Re: How to tell what connection was selected in a Custom extensions
On Wed, Jul 24, 2019 at 3:26 PM John Lemon wrote: > > Can you explain at a little bit higher level what you're trying to > accomplish? Spin up a cloud resource (e.g. EC2 instance) when someone logs > in, and spin it down when they log out? Or > > something else? Can you share the code you've written so far - is it on > GitHub somewhere? > > Yes, my aim was to spin up EC2 instances only when someone 'selects' the > connection for them. As users will have multiple options, I don't want all > instances to be started when a user logs in. And then closed on exit (if no > one else is using that instance) > Okay. This still should be doable; however, note that there's going to be some delay between the user clicking on the connection and when it actually connects due to the time it takes the instance to get started. You'll need to handle this somehow - but more on that below. > > I've only been playing with the simple code given in the doc's for > handling a tunnel connection event. So what I did was the below. But the > 'Active connections' array is empty and 'Connections Directory' contains > the list of all connections that user has access to. But I can find no > other way to find information on the currently selected connection. I took > a closer look at where the tunnelconnectionevent is called and I see the > currently selected connection is not passed to the listener (is that > right?). If that’s the case , that I can't do what I was hoping to do. (I > hope I'm missing something?) > > The event listener may not be the best way to go, for a couple of reasons. First, as you point out, working backward from there to the actual connection is a bit difficult. Perhaps there's some room for us to improve that a bit, as it seems like it might be useful to easily get to the connection that started it from the event itself, but that's a slightly separate topic. However, beyond that, I think you're going to hit a timing issue, here, with the event listeners and what you're trying to accomplish. That is, you want the user to click on a connection, have Guacamole go to EC2 and start an instance, wait for that instance to boot up and become available, and then connect. My experience with EC2 is that the booting takes anywhere between several seconds and a couple of minutes, and I suspect that you're going to see connection timeouts from Guacamole, even if you are able to trigger the start at the time it is connected. You're going to need to insert some delay into that tunnel connection process such that it will start the EC2 instance, wait for confirmation that it's available, and then make the connection - or, at the very least, start the EC2 instance and retry X number of times every Y seconds. I suspect that a custom authentication extension might be a better way to go, because: - You can dynamically generate the connection list via AWS's Java SDK - You can override the tunnel implementation such that it either waits until the instance is available and then connects, or does some retrying until it succeeds. - You'll have an easier time finding the connection the user clicked on in this process because you'll be able to control the process along the way, inserting bits of code where you need them, rather than just trying to react to the process (as the event listener does). -Nick
RE: How to tell what connection was selected in a Custom extensions
> Can you explain at a little bit higher level what you're trying to
> accomplish? Spin up a cloud resource (e.g. EC2 instance) when someone logs
> in, and spin it down when they log out? Or
> something else? Can you share the code you've written so far - is it on
> GitHub somewhere?
Yes, my aim was to spin up EC2 instances only when someone 'selects' the
connection for them. As users will have multiple options, I don't want all
instances to be started when a user logs in. And then closed on exit (if no one
else is using that instance)
I've only been playing with the simple code given in the doc's for handling a
tunnel connection event. So what I did was the below. But the 'Active
connections' array is empty and 'Connections Directory' contains the list of
all connections that user has access to. But I can find no other way to find
information on the currently selected connection. I took a closer look at where
the tunnelconnectionevent is called and I see the currently selected connection
is not passed to the listener (is that right?). If that’s the case , that I
can't do what I was hoping to do. (I hope I'm missing something?)
else if (event instanceof TunnelConnectEvent) {
logger.info("received Guacamole tunnel connect event notification");
AuthenticationProvider AuthProv = ((TunnelConnectEvent)
event).getAuthenticatedUser().getAuthenticationProvider();
UserContext UserCont = AuthProv.getUserContext(
AuthProv.authenticateUser( ((TunnelConnectEvent) event).getCredentials() ) );
Directory Conn = UserCont.getConnectionDirectory();
Directory Active =
UserCont.getActiveConnectionDirectory();
logger.info("Connection Directory = ",
Arrays.toString(Conn.getIdentifiers().toArray()) );
logger.info("Active Connections = ",
Arrays.toString(Active.getIdentifiers().toArray()) );
thanks
john
-Original Message-
From: Nick Couchman
Sent: Sunday, 21 July 2019 5:38 AM
To: [email protected]
Subject: Re: How to tell what connection was selected in a Custom extensions
On Thu, Jul 18, 2019 at 1:37 AM John Lemon wrote:
> Hello,
>
> I have been looking at using an Event Listener as described in Chapter
> 25's opening comments (to minimise cloud resources for costs saving).
> However, after looking at the docs and API data structures, the one
> thing missing is information on the selected connection (i.e. it's
> name, like say "ssh test1" or "RDP test1").
> From what I understand a custom authentication extension can return
> the list of allow connections, so that is fine. But I cannot use this
> then to control resources as the connection to use hasn't been selected yet.
> A listener can see events (i.e. tunnelstart) that contains information
> on the user and the associated tunnel. But that AuthenticatedUser
> object, doesn't have any information of the currently selected connection (
> i.e.
> getAuthenticationProvider() -> getUserContext() ->
> getActiveConnectionDirectory() is empty), I can see the list of
> allowed connections via getConnectionDirectory(), but not the
> currently select connection .
>
>
Can you explain at a little bit higher level what you're trying to accomplish?
Spin up a cloud resource (e.g. EC2 instance) when someone logs in, and spin it
down when they log out? Or something else? Can you share the code you've
written so far - is it on GitHub somewhere?
-Nick
The information transmitted is intended only for the person or entity to which
it is addressed and may contain confidential and / or privileged material that
may be governed by confidential information provisions contained in the
agreement between GBST and your company. Any disclosure, copying, distribution,
or other use without the express consent of the sender is prohibited. If you
received this in error, please contact the sender and delete the material from
any computer. All rights in the information transmitted, including copyright,
are reserved. Nothing in this message should be interpreted as a digital
signature that can be used to authenticate a document. No warranty is given by
the sender that any attachments to this email are free from viruses or other
defects.
Re: How to tell what connection was selected in a Custom extensions
On Thu, Jul 18, 2019 at 1:37 AM John Lemon wrote: > Hello, > > I have been looking at using an Event Listener as described in Chapter > 25's opening comments (to minimise cloud resources for costs saving). > However, after looking at the docs and API data structures, the one thing > missing is information on the selected connection (i.e. it's name, like say > "ssh test1" or "RDP test1"). > From what I understand a custom authentication extension can return the > list of allow connections, so that is fine. But I cannot use this then to > control resources as the connection to use hasn't been selected yet. > A listener can see events (i.e. tunnelstart) that contains information on > the user and the associated tunnel. But that AuthenticatedUser object, > doesn't have any information of the currently selected connection ( i.e. > getAuthenticationProvider() -> getUserContext() -> > getActiveConnectionDirectory() is empty), I can see the list of allowed > connections via getConnectionDirectory(), but not the currently select > connection . > > Can you explain at a little bit higher level what you're trying to accomplish? Spin up a cloud resource (e.g. EC2 instance) when someone logs in, and spin it down when they log out? Or something else? Can you share the code you've written so far - is it on GitHub somewhere? -Nick
