GitHub user mike-jumper opened a pull request:
https://github.com/apache/guacamole-client/pull/333
GUACAMOLE-524: Use decoration API to inject tokens from LDAP attributes.
This is probably worth some discussion, but I think it's a cleaner and more
future-proof approach to what was previously added via #299.
Overall, this change:
* Keeps the `Attributes` interface (as it does make sense to have) but
removes it from `AuthenticatedUser` (which, in retrospect, may not make have
made sense given that `AuthenticatedUser` has no save/update semantics and no
use for attributes other than for these tokens).
* Adds a new `Map<String, String>` parameter to `connect()`, replacing
previous use of `StandardTokens` with an arbitrary map of tokens whose initial
values are provided by the web application when `connect()` is invoked.
* Adds convenience classes for injecting custom tokens on top of the tokens
provided by the web application: `TokenInjectingConnection`,
`TokenInjectingConnectionGroup`, and `TokenInjectingUserContext`.
* Migrates the LDAP extension away from using attributes on
`AuthenticatedUser` (which, as described above, may not make sense), instead
leveraging `TokenInjectingUserContext` and `TokenInjectingConnection` to inject
its own tokens.
* Deprecates `StandardTokens` as it is no longer needed.
With these changes in place, the functionality added by #299 remains
largely the same, and user attributes are still selectively exposed as tokens
(though these tokens now have an extension-specific `LDAP_` prefix). The main
benefit here is the ability for extensions to arbitrarily inject tokens through
decoration. Virtually anything should now be injectable as a token, as long as
the extension adding the token can make a decision regarding its value based on
information received during the auth process and within the connection /
connection group.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/guacamole-client injectable-tokens
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/guacamole-client/pull/333.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #333
----
commit 1210d5624c4eb173417cab8358eca4cc3b6c0ebe
Author: Michael Jumper <mjumper@...>
Date: 2018-10-04T07:41:07Z
GUACAMOLE-524: Deprecate and replace StandardTokens with arbitrary tokens
provided to Connectable.connect().
commit 7a3f51be71596dba55ec8963a1675920cf3d5e90
Author: Michael Jumper <mjumper@...>
Date: 2018-10-04T17:31:23Z
GUACAMOLE-524: Rename LDAP-specific AuthenticatedUser / UserContext to not
conflict with guacamole-ext classes.
commit 0d7cff5f2d394fa7a7d8a5878895f3b5b9ffea4d
Author: Michael Jumper <mjumper@...>
Date: 2018-10-05T04:17:22Z
GUACAMOLE-524: Add convenience classes for injecting custom parameter
tokens through decoration.
commit 98bd3ead2179febdafcae7935811da88a05beda1
Author: Michael Jumper <mjumper@...>
Date: 2018-10-05T06:37:16Z
GUACAMOLE-524: Remove Attributes interface from AuthenticatedUser. Rely
instead on tokens injected via decoration of connections.
commit cb30b148b9fe8a2561dc1db9e134ee16c7845310
Author: Michael Jumper <mjumper@...>
Date: 2018-10-05T07:12:50Z
GUACAMOLE-524: Consistently generate token names from LDAP attributes with
arbitrary naming conventions.
commit 13e2b066663c0e5a6c6a52474d90a51c6ea48ef8
Author: Michael Jumper <mjumper@...>
Date: 2018-10-05T19:54:00Z
GUACAMOLE-524: Switch to "LDAP_" prefix for LDAP user attribute tokens.
----
---
