All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.guacamole.net.auth.simple.SimpleAuthenticationProvider Maven / Gradle / Ivy

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.guacamole.net.auth.simple;

import java.util.Map;
import java.util.UUID;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.protocol.GuacamoleConfiguration;
import org.apache.guacamole.token.StandardTokens;
import org.apache.guacamole.token.TokenFilter;

/**
 * Provides means of retrieving a set of named GuacamoleConfigurations for a
 * given Credentials object. This is a simple AuthenticationProvider
 * implementation intended to be easily extended. It is useful for simple
 * authentication situations where access to web-based administration and
 * complex users and permissions are not required.
 *
 * The interface provided by SimpleAuthenticationProvider is similar to that of
 * the AuthenticationProvider interface of older Guacamole releases.
 */
public abstract class SimpleAuthenticationProvider
    implements AuthenticationProvider {

    /**
     * Given an arbitrary credentials object, returns a Map containing all
     * configurations authorized by those credentials. The keys of this Map
     * are Strings which uniquely identify each configuration.
     *
     * @param credentials The credentials to use to retrieve authorized
     *                    configurations.
     * @return A Map of all configurations authorized by the given credentials,
     *         or null if the credentials given are not authorized.
     * @throws GuacamoleException If an error occurs while retrieving
     *                            configurations.
     */
    public abstract Map
            getAuthorizedConfigurations(Credentials credentials)
            throws GuacamoleException;

    /**
     * AuthenticatedUser which contains its own predefined set of authorized
     * configurations.
     */
    private class SimpleAuthenticatedUser extends AbstractAuthenticatedUser {

        /**
         * The credentials provided when this AuthenticatedUser was
         * authenticated.
         */
        private final Credentials credentials;

        /**
         * The GuacamoleConfigurations that this AuthenticatedUser is
         * authorized to use.
         */
        private final Map configs;

        /**
         * Creates a new SimpleAuthenticatedUser associated with the given
         * credentials and having access to the given Map of
         * GuacamoleConfigurations.
         *
         * @param credentials
         *     The credentials provided by the user when they authenticated.
         *
         * @param configs
         *     A Map of all GuacamoleConfigurations for which this user has
         *     access. The keys of this Map are Strings which uniquely identify
         *     each configuration.
         */
        public SimpleAuthenticatedUser(Credentials credentials, Map configs) {

            // Store credentials and configurations
            this.credentials = credentials;
            this.configs = configs;

            // Pull username from credentials if it exists
            String username = credentials.getUsername();
            if (username != null && !username.isEmpty())
                setIdentifier(username);

            // Otherwise generate a random username
            else
                setIdentifier(UUID.randomUUID().toString());

        }

        /**
         * Returns a Map containing all GuacamoleConfigurations that this user
         * is authorized to use. The keys of this Map are Strings which
         * uniquely identify each configuration.
         *
         * @return
         *     A Map of all configurations for which this user is authorized.
         */
        public Map getAuthorizedConfigurations() {
            return configs;
        }

        @Override
        public AuthenticationProvider getAuthenticationProvider() {
            return SimpleAuthenticationProvider.this;
        }

        @Override
        public Credentials getCredentials() {
            return credentials;
        }

    }

    /**
     * Given an arbitrary credentials object, returns a Map containing all
     * configurations authorized by those credentials, filtering those
     * configurations using a TokenFilter and the standard credential tokens
     * (like ${GUAC_USERNAME} and ${GUAC_PASSWORD}). The keys of this Map
     * are Strings which uniquely identify each configuration.
     *
     * @param credentials
     *     The credentials to use to retrieve authorized configurations.
     *
     * @return
     *     A Map of all configurations authorized by the given credentials, or
     *     null if the credentials given are not authorized.
     *
     * @throws GuacamoleException
     *     If an error occurs while retrieving configurations.
     */
    private Map
            getFilteredAuthorizedConfigurations(Credentials credentials)
            throws GuacamoleException {

        // Get configurations
        Map configs =
                getAuthorizedConfigurations(credentials);

        // Return as unauthorized if not authorized to retrieve configs
        if (configs == null)
            return null;

        // Build credential TokenFilter
        TokenFilter tokenFilter = new TokenFilter();
        StandardTokens.addStandardTokens(tokenFilter, credentials);

        // Filter each configuration
        for (GuacamoleConfiguration config : configs.values())
            tokenFilter.filterValues(config.getParameters());

        return configs;

    }

    /**
     * Given a user who has already been authenticated, returns a Map
     * containing all configurations for which that user is authorized,
     * filtering those configurations using a TokenFilter and the standard
     * credential tokens (like ${GUAC_USERNAME} and ${GUAC_PASSWORD}). The keys
     * of this Map are Strings which uniquely identify each configuration.
     *
     * @param authenticatedUser
     *     The user whose authorized configurations are to be retrieved.
     *
     * @return
     *     A Map of all configurations authorized for use by the given user, or
     *     null if the user is not authorized to use any configurations.
     *
     * @throws GuacamoleException
     *     If an error occurs while retrieving configurations.
     */
    private Map
            getFilteredAuthorizedConfigurations(AuthenticatedUser authenticatedUser)
            throws GuacamoleException {

        // Pull cached configurations, if any
        if (authenticatedUser instanceof SimpleAuthenticatedUser && authenticatedUser.getAuthenticationProvider() == this)
            return ((SimpleAuthenticatedUser) authenticatedUser).getAuthorizedConfigurations();

        // Otherwise, pull using credentials
        return getFilteredAuthorizedConfigurations(authenticatedUser.getCredentials());

    }

    @Override
    public Object getResource() throws GuacamoleException {
        return null;
    }

    @Override
    public AuthenticatedUser authenticateUser(final Credentials credentials)
            throws GuacamoleException {

        // Get configurations
        Map configs =
                getFilteredAuthorizedConfigurations(credentials);

        // Return as unauthorized if not authorized to retrieve configs
        if (configs == null)
            return null;

        return new SimpleAuthenticatedUser(credentials, configs);

    }

    @Override
    public UserContext getUserContext(AuthenticatedUser authenticatedUser)
            throws GuacamoleException {

        // Get configurations
        Map configs =
                getFilteredAuthorizedConfigurations(authenticatedUser);

        // Return as unauthorized if not authorized to retrieve configs
        if (configs == null)
            return null;

        // Return user context restricted to authorized configs
        return new SimpleUserContext(this, authenticatedUser.getIdentifier(), configs);

    }

    @Override
    public AuthenticatedUser updateAuthenticatedUser(AuthenticatedUser authenticatedUser,
            Credentials credentials) throws GuacamoleException {

        // Simply return the given user, updating nothing
        return authenticatedUser;

    }

    @Override
    public UserContext updateUserContext(UserContext context,
        AuthenticatedUser authorizedUser, Credentials credentials)
            throws GuacamoleException {

        // Simply return the given context, updating nothing
        return context;
        
    }

    @Override
    public void shutdown() {
        // Do nothing
    }

}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy