You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by mj...@apache.org on 2017/10/06 16:51:24 UTC
[07/17] incubator-guacamole-client git commit: GUACAMOLE-364: notify
tunnel listeners in TunnelRequestService
GUACAMOLE-364: notify tunnel listeners in TunnelRequestService
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/6b6340ac
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/6b6340ac
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/6b6340ac
Branch: refs/heads/master
Commit: 6b6340ac464e03cc2a7bb8e9f72f8044e79beed6
Parents: 5a232f6
Author: Carl Harris <ce...@vt.edu>
Authored: Wed Aug 16 06:59:12 2017 -0400
Committer: Carl Harris <ce...@vt.edu>
Committed: Wed Aug 16 06:59:12 2017 -0400
----------------------------------------------------------------------
.../GuacamoleTunnelConnectedException.java | 33 ++++++++
.../GuacamoleTunnelRejectedException.java | 33 ++++++++
.../guacamole/tunnel/TunnelRequestService.java | 84 +++++++++++++++++++-
3 files changed, 149 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/6b6340ac/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelConnectedException.java
----------------------------------------------------------------------
diff --git a/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelConnectedException.java b/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelConnectedException.java
new file mode 100644
index 0000000..96693a4
--- /dev/null
+++ b/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelConnectedException.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.guacamole;
+
+/**
+ * An exception thrown when a request to close a tunnel is vetoed by a
+ * TunnelCloseListener in an extension.
+ */
+public class GuacamoleTunnelConnectedException extends GuacamoleClientException {
+
+ public GuacamoleTunnelConnectedException() {
+ super("tunnel close vetoed by listener extension");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/6b6340ac/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelRejectedException.java
----------------------------------------------------------------------
diff --git a/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelRejectedException.java b/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelRejectedException.java
new file mode 100644
index 0000000..c2e09f9
--- /dev/null
+++ b/guacamole-common/src/main/java/org/apache/guacamole/GuacamoleTunnelRejectedException.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.guacamole;
+
+/**
+ * An exception thrown when a successful tunnel connection is rejected by a
+ * TunnelConnectListener in an extension.
+ */
+public class GuacamoleTunnelRejectedException extends GuacamoleClientException {
+
+ public GuacamoleTunnelRejectedException() {
+ super("tunnel connection rejected by listener extension");
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/6b6340ac/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java
----------------------------------------------------------------------
diff --git a/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java b/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java
index 6283869..823ac1b 100644
--- a/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java
+++ b/guacamole/src/main/java/org/apache/guacamole/tunnel/TunnelRequestService.java
@@ -25,14 +25,20 @@ import java.util.List;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
import org.apache.guacamole.GuacamoleSession;
+import org.apache.guacamole.GuacamoleTunnelConnectedException;
+import org.apache.guacamole.GuacamoleTunnelRejectedException;
import org.apache.guacamole.GuacamoleUnauthorizedException;
import org.apache.guacamole.net.GuacamoleTunnel;
import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.ConnectionGroup;
+import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.UserContext;
+import org.apache.guacamole.net.event.TunnelCloseEvent;
+import org.apache.guacamole.net.event.TunnelConnectEvent;
import org.apache.guacamole.rest.auth.AuthenticationService;
import org.apache.guacamole.protocol.GuacamoleClientInformation;
+import org.apache.guacamole.rest.event.ListenerService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,6 +64,74 @@ public class TunnelRequestService {
private AuthenticationService authenticationService;
/**
+ * A service for notifying listeners about tunnel connect/closed events.
+ */
+ @Inject
+ private ListenerService listenerService;
+
+ /**
+ * Notifies bound TunnelConnectListeners that a new tunnel has been connected.
+ * Listeners are allowed to veto a connected tunnel by returning false from the
+ * listener method. If the ListenerService indicates that any listener rejected
+ * the tunnel, the tunnel is closed an GuacamoleTunnelRejectedException is thrown.
+ *
+ * @param userContext
+ * The UserContext associated with the user for whom the tunnel is
+ * being created.
+ *
+ * @param credentials
+ * Credentials that authenticate the user
+ *
+ * @param tunnel
+ * The tunnel that was connected
+ *
+ * @throws GuacamoleException
+ * If thrown by a listener or if any listener vetoes the connected tunnel
+ */
+ private void notifyTunnelConnectListeners(UserContext userContext,
+ Credentials credentials, GuacamoleTunnel tunnel) throws GuacamoleException {
+ TunnelConnectEvent event = new TunnelConnectEvent(userContext, credentials, tunnel);
+ boolean ok = listenerService.tunnelConnected(event);
+ if (!ok) {
+ try {
+ tunnel.close();
+ }
+ catch (GuacamoleException closeEx) {
+ logger.warn("Error closing rejected tunnel connection: {}", closeEx.getMessage());
+ }
+ throw new GuacamoleTunnelRejectedException();
+ }
+ }
+
+ /**
+ * Notifies bound TunnelCloseListeners that a tunnel is to be closed.
+ * Listeners are allowed to veto a request to close a tunnel by returning false from
+ * the listener method. If the ListenerService indicates that any listener vetoed the
+ * request to the close the tunnel, a GuacamoleTunnelConnectedException is thrown.
+ *
+ * @param userContext
+ * The UserContext associated with the user for whom the tunnel is
+ * being created.
+ *
+ * @param credentials
+ * Credentials that authenticate the user
+ *
+ * @param tunnel
+ * The tunnel that was connected
+ *
+ * @throws GuacamoleException
+ * If thrown by a listener or if any listener vetoes the request to close the tunnel
+ */
+ private void notifyTunnelCloseListeners(UserContext userContext,
+ Credentials credentials, GuacamoleTunnel tunnel)
+ throws GuacamoleException {
+ TunnelCloseEvent event = new TunnelCloseEvent(userContext, credentials, tunnel);
+ if (listenerService.tunnelClosed(event)) {
+ throw new GuacamoleTunnelConnectedException();
+ }
+ }
+
+ /**
* Reads and returns the client information provided within the given
* request.
*
@@ -226,7 +300,7 @@ public class TunnelRequestService {
* @throws GuacamoleException
* If an error occurs while obtaining the tunnel.
*/
- protected GuacamoleTunnel createAssociatedTunnel(GuacamoleTunnel tunnel,
+ protected GuacamoleTunnel createAssociatedTunnel(final GuacamoleTunnel tunnel,
final String authToken, final GuacamoleSession session,
final UserContext context, final TunnelRequest.Type type,
final String id) throws GuacamoleException {
@@ -243,6 +317,10 @@ public class TunnelRequestService {
@Override
public void close() throws GuacamoleException {
+ // notify listeners to allow close request to be vetoed
+ notifyTunnelCloseListeners(context,
+ session.getAuthenticatedUser().getCredentials(), tunnel);
+
long connectionEndTime = System.currentTimeMillis();
long duration = connectionEndTime - connectionStartTime;
@@ -328,6 +406,10 @@ public class TunnelRequestService {
// Create connected tunnel using provided connection ID and client information
GuacamoleTunnel tunnel = createConnectedTunnel(userContext, type, id, info);
+ // Notify listeners to allow connection to be vetoed
+ notifyTunnelConnectListeners(userContext,
+ session.getAuthenticatedUser().getCredentials(), tunnel);
+
// Associate tunnel with session
return createAssociatedTunnel(tunnel, authToken, session, userContext, type, id);