On Wed, Mar 13, 2019 at 3:46 PM sciUser <[email protected]> wrote:
> Hello, > > I am looking for documentation (Not extension) on rewriting the session url > so that the token or username password are removed and a /mysubhere is > placed. Depending on what you're really trying to accomplish, the stock Guacamole Client already does this. If you use the client (without modifications), you'll see that the web application that loads in your browser just has /guacamole/#/ on it, and then /guacamole/#/client/<ENCODED DATA> when you access a client, etc. All of the calls that actually contain parameters are done in the background, hidden from the user. It isn't that you can't see them at all - if you open the Developer Console and watch all of the network traffic you will see them - but the user doesn't normally see them. If you're trying to get rid of the ?token= piece entirely from all of the REST API calls, this isn't possible without significant code modification - the back-end Java application has to have some way of identifying the client making the request, and that's currently implemented by a POST call to /api/tokens with the username and password, and then subsequent calls with the ?token= parameter on the REST API endpoints. In order to completely get rid of the ?token= on the REST API calls you would have to completely rewrite both the front-end JavaScript and back-end Java code to use something other than that token to identify the session (cookies, perhaps). > > I would need to see code examples. > Depending on what you're trying to do (see above), the Guacamole Client already behaves this way, by running a web application in the browser that handles all of the API calls internally, hiding them from the user. > > Currently we get username password passed in for autologin but like to hide > that. > As I have mentioned repeatedly, you do not have to do a GET call with ?username=username&password=password - you can POST to the /api/tokens endpoint to obtain the token. Thus, username and password will not be part of any URLs. You'll still have to deal with the token parameter requirement, as noted above. -Nick
