You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by jm...@apache.org on 2016/12/06 06:27:38 UTC
[10/12] incubator-guacamole-client git commit: GUACAMOLE-136: Rename
overly-generic AuthenticationProviderService to UserVerificationService.
GUACAMOLE-136: Rename overly-generic AuthenticationProviderService to UserVerificationService.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/e6f0b7df
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/e6f0b7df
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/e6f0b7df
Branch: refs/heads/master
Commit: e6f0b7df179266ba2b023b5cbaa24951c7b5d6ac
Parents: c3c553a
Author: Michael Jumper <mj...@apache.org>
Authored: Mon Dec 5 21:33:50 2016 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Mon Dec 5 22:19:46 2016 -0800
----------------------------------------------------------------------
.../auth/duo/AuthenticationProviderService.java | 109 -------------------
.../auth/duo/DuoAuthenticationProvider.java | 6 +-
.../duo/DuoAuthenticationProviderModule.java | 2 +-
.../auth/duo/UserVerificationService.java | 108 ++++++++++++++++++
4 files changed, 112 insertions(+), 113 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e6f0b7df/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/AuthenticationProviderService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/AuthenticationProviderService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/AuthenticationProviderService.java
deleted file mode 100644
index c3dd8ee..0000000
--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/AuthenticationProviderService.java
+++ /dev/null
@@ -1,109 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.guacamole.auth.duo;
-
-import com.google.inject.Inject;
-import java.util.Collections;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.guacamole.GuacamoleClientException;
-import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.auth.duo.conf.ConfigurationService;
-import org.apache.guacamole.auth.duo.form.DuoSignedResponseField;
-import org.apache.guacamole.form.Field;
-import org.apache.guacamole.net.auth.AuthenticatedUser;
-import org.apache.guacamole.net.auth.Credentials;
-import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
-import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
-
-/**
- * Service providing convenience functions for the Duo AuthenticationProvider
- * implementation.
- */
-public class AuthenticationProviderService {
-
- /**
- * Service for retrieving Duo configuration information.
- */
- @Inject
- private ConfigurationService confService;
-
- /**
- * Service for verifying users with the DuoWeb API.
- */
- @Inject
- private DuoWebService duoWebService;
-
- /**
- * Verifies the identity of the given user via the Duo multi-factor
- * authentication service. If a signed response from Duo has not already
- * been provided, a signed response from Duo is requested in the
- * form of additional expected credentials. Any provided signed response
- * is cryptographically verified. If no signed response is present, or the
- * signed response is invalid, an exception is thrown.
- *
- * @param authenticatedUser
- * The user whose identity should be verified against Duo.
- *
- * @throws GuacamoleException
- * If required Duo-specific configuration options are missing or
- * malformed, or if the user's identity cannot be verified.
- */
- public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
- throws GuacamoleException {
-
- // Pull the original HTTP request used to authenticate
- Credentials credentials = authenticatedUser.getCredentials();
- HttpServletRequest request = credentials.getRequest();
-
- // Ignore anonymous users
- if (authenticatedUser.getIdentifier().equals(AuthenticatedUser.ANONYMOUS_IDENTIFIER))
- return;
-
- // Retrieve signed Duo response from request
- String signedResponse = request.getParameter(DuoSignedResponseField.PARAMETER_NAME);
-
- // If no signed response, request one
- if (signedResponse == null) {
-
- // Create field which requests a signed response from Duo that
- // verifies the identity of the given user via the configured
- // Duo API endpoint
- Field signedResponseField = new DuoSignedResponseField(
- confService.getAPIHostname(),
- duoWebService.createSignedRequest(authenticatedUser));
-
- // Create an overall description of the additional credentials
- // required to verify identity
- CredentialsInfo expectedCredentials = new CredentialsInfo(
- Collections.singletonList(signedResponseField));
-
- // Request additional credentials
- throw new GuacamoleInsufficientCredentialsException(
- "LOGIN.INFO_DUO_AUTH_REQUIRED", expectedCredentials);
-
- }
-
- // If signed response does not verify this user's identity, abort auth
- if (!duoWebService.isValidSignedResponse(authenticatedUser, signedResponse))
- throw new GuacamoleClientException("LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT");
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e6f0b7df/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java
index bcf8c83..ccb1c40 100644
--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProvider.java
@@ -78,11 +78,11 @@ public class DuoAuthenticationProvider implements AuthenticationProvider {
public UserContext getUserContext(AuthenticatedUser authenticatedUser)
throws GuacamoleException {
- AuthenticationProviderService authProviderService =
- injector.getInstance(AuthenticationProviderService.class);
+ UserVerificationService verificationService =
+ injector.getInstance(UserVerificationService.class);
// Verify user against Duo service
- authProviderService.verifyAuthenticatedUser(authenticatedUser);
+ verificationService.verifyAuthenticatedUser(authenticatedUser);
// User has been verified, and authentication should be allowed to
// continue
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e6f0b7df/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
index c3c129c..2dfc4eb 100644
--- a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/DuoAuthenticationProviderModule.java
@@ -72,9 +72,9 @@ public class DuoAuthenticationProviderModule extends AbstractModule {
bind(Environment.class).toInstance(environment);
// Bind Duo-specific services
- bind(AuthenticationProviderService.class);
bind(ConfigurationService.class);
bind(DuoWebService.class);
+ bind(UserVerificationService.class);
}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/e6f0b7df/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
new file mode 100644
index 0000000..3209be2
--- /dev/null
+++ b/extensions/guacamole-auth-duo/src/main/java/org/apache/guacamole/auth/duo/UserVerificationService.java
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.duo;
+
+import com.google.inject.Inject;
+import java.util.Collections;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.guacamole.GuacamoleClientException;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.duo.conf.ConfigurationService;
+import org.apache.guacamole.auth.duo.form.DuoSignedResponseField;
+import org.apache.guacamole.form.Field;
+import org.apache.guacamole.net.auth.AuthenticatedUser;
+import org.apache.guacamole.net.auth.Credentials;
+import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
+import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
+
+/**
+ * Service for verifying the identity of a user against Duo.
+ */
+public class UserVerificationService {
+
+ /**
+ * Service for retrieving Duo configuration information.
+ */
+ @Inject
+ private ConfigurationService confService;
+
+ /**
+ * Service for verifying users with the DuoWeb API.
+ */
+ @Inject
+ private DuoWebService duoWebService;
+
+ /**
+ * Verifies the identity of the given user via the Duo multi-factor
+ * authentication service. If a signed response from Duo has not already
+ * been provided, a signed response from Duo is requested in the
+ * form of additional expected credentials. Any provided signed response
+ * is cryptographically verified. If no signed response is present, or the
+ * signed response is invalid, an exception is thrown.
+ *
+ * @param authenticatedUser
+ * The user whose identity should be verified against Duo.
+ *
+ * @throws GuacamoleException
+ * If required Duo-specific configuration options are missing or
+ * malformed, or if the user's identity cannot be verified.
+ */
+ public void verifyAuthenticatedUser(AuthenticatedUser authenticatedUser)
+ throws GuacamoleException {
+
+ // Pull the original HTTP request used to authenticate
+ Credentials credentials = authenticatedUser.getCredentials();
+ HttpServletRequest request = credentials.getRequest();
+
+ // Ignore anonymous users
+ if (authenticatedUser.getIdentifier().equals(AuthenticatedUser.ANONYMOUS_IDENTIFIER))
+ return;
+
+ // Retrieve signed Duo response from request
+ String signedResponse = request.getParameter(DuoSignedResponseField.PARAMETER_NAME);
+
+ // If no signed response, request one
+ if (signedResponse == null) {
+
+ // Create field which requests a signed response from Duo that
+ // verifies the identity of the given user via the configured
+ // Duo API endpoint
+ Field signedResponseField = new DuoSignedResponseField(
+ confService.getAPIHostname(),
+ duoWebService.createSignedRequest(authenticatedUser));
+
+ // Create an overall description of the additional credentials
+ // required to verify identity
+ CredentialsInfo expectedCredentials = new CredentialsInfo(
+ Collections.singletonList(signedResponseField));
+
+ // Request additional credentials
+ throw new GuacamoleInsufficientCredentialsException(
+ "LOGIN.INFO_DUO_AUTH_REQUIRED", expectedCredentials);
+
+ }
+
+ // If signed response does not verify this user's identity, abort auth
+ if (!duoWebService.isValidSignedResponse(authenticatedUser, signedResponse))
+ throw new GuacamoleClientException("LOGIN.INFO_DUO_VALIDATION_CODE_INCORRECT");
+
+ }
+
+}