You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Lawrence Cortright <la...@tfn.net> on 2016/09/10 02:26:27 UTC
Problem getting a WebSocket Tunnel going
Hi everyone,
I am attempting to make what I think is a standard WebSocket connection
using the JavaScript API and have run into a wall. I'm using Guac 0.9.9,
Tomcat 7.0.54 on CentOS 7. I have the NoAuth extension installed and
working for normal connections to Guacamole and direct to VNC clients
using their Base64 URLs.
The error spew is below, as is the JS code I'm using. I'm getting
"permission denied" errors, and it seems as if NoAuth doesn't come into
play when talking to the tunnel this way?
Thank you in advance for any advice on what I'm doing wrong here.
Regards,
Larry Cortright
--- Error from debug log:
Sep 9 21:49:31 arrakis server: 21:49:31.670 [http-apr-8080-exec-4] ERROR o.g.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Permission Denied.
Sep 9 21:49:31 arrakis server: 21:49:31.672 [http-apr-8080-exec-4] DEBUG o.g.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
Sep 9 21:49:31 arrakis server: org.glyptodon.guacamole.GuacamoleUnauthorizedException: Permission Denied.
Sep 9 21:49:31 arrakis server: at org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService.getGuacamoleSession(AuthenticationService.java:424) ~[AuthenticationService.class:na]
Sep 9 21:49:31 arrakis server: at org.glyptodon.guacamole.net.basic.TunnelRequestService.createTunnel(TunnelRequestService.java:332) ~[TunnelRequestService.class:na]
Sep 9 21:49:31 arrakis server: at org.glyptodon.guacamole.net.basic.websocket.BasicGuacamoleWebSocketTunnelEndpoint.createTunnel(BasicGuacamoleWebSocketTunnelEndpoint.java:116) ~[BasicGuacamoleWebSocketTunnelEndpoint.class:na]
Sep 9 21:49:31 arrakis server: at org.glyptodon.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:114) ~[guacamole-common-0.9.9.jar:na]
Sep 9 21:49:31 arrakis server: at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:129) [tomcat7-websocket.jar:7.0.54]
Sep 9 21:49:31 arrakis server: at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:633) [tomcat-coyote.jar:7.0.54]
Sep 9 21:49:31 arrakis server: at org.apache.tomcat.util.net.AprEndpoint$SocketWithOptionsProcessor.run(AprEndpoint.java:2379) [tomcat-coyote.jar:7.0.54]
Sep 9 21:49:31 arrakis server: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_101]
Sep 9 21:49:31 arrakis server: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_101]
Sep 9 21:49:31 arrakis server: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.54]
Sep 9 21:49:31 arrakis server: at java.lang.Thread.run(Thread.java:745) [na:1.8.0_101]
--- JavaScript code (slightly modified from the tutorial code,
actually). This is called from a page on an nginx server running on the
same machine:
function render_connection()
{
var display = document.getElementById("display");
// Instantiate client, using an HTTP tunnel for communications.
var guac = new Guacamole.Client(new Guacamole.WebSocketTunnel("ws://192.168.1.206:8080/guacamole-0.9.9/websocket-tunnel"));
//var guac = new Guacamole.Client(new Guacamole.HTTPTunnel("http://192.168.1.206:8080/guacamole-0.9.9/tunnel"));
// Add client to display div
display.appendChild(guac.getDisplay().getElement());
// Error handler
guac.onerror = function(error) {
alert(error);
};
// Connect
guac.connect('GUAC_ID=1&GUAC_TYPE=c&GUAC_DATA_SOURCE=noauth');
// Disconnect on close
window.onunload = function() {
guac.disconnect();
}
// Mouse
var mouse = new Guacamole.Mouse(guac.getDisplay().getElement());
mouse.onmousedown =
mouse.onmouseup =
mouse.onmousemove = function(mouseState) {
guac.sendMouseState(mouseState);
};
// Keyboard
var keyboard = new Guacamole.Keyboard(document);
keyboard.onkeydown = function (keysym) {
guac.sendKeyEvent(1, keysym);
};
keyboard.onkeyup = function (keysym) {
guac.sendKeyEvent(0, keysym);
};
}
Re: Problem getting a WebSocket Tunnel going
Posted by Lawrence Cortright <la...@tfn.net>.
On Fri, Sep 09, 2016 at 08:04:23PM -0700, Mike Jumper wrote:
> On Fri, Sep 9, 2016 at 7:26 PM, Lawrence Cortright <la...@tfn.net> wrote:
> > Hi everyone,
> >
> > I am attempting to make what I think is a standard WebSocket connection
> > using the JavaScript API and have run into a wall. I'm using Guac 0.9.9,
> > Tomcat 7.0.54 on CentOS 7. I have the NoAuth extension installed and
> > working for normal connections to Guacamole and direct to VNC clients
> > using their Base64 URLs.
> >
> > The error spew is below, as is the JS code I'm using. I'm getting
> > "permission denied" errors, and it seems as if NoAuth doesn't come into
> > play when talking to the tunnel this way?
> >
> > Thank you in advance for any advice on what I'm doing wrong here.
> >
> > ...
> >
> > // Connect
> > guac.connect('GUAC_ID=1&GUAC_TYPE=c&GUAC_DATA_SOURCE=noauth');
> >
>
> The other missing parameter here, used by the web application, is
> "token". Even though no credentials are checked by NoAuth, as far as
> the web application is concerned, the authentication process still
> needs to occur.
>
> That said:
>
> If you're going this far, you really shouldn't bother using NoAuth,
> etc. Follow the rest of the tutorial with respect to the HTTP tunnel,
> and you will be completely independent of the web application - it
> will be up to you to determine what (if any) authentication occurs,
> how the connection parameters are determined, etc.
>
> The tutorial is not up to date with respect to the WebSocket tunnel,
> but there is an implementation of that in the guacamole-common API as
> well:
>
> https://guacamole.incubator.apache.org/doc/guacamole-common/org/glyptodon/guacamole/websocket/GuacamoleWebSocketTunnelEndpoint.html
>
> The APIs provide the means to implement your own application without
> having to reimplement the core remote desktop pieces of Guacamole. You
> don't need to embed the mainline web application to achieve this.
>
> - Mike
Thanks for the kick in the right direction Mike. I went ahead and began re-tooling the servlet piece to fit
my purposes - much easier than the route I was trying to go down.
Re: Problem getting a WebSocket Tunnel going
Posted by Mike Jumper <mi...@guac-dev.org>.
On Fri, Sep 9, 2016 at 7:26 PM, Lawrence Cortright <la...@tfn.net> wrote:
> Hi everyone,
>
> I am attempting to make what I think is a standard WebSocket connection
> using the JavaScript API and have run into a wall. I'm using Guac 0.9.9,
> Tomcat 7.0.54 on CentOS 7. I have the NoAuth extension installed and
> working for normal connections to Guacamole and direct to VNC clients
> using their Base64 URLs.
>
> The error spew is below, as is the JS code I'm using. I'm getting
> "permission denied" errors, and it seems as if NoAuth doesn't come into
> play when talking to the tunnel this way?
>
> Thank you in advance for any advice on what I'm doing wrong here.
>
> ...
>
> // Connect
> guac.connect('GUAC_ID=1&GUAC_TYPE=c&GUAC_DATA_SOURCE=noauth');
>
The other missing parameter here, used by the web application, is
"token". Even though no credentials are checked by NoAuth, as far as
the web application is concerned, the authentication process still
needs to occur.
That said:
If you're going this far, you really shouldn't bother using NoAuth,
etc. Follow the rest of the tutorial with respect to the HTTP tunnel,
and you will be completely independent of the web application - it
will be up to you to determine what (if any) authentication occurs,
how the connection parameters are determined, etc.
The tutorial is not up to date with respect to the WebSocket tunnel,
but there is an implementation of that in the guacamole-common API as
well:
https://guacamole.incubator.apache.org/doc/guacamole-common/org/glyptodon/guacamole/websocket/GuacamoleWebSocketTunnelEndpoint.html
The APIs provide the means to implement your own application without
having to reimplement the core remote desktop pieces of Guacamole. You
don't need to embed the mainline web application to achieve this.
- Mike