Mattia, This has been previously reported and fixed, it will be corrected in the 1.5.4 release:
https://issues.apache.org/jira/browse/GUACAMOLE-1851 For the time being you should be able to use the 1.5.2 JSON extension with the 1.5.3 version of Guacamole Client. -Nick On Thu, Sep 28, 2023 at 4:56 AM Mattia Zago <[email protected]> wrote: > Hi all, > We're having issues with the Guacamole Encrypted JSON 1.5.3. functionality > ( > https://dlcdn.apache.org/guacamole/1.5.3/binary/guacamole-auth-json-1.5.3.tar.gz); > it looks like that the JSONAuthenticationProviderModule is not loading > properly due to missing @Inject annotation. > > Here follows the journal log for the boot: > > ``` > guacamole tomcat9[9121]: Command line argument: -Djava.io.tmpdir=/tmp > guacamole tomcat9[9121]: Loaded Apache Tomcat Native library [1.2.31] using > APR version [1.7.0]. > guacamole tomcat9[9121]: APR capabilities: IPv6 [true], sendfile [true], > accept filters [false], random [true], UDS [true]. > guacamole tomcat9[9121]: APR/OpenSSL configuration: useAprConnector > [false], useOpenSSL [true] guacamole tomcat9[9121]: OpenSSL successfully > initialized [OpenSSL 3.0.2 15 Mar 2022] guacamole tomcat9[9121]: > Initializing ProtocolHandler ["http-nio-8080"] guacamole tomcat9[9121]: > Server initialization in [286] milliseconds guacamole tomcat9[9121]: > Starting service [Catalina] guacamole tomcat9[9121]: Starting Servlet > engine: [Apache Tomcat/9.0.58 (Ubuntu)] guacamole tomcat9[9121]: Deploying > deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] > guacamole tomcat9[9121]: The path attribute with value [/host-manager] in > deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] > has been ignored guacamole tomcat9[9121]: At least one JAR was scanned for > TLDs yet contained no TLDs. Enable debug logging for this logger for a > complete list of JARs that were scanned but no TLDs were found in> > guacamole tomcat9[9121]: Deployment of deployment descriptor > [/etc/tomcat9/Catalina/localhost/host-manager.xml] has finished in [449] > ms guacamole tomcat9[9121]: Deploying deployment descriptor > [/etc/tomcat9/Catalina/localhost/manager.xml] > guacamole tomcat9[9121]: The path attribute with value [/manager] in > deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has > been ignored guacamole tomcat9[9121]: At least one JAR was scanned for > TLDs yet contained no TLDs. Enable debug logging for this logger for a > complete list of JARs that were scanned but no TLDs were found in> > guacamole tomcat9[9121]: Deployment of deployment descriptor > [/etc/tomcat9/Catalina/localhost/manager.xml] has finished in [233] ms > guacamole tomcat9[9121]: Deploying web application archive > [/var/lib/tomcat9/webapps/guacamole.war] > guacamole tomcat9[9121]: At least one JAR was scanned for TLDs yet > contained no TLDs. Enable debug logging for this logger for a complete list > of JARs that were scanned but no TLDs were found in> guacamole > tomcat9[9121]: 14:01:22.190 [main] INFO o.a.g.environment.LocalEnvironment > - GUACAMOLE_HOME is "/etc/guacamole". > guacamole tomcat9[9121]: 14:01:22.233 [main] INFO > o.a.g.GuacamoleServletContextListener - Read configuration parameters from > "/etc/guacamole/guacamole.properties". > guacamole tomcat9[9121]: 14:01:22.234 [main] INFO > o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes > of inactivity. > guacamole tomcat9[9121]: 14:01:22.465 [main] ERROR > o.a.g.extension.ProviderFactory - authentication provider extension failed > to start: Unable to create injector, see the following errors: > guacamole tomcat9[9121]: 1) [Guice/MissingConstructor]: No injectable > constructor for type RequestValidationService. > guacamole tomcat9[9121]: class RequestValidationService does not have a > @Inject annotated constructor or a no-arg constructor. > guacamole tomcat9[9121]: Requested by: > guacamole tomcat9[9121]: 1 : > RequestValidationService.class(RequestValidationService.java:39) > guacamole tomcat9[9121]: at > JSONAuthenticationProviderModule.configure(JSONAuthenticationProviderModule.java:80) > guacamole tomcat9[9121]: Learn more: > guacamole tomcat9[9121]: > https://github.com/google/guice/wiki/MISSING_CONSTRUCTOR > guacamole tomcat9[9121]: 1 error > guacamole tomcat9[9121]: ====================== guacamole tomcat9[9121]: > Full classname legend: > guacamole tomcat9[9121]: ====================== guacamole tomcat9[9121]: > JSONAuthenticationProviderModule: > "org.apache.guacamole.auth.json.JSONAuthenticationProviderModule" > guacamole tomcat9[9121]: RequestValidationService: > "org.apache.guacamole.auth.json.RequestValidationService" > guacamole tomcat9[9121]: ======================== guacamole > tomcat9[9121]: End of classname legend: > guacamole tomcat9[9121]: ======================== guacamole > tomcat9[9121]: 14:01:22.482 [main] INFO o.a.g.extension.ExtensionModule - > Extension "Encrypted JSON Authentication" (json) loaded. > guacamole tomcat9[9121]: 14:01:22.546 [main] INFO > o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support... > guacamole tomcat9[9121]: 14:01:22.782 [main] WARN > o.g.jersey.server.wadl.WadlFeature - JAXBContext implementation could not > be found. WADL feature is disabled. > guacamole tomcat9[9121]: Deployment of web application archive > [/var/lib/tomcat9/webapps/guacamole.war] has finished in [1,415] ms > guacamole tomcat9[9121]: Deploying web application directory > [/var/lib/tomcat9/webapps/ROOT] guacamole tomcat9[9121]: At least one JAR > was scanned for TLDs yet contained no TLDs. Enable debug logging for this > logger for a complete list of JARs that were scanned but no TLDs were found > in> guacamole tomcat9[9121]: Deployment of web application directory > [/var/lib/tomcat9/webapps/ROOT] has finished in [243] ms guacamole > tomcat9[9121]: Starting ProtocolHandler ["http-nio-8080"] guacamole > tomcat9[9121]: Server startup in [2384] milliseconds ``` > > This is the JSON to be signed (with anon user, we have the same result > with populated username): > ```json > { > "username" : "", > "expires" : "1696814895720", > "connections" : { > "Connection Name" : { > "id": "test-01", > "protocol" : "ssh", > "parameters" : { > "hostname" : "localhost", > "port" : "22", > "username" : "guacamole", > "password" : "guacamole", > } > } > } > } > ``` > > Which corresponds to the base64: > ``` > ./encrypt-json.sh dcd40d46fe2c6bc0015b5fb22712a87a ./test.json > > jB0HHSt5jeUagAqSmz/u4Yz7aMAnwTrd1yqbFhiABAO5WnQ70OqkOXjymgvIEHRH > 3Fbfsmr78YfX5CLjoCufgK54TXo2NB5hlWaynQV71kBI/2L+hmdCGK8+aZF1wxsu > jrNCtLHl3gVr814Tix5ZHt2537x8IOMJYtzY9tPrr3q2oPyuP5+oFlyI0GDhejmL > OO3NknRp6u+kOsyuzP1UwnoYMKrPeo1jzEv7wIjfWwVl7BZKQYsceIAE7MLkCm2M > OeIQKRYixDZJX9VbyZK0zs7ILbuHgNCYbXrtB21R5cASirwv/JyUJh3QRAtxywsW > uzW2bgKgH0ZLuQ/eFFGxr4/x/GIqeR3ZFdefWk6EI9SMrkjPeLGLaBd83bDa1eHT > IwB3p20+UEuCrDbQ0irfkjlLqZP7x6zCrNzSxnlWIxaJ11lkKilPcyt+r1+b3Uwp > d5aWd2mXxMsGY4Ov5G6CKrtnLDHfEMMFCtkfLbnGKLxulD8ch6FETlYDS2xt70tX > qX0KgX9D/R/d+3WISAnJ/pAgNv+swDvqA+uBWyXfmq0= > ``` > > and the CURL prompt: > ``` > curl --data-urlencode > "data=jB0HHSt5jeUagAqSmz/u4Yz7aMAnwTrd1yqbFhiABAO5WnQ70OqkOXjymgvIEHRH3Fbfsmr78YfX5CLjoCufgK54TXo2NB5hlWaynQV71kBI/2L+hmdCGK8+aZF1wxsujrNCtLHl3gVr814Tix5ZHt2537x8IOMJYtzY9tPrr3q2oPyuP5+oFlyI0GDhejmLOO3NknRp6u+kOsyuzP1UwnoYMKrPeo1jzEv7wIjfWwVl7BZKQYsceIAE7MLkCm2MOeIQKRYixDZJX9VbyZK0zs7ILbuHgNCYbXrtB21R5cASirwv/JyUJh3QRAtxywsWuzW2bgKgH0ZLuQ/eFFGxr4/x/GIqeR3ZFdefWk6EI9SMrkjPeLGLaBd83bDa1eHTIwB3p20+UEuCrDbQ0irfkjlLqZP7x6zCrNzSxnlWIxaJ11lkKilPcyt+r1+b3Uwpd5aWd2mXxMsGY4Ov5G6CKrtnLDHfEMMFCtkfLbnGKLxulD8ch6FETlYDS2xt70tXqX0KgX9D/R/d+3WISAnJ/pAgNv+swDvqA+uBWyXfmq0=" > http://localhost:8080/guacamole/api/tokens > ``` > > The response: > ```json > { > "message": "Permission Denied.", > "translatableMessage": { > "key": "APP.TEXT_UNTRANSLATED", > "variables": { > "MESSAGE": "Permission Denied." > } > }, > "statusCode": null, > "expected": [ > { > "name": "username", > "type": "USERNAME" > }, > { > "name": "password", > "type": "PASSWORD" > } > ], > "type": "INVALID_CREDENTIALS" > } > ``` > > And the corresponding log: > ``` > [http-nio-8080-exec-2] WARN o.a.g.e.AuthenticationProviderFacade - > Authentication attempt ignored because the relevant authentication provider > could not be loaded. Please check for errors earlier in the logs. > ``` > > Property file guacamole.properties: > ``` > cat /etc/guacamole/guacamole.properties > # Hostname and port of guacamole proxy > guacd-hostname: localhost > guacd-port: 4822 > # Authentication provider class > auth-provider: net.sourceforge.guacamole.net > .basic.BasicFileAuthenticationProvider > # Properties used by BasicFileAuthenticationProvider > #user-mapping: /etc/guacamole/user-mapping.xml > json-secret-key: dcd40d46fe2c6bc0015b5fb22712a87a ``` > > Looking online we found that improperly encoded base64 data parameter > might lead to issues, but this doesn't seems to be the case. We also tried > to urlencode the data value to no changes. > > --- > > We noticed that there's a commit ( > https://github.com/apache/guacamole-client/commit/0a031c80a19449aa0ef61bb1adc2d102dbce790e) > followed by a merge in the main branch ( > https://github.com/apache/guacamole-client/commit/4defba9728a26375615dc9265cb5be7e779bd428 > ). > > If the problem we have found has been fixed by the indicated commits, > should we wait for version 1.5.4 to be released or just compile the project > ourselves? > > Thank you, > Have a nice day. > > Mattia > > -- > Ing. Mattia Zago, PhD > Head of Research and Innovation > e. [email protected] > p. +39 345 080 4389 > w. www.monokee.com > > > > > Le informazioni contenute in questo messaggio di posta elettronica e/o > nel/i file/s allegato/i, sono da considerarsi strettamente riservate. Il > loro utilizzo è consentito esclusivamente al Destinatario del messaggio, > per le finalità indicate dal messaggio stesso. Qualora riceveste questo > messaggio senza esserne il Destinatario, Vi preghiamo cortesemente di > darcene notizia via e-mail e di procedere alla distruzione del messaggio > stesso, cancellandolo dal Vostro sistema. Trattenere il messaggio stesso, > divulgarlo anche in parte, distribuirlo ad altri soggetti o utilizzarlo per > finalità diverse, costituisce comportamento contrario ai principi dettati > dal Decreto LGS 196/2003. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
