You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Yang Yang <yy...@icloud.com.INVALID> on 2020/04/22 09:46:10 UTC
Parameter token with HTTP header authentication extension
Hi,
I am looking to use the string in certain HTTP header as a session id, and name the record of the session. Is there any parameter token with HTTP header authentication extension I can use? If not, could you help to tell what I should do to customize the HTTP header authentication extension to work in this way?
What I really want to achieve is have a unique id for each session record file that I can generate by myself. Do you have any other solution?
Thanks,
Yang
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: Parameter token with HTTP header authentication extension
Posted by Yang Yang <yy...@icloud.com.INVALID>.
Very helpful info, Nick! Thank you very much!
Thanks,
Yang
> On Apr 23, 2020, at 03:36, Nick Couchman <vn...@apache.org> wrote:
>
> On Wed, Apr 22, 2020 at 5:46 AM Yang Yang <yy...@icloud.com.invalid> wrote:
> Hi,
>
> I am looking to use the string in certain HTTP header as a session id, and name the record of the session. Is there any parameter token with HTTP header authentication extension I can use? If not, could you help to tell what I should do to customize the HTTP header authentication extension to work in this way?
>
> What I really want to achieve is have a unique id for each session record file that I can generate by myself. Do you have any other solution?
>
>
> The only thing that the header module currently passes through is the header that identifies the user. You could easily add another value to this by modifying the following code:
>
> https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86 <https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86>
>
> That is where the header module extracts the header and makes it available. You could tweak that code and have it look for another header of your specification that would be passed through, and make that available as a token.
>
> Alternatively, Guacamole also has the ${GUAC_DATE} and ${GUAC_TIME} tokens, so if you need to put together something that uniquely identifies the user (i.e. for recording purposes) you could use a combination of tokens, like:
>
> ${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}
>
> -Nick
Re: Parameter token with HTTP header authentication extension
Posted by Yang Yang <yy...@icloud.com.INVALID>.
Hi Nick,
Following your guidance, I made some modifications to the the header module, having it look for another header and make that available as a token, but failed to get the session id for the record name. Is there anything else I should do?
Thanks,
Yang
> On Apr 27, 2020, at 17:30, Yang Yang <yy...@icloud.com> wrote:
>
> Hi Nick,
>
> I failed to get session id from http header “SessionID” with settings “http-session-id-header: SessionID” in guacamole.properties. Changes I made to guacamole-auth-header extension is as below. Is there anything else I missed? With record name set to ${HHEADER_SESSION_ID}-${GUAC_USERNAME}, I can get the correct user name in the record name, as ${HHEADER_SESSION_ID}-guacadmin.1.
>
> #############
> diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
> --- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java 2019-06-24 07:13:11.000000000 +0800
> +++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java 2020-04-26 21:34:04.715403123 +0800
> @@ -21,12 +21,15 @@
>
> import com.google.inject.Inject;
> import com.google.inject.Provider;
> +import java.util.Map;
> +import java.util.HashMap;
> import javax.servlet.http.HttpServletRequest;
> import org.apache.guacamole.GuacamoleException;
> import org.apache.guacamole.net.auth.Credentials;
> import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
> import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
> import org.apache.guacamole.auth.header.user.AuthenticatedUser;
> +import org.apache.guacamole.token.TokenName;
> import java.security.Principal;
>
> /**
> @@ -34,6 +37,10 @@
> * AuthenticationProvider implementation.
> */
> public class AuthenticationProviderService {
> + /**
> + * The prefix to use when getting http header attribute token.
> + */
> + public static final String HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX = "HHEADER_";
>
> /**
> * Service for retrieving header configuration information.
> @@ -68,13 +75,26 @@
> // Pull HTTP header from request if present
> HttpServletRequest request = credentials.getRequest();
> if (request != null) {
> + Map<String, String> tokens = new HashMap<>();
> +
> + // Get the session id from the header configured in guacamole.properties
> + String session_id = request.getHeader(confService.getHttpSessionIdHeader());
> +
> + if (session_id != null) {
> + // Pass session_id to gucamole server as a custom token
> + String tokenName = TokenName.canonicalize("SESSION_ID",
> + HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX);
> + Object value = session_id;
> + if (value != null)
> + tokens.put(tokenName, value.toString());
> + }
>
> // Get the username from the header configured in guacamole.properties
> String username = request.getHeader(confService.getHttpAuthHeader());
>
> if (username != null) {
> AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
> - authenticatedUser.init(username, credentials);
> + authenticatedUser.init(username, credentials, tokens);
> return authenticatedUser;
> }
>
> diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
> --- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java 2019-06-24 07:13:11.000000000 +0800
> +++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java 2020-04-26 21:18:44.196791822 +0800
> @@ -54,4 +54,22 @@
> );
> }
>
> + /**
> + * Returns the header of the HTTP server as configured with
> + * guacamole.properties used for HTTP session id.
> + * By default, this will be "SESSION_ID".
> + *
> + * @return
> + * The header used for HTTP session id, as configured with
> + * guacamole.properties.
> + *
> + * @throws GuacamoleException
> + * If guacamole.properties cannot be parsed.
> + */
> + public String getHttpSessionIdHeader() throws GuacamoleException {
> + return environment.getProperty(
> + HTTPHeaderGuacamoleProperties.HTTP_SESSION_ID_HEADER,
> + "SESSION_ID"
> + );
> + }
> }
> diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
> --- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java 2019-06-24 07:13:11.000000000 +0800
> +++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java 2020-04-26 21:19:33.462203886 +0800
> @@ -45,4 +45,13 @@
>
> };
>
> + /**
> + * The header used for HTTP header session id.
> + */
> + public static final StringGuacamoleProperty HTTP_SESSION_ID_HEADER = new StringGuacamoleProperty() {
> +
> + @Override
> + public String getName() { return "http-session-id-header"; }
> +
> + };
> }
> diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
> --- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java 2019-06-24 07:13:11.000000000 +0800
> +++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java 2020-04-26 21:48:05.856231164 +0800
> @@ -20,6 +20,8 @@
> package org.apache.guacamole.auth.header.user;
>
> import com.google.inject.Inject;
> +import java.util.Collections;
> +import java.util.Map;
> import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
> import org.apache.guacamole.net.auth.AuthenticationProvider;
> import org.apache.guacamole.net.auth.Credentials;
> @@ -44,6 +46,11 @@
> private Credentials credentials;
>
> /**
> + * Tokens associated with this authenticated user.
> + */
> + private Map<String, String> tokens;
> +
> + /**
> * Initializes this AuthenticatedUser using the given username and
> * credentials.
> *
> @@ -53,8 +60,10 @@
> * @param credentials
> * The credentials provided when this user was authenticated.
> */
> - public void init(String username, Credentials credentials) {
> + public void init(String username, Credentials credentials,
> + Map<String, String> tokens) {
> this.credentials = credentials;
> + this.tokens = tokens;
> setIdentifier(username.toLowerCase());
> }
> ##########
>
> Thanks,
> Yang
>
>> On Apr 23, 2020, at 03:36, Nick Couchman <vnick@apache.org <ma...@apache.org>> wrote:
>>
>> On Wed, Apr 22, 2020 at 5:46 AM Yang Yang <yy8402@icloud.com.invalid <ma...@icloud.com.invalid>> wrote:
>> Hi,
>>
>> I am looking to use the string in certain HTTP header as a session id, and name the record of the session. Is there any parameter token with HTTP header authentication extension I can use? If not, could you help to tell what I should do to customize the HTTP header authentication extension to work in this way?
>>
>> What I really want to achieve is have a unique id for each session record file that I can generate by myself. Do you have any other solution?
>>
>>
>> The only thing that the header module currently passes through is the header that identifies the user. You could easily add another value to this by modifying the following code:
>>
>> https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86 <https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86>
>>
>> That is where the header module extracts the header and makes it available. You could tweak that code and have it look for another header of your specification that would be passed through, and make that available as a token.
>>
>> Alternatively, Guacamole also has the ${GUAC_DATE} and ${GUAC_TIME} tokens, so if you need to put together something that uniquely identifies the user (i.e. for recording purposes) you could use a combination of tokens, like:
>>
>> ${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}
>>
>> -Nick
>
Re: Parameter token with HTTP header authentication extension
Posted by Yang Yang <yy...@icloud.com.INVALID>.
Hi Nick,
I failed to get session id from http header “SessionID” with settings “http-session-id-header: SessionID” in guacamole.properties. Changes I made to guacamole-auth-header extension is as below. Is there anything else I missed? With record name set to ${HHEADER_SESSION_ID}-${GUAC_USERNAME}, I can get the correct user name in the record name, as ${HHEADER_SESSION_ID}-guacadmin.1.
#############
diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
--- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java 2019-06-24 07:13:11.000000000 +0800
+++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java 2020-04-26 21:34:04.715403123 +0800
@@ -21,12 +21,15 @@
import com.google.inject.Inject;
import com.google.inject.Provider;
+import java.util.Map;
+import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.apache.guacamole.auth.header.user.AuthenticatedUser;
+import org.apache.guacamole.token.TokenName;
import java.security.Principal;
/**
@@ -34,6 +37,10 @@
* AuthenticationProvider implementation.
*/
public class AuthenticationProviderService {
+ /**
+ * The prefix to use when getting http header attribute token.
+ */
+ public static final String HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX = "HHEADER_";
/**
* Service for retrieving header configuration information.
@@ -68,13 +75,26 @@
// Pull HTTP header from request if present
HttpServletRequest request = credentials.getRequest();
if (request != null) {
+ Map<String, String> tokens = new HashMap<>();
+
+ // Get the session id from the header configured in guacamole.properties
+ String session_id = request.getHeader(confService.getHttpSessionIdHeader());
+
+ if (session_id != null) {
+ // Pass session_id to gucamole server as a custom token
+ String tokenName = TokenName.canonicalize("SESSION_ID",
+ HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX);
+ Object value = session_id;
+ if (value != null)
+ tokens.put(tokenName, value.toString());
+ }
// Get the username from the header configured in guacamole.properties
String username = request.getHeader(confService.getHttpAuthHeader());
if (username != null) {
AuthenticatedUser authenticatedUser = authenticatedUserProvider.get();
- authenticatedUser.init(username, credentials);
+ authenticatedUser.init(username, credentials, tokens);
return authenticatedUser;
}
diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
--- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java 2019-06-24 07:13:11.000000000 +0800
+++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java 2020-04-26 21:18:44.196791822 +0800
@@ -54,4 +54,22 @@
);
}
+ /**
+ * Returns the header of the HTTP server as configured with
+ * guacamole.properties used for HTTP session id.
+ * By default, this will be "SESSION_ID".
+ *
+ * @return
+ * The header used for HTTP session id, as configured with
+ * guacamole.properties.
+ *
+ * @throws GuacamoleException
+ * If guacamole.properties cannot be parsed.
+ */
+ public String getHttpSessionIdHeader() throws GuacamoleException {
+ return environment.getProperty(
+ HTTPHeaderGuacamoleProperties.HTTP_SESSION_ID_HEADER,
+ "SESSION_ID"
+ );
+ }
}
diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
--- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java 2019-06-24 07:13:11.000000000 +0800
+++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java 2020-04-26 21:19:33.462203886 +0800
@@ -45,4 +45,13 @@
};
+ /**
+ * The header used for HTTP header session id.
+ */
+ public static final StringGuacamoleProperty HTTP_SESSION_ID_HEADER = new StringGuacamoleProperty() {
+
+ @Override
+ public String getName() { return "http-session-id-header"; }
+
+ };
}
diff -Naur guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
--- guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java 2019-06-24 07:13:11.000000000 +0800
+++ guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java 2020-04-26 21:48:05.856231164 +0800
@@ -20,6 +20,8 @@
package org.apache.guacamole.auth.header.user;
import com.google.inject.Inject;
+import java.util.Collections;
+import java.util.Map;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
@@ -44,6 +46,11 @@
private Credentials credentials;
/**
+ * Tokens associated with this authenticated user.
+ */
+ private Map<String, String> tokens;
+
+ /**
* Initializes this AuthenticatedUser using the given username and
* credentials.
*
@@ -53,8 +60,10 @@
* @param credentials
* The credentials provided when this user was authenticated.
*/
- public void init(String username, Credentials credentials) {
+ public void init(String username, Credentials credentials,
+ Map<String, String> tokens) {
this.credentials = credentials;
+ this.tokens = tokens;
setIdentifier(username.toLowerCase());
}
##########
Thanks,
Yang
> On Apr 23, 2020, at 03:36, Nick Couchman <vn...@apache.org> wrote:
>
> On Wed, Apr 22, 2020 at 5:46 AM Yang Yang <yy...@icloud.com.invalid> wrote:
> Hi,
>
> I am looking to use the string in certain HTTP header as a session id, and name the record of the session. Is there any parameter token with HTTP header authentication extension I can use? If not, could you help to tell what I should do to customize the HTTP header authentication extension to work in this way?
>
> What I really want to achieve is have a unique id for each session record file that I can generate by myself. Do you have any other solution?
>
>
> The only thing that the header module currently passes through is the header that identifies the user. You could easily add another value to this by modifying the following code:
>
> https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86 <https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86>
>
> That is where the header module extracts the header and makes it available. You could tweak that code and have it look for another header of your specification that would be passed through, and make that available as a token.
>
> Alternatively, Guacamole also has the ${GUAC_DATE} and ${GUAC_TIME} tokens, so if you need to put together something that uniquely identifies the user (i.e. for recording purposes) you could use a combination of tokens, like:
>
> ${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}
>
> -Nick
Re: Parameter token with HTTP header authentication extension
Posted by Nick Couchman <vn...@apache.org>.
On Wed, Apr 22, 2020 at 5:46 AM Yang Yang <yy...@icloud.com.invalid> wrote:
> Hi,
>
> I am looking to use the string in certain HTTP header as a session id, and
> name the record of the session. Is there any parameter token with HTTP
> header authentication extension I can use? If not, could you help to tell
> what I should do to customize the HTTP header authentication extension to
> work in this way?
>
> What I really want to achieve is have a unique id for each session record
> file that I can generate by myself. Do you have any other solution?
>
>
The only thing that the header module currently passes through is the
header that identifies the user. You could easily add another value to
this by modifying the following code:
https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86
That is where the header module extracts the header and makes it
available. You could tweak that code and have it look for another header
of your specification that would be passed through, and make that available
as a token.
Alternatively, Guacamole also has the ${GUAC_DATE} and ${GUAC_TIME} tokens,
so if you need to put together something that uniquely identifies the user
(i.e. for recording purposes) you could use a combination of tokens, like:
${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}
-Nick