You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by shaykeren <Sh...@quali.com> on 2017/10/03 21:00:20 UTC
showing an error message to the end user
Hi,
I've implemented my own AuthenticationProvider.
I would like to show an error message to user if some request parameter
is not valid.
Any Idea?
in case of any exception the user see a blank page without any error
indication
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by Mike Jumper <mi...@guac-dev.org>.
Hello,
With respect to displaying error messages as a result of exceptions during
auth, Guacamole only handles that during the authentication process which
follows a failed authentication (otherwise, users would receive "Invalid
login" errors upon visiting Guacamole for the first time). That said, you
may still be able to achieve what you're looking for with a different
mechanism.
Guacamole provides for arbitrary prompting for credentials via
GuacamoleInvalidCredentialsException, with the nature of those credentials
dictated via a field type. This is how the Duo authentication works, for
example - by defining custom credentials (the signed response from the Duo
service) associated with a custom field type (a JavaScript prompt embedding
the Duo verification code). If the credentials in your case are some
arbitrary parameter, and the action the user needs to take to correct their
incorrect credentials is a manual action, I suggest:
1) Explicitly defining your arbitrary parameter within the
GuacamoleInvalidCredentialsException thrown
2) Leveraging custom field types for the requested credentials to prompt
the user to correct the problem (warn that the link is outdated, direct the
user to return to the main site, etc.)
That should achieve what you're looking for, albeit with some gymnastics
with the auth process semantics.
Thanks,
- Mike
On Wed, Dec 13, 2017 at 12:04 AM, shaykeren <Sh...@quali.com> wrote:
> Hi Guys,
> I Need help with this one..
>
>
>
> --
> Sent from: http://apache-guacamole-general-user-mailing-list.
> 2363388.n4.nabble.com/
>
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Hi Guys,
I Need help with this one..
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Can someone help with it?
Thanks!
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Hi,
see code below..
I've tried to replace the throwing of the GuacamoleException to
GuacamoleClientException and still no error shown to user.
just to make the scenario more clear..
we are not using the guacamole for authenticating our users.
Our AuthenticationProvider accept any user who has link to the guac client,
means once the user get access link he can use it to ssh/rdp (we are setting
the GuacamoleConfiguration for him with the right parameters), we just want
to validate the link and show an error in case something is wrong.
public class CustomAuthProvider implements AuthenticationProvider{
public String getIdentifier() {
return "my-auth";
}
public Object getResource() throws GuacamoleException {
return null;
}
public AuthenticatedUser authenticateUser(Credentials credentials)
throws GuacamoleException {
try {
//url param validation
}
catch (GuacamoleException ex)
{
logger.error("fail to authenticateUser", ex);
throw ex;
}
catch (Exception ex) {
logger.error("fail to authenticateUser", ex);
throw new GuacamoleException(ex);
}
}
public AuthenticatedUser updateAuthenticatedUser(AuthenticatedUser
authenticatedUser, Credentials credentials) throws GuacamoleException {
return authenticatedUser;
}
public UserContext getUserContext(AuthenticatedUser authenticatedUser)
throws GuacamoleException {
try {
AnonymousAuthenticatedUser anonymousAuthenticatedUser =
(AnonymousAuthenticatedUser) authenticatedUser;
GuacamoleConfiguration config =
anonymousAuthenticatedUser.config;
Map<String, GuacamoleConfiguration> configs = new
HashMap<String, GuacamoleConfiguration>();
String configId = UUID.randomUUID().toString();
configs.put(configId, config);
SimpleUserContext context = new SimpleUserContext(this,
anonymousAuthenticatedUser.getIdentifier(), configs);
return context;
}
catch (Exception e) {
logger.error("fail to getUserContext", e);
throw new GuacamoleException(e);
}
}
public UserContext updateUserContext(UserContext userContext,
AuthenticatedUser authenticatedUser, Credentials credentials) throws
GuacamoleException {
return userContext;
}
public class AnonymousAuthenticatedUser extends
AbstractAuthenticatedUser {
private final GuacamoleConfiguration config;
private final CustomAuthProvider customAuthProvider;
private Credentials credentials;
public AnonymousAuthenticatedUser(CustomAuthProvider
customAuthProvider, GuacamoleConfiguration config,Credentials credentials) {
this.config = config;
this.customAuthProvider = customAuthProvider;
this.credentials = credentials;
setIdentifier(ANONYMOUS_IDENTIFIER);
}
public GuacamoleConfiguration getAuthorizedConfiguration() {
return config;
}
public AuthenticationProvider getAuthenticationProvider() {
return customAuthProvider;
}
public Credentials getCredentials() {
return credentials;
}
}
}
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by vnick <vn...@apache.org>.
shaykeren wrote
> guys, any idea?
One of Mike's previous posts gave some pretty specific examples. What have
you tried? Can you post some examples of code (either a link to a github
repo or a PasteBin, etc.) that you expect to work but does not?
-Nick
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
guys, any idea?
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Hi,
I tried to throw GuacamoleClientException exception but still no error
message was shown.
thanks!
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Hi Mike,
Our users deploy their machine via our web application, once the machine
deployed they get link to it.
Link example:
http://localhost:8080/guacamole/#/client?protocol=ssh&hostname=xxx&username=xxx
To simplify this scenario, No authentication required.
Once he click this link we are validating link parameters and ssh terminal
will be shown.
I would like to show an error message in case some link parameter is not
valid.
Thanks!
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by Mike Jumper <mi...@guac-dev.org>.
On Sat, Oct 7, 2017 at 12:03 AM, shaykeren <Sh...@quali.com> wrote:
> Our extension inherit from AuthenticationProvider
> In authenticateUser method We are validating credentials.getRequest().
> in case the request(HttpServletRequest) contains invalid parameter an
> exception is raised (GuacamoleException) with the right message.
>
> Basically our users are being redirected to guacamole in order to SSH/RDP.
> Our custom AuthenticationProvider sets GuacamoleConfiguration with the
> pre-selected protocol parameters.
> Thanks!
>
> Any Idea?
>
>
If you throw the lowest-level, Guacamole-specific exception available
(GuacamoleException), there is no semantic information surrounding that
exception for the web application to handle that error in a way which makes
sense. It will be converted to a hard HTTP 500 status code, and
authentication will abort.
Depending on what exactly you're looking for, there are other exceptions
available for:
* Notifying the user that something they've entered is invalid
(GuacamoleClientException). Example: [1]
* Requesting that the user provide entirely new credentials
(GuacamoleInvalidCredentialsException). Example: [2]
* Requesting that the user provide additional credentials
(GuacamoleInsufficientCredentialsException). Example: [3]
Error handling within the web application will not necessarily have the
effect you're looking for, though. If you're only using Guacamole to
service individual connections, you should probably look into building your
own application using the Guacamole API.
It's still unclear exactly what you're aiming for, what the intended user
experience is, etc. It's clear that you are validating HTTP parameters
during authentication, and that you wish to display an error, but the
context of that error is unknown; Guacamole performs authentication on
absolutely all pages, so this parameter could be coming from anywhere. It
would be helpful if you could walk through the user experience, starting
from what they see within the non-Guacamole part of your application.
- Mike
[1]
https://github.com/apache/incubator-guacamole-client/blob/728d9b937c80bbf61ac79dd563dc1775203b34e6/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java#L98-L100
[2]
https://github.com/apache/incubator-guacamole-client/blob/728d9b937c80bbf61ac79dd563dc1775203b34e6/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderService.java#L79-L80
[3]
https://github.com/apache/incubator-guacamole-client/blob/728d9b937c80bbf61ac79dd563dc1775203b34e6/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java#L434-L438
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Our extension inherit from AuthenticationProvider
In authenticateUser method We are validating credentials.getRequest().
in case the request(HttpServletRequest) contains invalid parameter an
exception is raised (GuacamoleException) with the right message.
Basically our users are being redirected to guacamole in order to SSH/RDP.
Our custom AuthenticationProvider sets GuacamoleConfiguration with the
pre-selected protocol parameters.
Thanks!
Any Idea?
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by shaykeren <Sh...@quali.com>.
Our extension inherit from AuthenticationProvider
In authenticateUser method We are validating credentials.getRequest().
in case the request(HttpServletRequest) contains invalid parameter an
exception is raised (GuacamoleException) with the right message.
Basically our users are being redirected to guacamole in order to SSH/RDP.
Our custom AuthenticationProvider sets GuacamoleConfiguration with the
pre-selected protocol parameters.
Thanks!
--
Sent from: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/
Re: showing an error message to the end user
Posted by Nick Couchman <vn...@apache.org>.
On Tue, Oct 3, 2017 at 6:41 PM, Mike Jumper <mi...@guac-dev.org>
wrote:
> On Tue, Oct 3, 2017 at 2:00 PM, shaykeren <Sh...@quali.com> wrote:
>
>> Hi,
>> I've implemented my own AuthenticationProvider.
>> I would like to show an error message to user if some request parameter
>> is not valid.
>
>
> What request are you referring to? What is the nature of the parameter?
>
> - Mike
>
>
Also, what kind of authentication provider? What's the login process look
like?
As much detail as possible :-).
-Nick
Re: showing an error message to the end user
Posted by Mike Jumper <mi...@guac-dev.org>.
On Tue, Oct 3, 2017 at 2:00 PM, shaykeren <Sh...@quali.com> wrote:
> Hi,
> I've implemented my own AuthenticationProvider.
> I would like to show an error message to user if some request parameter
> is not valid.
What request are you referring to? What is the nature of the parameter?
- Mike