GitHub user mike-jumper opened a pull request:
https://github.com/apache/incubator-guacamole-client/pull/30
GUACAMOLE-5: Add concept of sharing profiles to guacamole-ext and REST API.
Background
-------------------
Independent of the web application and surrounding APIs, screen sharing has
already been implemented within guacamole-server. When a user wants to join an
existing connection, differing levels of access for the joining user are
implemented through providing different connection parameters.
To provide this functionality through the web application, the extension
API needs to be modified to support those semantics, and the REST API needs to
be modified to expose them.
The goal of
[GUACAMOLE-5](https://issues.apache.org/jira/browse/GUACAMOLE-5) in general is
to implement the necessary API and interface changes to provide a means for
users to generate temporary "share links" for their connections, where the
ability to generate such links (and the level of access provided to such links)
is dictated by the administrator.
Sharing profiles
-------------------------
The API changes proposed here involve a new object: `SharingProfile`. This
object is the abstraction of the semantics described above. Like a
`Connection`, defines a set of parameter name/value pairs which dictate the
level of access provided by that connection. Like all other objects within the
extension subsystem, it's stored within a `Directory<SharingProfile>` in the
`UserContext`, and it has its own `CREATE_SHARING_PROFILE` system permission
and set of object-level permissions.
*Unlike* a `Connection`, however, it cannot be connected to directly, and
does not implement `Connectable`. To use a `SharingProfile` to access a
connection, the following needs to happen:
1. A user with `READ` access to both the `SharingProfile` and its
associated `Connection` connects to the `Connection`. The backend creates a new
`GuacamoleTunnel` for this newly-established connection, as well as an
`ActiveConnection` to track its existence.
2. The user that connected looks up the available sharing profiles for
their active connection via the REST API, and makes another request to retrieve
temporary credentials (an instance of `UserCredentials`). The client-side
JavaScript parses these credentials to determine the format of the link, and
provides the link to the user.
3. The user sends the link to the person intending to join. Upon visiting
the link, that person is temporarily authorized by the extension that generated
the temporary credentials. The single `Connection` available to that user will
actually join the existing connection according to the restrictions of the
`SharingProfile`.
Summary of changes
----------------------------------
1. New `SharingProfile` object. The connection that can be joined by a
sharing profile is referred to as the "primary connection", with the sharing
profile being subordinate.
2. Corresponding `Directory<SharingProfile>`, `CREATE_SHARING_PROFILE`
system-level permission, and object-level `getSharingProfilePermissions()` on
`User`.
3. New `Shareable` interface, which defines the function to be used to
generate temporary credentials for a shared object. In the case of these
changes, `ActiveConnection` implements `Shareable<SharingProfile>`.
4. New `UserCredentials` object, allowing extensions to describe the actual
credentials of a user in a way that can be parsed by an automated system.
5. New `QUERY_PARAMETER` field type, allowing `UserCredentials` to specify
a token, etc. that must be included in the URL.
6. REST API changes supporting retrieval of the `ActiveConnection` from a
tunnel, temporary sharing `UserCredentials` from an `ActiveConnection`, etc.
7. All necessary base changes to keep the existing extensions buildable,
despite support for `SharingProfile` not yet being implemented therein.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/incubator-guacamole-client
sharing-profiles
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-guacamole-client/pull/30.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #30
----
commit eededc33caea697e07587bbded77f40649283159
Author: Michael Jumper <[email protected]>
Date: 2016-07-14T08:47:06Z
GUACAMOLE-5: Define sharing profiles and their relationship to connections.
commit ad50a7729343698e69ad983dc5cdb9b848ef03a5
Author: Michael Jumper <[email protected]>
Date: 2016-04-20T19:06:40Z
GUACAMOLE-5: Implement QUERY_PARAMETER field type.
commit f9f78a64fc8b77219b2d996a25d6e238071bb65c
Author: Michael Jumper <[email protected]>
Date: 2016-04-20T19:08:30Z
GUACAMOLE-5: Define UserCredentials object which couples a CredentialsInfo
with defined parameter values.
commit e687ed040f5c0db82ac0f951decca25a65575aa6
Author: Michael Jumper <[email protected]>
Date: 2016-04-20T19:09:31Z
GUACAMOLE-5: Define Shareable interface which defines a mechanism for
generating (likely temporary) credentials.
commit 3dce3bc5b862b883dfa479dedaa89d49b3c86253
Author: Michael Jumper <[email protected]>
Date: 2016-07-12T23:03:08Z
GUACAMOLE-5: Add Connection subresource to the ActiveConnection resource.
commit aeb60e7e53695df65b659db02bf8d460e5a1840e
Author: Michael Jumper <[email protected]>
Date: 2016-07-12T23:14:24Z
GUACAMOLE-5: Add ActiveConnection subresource to the tunnel REST resource.
commit a2ad7a69abe58e39e376370e8e6fdc017629cd6e
Author: Michael Jumper <[email protected]>
Date: 2016-07-15T19:49:25Z
GUACAMOLE-5: Add sharing profile permissions.
commit 0f49c39ed4c3768e8886d50b7e3a52193039bbc2
Author: Michael Jumper <[email protected]>
Date: 2016-07-15T19:50:47Z
GUACAMOLE-5: Track the sharing profile associated with an active connection.
commit 0a0b5000bf5bf44b62ac64b03e10d4eb0bb9b51e
Author: Michael Jumper <[email protected]>
Date: 2016-07-15T20:01:59Z
GUACAMOLE-5: ActiveConnections should be Shareable, to allow sharing links
to be generated based on a SharingProfile.
commit 4eebc3b3015415431b76fce2bf5a29773c774d16
Author: Michael Jumper <[email protected]>
Date: 2016-07-15T20:25:39Z
GUACAMOLE-5: Bring LDAP authentication up to date with sharing profile API
changes.
commit 2131abb4807b55949912af0af81605645fa9c655
Author: Michael Jumper <[email protected]>
Date: 2016-07-15T20:29:39Z
GUACAMOLE-5: Bring JDBC authentication up to date with sharing profile API
changes.
commit c231f4eb571101e92afef27a929ed31d8da23040
Author: Michael Jumper <[email protected]>
Date: 2016-07-16T01:10:05Z
GUACAMOLE-5: Add SharingProfiles to REST API.
commit e4fe1a3a6512b4f9b40a479b4cb945c3a07c159d
Author: Michael Jumper <[email protected]>
Date: 2016-07-16T04:17:57Z
GUACAMOLE-5: Associate the UserContext with any created tunnel.
commit c6ce92bd0a35a55dd678ceb83b888385b72ac755
Author: Michael Jumper <[email protected]>
Date: 2016-07-16T04:58:59Z
GUACAMOLE-5: Implement retrieval of sharing credentials from an active
connection via REST.
commit 62dcd9e9ec29e2656ac43a9c33522ad032332e93
Author: Michael Jumper <[email protected]>
Date: 2016-07-16T01:41:17Z
GUACAMOLE-5: Implement JavaScript service for retrieving sharing
credentials from an active connection.
commit bb36045ff8df506d890311aefacdd6a395434a98
Author: Michael Jumper <[email protected]>
Date: 2016-07-16T07:31:23Z
GUACAMOLE-5: Add DirectoryView object, providing a Directory interface
around a restricted subset of objects within another existing Directory.
commit 823e7690566c92ee2f5092449ef1b577646a566a
Author: Michael Jumper <[email protected]>
Date: 2016-07-16T07:37:52Z
GUACAMOLE-5: Provide direct access via REST to the sharing profiles
available for the active connection of a given tunnel.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
