REST API - Create URL connection (Permission Denied) - version 1.5.4

Fri, 09 Feb 2024 05:17:55 -0800 

Hello,   I've installed Apache Guacamole v.1.5.4 on Linux CentOS 8.5  - 
I'm able to login to GUI, create users, connection, etc.   I installed 
database (MySQL) as well (to manage users, connection) with all needed *.jar 
files according to doc  guacamole.apache.org 
https://guacamole.apache.org/doc/gug/jdbc-auth.html   After that, I'm able 
to login as ""guacadmin" user to GUI and manage connections etc.   
Now, I want to create URL to direct connection to my VM, but I found errors 
like below:   ------------------------------  SCRIPT 
-------------------------------------  #!/bin/bash   TOKEN=$(curl -s -X POST -H 
"Content-Type: application/x-www-form-urlencoded" -d 
"username=guacadmin&password=guacadmin"   localhost:8080 
http://localhost:8080/guacamole/api/tokens   | jq -r '.authToken')   # 
Endpoint API Guacamole  API_ENDPOINT=" localhost:8080 
http://localhost:8080/guacamole/api/session/data/mysql/connections "   
CONNECTION_DATA='{    "name": "Connection name",    
"protocol": "rdp",    "parameters": {        
"hostname": "10.194.53.45",        "port": 
"3389",        "username": "user",        
"password": "password"    }  }'   RESPONSE=$(curl -s -X 
POST -H "Content-Type: application/json" -H "Authorization: Bearer 
$TOKEN" -d "$CONNECTION_DATA" $API_ENDPOINT)   CONNECTION_ID=$(echo 
$RESPONSE | jq -r '.identifier')   if [ "$CONNECTION_ID" != 
"null" ]; then    URL=" localhost:8080 
http://localhost:8080/guacamole/#/client/$CONNECTION_ID?token=$TOKEN "    
echo "Connection ID: $CONNECTION_ID"    echo "URL: $URL"  else  
  echo "Error creating connection."  fi   
------------------------------ OUTPUT ------------------------------------  
Response: {"message":"Permission 
Denied.","translatableMessage":{"key":"APP.TEXT_UNTRANSLATED","variables":{"MESSAGE":"Permission
 
Denied."}},"statusCode":null,"expected":null,"type":"PERMISSION_DENIED"}
  Error creating connection.  ------------------------------ OUTPUT  END 
-------------------------------      ---------------------------------- L O G S 
----------------------------------  Apache Tomcat & system messages:   
0:0:0:0:0:0:0:1 - - [09/Feb/2024:12:32:36 +0100] "GET 
/guacamole/api/session/data/mysql/users/self HTTP/1.1" 403 192  
0:0:0:0:0:0:0:1 - - [09/Feb/2024:12:32:36 +0100] "GET 
/guacamole/api/session/data/mysql/users/self HTTP/1.1" 403 192    Feb  9 
12:32:36 server[90877]: 12:32:36.207 [http-nio-8080-exec-7] DEBUG 
o.a.i.t.jdbc.JdbcTransaction - Committing JDBC Connection 
[com.mysql.cj.jdbc.ConnectionImpl@7c9de5c2]  Feb  9 12:32:36 server[90877]: 
12:32:36.212 [http-nio-8080-exec-7] DEBUG o.a.i.t.jdbc.JdbcTransaction - 
Resetting autocommit to true on JDBC Connection 
[com.mysql.cj.jdbc.ConnectionImpl@7c9de5c2]  Feb  9 12:32:36 server[90877]: 
12:32:36.213 [http-nio-8080-exec-7] DEBUG o.a.i.t.jdbc.JdbcTransaction - 
Closing JDBC Connection [com.mysql.cj.jdbc.ConnectionImpl@7c9de5c2]  Feb  9 
12:32:36 server[90877]: 12:32:36.213 [http-nio-8080-exec-7] DEBUG 
o.a.i.d.pooled.PooledDataSource - Testing connection 2090722754 ...  Feb  9 
12:32:36 server[90877]: 12:32:36.214 [http-nio-8080-exec-7] DEBUG 
o.a.i.d.pooled.PooledDataSource - Connection 2090722754 is GOOD!  Feb  9 
12:32:36 server[90877]: 12:32:36.214 [http-nio-8080-exec-7] DEBUG 
o.a.i.d.pooled.PooledDataSource - Returned connection 2090722754 to pool.  Feb  
9 12:32:36 server[90877]: 12:32:36.214 [http-nio-8080-exec-7] DEBUG 
o.a.g.r.auth.AuthenticationService - Login was successful for user 
"guacadmin".  Feb  9 12:32:36 server[90877]: 12:32:36.230 
[http-nio-8080-exec-8] DEBUG o.a.g.rest.RESTExceptionMapper - Client request 
rejected: Permission Denied.  ---------------------------------- L O G S END 
----------------------------------   MESSAGE:  DEBUG 
o.a.g.rest.RESTExceptionMapper - Client request rejected: Permission Denied.    
-------------- DATABASE INFO (Permission) ------------------------------------  
mysql> SELECT * FROM guacamole_entity JOIN guacamole_user_permission ON 
guacamole_entity.entity_id = guacamole_user_permission.entity_id WHERE 
guacamole_entity.name = 'guacadmin';  
+-----------+-----------+------+-----------+------------------+------------+  | 
entity_id | name      | type | entity_id | affected_user_id | permission |  
+-----------+-----------+------+-----------+------------------+------------+  | 
        1 | guacadmin | USER |         1 |                1 | READ       |  |   
      1 | guacadmin | USER |         1 |                1 | UPDATE     |  |     
    1 | guacadmin | USER |         1 |                1 | ADMINISTER |  |       
  1 | guacadmin | USER |         1 |                2 | READ       |  |         
1 | guacadmin | USER |         1 |                2 | UPDATE     |  |         1 
| guacadmin | USER |         1 |                2 | DELETE     |  |         1 | 
guacadmin | USER |         1 |                2 | ADMINISTER |  
+-----------+-----------+------+-----------+------------------+------------+    
I want to be able to dynamically create a URL after clicking on it, which will 
open the VM window in browser (without having to enter parameters, username or 
password).   --  THANK YOU FOR HELP!  Best Regards,  Marcin

Reply via email to