jmuehlner commented on PR #780: URL: https://github.com/apache/guacamole-client/pull/780#issuecomment-1341657863
Alright, this is now significantly simplified. I realized that rechecking periodically whether the access window has been changed during an active session was making things a lot more complicated, and isn't really needed for this feature. So now the webapp checks once a minute if the user is outside of an access window, and if so, terminates the user session. > It may be worth considering adding some means of requesting that a session be terminated outside implicit invalidation from throwing `GuacamoleUnauthorizedException`. For example, adding an `isValid()` to `UserContext` could allow extensions to lazily request session invalidation and rely on the webapp taking action within roughly 1 minute. > > I definitely think we should switch to an `AuthenticationProvider`-level thread instead of per-connection threads (see comment), assuming the thread is still needed. If we do that, and we adopt an approach like `isValid()` suggested above, then things _could_ just be: > > 1. Spawn JDBC-specific thread for rechecking user validity. The thread could limit the scope of its search to a single query that covers the users currently logged in. > 2. Ensure `isValid()` returns the correct value when invoked and rely on the webapp to automatically terminate sessions. > > There'd then be no need to recheck things for each directory operation or for each tunnel read/write. Things would simply be automatically enforced within +/- 1 minute. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
