servlet.http.HttpServletRequest; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.net.auth.Credentials; +import org.apache.guacamole.net.auth.credentials.CredentialsInfo; +import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException; +import org.apache.guacamole.auth.http.user.AuthenticatedUser; +import java.security.Principal; + +/** + * Service providing convenience functions for the HTTP AuthenticationProvider + * implementation. + * + * @author Nick Couchman + */ +public class AuthenticationProviderService { + + /** + * Service for retrieving LDAP server configuration information. + */ + @Inject + private ConfigurationService confService; + + /** + * Provider for AuthenticatedUser objects. + */ + @Inject + private Provider<AuthenticatedUser> authenticatedUserProvider; + + /** + * Returns an AuthenticatedUser representing the user authenticated by the + * given credentials. + * + * @param credentials + * The credentials to use for authentication. + * + * @return + * An AuthenticatedUser representing the user authenticated by the + * given credentials. + * + * @throws GuacamoleException + * If an error occurs while authenticating the user, or if access is + * denied. + */ + public AuthenticatedUser authenticateUser(Credentials credentials) + throws GuacamoleException { + + // Pull HTTP ticket from request if present + HttpServletRequest request = credentials.getRequest(); + if (request != null) { + String username = request.getRemoteUser(); + if(username == null || username == "") { + username = request.getHeader(confService.getHttpAuthHeader()); + } + if (username != null) { + AuthenticatedUser authenticatedUser = authenticatedUserProvider.get(); + authenticatedUser.init(username, credentials); + return authenticatedUser; + } + } + + // Request HTTP authentication + throw new GuacamoleInvalidCredentialsException("Invalid login.", CredentialsInfo.USERNAME_PASSWORD); + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/ConfigurationService.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/ConfigurationService.java b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/ConfigurationService.java new file mode 100644 index 0000000..abd78aa --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/ConfigurationService.java @@ -0,0 +1,58 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.http; + +import com.google.inject.Inject; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.environment.Environment; + +/** + * Service for retrieving configuration information regarding the LDAP server. + * + * @author Nick Couchman + */ +public class ConfigurationService { + + /** + * The Guacamole server environment. + */ + @Inject + private Environment environment; + + /** + * Returns the header of the HTTP server as configured with + * guacamole.properties used for HTTP basic authentication. + * By default, this will be "REMOTE_USER". + * + * @return + * The header used for HTTP basic authentication, as configured with + * guacamole.properties. + * + * @throws GuacamoleException + * If guacamole.properties cannot be parsed. + */ + public String getHttpAuthHeader() throws GuacamoleException { + return environment.getProperty( + HTTPGuacamoleProperties.HTTP_AUTH_HEADER, + "REMOTE_USER" + ); + } + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProvider.java b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProvider.java new file mode 100644 index 0000000..6bb6f56 --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProvider.java @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2015 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.apache.guacamole.auth.http; + +import com.google.inject.Guice; +import com.google.inject.Injector; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.net.auth.AuthenticatedUser; +import org.apache.guacamole.net.auth.AuthenticationProvider; +import org.apache.guacamole.net.auth.Credentials; +import org.apache.guacamole.net.auth.UserContext; + +/** + * Guacamole authentication backend which authenticates users using an + * arbitrary external system implementing HTTP. No storage for connections is + * provided - only authentication. Storage must be provided by some other + * extension. + * + * @author Nick Couchman + */ +public class HTTPAuthenticationProvider implements AuthenticationProvider { + + /** + * Injector which will manage the object graph of this authentication + * provider. + */ + private final Injector injector; + + /** + * Creates a new HTTPAuthenticationProvider that authenticates users + * against an HTTP service + * + * @throws GuacamoleException + * If a required property is missing, or an error occurs while parsing + * a property. + */ + public HTTPAuthenticationProvider() throws GuacamoleException { + + // Set up Guice injector. + injector = Guice.createInjector( + new HTTPAuthenticationProviderModule(this) + ); + + } + + @Override + public String getIdentifier() { + return "http"; + } + + @Override + public AuthenticatedUser authenticateUser(Credentials credentials) + throws GuacamoleException { + + // Attempt to authenticate user with given credentials + AuthenticationProviderService authProviderService = injector.getInstance(AuthenticationProviderService.class); + return authProviderService.authenticateUser(credentials); + + } + + @Override + public AuthenticatedUser updateAuthenticatedUser( + AuthenticatedUser authenticatedUser, Credentials credentials) + throws GuacamoleException { + + // No update necessary + return authenticatedUser; + + } + + @Override + public UserContext getUserContext(AuthenticatedUser authenticatedUser) + throws GuacamoleException { + + // No associated data whatsoever + return null; + + } + + @Override + public UserContext updateUserContext(UserContext context, + AuthenticatedUser authenticatedUser, Credentials credentials) + throws GuacamoleException { + + // No update necessary + return context; + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProviderModule.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProviderModule.java b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProviderModule.java new file mode 100644 index 0000000..4643c9e --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPAuthenticationProviderModule.java @@ -0,0 +1,83 @@ +/* + * Copyright (C) 2015 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.apache.guacamole.auth.http; + +import com.google.inject.AbstractModule; +import org.apache.guacamole.GuacamoleException; +import org.apache.guacamole.environment.Environment; +import org.apache.guacamole.environment.LocalEnvironment; +import org.apache.guacamole.net.auth.AuthenticationProvider; + +/** + * Guice module which configures HTTP-specific injections. + * + * @author Michael Jumper + */ +public class HTTPAuthenticationProviderModule extends AbstractModule { + + /** + * Guacamole server environment. + */ + private final Environment environment; + + /** + * A reference to the HTTPAuthenticationProvider on behalf of which this + * module has configured injection. + */ + private final AuthenticationProvider authProvider; + + /** + * Creates a new HTTP authentication provider module which configures + * injection for the HTTPAuthenticationProvider. + * + * @param authProvider + * The AuthenticationProvider for which injection is being configured. + * + * @throws GuacamoleException + * If an error occurs while retrieving the Guacamole server + * environment. + */ + public HTTPAuthenticationProviderModule(AuthenticationProvider authProvider) + throws GuacamoleException { + + // Get local environment + this.environment = new LocalEnvironment(); + + // Store associated auth provider + this.authProvider = authProvider; + + } + + @Override + protected void configure() { + + // Bind core implementations of guacamole-ext classes + bind(AuthenticationProvider.class).toInstance(authProvider); + bind(Environment.class).toInstance(environment); + + // Bind HTTP-specific classes + bind(ConfigurationService.class); + + } + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPGuacamoleProperties.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPGuacamoleProperties.java b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPGuacamoleProperties.java new file mode 100644 index 0000000..3dada23 --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/HTTPGuacamoleProperties.java @@ -0,0 +1,50 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.guacamole.auth.http; + +import org.apache.guacamole.properties.IntegerGuacamoleProperty; +import org.apache.guacamole.properties.StringGuacamoleProperty; + + +/** + * Provides properties required for use of the HTTP authentication provider. + * These properties will be read from guacamole.properties when the HTTP + * authentication provider is used. + * + * @author Nick Couchman + */ +public class HTTPGuacamoleProperties { + + /** + * This class should not be instantiated. + */ + private HTTPGuacamoleProperties() {} + + /** + * The header used for HTTP basic authentication. + */ + public static final StringGuacamoleProperty HTTP_AUTH_HEADER = new StringGuacamoleProperty() { + + @Override + public String getName() { return "http-auth-header"; } + + }; + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/user/AuthenticatedUser.java ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/user/AuthenticatedUser.java b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/user/AuthenticatedUser.java new file mode 100644 index 0000000..1afe2f3 --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/java/org/apache/guacamole/auth/http/user/AuthenticatedUser.java @@ -0,0 +1,76 @@ +/* + * Copyright (C) 2015 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.apache.guacamole.auth.http.user; + +import com.google.inject.Inject; +import org.apache.guacamole.net.auth.AbstractAuthenticatedUser; +import org.apache.guacamole.net.auth.AuthenticationProvider; +import org.apache.guacamole.net.auth.Credentials; + +/** + * An HTTP-specific implementation of AuthenticatedUser, associating a + * username and particular set of credentials with the HTTP authentication + * provider. + * + * @author Michael Jumper + */ +public class AuthenticatedUser extends AbstractAuthenticatedUser { + + /** + * Reference to the authentication provider associated with this + * authenticated user. + */ + @Inject + private AuthenticationProvider authProvider; + + /** + * The credentials provided when this user was authenticated. + */ + private Credentials credentials; + + /** + * Initializes this AuthenticatedUser using the given username and + * credentials. + * + * @param username + * The username of the user that was authenticated. + * + * @param credentials + * The credentials provided when this user was authenticated. + */ + public void init(String username, Credentials credentials) { + this.credentials = credentials; + setIdentifier(username.toLowerCase()); + } + + @Override + public AuthenticationProvider getAuthenticationProvider() { + return authProvider; + } + + @Override + public Credentials getCredentials() { + return credentials; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/fdc654b9/extensions/guacamole-auth-http/src/main/resources/guac-manifest.json ---------------------------------------------------------------------- diff --git a/extensions/guacamole-auth-http/src/main/resources/guac-manifest.json b/extensions/guacamole-auth-http/src/main/resources/guac-manifest.json new file mode 100644 index 0000000..8982341 --- /dev/null +++ b/extensions/guacamole-auth-http/src/main/resources/guac-manifest.json @@ -0,0 +1,12 @@ +{ + + "guacamoleVersion" : "0.9.11-incubating", + + "name" : "HTTP Authentication Extension", + "namespace" : "guac-http", + + "authProviders" : [ + "org.apache.guacamole.auth.http.HTTPAuthenticationProvider" + ] + +}
