guacamole-common-js confusion

[David L Napier <dn...@umd.edu>]

I'm a bit confused by the architecture in this project after reading the
documentation.  I'm build a node.js application and hoping to utilize
Guacamole.

My questions are:

Does guacamole-common-js load on the front or back end of my web
application?
Does guacamole-common-js connect to the Java Servlet or can it connect to
guacd directly?  (Is the Servlet required?)

Thank you in advance,

-- 
David Napier

System Administrator
University of Maryland
College of Information Studies
email: dnapier@umd.edu
ph: (301) 314-2239

Re: guacamole-common-js confusion

[Mike Jumper <mi...@guac-dev.org>]

On Tue, Oct 31, 2017 at 1:54 PM, David L Napier <dn...@umd.edu> wrote:
> We're building an app that's utilizing Guacamole.  I have Tomcat behind an
> Nginx reverse proxy.  The app successfully utilizes guacamole-common-js and
> connects to tomcat via the proxy.  Then it loads the canvas into the client.
> However, the canvas is returning with a size of 0 height, 0 width.
>

What do you mean by "loads the canvas into the client"?

Guacamole does use canvas tags, but you shouldn't be touching the
canvas itself (which is internal). You should only be dealing with the
display abstraction provided by Guacamole.Display (returned by
getDisplay() of Guacamole.Client), adding the display to the DOM using
the element returned by getElement():

http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Client.html#getDisplay
http://guacamole.incubator.apache.org/doc/guacamole-common-js/Guacamole.Display.html#getElement

The display itself will not have non-zero dimensions until it receives
the size from the server. If this never occurs, check that:

1) You have set handlers for the tunnel and client "onerror" and
"onstatechange" events (so you know when things are failing)
2) There aren't errors in the logs from guacd (the connection may not
have succeeded at all)

> I've got this warning in my console: "[Deprecation] Resource requests whose
> URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and
> less-than characters (`<`) are blocked. Please remove newlines and encode
> less-than characters from places like element attribute values in order to
> load these resources. See
> https://www.chromestatus.com/feature/5735596811091968 for more details."
>

Check your HTML. From the warning, it sounds like some of your
attribute values contain angle brackets, and are thus being recognized
by Chrome as possible injection attacks.

- Mike

Re: guacamole-common-js confusion

[David L Napier <dn...@umd.edu>]

We're building an app that's utilizing Guacamole.  I have Tomcat behind an
Nginx reverse proxy.  The app successfully utilizes guacamole-common-js and
connects to tomcat via the proxy.  Then it loads the canvas into the
client.  However, the canvas is returning with a size of 0 height, 0 width.

I've got this warning in my console: "[Deprecation] Resource requests whose
URLs contained both removed whitespace (`\n`, `\r`, `\t`) characters and
less-than characters (`<`) are blocked. Please remove newlines and encode
less-than characters from places like element attribute values in order to
load these resources. See
https://www.chromestatus.com/feature/5735596811091968 for more details."

Any ideas on if these are related or where I might troubleshoot the canvas
being apparently empty?

Also, that's for the earlier reply, it was extremely helpful.

On Tue, Oct 24, 2017 at 5:09 PM, Mike Jumper <mi...@guac-dev.org>
wrote:

> On Tue, Oct 24, 2017 at 1:10 PM, David L Napier <dn...@umd.edu> wrote:
>
>> I'm a bit confused by the architecture in this project after reading the
>> documentation.  I'm build a node.js application and hoping to utilize
>> Guacamole.
>>
>> My questions are:
>>
>> Does guacamole-common-js load on the front or back end of my web
>> application?
>>
>
> guacamole-common-js is used by the client side of the stack. It runs in
> the browser only. There are no server-side JavaScript components.
>
> Does guacamole-common-js connect to the Java Servlet or can it connect to
>> guacd directly?  (Is the Servlet required?)
>>
>
> The client built into guacamole-common-js expects that the Guacamole
> protocol handshake will be taken care of server-side. This is important
> from a security perspective, to ensure that users cannot simply establish
> arbitrary connections with arbitrary privileges to any remote desktop that
> they please. The implementation provided for this is written in Java that
> is meant to run server-side:
>
> https://github.com/apache/incubator-guacamole-client/blob/
> d955fbea1adbbcd88a9a169100ebad19ef2092cb/guacamole-common/
> src/main/java/org/apache/guacamole/protocol/ConfiguredGuacamoleSocket.java
>
> Typically, this would run within the tunnel servlet/endpoint, yes, with
> that tunnel serving as the sole intermediary between the browser and guacd.
> Again, not being able to connect to guacd directly is an important security
> consideration.
>
> Leveraging guacamole-common is the recommended way of doing this, but if
> you are hard-set on not using Java, you can implement the Guacamole
> protocol handshake yourself and achieve the same. The Guacamole protocol
> and its handshake are documented in the manual:
>
> http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html
>
> - Mike
>
>


-- 
David Napier

System Administrator
University of Maryland
College of Information Studies
email: dnapier@umd.edu
ph: (301) 314-2239

Re: guacamole-common-js confusion

[Mike Jumper <mi...@guac-dev.org>]

On Tue, Oct 24, 2017 at 1:10 PM, David L Napier <dn...@umd.edu> wrote:

> I'm a bit confused by the architecture in this project after reading the
> documentation.  I'm build a node.js application and hoping to utilize
> Guacamole.
>
> My questions are:
>
> Does guacamole-common-js load on the front or back end of my web
> application?
>

guacamole-common-js is used by the client side of the stack. It runs in the
browser only. There are no server-side JavaScript components.

Does guacamole-common-js connect to the Java Servlet or can it connect to
> guacd directly?  (Is the Servlet required?)
>

The client built into guacamole-common-js expects that the Guacamole
protocol handshake will be taken care of server-side. This is important
from a security perspective, to ensure that users cannot simply establish
arbitrary connections with arbitrary privileges to any remote desktop that
they please. The implementation provided for this is written in Java that
is meant to run server-side:

https://github.com/apache/incubator-guacamole-client/blob/d955fbea1adbbcd88a9a169100ebad19ef2092cb/guacamole-common/src/main/java/org/apache/guacamole/protocol/ConfiguredGuacamoleSocket.java

Typically, this would run within the tunnel servlet/endpoint, yes, with
that tunnel serving as the sole intermediary between the browser and guacd.
Again, not being able to connect to guacd directly is an important security
consideration.

Leveraging guacamole-common is the recommended way of doing this, but if
you are hard-set on not using Java, you can implement the Guacamole
protocol handshake yourself and achieve the same. The Guacamole protocol
and its handshake are documented in the manual:

http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html

- Mike