services/self-service/src/main/java/com/epam/dlab/backendapi/servlet/guacamole/GuacamoleServlet.java - incubator-datalab - Git at Google

 package com.epam.dlab.backendapi.servlet.guacamole;

 import com.epam.dlab.auth.UserInfo;
 import com.epam.dlab.backendapi.dao.SecurityDAO;
 import com.epam.dlab.backendapi.service.GuacamoleService;
 import com.epam.dlab.exceptions.DlabAuthenticationException;
 import com.epam.dlab.exceptions.DlabException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.inject.Inject;
 import lombok.Data;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.guacamole.net.GuacamoleTunnel;
 import org.apache.guacamole.servlet.GuacamoleHTTPTunnelServlet;
 import org.apache.http.HttpStatus;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.core.HttpHeaders;
 import java.io.IOException;

 public class GuacamoleServlet extends GuacamoleHTTPTunnelServlet {
 	private static final String UNAUTHORIZED_MSG = "User is not authenticated";
 	private static final String DLAB_PREFIX = "DLab-";
 	private final GuacamoleService guacamoleService;
 	private final ObjectMapper mapper;
 	private final SecurityDAO securityDAO;
 	private static final String AUTH_HEADER_PREFIX = "Bearer ";

 	@Inject
 	public GuacamoleServlet(GuacamoleService guacamoleService, ObjectMapper mapper, SecurityDAO securityDAO) {
 		this.mapper = mapper;
 		this.guacamoleService = guacamoleService;
 		this.securityDAO = securityDAO;
 	}

 	@Override
 	protected GuacamoleTunnel doConnect(HttpServletRequest request) {
 		try {
 			final String authorization = request.getHeader(DLAB_PREFIX + HttpHeaders.AUTHORIZATION);
 			final String credentials = StringUtils.substringAfter(authorization, AUTH_HEADER_PREFIX);
 			final UserInfo userInfo =
 					securityDAO.getUser(credentials)
 							.orElseThrow(() -> new DlabAuthenticationException(UNAUTHORIZED_MSG));
 			final CreateTerminalDTO createTerminalDTO = mapper.readValue(request.getReader(), CreateTerminalDTO.class);
 			return guacamoleService.getTunnel(userInfo, createTerminalDTO.getHost(), createTerminalDTO.getEndpoint());
 		} catch (IOException e) {
 			throw new DlabException("Can not read request body: " + e.getMessage(), e);
 		}
 	}

 	@Override
 	protected void handleTunnelRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException {
 		try {
 			super.handleTunnelRequest(request, response);
 		} catch (DlabAuthenticationException e) {
 			sendError(response, HttpStatus.SC_UNAUTHORIZED, HttpStatus.SC_UNAUTHORIZED, UNAUTHORIZED_MSG);
 		}
 	}

 	@Data
 	private static class CreateTerminalDTO {
 		private String host;
 		private String endpoint;
 	}
 }
	package com.epam.dlab.backendapi.servlet.guacamole;

	import com.epam.dlab.auth.UserInfo;
	import com.epam.dlab.backendapi.dao.SecurityDAO;
	import com.epam.dlab.backendapi.service.GuacamoleService;
	import com.epam.dlab.exceptions.DlabAuthenticationException;
	import com.epam.dlab.exceptions.DlabException;
	import com.fasterxml.jackson.databind.ObjectMapper;
	import com.google.inject.Inject;
	import lombok.Data;
	import org.apache.commons.lang3.StringUtils;
	import org.apache.guacamole.net.GuacamoleTunnel;
	import org.apache.guacamole.servlet.GuacamoleHTTPTunnelServlet;
	import org.apache.http.HttpStatus;

	import javax.servlet.ServletException;
	import javax.servlet.http.HttpServletRequest;
	import javax.servlet.http.HttpServletResponse;
	import javax.ws.rs.core.HttpHeaders;
	import java.io.IOException;

	public class GuacamoleServlet extends GuacamoleHTTPTunnelServlet {
	private static final String UNAUTHORIZED_MSG = "User is not authenticated";
	private static final String DLAB_PREFIX = "DLab-";
	private final GuacamoleService guacamoleService;
	private final ObjectMapper mapper;
	private final SecurityDAO securityDAO;
	private static final String AUTH_HEADER_PREFIX = "Bearer ";

	@Inject
	public GuacamoleServlet(GuacamoleService guacamoleService, ObjectMapper mapper, SecurityDAO securityDAO) {
	this.mapper = mapper;
	this.guacamoleService = guacamoleService;
	this.securityDAO = securityDAO;
	}

	@Override
	protected GuacamoleTunnel doConnect(HttpServletRequest request) {
	try {
	final String authorization = request.getHeader(DLAB_PREFIX + HttpHeaders.AUTHORIZATION);
	final String credentials = StringUtils.substringAfter(authorization, AUTH_HEADER_PREFIX);
	final UserInfo userInfo =
	securityDAO.getUser(credentials)
	.orElseThrow(() -> new DlabAuthenticationException(UNAUTHORIZED_MSG));
	final CreateTerminalDTO createTerminalDTO = mapper.readValue(request.getReader(), CreateTerminalDTO.class);
	return guacamoleService.getTunnel(userInfo, createTerminalDTO.getHost(), createTerminalDTO.getEndpoint());
	} catch (IOException e) {
	throw new DlabException("Can not read request body: " + e.getMessage(), e);
	}
	}

	@Override
	protected void handleTunnelRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException {
	try {
	super.handleTunnelRequest(request, response);
	} catch (DlabAuthenticationException e) {
	sendError(response, HttpStatus.SC_UNAUTHORIZED, HttpStatus.SC_UNAUTHORIZED, UNAUTHORIZED_MSG);
	}
	}

	@Data
	private static class CreateTerminalDTO {
	private String host;
	private String endpoint;
	}
	}