Re: Restrict user by IP

2017-06-21 Thread Mike Jumper 
On Jun 21, 2017 09:55, "Suncatcher16"  wrote:

Mike Jumper wrote
> There is no setting for this, but you can write an extension which
> provides
> such behavior.
>
>  Mike

You mean Tomcat extension?


No, a Guacamole extension.

Tomcat will only be aware of the address of the request, not the fact that
the request is meant for authentication, nor the username associated with
that request. Only Guacamole will be aware of the full context.

- Mike

Re: Restrict user by IP

2017-06-21 Thread Mike Jumper 
On Sun, Jun 18, 2017 at 11:49 PM, Suncatcher16 
wrote:

> I wanna restrict certain users of Guacamole by IP-address. In particular, I
> want *guacadmin* (user with admin privileges) can access Guacamole
> (settings) only from LAN, whilst other users (with standard privileges) can
> access from Internet too.
> I didn't find appropriate setting in config. Is this possible on
> Guacamole-level? Or should I set up this in Tomcat?
>
>
There is no setting for this, but you can write an extension which provides
such behavior.

If you implement an AuthenticationProvider which does not attempt to
authenticate users (returns null for authenticateUser()), you can leverage
getUserContext() to veto the authentication result of other extensions. Any
exception thrown within getUserContext() will result in the entire
authentication process being canceled and the user auth attempt rejected.
>From within getUserContext(), you can check the IP address of the request
using the Credentials object associated with the AuthenticatedUser.

- Mike

Restrict user by IP

2017-06-19 Thread Suncatcher16 
I wanna restrict certain users of Guacamole by IP-address. In particular, I
want *guacadmin* (user with admin privileges) can access Guacamole
(settings) only from LAN, whilst other users (with standard privileges) can
access from Internet too.
I didn't find appropriate setting in config. Is this possible on
Guacamole-level? Or should I set up this in Tomcat?



--
View this message in context: 
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Restrict-user-by-IP-tp1175.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at 
Nabble.com.