extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/RemoteAuthenticatedUser.java - guacamole-client - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.guacamole.auth.jdbc.user;

 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;

 /**
  * An AuthenticatedUser that has an associated remote host.
  */
 public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {

     /**
      * The credentials given when this user authenticated.
      */
     private final Credentials credentials;

     /**
      * The AuthenticationProvider that authenticated this user.
      */
     private final AuthenticationProvider authenticationProvider;

     /**
      * The host from which this user authenticated.
      */
     private final String remoteHost;

     /**
      * Regular expression which matches any IPv4 address.
      */
     private static final String IPV4_ADDRESS_REGEX = "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})";

     /**
      * Regular expression which matches any IPv6 address.
      */
     private static final String IPV6_ADDRESS_REGEX = "([0-9a-fA-F]*(:[0-9a-fA-F]*){0,7})";

     /**
      * Regular expression which matches any IP address, regardless of version.
      */
     private static final String IP_ADDRESS_REGEX = "(" + IPV4_ADDRESS_REGEX + "|" + IPV6_ADDRESS_REGEX + ")";

     /**
      * Pattern which matches valid values of the de-facto standard
      * "X-Forwarded-For" header.
      */
     private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$");

     /**
      * Derives the remote host of the authenticating user from the given
      * credentials object. The remote host is derived from X-Forwarded-For
      * in addition to the actual source IP of the request, and thus is not
      * trusted. The derived remote host is really only useful for logging,
      * unless the server is configured such that X-Forwarded-For is guaranteed
      * to be trustworthy.
      *
      * @param credentials
      *     The credentials to derive the remote host from.
      *
      * @return
      *     The remote host from which the user with the given credentials is
      *     authenticating.
      */
     private static String getRemoteHost(Credentials credentials) {

         HttpServletRequest request = credentials.getRequest();

         // Use X-Forwarded-For, if present and valid
         String header = request.getHeader("X-Forwarded-For");
         if (header != null) {
             Matcher matcher = X_FORWARDED_FOR.matcher(header);
             if (matcher.matches())
                 return matcher.group(1);
         }

         // If header absent or invalid, just use source IP
         return request.getRemoteAddr();

     }

     /**
      * Creates a new RemoteAuthenticatedUser, deriving the associated remote
      * host from the given credentials.
      *
      * @param authenticationProvider
      *     The AuthenticationProvider that has authenticated the given user.
      *
      * @param credentials
      *     The credentials given by the user when they authenticated.
      */
     public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider,
             Credentials credentials) {
         this.authenticationProvider = authenticationProvider;
         this.credentials = credentials;
         this.remoteHost = getRemoteHost(credentials);
     }

     @Override
     public Credentials getCredentials() {
         return credentials;
     }

     /**
      * Returns the host from which this user authenticated.
      *
      * @return
      *     The host from which this user authenticated.
      */
     public String getRemoteHost() {
         return remoteHost;
     }

     @Override
     public AuthenticationProvider getAuthenticationProvider() {
         return authenticationProvider;
     }

     @Override
     public void invalidate() {
         // Nothing to invalidate
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.guacamole.auth.jdbc.user;

	import java.util.regex.Matcher;
	import java.util.regex.Pattern;
	import javax.servlet.http.HttpServletRequest;
	import org.apache.guacamole.net.auth.AuthenticatedUser;
	import org.apache.guacamole.net.auth.AuthenticationProvider;
	import org.apache.guacamole.net.auth.Credentials;

	/**
	* An AuthenticatedUser that has an associated remote host.
	*/
	public abstract class RemoteAuthenticatedUser implements AuthenticatedUser {

	/**
	* The credentials given when this user authenticated.
	*/
	private final Credentials credentials;

	/**
	* The AuthenticationProvider that authenticated this user.
	*/
	private final AuthenticationProvider authenticationProvider;

	/**
	* The host from which this user authenticated.
	*/
	private final String remoteHost;

	/**
	* Regular expression which matches any IPv4 address.
	*/
	private static final String IPV4_ADDRESS_REGEX = "([0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3})";

	/**
	* Regular expression which matches any IPv6 address.
	*/
	private static final String IPV6_ADDRESS_REGEX = "([0-9a-fA-F](:[0-9a-fA-F]){0,7})";

	/**
	* Regular expression which matches any IP address, regardless of version.
	*/
	private static final String IP_ADDRESS_REGEX = "(" + IPV4_ADDRESS_REGEX + "\|" + IPV6_ADDRESS_REGEX + ")";

	/**
	* Pattern which matches valid values of the de-facto standard
	* "X-Forwarded-For" header.
	*/
	private static final Pattern X_FORWARDED_FOR = Pattern.compile("^" + IP_ADDRESS_REGEX + "(, " + IP_ADDRESS_REGEX + ")*$");

	/**
	* Derives the remote host of the authenticating user from the given
	* credentials object. The remote host is derived from X-Forwarded-For
	* in addition to the actual source IP of the request, and thus is not
	* trusted. The derived remote host is really only useful for logging,
	* unless the server is configured such that X-Forwarded-For is guaranteed
	* to be trustworthy.
	*
	* @param credentials
	* The credentials to derive the remote host from.
	*
	* @return
	* The remote host from which the user with the given credentials is
	* authenticating.
	*/
	private static String getRemoteHost(Credentials credentials) {

	HttpServletRequest request = credentials.getRequest();

	// Use X-Forwarded-For, if present and valid
	String header = request.getHeader("X-Forwarded-For");
	if (header != null) {
	Matcher matcher = X_FORWARDED_FOR.matcher(header);
	if (matcher.matches())
	return matcher.group(1);
	}

	// If header absent or invalid, just use source IP
	return request.getRemoteAddr();

	}

	/**
	* Creates a new RemoteAuthenticatedUser, deriving the associated remote
	* host from the given credentials.
	*
	* @param authenticationProvider
	* The AuthenticationProvider that has authenticated the given user.
	*
	* @param credentials
	* The credentials given by the user when they authenticated.
	*/
	public RemoteAuthenticatedUser(AuthenticationProvider authenticationProvider,
	Credentials credentials) {
	this.authenticationProvider = authenticationProvider;
	this.credentials = credentials;
	this.remoteHost = getRemoteHost(credentials);
	}

	@Override
	public Credentials getCredentials() {
	return credentials;
	}

	/**
	* Returns the host from which this user authenticated.
	*
	* @return
	* The host from which this user authenticated.
	*/
	public String getRemoteHost() {
	return remoteHost;
	}

	@Override
	public AuthenticationProvider getAuthenticationProvider() {
	return authenticationProvider;
	}

	@Override
	public void invalidate() {
	// Nothing to invalidate
	}

	}