Upload File

guacd chapter 16

7
Chapter 16. guacamoleext While not strictly part of the Java API provided by the Guacamole project, guacamoleext is an API exposed by the Guacamole web application within a separate project such that extensions, specifically authentication providers, can be written to tweak Guacamole to fit well in existing deployments. Extensions to Guacamole can: 1. Provide alternative authentication methods and sources of connection/user data. 2. Theme or brand Guacamole through additional CSS files and static resources. 3. Extend Guacamole's JavaScript code by providing JavaScript that will be loaded automatically. 4. Add additional display languages, or alter the translation strings of existing languages. Guacamole extension format Guacamole extensions are standard Java .jar files which contain all classes and resources required by the extension, as well as the Guacamole extension manifest. There is no set structure to an extension except that the manifest must be in the root of the archive. Java classes and packages, if any, will be read from the .jar relative to the root, as well. Beyond this, the semantics and locations associated with all other resources within the extension are determined by the extension manifest alone. Extension manifest The Guacamole extension manifest is a single JSON file, guac‐manifest.json, which describes the location of each resource, the type of each resource, and the version of Guacamole that the extension was built for. The manifest can contain the following properties: Property Description guacamoleVersion The version string of the Guacamole release that this extension is written for. This property is required for all extensions. The special version string "*" can be used if the extension does not depend on a particular version of Guacamole, but be careful this will bypass version compatibility checks, and should never be used if the extension does more than basic theming or branding. name A humanreadable name for the extension. This property is required for all extensions. When your extension is successfully loaded, a message acknowledging the successful loading of your extension by name will be logged. namespace A unique string which identifies your extension. This property is required for all extensions. This string should be unique enough that it is unlikely to collide with the namespace of any other extension. If your extension contains static resources, those resources will be served at a path derived from the namespace provided here.

Upload: huynhtran

Post on 13-Sep-2015

222 views

Category:

Documents


4 download

Report

DESCRIPTION

free

TRANSCRIPT

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 1/7

    Chapter16.guacamoleextWhilenotstrictlypartoftheJavaAPIprovidedbytheGuacamoleproject,guacamoleextisanAPIexposedbytheGuacamolewebapplicationwithinaseparateprojectsuchthatextensions,specificallyauthenticationproviders,canbewrittentotweakGuacamoletofitwellinexistingdeployments.

    ExtensionstoGuacamolecan:

    1. Providealternativeauthenticationmethodsandsourcesofconnection/userdata.

    2. ThemeorbrandGuacamolethroughadditionalCSSfilesandstaticresources.

    3. ExtendGuacamole'sJavaScriptcodebyprovidingJavaScriptthatwillbeloadedautomatically.

    4. Addadditionaldisplaylanguages,oralterthetranslationstringsofexistinglanguages.

    GuacamoleextensionformatGuacamoleextensionsarestandardJava.jarfileswhichcontainallclassesandresourcesrequiredbytheextension,aswellastheGuacamoleextensionmanifest.Thereisnosetstructuretoanextensionexceptthatthemanifestmustbeintherootofthearchive.Javaclassesandpackages,ifany,willbereadfromthe.jarrelativetotheroot,aswell.

    Beyond this, the semantics and locations associated with all other resources within the extension aredeterminedbytheextensionmanifestalone.

    Extensionmanifest

    TheGuacamoleextensionmanifestisasingleJSONfile,guacmanifest.json,whichdescribesthelocationofeachresource,thetypeofeachresource,andtheversionofGuacamolethattheextensionwasbuiltfor.Themanifestcancontainthefollowingproperties:

    Property Description

    guacamoleVersion

    Theversionstringof theGuacamole release that thisextension iswrittenfor.Thisproperty is required forallextensions. The special version string"*"canbeusediftheextensiondoesnotdependonaparticularversionofGuacamole,butbecareful thiswill bypass version compatibility checks,andshouldneverbeusediftheextensiondoesmorethanbasicthemingorbranding.

    name

    Ahumanreadablenamefortheextension.Thispropertyisrequiredforallextensions. When your extension is successfully loaded, a messageacknowledging the successful loading of your extension by namewill belogged.

    namespace

    Auniquestringwhichidentifiesyourextension.Thispropertyisrequiredforall extensions. This string should be unique enough that it is unlikely tocollidewiththenamespaceofanyotherextension.

    Ifyourextensioncontainsstaticresources,thoseresourceswillbeservedatapathderivedfromthenamespaceprovidedhere.

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 2/7

    authProviders

    An array of the classnames of all AuthenticationProvider subclassesprovided by this extension. Guacamole currently only supports oneAuthenticationProvider being loaded at a time, thus this array mustonlycontainoneelement,ifitispresentatall.

    js

    An array of all JavaScript files within the extension. All paths within thisarraymustberelativepaths,andwillbe interpreted relative to the rootofthearchive.

    JavaScript files declared herewill be automatically loadedwhen thewebapplicationloadswithintheuser'sbrowser.

    css

    An array of all CSS files within the extension. All paths within this arraymust be relative paths, and will be interpreted relative to the root of thearchive.

    CSS files declared here will be automatically applied when the webapplicationloadswithintheuser'sbrowser.

    translations

    An array of all translation files within the extension. All paths within thisarraymustberelativepaths,andwillbe interpreted relative to the rootofthearchive.

    Translationfilesdeclaredherewillbeautomaticallyaddedtothe availablelanguages.IfatranslationfileprovidesalanguagethatalreadyexistswithinGuacamole,itsstringswilloverridethestringsoftheexistingtranslation.

    resources

    Anobjectwhereeachpropertyname is thenameofaweb resource file,and each value is the mimetype for that resource. All paths within thisobjectmustberelativepaths,andwillbeinterpretedrelativetotherootofthearchive.

    Web resourcesdeclaredherewill bemadeavailable to theapplicationatapp/ext/ NAMESPACE / PATH , where NAMESPACE is the value of thenamespaceproperty,and PATH isthedeclaredwebresourcefilename.

    TheonlyabsolutelyrequiredpropertiesareguacamoleVersion,name,andnamespace,astheyareusedtoidentify the extension and for compatibility checks. The most minimal guacmanifest.json will looksomethinglikethis:

    {"guacamoleVersion":"0.9.7","name":"MyExtension","namespace":"myextension"}

    Thiswillallowtheextensiontoload,butdoesabsolutelynothingotherwise.Lackingthesemanticinformationprovided by the other properties, no other files within the extension will be used. A typical guacmanifest.jsonforanextensionprovidingthemingorbrandingwouldbemoreinvolved:

    {

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 3/7

    "guacamoleVersion":"0.9.7",

    "name":"MyExtension","namespace":"myextension",

    "css":["theme.css"],

    "resources":{"images/logo.png":"image/png","images/cancel.png":"image/png","images/delete.png":"image/png"}

    }

    AccessingtheserverconfigurationTheconfigurationof theGuacamoleserver isexposed through theEnvironment interface,specifically theLocalEnvironment implementationof this interface.ThroughEnvironment, you canaccessall propertiesdeclared within guacamole.properties, determine the proper hostname/port of guacd, and access thecontentsofGUACAMOLE_HOME.

    Customproperties

    If your extension requires generic, unstructured configuration parameters, guacamole.properties is areasonable and simple location for them. The Environment interface provides direct access toguacamole.propertiesandsimplemechanismsforreadingandparsingthepropertiestherein.ThevalueofapropertycanberetrievedcallinggetProperty(),whichwill returnnulloradefaultvalue forundefinedproperties,orgetRequiredProperty(),whichwillthrowanexceptionforundefinedproperties.

    Forconvenience,guacamoleextcontainsseveralpredefinedpropertybaseclassesforcommontypes:

    ClassName ValueType Interpretation

    BooleanGuacamoleProperty BooleanThevalues"true"and"false"areparsedastheir corresponding Boolean values. Anyothervalueresultsinaparseerror.

    IntegerGuacamoleProperty IntegerNumeric strings are parsed as Integervalues.Nonnumericstringswill result inaparseerror.

    LongGuacamoleProperty LongNumericstringsareparsedasLongvalues.Nonnumeric strings will result in a parseerror.

    StringGuacamoleProperty StringThe property value is returned as anuntouched String. No parsing isperformed,andparseerrorscannotoccur.

    FileGuacamoleProperty File

    The property is interpreted as a filename,andanewFilepointingtothatfilenameisreturned. If thefilenameis invalid,aparseerrorwillbethrown.Notethatthefileneednotexistorbeaccessible for the filenametobevalid.

    Tousethesetypes,youmustextendthebaseclass, implementingthegetName() functionto identifyyourproperty. Typically, you would declare these properties as static members of some class containing allpropertiesrelevanttoyourextension:

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 4/7

    publicclassMyProperties{

    publicstatic MY_PROPERTY =newIntegerGuacamoleProperty(){

    @OverridepublicStringgetName(){return" myproperty ";}

    };

    }

    YourpropertycanthenberetrievedwithgetProperty()orgetRequiredProperty():

    Integervalue=environment.getProperty( MyProperties.MY_PROPERTY );

    Ifyouneedmoresophisticatedparsing,youcanalsoimplementyourownpropertytypesbyimplementingtheGuacamoleProperty interface.Theonlyfunctionsto implementaregetName(),whichreturns thenameoftheproperty,andparseValue(),whichparsesagivenstringandreturnsitsvalue.

    Advancedconfiguration

    Ifyouneedmorestructureddatathanprovidedbysimpleproperties,youcanplacecompletelyarbitraryfilesinahierarchyofyourchoosinganywherewithinGUACAMOLE_HOMEaslongasyouavoidplacingyourfilesindirectoriesreservedforotherpurposesasdescribedabove.

    The Environment interface exposes the location of GUACAMOLE_HOME through the getGuacamoleHome()function. This function returns a standard Java File which can then be used to locate other files ordirectorieswithinGUACAMOLE_HOME:

    FilemyConfigFile=newFile(environment.getGuacamoleHome(),"myconfig.xml");

    There is no guarantee that GUACAMOLE_HOME or your file will exist, and you should verify this beforeproceedingfurtherinyourextension'sconfigurationprocess,butoncethisisdoneyoucansimplyparseyourfileasyouseefit.

    AuthenticationprovidersThe main use of guacamoleext is to provide custom authentication for Guacamole through theimplementation of authentication providers. An authentication provider is any class which implements theAuthenticationProvider interface, implementing the only function defined by that interface:getUserContext().Thisfunctionisrequiredtoreturna"context"whichprovidesaccesstoonlythoseusersandconfigurationsaccessiblewiththegivencredentials,andenforcesitsownsecuritymodel.

    The credentials given are abstract and while Guacamole the web application implements ausername/password driven login screen, you are not required to user usernames and passwords theCredentialsclassgiventotheauthenticationproviderprovidesaccesstoallHTTPparametersingeneral,aswellascookiesandSSLinformation.

    TheGuacamoleweb application includes a basic authentication provider implementationwhich parses anXMLfiletodeterminewhichusersexist,theircorrespondingpasswords,andwhatconfigurationsthoseusershaveaccess to.This is thepartofGuacamole that reads theusermapping.xml file. Ifyouuseacustomauthenticationproviderforyourauthentication,thisfilewillprobablynotberequired.

    The community has implemented authentication providers which access databases, use LDAP, or evenperform no authentication at all, redirecting all users to a single configuration specified inguacamole.properties.

    A minimal authentication provider is implemented in the tutorials later, and the upstream authentication

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 5/7

    provider implemented within Guacamole, as well as the authentication providers implemented by thecommunity,aregoodexamplesforhowauthenticationcanbeextendedwithouthavingtoimplementawholenewwebapplication.

    SimpleAuthenticationProvider

    TheSimpleAuthenticationProviderclassprovidesamuchsimplermeansofimplementingauthenticationwhenyoudonot require theability toaddand removeusersandconnections. It is anabstract classandrequiresonlyonefunctionimplementation:getAuthorizedConfigurations().

    This function isrequiredtoreturnaMapofunique IDs toconfigurations,where theseconfigurationsareallconfigurationsaccessiblewiththeprovidedcredentials.Asbefore,thecredentialsgivenareabstract.Youarenotrequiredtouseusernamesandpasswords.

    The configurations referred to by the function name are instances of GuacamoleConfiguration (part ofguacamolecommon), which is just a wrapper around a protocol name and set of parameter name/valuepairs.ThenameoftheprotocoltouseandasetofparametersistheminimuminformationrequiredforotherpartsoftheGuacamoleAPItocompletethehandshakerequiredbytheGuacamoleprotocol.

    WhenaclassthatextendsSimpleAuthenticationProviderisaskedformoreadvancedoperationsbythewebapplication,SimpleAuthenticationProvidersimplyreturnsthatthereisnopermissiontodoso.Thiseffectivelydisablesalladministrativefunctionalitywithinthewebinterface.

    If you choose to go the simple route, most of the rest of this chapter is irrelevant. Permissions, securitymodel, and various classes will be discussed that are all handled for you automatically bySimpleAuthenticationProvider.

    TheUserContext

    The UserContext is the root of all operations. It is used to list, create, modify, or delete users andconnections,aswellastoqueryavailablepermissions.

    The Guacamole web application uses permissions queries against the UserContext to determine whatoperationstopresent,butbewarethatitisuptotheUserContexttoactuallyenforcetheserestrictions.TheGuacamolewebapplicationwillnotenforcerestrictionsonbehalfoftheUserContext.

    TheUserContext is the solemeansof entry and the solemeans ofmodification available to a loggedinuser.IftheUserContextrefusestoperformanoperation(bythrowinganexception),theusercannotperformtheoperationatall.

    Directoryclasses

    AccesstousersandconnectionsisgiventhroughDirectoryclasses.TheseDirectoryclassesaresimilarto Java collections, but they also embody object update semantics. Objects can be retrieved from aDirectory using its get() function and added or removed with add() and remove() respectively, butobjectsalreadyinthesetcanalsobeupdatedbypassinganupdatedobjecttoitsupdate()function.

    An implementation of a Directory can rely on these functions to define the semantics surrounding alloperations.Theadd()functioniscalledonlywhencreatingnewobjects,theupdate()functioniscalledonlywhen updating an object previously retrievedwithget(), andremove() is called onlywhen removing anexistingobjectbyitsidentifier.

    When implementinganAuthenticationProvider,youmustensure that theUserContextwill only returnDirectoryclassesthatautomaticallyenforcethepermissionsassociatedwithallobjectsandtheassociateduser.

    Permissions

    The permissions system within guacamoleext is an advisory system. It is the means by which anauthenticationmoduledescribestothewebapplicationwhatauserisallowedtodo.Thebodyofpermissionsgrantedtoauserdescribeswhichobjectsthatusercanseeandwhattheycandotothoseobjects,andthussuggestshowtheGuacamoleinterfaceshouldappeartothatuser.

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 6/7

    Permissionsarenotthemeansbywhichaccessisrestrictedtheyarepurelyameansofdescribingaccesslevel. An implementation may internally use the permission objects to define restrictions, but this is notrequired. It is up to the implementation to enforce its own restrictions by throwing exceptions when anoperation is not allowed, and to correctly communicate the abilities of individual users through thesepermissions.

    Systempermissions

    System permissions describe access to operations that manipulate the system as a whole, rather thanspecificobjects.Thisincludesthecreationofnewobjects,asobjectcreationdirectlyaffectsthesystem,andperobjectcontrolscannotexistbeforetheobjectisactuallycreated.

    ADMINISTER

    The user is a superuser theGuacamole equivalent of root. They are allowed tomanipulate ofsystemlevelpermissionsandallotherobjects.Thispermissionimpliesallothers.

    CREATE_CONNECTION

    The user is allowed to create new connections. If a user has this permission, the managementinterfacewilldisplaycomponents related toconnectioncreation,suchas the "Manage"and "NewConnection"buttons.

    CREATE_CONNECTION_GROUP

    Theuserisallowedtocreatenewconnectiongroups.Ifauserhasthispermission,themanagementinterfacewilldisplaycomponentsrelated toconnectiongroupcreation,suchas the"Manage"and"NewGroup"buttons.

    CREATE_USER

    Theuserisallowedtocreateotherusers.Ifauserhasthispermission,themanagementinterfacewilldisplaycomponentsrelatedtousercreation,suchasthe"Manage"and"NewUser"buttons.

    Objectpermissions

    Objectpermissionsdescribeaccesstooperationsthataffectaparticularobject.Guacamolecurrentlydefinesthreetypesofobjectswhichcanbeassociatedwithpermissions:users,connections,andconnectiongroups.Eachobjectpermissionassociatesasingleuserwithanactionthatmaybeperformedonasingleobject.

    ADMINISTER

    Theusermaygrantor revokepermissions involving thisobject. "Involving", in thiscase, refers toeither side of the permission association, and includes both the user to whom the permission isgrantedandtheobjectthepermissionaffects.

    DELETE

    Theusermaydeletethisobject.ThisisdistinctfromtheADMINISTERpermissionwhichdealsonlywithpermissions.Auserwiththispermissionwillseethe"Delete"buttonwhenapplicable.

    READ

    Theusermayseethatthisobjectexistsandreadthepropertiesofthatobject.

    Notethattheimplementationisnotrequiredtodivulgethetrueunderlyingpropertiesofanyobject.Theparametersofaconnection,thetypeorcontentsofaconnectiongroup,thepasswordofauser,etc.allneednotbeexposed.

    Thisisparticularlyimportantfromtheperspectiveofsecuritywhenitcomestoconnections,astheparametersofaconnectionareonly trulyneededwhenaconnection isbeingmodified,and likelyshouldnotbeexposedotherwise.Theactualconnectionoperationisalwaysperformedinternallybytheauthenticationprovider,andthusdoesnotrequireclientsideknowledgeofanythingbeyondthe

  • 12/6/2015 Chapter16.guacamoleext

    http://guacdev.org/doc/gug/guacamoleext.html 7/7

    connection'sexistence.

    UPDATE

    Theusermaychangethepropertiesofthisobject.

    Inthecaseofusers,thismeanstheuser'spasswordcanbealtered.Permissionsarenotconsideredpropertiesofauser,norobjects in theirownright,but ratherassociationsbetweenauserandanactionwhichmayinvolveanotherobject.

    Thepropertiesofaconnectionincludeitsname,protocol,parentconnectiongroup,andparameters.Thepropertiesofaconnectiongroupincludeitsname,type,parentconnectiongroup,andchildren.

    Connectionsandhistory

    AuthenticationmodulesmustreturnConnectionobjectswhicheachimplementaconnect()function.Whenthisfunctioniscalled,theconnectionmustbemadeifpermissionisavailable.

    Thisnewseparationofconcernsmakesmoresensewhenyouconsiderthatasconnectingisanoperationona Connection, access to performing that operation must be restricted through theAuthenticationProvider, and thus must be enforced within the AuthenticationProvider. Thisseparationalsoopensthedoorforthingslikeloadbalancingofconnectionsandrestrictingconcurrentaccesstoconnections.

    Whenaconnection ismadeor terminated, it isalso thedutyof theauthenticationmodule tomaintain theconnectionhistory.EachconnectionhasacorrespondinglistofConnectionRecordobjects,eachofwhichisassociatedwithapastconnectionoracurrentlyactiveconnection.Thisinformationwillultimatelybeexposedtotheuserasahistorylistwhentheyviewaconnectioninthemanagementinterfaceorasasimpleactiveusercountontheconnection,advisingtheuserofexistingactivity.


Approaches to Treatment and Therapy Chapter 16 Chapter 16 16 - 1

Chapter 16 Aromatic Compounds - San Diego Miramar Collegefaculty.sdmiramar.edu/choeger/Chapter 16 Aromatics 1.pdf · 2009. 2. 11. · 1 Chapter 16 Aromatic Compounds Chapter 16: Aromatics

guacd Chapter 10

guacd Chapter 2

guacd Chapter 3

guacd Chapter 8

guacd Chapter 6

Chapter 16. Acid-Base Equilibria 16.1 Acids and …tamapchemistryhart.wikispaces.com/file/view/Chapter+16...AP Chemistry Chapter 16. Acid-Base Equilibria - 1 - Chapter 16. Acid-Base

guacd Chapter 5

Chapter 16 Acids & Bases. Chapter 16 Test Review Section Reaction Rate (Chapter 14)

Chapter 16

guacd Chapter 7

Chapter 16-1. Chapter 16-2 CHAPTER 16 INVESTMENTS Accounting Principles, Eighth Edition

Chapter 16 Software Reuse Chapter 16 - Software Reuse1

Chapter 16 Commercial Fisheries - NnG Offshore Windnngoffshorewind.com/.../Chapter-16---Commercial-Fisheries.pdf · Page 16-1 Chapter 16 Commercial Fisheries ... (STW): Volume 1:

Chapter 16-1. Chapter 16-2 CHAPTER 16 PROCESS COSTING PROCESS COSTING Accounting, Fouth Edition

Deuteronomy 16 & 17 Chapter 16 Chapter 16: Feasts of the Lord Chapter 17 Chapter 17: Principles of Worship & Government

Chapter 16-Hydraulic System Completion - The New …lancair.com/.../Legacy/Chapter-16-HydraulicSystemCompletion.pdf · CHAPTER 16: HYDRAULIC SYSTEM COMPLETION ... In this chapter