You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by jm...@apache.org on 2016/07/22 02:50:56 UTC
[2/8] incubator-guacamole-client git commit: GUACAMOLE-5: Extract
common base class for AuthenticatedUser.
GUACAMOLE-5: Extract common base class for AuthenticatedUser.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/75f74eec
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/75f74eec
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/75f74eec
Branch: refs/heads/master
Commit: 75f74eec94a2e8d0bfd1f04267669f5de6a0c2f0
Parents: e1f4e65
Author: Michael Jumper <mj...@apache.org>
Authored: Wed Jul 20 13:42:57 2016 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Wed Jul 20 13:42:57 2016 -0700
----------------------------------------------------------------------
.../auth/jdbc/user/AuthenticatedUser.java | 103 +-------------
.../auth/jdbc/user/RemoteAuthenticatedUser.java | 141 +++++++++++++++++++
2 files changed, 143 insertions(+), 101 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/75f74eec/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticatedUser.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticatedUser.java
index 0696c88..d58c2e3 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticatedUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/AuthenticatedUser.java
@@ -22,9 +22,6 @@ package org.apache.guacamole.auth.jdbc.user;
import java.util.Collections;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
@@ -33,7 +30,7 @@ import org.apache.guacamole.net.auth.Credentials;
*
* @author Michael Jumper
*/
-public class AuthenticatedUser implements org.apache.guacamole.net.auth.AuthenticatedUser {
+public class AuthenticatedUser extends RemoteAuthenticatedUser {
/**
* The user that authenticated.
@@ -41,42 +38,6 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
private final ModeledUser user;
/**
- * The credentials given when this user authenticated.
- */
- private final Credentials credentials;
-
- /**
- * The AuthenticationProvider that authenticated this user.
- */
- private final AuthenticationProvider authenticationProvider;
-
- /**
- * The host from which this user authenticated.
- */
- private final String remoteHost;
-
- /**
- * Regular expression which matches any IPv4 address.
- */
- private static final String IPV4_ADDRESS_REGEX = "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})";
-
- /**
- * Regular expression which matches any IPv6 address.
- */
- private static final String IPV6_ADDRESS_REGEX = "([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7})";
-
- /**
- * Regular expression which matches any IP address, regardless of version.
- */
- private static final String IP_ADDRESS_REGEX = "(" + IPV4_ADDRESS_REGEX + "|" + IPV6_ADDRESS_REGEX + ")";
-
- /**
- * Pattern which matches valid values of the de-facto standard
- * "X-Forwarded-For" header.
- */
- private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$");
-
- /**
* The connections which have been committed for use by this user in the
* context of a balancing connection group. Balancing connection groups
* will preferentially choose connections within this set, unless those
@@ -88,38 +49,6 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
Collections.newSetFromMap(new ConcurrentHashMap<String, Boolean>());
/**
- * Derives the remote host of the authenticating user from the given
- * credentials object. The remote host is derived from X-Forwarded-For
- * in addition to the actual source IP of the request, and thus is not
- * trusted. The derived remote host is really only useful for logging,
- * unless the server is configured such that X-Forwarded-For is guaranteed
- * to be trustworthy.
- *
- * @param credentials
- * The credentials to derive the remote host from.
- *
- * @return
- * The remote host from which the user with the given credentials is
- * authenticating.
- */
- private static String getRemoteHost(Credentials credentials) {
-
- HttpServletRequest request = credentials.getRequest();
-
- // Use X-Forwarded-For, if present and valid
- String header = request.getHeader("X-Forwarded-For");
- if (header != null) {
- Matcher matcher = X_FORWARDED_FOR.matcher(header);
- if (matcher.matches())
- return matcher.group(1);
- }
-
- // If header absent or invalid, just use source IP
- return request.getRemoteAddr();
-
- }
-
- /**
* Creates a new AuthenticatedUser associating the given user with their
* corresponding credentials.
*
@@ -134,10 +63,8 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
*/
public AuthenticatedUser(AuthenticationProvider authenticationProvider,
ModeledUser user, Credentials credentials) {
- this.authenticationProvider = authenticationProvider;
+ super(authenticationProvider, credentials);
this.user = user;
- this.credentials = credentials;
- this.remoteHost = getRemoteHost(credentials);
}
/**
@@ -151,27 +78,6 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
}
/**
- * Returns the credentials given during authentication by this user.
- *
- * @return
- * The credentials given during authentication by this user.
- */
- @Override
- public Credentials getCredentials() {
- return credentials;
- }
-
- /**
- * Returns the host from which this user authenticated.
- *
- * @return
- * The host from which this user authenticated.
- */
- public String getRemoteHost() {
- return remoteHost;
- }
-
- /**
* Returns whether the connection having the given identifier has been
* marked as preferred for this user's current Guacamole session. A
* preferred connection is always chosen in favor of other connections when
@@ -202,11 +108,6 @@ public class AuthenticatedUser implements org.apache.guacamole.net.auth.Authenti
}
@Override
- public AuthenticationProvider getAuthenticationProvider() {
- return authenticationProvider;
- }
-
- @Override
public String getIdentifier() {
return user.getIdentifier();
}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/75f74eec/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
new file mode 100644
index 0000000..cb89b50
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java
@@ -0,0 +1,141 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.user;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.AuthenticationProvider;
+import org.apache.guacamole.net.auth.Credentials;
+
+/**
+ * An AuthenticatedUser that has an associated remote host.
+ *
+ * @author Michael Jumper
+ */
+public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {
+
+ /**
+ * The credentials given when this user authenticated.
+ */
+ private final Credentials credentials;
+
+ /**
+ * The AuthenticationProvider that authenticated this user.
+ */
+ private final AuthenticationProvider authenticationProvider;
+
+ /**
+ * The host from which this user authenticated.
+ */
+ private final String remoteHost;
+
+ /**
+ * Regular expression which matches any IPv4 address.
+ */
+ private static final String IPV4_ADDRESS_REGEX = "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})";
+
+ /**
+ * Regular expression which matches any IPv6 address.
+ */
+ private static final String IPV6_ADDRESS_REGEX = "([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7})";
+
+ /**
+ * Regular expression which matches any IP address, regardless of version.
+ */
+ private static final String IP_ADDRESS_REGEX = "(" + IPV4_ADDRESS_REGEX + "|" + IPV6_ADDRESS_REGEX + ")";
+
+ /**
+ * Pattern which matches valid values of the de-facto standard
+ * "X-Forwarded-For" header.
+ */
+ private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$");
+
+ /**
+ * Derives the remote host of the authenticating user from the given
+ * credentials object. The remote host is derived from X-Forwarded-For
+ * in addition to the actual source IP of the request, and thus is not
+ * trusted. The derived remote host is really only useful for logging,
+ * unless the server is configured such that X-Forwarded-For is guaranteed
+ * to be trustworthy.
+ *
+ * @param credentials
+ * The credentials to derive the remote host from.
+ *
+ * @return
+ * The remote host from which the user with the given credentials is
+ * authenticating.
+ */
+ private static String getRemoteHost(Credentials credentials) {
+
+ HttpServletRequest request = credentials.getRequest();
+
+ // Use X-Forwarded-For, if present and valid
+ String header = request.getHeader("X-Forwarded-For");
+ if (header != null) {
+ Matcher matcher = X_FORWARDED_FOR.matcher(header);
+ if (matcher.matches())
+ return matcher.group(1);
+ }
+
+ // If header absent or invalid, just use source IP
+ return request.getRemoteAddr();
+
+ }
+
+ /**
+ * Creates a new RemoteAuthenticatedUser, deriving the associated remote
+ * host from the given credentials.
+ *
+ * @param authenticationProvider
+ * The AuthenticationProvider that has authenticated the given user.
+ *
+ * @param credentials
+ * The credentials given by the user when they authenticated.
+ */
+ public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider,
+ Credentials credentials) {
+ this.authenticationProvider = authenticationProvider;
+ this.credentials = credentials;
+ this.remoteHost = getRemoteHost(credentials);
+ }
+
+ @Override
+ public Credentials getCredentials() {
+ return credentials;
+ }
+
+ /**
+ * Returns the host from which this user authenticated.
+ *
+ * @return
+ * The host from which this user authenticated.
+ */
+ public String getRemoteHost() {
+ return remoteHost;
+ }
+
+ @Override
+ public AuthenticationProvider getAuthenticationProvider() {
+ return authenticationProvider;
+ }
+
+}