Hi Nick,
I failed to get session id from http header “SessionID” with settings
“http-session-id-header: SessionID” in guacamole.properties. Changes I made to
guacamole-auth-header extension is as below. Is there anything else I missed?
With record name set to ${HHEADER_SESSION_ID}-${GUAC_USERNAME}, I can get the
correct user name in the record name, as ${HHEADER_SESSION_ID}-guacadmin.1.
#############
diff -Naur
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
---
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
2019-06-24 07:13:11.000000000 +0800
+++
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java
2020-04-26 21:34:04.715403123 +0800
@@ -21,12 +21,15 @@
import com.google.inject.Inject;
import com.google.inject.Provider;
+import java.util.Map;
+import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.Credentials;
import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
import
org.apache.guacamole.net.auth.credentials.GuacamoleInvalidCredentialsException;
import org.apache.guacamole.auth.header.user.AuthenticatedUser;
+import org.apache.guacamole.token.TokenName;
import java.security.Principal;
/**
@@ -34,6 +37,10 @@
* AuthenticationProvider implementation.
*/
public class AuthenticationProviderService {
+ /**
+ * The prefix to use when getting http header attribute token.
+ */
+ public static final String HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX = "HHEADER_";
/**
* Service for retrieving header configuration information.
@@ -68,13 +75,26 @@
// Pull HTTP header from request if present
HttpServletRequest request = credentials.getRequest();
if (request != null) {
+ Map<String, String> tokens = new HashMap<>();
+
+ // Get the session id from the header configured in
guacamole.properties
+ String session_id =
request.getHeader(confService.getHttpSessionIdHeader());
+
+ if (session_id != null) {
+ // Pass session_id to gucamole server as a custom token
+ String tokenName = TokenName.canonicalize("SESSION_ID",
+ HTTP_HEADER_ATTRIBUTE_TOKEN_PREFIX);
+ Object value = session_id;
+ if (value != null)
+ tokens.put(tokenName, value.toString());
+ }
// Get the username from the header configured in
guacamole.properties
String username =
request.getHeader(confService.getHttpAuthHeader());
if (username != null) {
AuthenticatedUser authenticatedUser =
authenticatedUserProvider.get();
- authenticatedUser.init(username, credentials);
+ authenticatedUser.init(username, credentials, tokens);
return authenticatedUser;
}
diff -Naur
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
---
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
2019-06-24 07:13:11.000000000 +0800
+++
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/ConfigurationService.java
2020-04-26 21:18:44.196791822 +0800
@@ -54,4 +54,22 @@
);
}
+ /**
+ * Returns the header of the HTTP server as configured with
+ * guacamole.properties used for HTTP session id.
+ * By default, this will be "SESSION_ID".
+ *
+ * @return
+ * The header used for HTTP session id, as configured with
+ * guacamole.properties.
+ *
+ * @throws GuacamoleException
+ * If guacamole.properties cannot be parsed.
+ */
+ public String getHttpSessionIdHeader() throws GuacamoleException {
+ return environment.getProperty(
+ HTTPHeaderGuacamoleProperties.HTTP_SESSION_ID_HEADER,
+ "SESSION_ID"
+ );
+ }
}
diff -Naur
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
---
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
2019-06-24 07:13:11.000000000 +0800
+++
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/HTTPHeaderGuacamoleProperties.java
2020-04-26 21:19:33.462203886 +0800
@@ -45,4 +45,13 @@
};
+ /**
+ * The header used for HTTP header session id.
+ */
+ public static final StringGuacamoleProperty HTTP_SESSION_ID_HEADER = new
StringGuacamoleProperty() {
+
+ @Override
+ public String getName() { return "http-session-id-header"; }
+
+ };
}
diff -Naur
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
---
guacamole-client-1.1.0/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
2019-06-24 07:13:11.000000000 +0800
+++
guacamole-client-1.1.0-session-id/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/user/AuthenticatedUser.java
2020-04-26 21:48:05.856231164 +0800
@@ -20,6 +20,8 @@
package org.apache.guacamole.auth.header.user;
import com.google.inject.Inject;
+import java.util.Collections;
+import java.util.Map;
import org.apache.guacamole.net.auth.AbstractAuthenticatedUser;
import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Credentials;
@@ -44,6 +46,11 @@
private Credentials credentials;
/**
+ * Tokens associated with this authenticated user.
+ */
+ private Map<String, String> tokens;
+
+ /**
* Initializes this AuthenticatedUser using the given username and
* credentials.
*
@@ -53,8 +60,10 @@
* @param credentials
* The credentials provided when this user was authenticated.
*/
- public void init(String username, Credentials credentials) {
+ public void init(String username, Credentials credentials,
+ Map<String, String> tokens) {
this.credentials = credentials;
+ this.tokens = tokens;
setIdentifier(username.toLowerCase());
}
##########
Thanks,
Yang
> On Apr 23, 2020, at 03:36, Nick Couchman <[email protected]> wrote:
>
> On Wed, Apr 22, 2020 at 5:46 AM Yang Yang <[email protected]> wrote:
> Hi,
>
> I am looking to use the string in certain HTTP header as a session id, and
> name the record of the session. Is there any parameter token with HTTP header
> authentication extension I can use? If not, could you help to tell what I
> should do to customize the HTTP header authentication extension to work in
> this way?
>
> What I really want to achieve is have a unique id for each session record
> file that I can generate by myself. Do you have any other solution?
>
>
> The only thing that the header module currently passes through is the header
> that identifies the user. You could easily add another value to this by
> modifying the following code:
>
> https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86
>
> <https://github.com/apache/guacamole-client/blob/f2405d936379b62553c25cf13270587e0c9feff1/extensions/guacamole-auth-header/src/main/java/org/apache/guacamole/auth/header/AuthenticationProviderService.java#L65-L86>
>
> That is where the header module extracts the header and makes it available.
> You could tweak that code and have it look for another header of your
> specification that would be passed through, and make that available as a
> token.
>
> Alternatively, Guacamole also has the ${GUAC_DATE} and ${GUAC_TIME} tokens,
> so if you need to put together something that uniquely identifies the user
> (i.e. for recording purposes) you could use a combination of tokens, like:
>
> ${GUAC_USERNAME}-${GUAC_DATE}-${GUAC_TIME}
>
> -Nick
