guacamole/src/main/java/org/apache/guacamole/extension/AuthenticationProviderFacade.java - guacamole-client - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 package org.apache.guacamole.extension;

 import java.util.Set;
 import java.util.UUID;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.Credentials;
 import org.apache.guacamole.net.auth.UserContext;
 import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 /**
  * Provides a safe wrapper around an AuthenticationProvider subclass, such that
  * authentication attempts can cleanly fail, and errors can be properly logged,
  * even if the AuthenticationProvider cannot be instantiated.
  */
 public class AuthenticationProviderFacade implements AuthenticationProvider {

     /**
      * Logger for this class.
      */
     private Logger logger = LoggerFactory.getLogger(AuthenticationProviderFacade.class);

     /**
      * The underlying authentication provider, or null if the authentication
      * provider could not be instantiated.
      */
     private final AuthenticationProvider authProvider;

     /**
      * The set of identifiers of all authentication providers whose internal
      * failures should be tolerated during the authentication process. If the
      * identifier of this authentication provider is within this set, errors
      * during authentication will result in the authentication provider being
      * ignored for that authentication attempt. By default, errors during
      * authentication halt the authentication process entirely.
      */
     private final Set<String> tolerateFailures;

     /**
      * The identifier to provide for the underlying authentication provider if
      * the authentication provider could not be loaded.
      */
     private final String facadeIdentifier = UUID.randomUUID().toString();

     /**
      * Creates a new AuthenticationProviderFacade which delegates all function
      * calls to an instance of the given AuthenticationProvider subclass. If
      * an instance of the given class cannot be created, creation of this
      * facade will still succeed, but its use will result in errors being
      * logged, and all authentication attempts will fail.
      *
      * @param authProviderClass
      *     The AuthenticationProvider subclass to instantiate.
      *
      * @param tolerateFailures
      *     The set of identifiers of all authentication providers whose
      *     internal failures should be tolerated during the authentication
      *     process. If the identifier of this authentication provider is within
      *     this set, errors during authentication will result in the
      *     authentication provider being ignored for that authentication
      *     attempt. By default, errors during authentication halt the
      *     authentication process entirely.
      */
     public AuthenticationProviderFacade(
             Class<? extends AuthenticationProvider> authProviderClass,
             Set<String> tolerateFailures) {
         this.tolerateFailures = tolerateFailures;
         this.authProvider = ProviderFactory.newInstance("authentication provider",
             authProviderClass);
     }

     @Override
     public String getIdentifier() {

         // Ignore auth attempts if no auth provider could be loaded
         if (authProvider == null) {
             logger.warn("The authentication system could not be loaded. Please check for errors earlier in the logs.");
             return facadeIdentifier;
         }

         // Delegate to underlying auth provider
         return authProvider.getIdentifier();

     }

     @Override
     public Object getResource() throws GuacamoleException {

         // Ignore auth attempts if no auth provider could be loaded
         if (authProvider == null) {
             logger.warn("The authentication system could not be loaded. Please check for errors earlier in the logs.");
             return null;
         }

         // Delegate to underlying auth provider
         return authProvider.getResource();

     }

     /**
      * Returns whether this authentication provider should tolerate internal
      * failures during the authentication process, allowing other
      * authentication providers to continue operating as if this authentication
      * provider simply is not present.
      *
      * @return
      *     true if this authentication provider should tolerate internal
      *     failures during the authentication process, false otherwise.
      */
     private boolean isFailureTolerated() {
         return tolerateFailures.contains(getIdentifier());
     }

     /**
      * Logs a warning that this authentication provider is being skipped due to
      * an internal error. If debug-level logging is enabled, the full details
      * of the internal error are also logged.
      *
      * @param e
      *     The internal error that occurred which has resulted in this
      *     authentication provider being skipped.
      */
     private void warnAuthProviderSkipped(Throwable e) {

         logger.warn("The \"{}\" authentication provider has been skipped due "
                 + "to an internal error. If this is unexpected or you are the "
                 + "developer of this authentication provider, you may wish to "
                 + "enable debug-level logging: {}",
                 getIdentifier(), e.getMessage());

         logger.debug("Authentication provider skipped due to an internal failure.", e);

     }

     /**
      * Logs a warning that the authentication process will be entirely aborted
      * due to an internal error, advising the administrator to set the
      * "skip-if-unavailable" property if error encountered is expected and
      * should be tolerated.
      */
     private void warnAuthAborted() {
         String identifier = getIdentifier();
         logger.warn("The \"{}\" authentication provider has encountered an "
                 + "internal error which will halt the authentication "
                 + "process. If this is unexpected or you are the developer of "
                 + "this authentication provider, you may wish to enable "
                 + "debug-level logging. If this is expected and you wish to "
                 + "ignore such failures in the future, please set \"{}: {}\" "
                 + "within your guacamole.properties.",
                 identifier, ExtensionModule.SKIP_IF_UNAVAILABLE.getName(),
                 identifier);
     }

     @Override
     public AuthenticatedUser authenticateUser(Credentials credentials)
             throws GuacamoleException {

         // Ignore auth attempts if no auth provider could be loaded
         if (authProvider == null) {
             logger.warn("Authentication attempt ignored because the relevant "
                     + "authentication provider could not be loaded. Please "
                     + "check for errors earlier in the logs.");
             return null;
         }

         // Delegate to underlying auth provider
         try {
             return authProvider.authenticateUser(credentials);
         }

         // Pass through credential exceptions untouched, as these are not
         // internal failures
         catch (GuacamoleCredentialsException e) {
             throw e;
         }

         // Pass through all other exceptions (aborting authentication entirely)
         // only if not configured to ignore such failures
         catch (GuacamoleException e) {

             // Skip using this authentication provider if configured to ignore
             // internal failures during auth
             if (isFailureTolerated()) {
                 warnAuthProviderSkipped(e);
                 return null;
             }

             warnAuthAborted();
             throw e;

         }
         catch (RuntimeException e) {

             // Skip using this authentication provider if configured to ignore
             // internal failures during auth
             if (isFailureTolerated()) {
                 warnAuthProviderSkipped(e);
                 return null;
             }

             warnAuthAborted();
             throw e;

         }
         catch (Error e) {

             // Skip using this authentication provider if configured to ignore
             // internal failures during auth
             if (isFailureTolerated()) {
                 warnAuthProviderSkipped(e);
                 return null;
             }

             warnAuthAborted();
             throw e;

         }

     }

     @Override
     public AuthenticatedUser updateAuthenticatedUser(AuthenticatedUser authenticatedUser,
             Credentials credentials) throws GuacamoleException {

         // Ignore auth attempts if no auth provider could be loaded
         if (authProvider == null) {
             logger.warn("Reauthentication attempt ignored because the relevant "
                     + "authentication provider could not be loaded. Please "
                     + "check for errors earlier in the logs.");
             return null;
         }

         // Delegate to underlying auth provider
         return authProvider.updateAuthenticatedUser(authenticatedUser, credentials);

     }

     @Override
     public UserContext getUserContext(AuthenticatedUser authenticatedUser)
             throws GuacamoleException {

         // Ignore auth attempts if no auth provider could be loaded
         if (authProvider == null) {
             logger.warn("User data retrieval attempt ignored because the "
                     + "relevant authentication provider could not be loaded. "
                     + "Please check for errors earlier in the logs.");
             return null;
         }

         // Delegate to underlying auth provider
         try {
             return authProvider.getUserContext(authenticatedUser);
         }

         // Pass through credential exceptions untouched, as these are not
         // internal failures
         catch (GuacamoleCredentialsException e) {
             throw e;
         }

         // Pass through all other exceptions (aborting authentication entirely)
         // only if not configured to ignore such failures
         catch (GuacamoleException e) {

             // Skip using this authentication provider if configured to ignore
             // internal failures during auth
             if (isFailureTolerated()) {
                 warnAuthProviderSkipped(e);
                 return null;
             }

             warnAuthAborted();
             throw e;

         }
         catch (RuntimeException e) {

             // Skip using this authentication provider if configured to ignore
             // internal failures during auth
             if (isFailureTolerated()) {
                 warnAuthProviderSkipped(e);
                 return null;
             }

             warnAuthAborted();
             throw e;

         }
         catch (Error e) {

             // Skip using this authentication provider if configured to ignore
             // internal failures during auth
             if (isFailureTolerated()) {
                 warnAuthProviderSkipped(e);
                 return null;
             }

             warnAuthAborted();
             throw e;

         }

     }

     @Override
     public UserContext updateUserContext(UserContext context,
             AuthenticatedUser authenticatedUser, Credentials credentials)
             throws GuacamoleException {

         // Ignore auth attempts if no auth provider could be loaded
         if (authProvider == null) {
             logger.warn("User data refresh attempt ignored because the "
                     + "relevant authentication provider could not be loaded. "
                     + "Please check for errors earlier in the logs.");
             return null;
         }

         // Delegate to underlying auth provider
         return authProvider.updateUserContext(context, authenticatedUser, credentials);

     }

     @Override
     public UserContext decorate(UserContext context,
             AuthenticatedUser authenticatedUser,
             Credentials credentials) throws GuacamoleException {

         // Do nothing if underlying auth provider could not be loaded
         if (authProvider == null)
             return context;

         // Delegate to underlying auth provider
         return authProvider.decorate(context, authenticatedUser, credentials);

     }

     @Override
     public UserContext redecorate(UserContext decorated, UserContext context,
             AuthenticatedUser authenticatedUser,
             Credentials credentials) throws GuacamoleException {

         // Do nothing if underlying auth provider could not be loaded
         if (authProvider == null)
             return context;

         // Delegate to underlying auth provider
         return authProvider.redecorate(decorated, context,
                 authenticatedUser, credentials);

     }

     @Override
     public void shutdown() {
         if (authProvider != null)
             authProvider.shutdown();
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	package org.apache.guacamole.extension;

	import java.util.Set;
	import java.util.UUID;
	import org.apache.guacamole.GuacamoleException;
	import org.apache.guacamole.net.auth.AuthenticatedUser;
	import org.apache.guacamole.net.auth.AuthenticationProvider;
	import org.apache.guacamole.net.auth.Credentials;
	import org.apache.guacamole.net.auth.UserContext;
	import org.apache.guacamole.net.auth.credentials.GuacamoleCredentialsException;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	/**
	* Provides a safe wrapper around an AuthenticationProvider subclass, such that
	* authentication attempts can cleanly fail, and errors can be properly logged,
	* even if the AuthenticationProvider cannot be instantiated.
	*/
	public class AuthenticationProviderFacade implements AuthenticationProvider {

	/**
	* Logger for this class.
	*/
	private Logger logger = LoggerFactory.getLogger(AuthenticationProviderFacade.class);

	/**
	* The underlying authentication provider, or null if the authentication
	* provider could not be instantiated.
	*/
	private final AuthenticationProvider authProvider;

	/**
	* The set of identifiers of all authentication providers whose internal
	* failures should be tolerated during the authentication process. If the
	* identifier of this authentication provider is within this set, errors
	* during authentication will result in the authentication provider being
	* ignored for that authentication attempt. By default, errors during
	* authentication halt the authentication process entirely.
	*/
	private final Set<String> tolerateFailures;

	/**
	* The identifier to provide for the underlying authentication provider if
	* the authentication provider could not be loaded.
	*/
	private final String facadeIdentifier = UUID.randomUUID().toString();

	/**
	* Creates a new AuthenticationProviderFacade which delegates all function
	* calls to an instance of the given AuthenticationProvider subclass. If
	* an instance of the given class cannot be created, creation of this
	* facade will still succeed, but its use will result in errors being
	* logged, and all authentication attempts will fail.
	*
	* @param authProviderClass
	* The AuthenticationProvider subclass to instantiate.
	*
	* @param tolerateFailures
	* The set of identifiers of all authentication providers whose
	* internal failures should be tolerated during the authentication
	* process. If the identifier of this authentication provider is within
	* this set, errors during authentication will result in the
	* authentication provider being ignored for that authentication
	* attempt. By default, errors during authentication halt the
	* authentication process entirely.
	*/
	public AuthenticationProviderFacade(
	Class<? extends AuthenticationProvider> authProviderClass,
	Set<String> tolerateFailures) {
	this.tolerateFailures = tolerateFailures;
	this.authProvider = ProviderFactory.newInstance("authentication provider",
	authProviderClass);
	}

	@Override
	public String getIdentifier() {

	// Ignore auth attempts if no auth provider could be loaded
	if (authProvider == null) {
	logger.warn("The authentication system could not be loaded. Please check for errors earlier in the logs.");
	return facadeIdentifier;
	}

	// Delegate to underlying auth provider
	return authProvider.getIdentifier();

	}

	@Override
	public Object getResource() throws GuacamoleException {

	// Ignore auth attempts if no auth provider could be loaded
	if (authProvider == null) {
	logger.warn("The authentication system could not be loaded. Please check for errors earlier in the logs.");
	return null;
	}

	// Delegate to underlying auth provider
	return authProvider.getResource();

	}

	/**
	* Returns whether this authentication provider should tolerate internal
	* failures during the authentication process, allowing other
	* authentication providers to continue operating as if this authentication
	* provider simply is not present.
	*
	* @return
	* true if this authentication provider should tolerate internal
	* failures during the authentication process, false otherwise.
	*/
	private boolean isFailureTolerated() {
	return tolerateFailures.contains(getIdentifier());
	}

	/**
	* Logs a warning that this authentication provider is being skipped due to
	* an internal error. If debug-level logging is enabled, the full details
	* of the internal error are also logged.
	*
	* @param e
	* The internal error that occurred which has resulted in this
	* authentication provider being skipped.
	*/
	private void warnAuthProviderSkipped(Throwable e) {

	logger.warn("The \"{}\" authentication provider has been skipped due "
	+ "to an internal error. If this is unexpected or you are the "
	+ "developer of this authentication provider, you may wish to "
	+ "enable debug-level logging: {}",
	getIdentifier(), e.getMessage());

	logger.debug("Authentication provider skipped due to an internal failure.", e);

	}

	/**
	* Logs a warning that the authentication process will be entirely aborted
	* due to an internal error, advising the administrator to set the
	* "skip-if-unavailable" property if error encountered is expected and
	* should be tolerated.
	*/
	private void warnAuthAborted() {
	String identifier = getIdentifier();
	logger.warn("The \"{}\" authentication provider has encountered an "
	+ "internal error which will halt the authentication "
	+ "process. If this is unexpected or you are the developer of "
	+ "this authentication provider, you may wish to enable "
	+ "debug-level logging. If this is expected and you wish to "
	+ "ignore such failures in the future, please set \"{}: {}\" "
	+ "within your guacamole.properties.",
	identifier, ExtensionModule.SKIP_IF_UNAVAILABLE.getName(),
	identifier);
	}

	@Override
	public AuthenticatedUser authenticateUser(Credentials credentials)
	throws GuacamoleException {

	// Ignore auth attempts if no auth provider could be loaded
	if (authProvider == null) {
	logger.warn("Authentication attempt ignored because the relevant "
	+ "authentication provider could not be loaded. Please "
	+ "check for errors earlier in the logs.");
	return null;
	}

	// Delegate to underlying auth provider
	try {
	return authProvider.authenticateUser(credentials);
	}

	// Pass through credential exceptions untouched, as these are not
	// internal failures
	catch (GuacamoleCredentialsException e) {
	throw e;
	}

	// Pass through all other exceptions (aborting authentication entirely)
	// only if not configured to ignore such failures
	catch (GuacamoleException e) {

	// Skip using this authentication provider if configured to ignore
	// internal failures during auth
	if (isFailureTolerated()) {
	warnAuthProviderSkipped(e);
	return null;
	}

	warnAuthAborted();
	throw e;

	}
	catch (RuntimeException e) {

	// Skip using this authentication provider if configured to ignore
	// internal failures during auth
	if (isFailureTolerated()) {
	warnAuthProviderSkipped(e);
	return null;
	}

	warnAuthAborted();
	throw e;

	}
	catch (Error e) {

	// Skip using this authentication provider if configured to ignore
	// internal failures during auth
	if (isFailureTolerated()) {
	warnAuthProviderSkipped(e);
	return null;
	}

	warnAuthAborted();
	throw e;

	}

	}

	@Override
	public AuthenticatedUser updateAuthenticatedUser(AuthenticatedUser authenticatedUser,
	Credentials credentials) throws GuacamoleException {

	// Ignore auth attempts if no auth provider could be loaded
	if (authProvider == null) {
	logger.warn("Reauthentication attempt ignored because the relevant "
	+ "authentication provider could not be loaded. Please "
	+ "check for errors earlier in the logs.");
	return null;
	}

	// Delegate to underlying auth provider
	return authProvider.updateAuthenticatedUser(authenticatedUser, credentials);

	}

	@Override
	public UserContext getUserContext(AuthenticatedUser authenticatedUser)
	throws GuacamoleException {

	// Ignore auth attempts if no auth provider could be loaded
	if (authProvider == null) {
	logger.warn("User data retrieval attempt ignored because the "
	+ "relevant authentication provider could not be loaded. "
	+ "Please check for errors earlier in the logs.");
	return null;
	}

	// Delegate to underlying auth provider
	try {
	return authProvider.getUserContext(authenticatedUser);
	}

	// Pass through credential exceptions untouched, as these are not
	// internal failures
	catch (GuacamoleCredentialsException e) {
	throw e;
	}

	// Pass through all other exceptions (aborting authentication entirely)
	// only if not configured to ignore such failures
	catch (GuacamoleException e) {

	// Skip using this authentication provider if configured to ignore
	// internal failures during auth
	if (isFailureTolerated()) {
	warnAuthProviderSkipped(e);
	return null;
	}

	warnAuthAborted();
	throw e;

	}
	catch (RuntimeException e) {

	// Skip using this authentication provider if configured to ignore
	// internal failures during auth
	if (isFailureTolerated()) {
	warnAuthProviderSkipped(e);
	return null;
	}

	warnAuthAborted();
	throw e;

	}
	catch (Error e) {

	// Skip using this authentication provider if configured to ignore
	// internal failures during auth
	if (isFailureTolerated()) {
	warnAuthProviderSkipped(e);
	return null;
	}

	warnAuthAborted();
	throw e;

	}

	}

	@Override
	public UserContext updateUserContext(UserContext context,
	AuthenticatedUser authenticatedUser, Credentials credentials)
	throws GuacamoleException {

	// Ignore auth attempts if no auth provider could be loaded
	if (authProvider == null) {
	logger.warn("User data refresh attempt ignored because the "
	+ "relevant authentication provider could not be loaded. "
	+ "Please check for errors earlier in the logs.");
	return null;
	}

	// Delegate to underlying auth provider
	return authProvider.updateUserContext(context, authenticatedUser, credentials);

	}

	@Override
	public UserContext decorate(UserContext context,
	AuthenticatedUser authenticatedUser,
	Credentials credentials) throws GuacamoleException {

	// Do nothing if underlying auth provider could not be loaded
	if (authProvider == null)
	return context;

	// Delegate to underlying auth provider
	return authProvider.decorate(context, authenticatedUser, credentials);

	}

	@Override
	public UserContext redecorate(UserContext decorated, UserContext context,
	AuthenticatedUser authenticatedUser,
	Credentials credentials) throws GuacamoleException {

	// Do nothing if underlying auth provider could not be loaded
	if (authProvider == null)
	return context;

	// Delegate to underlying auth provider
	return authProvider.redecorate(decorated, context,
	authenticatedUser, credentials);

	}

	@Override
	public void shutdown() {
	if (authProvider != null)
	authProvider.shutdown();
	}

	}