Hi Nick et al,
It's me again :). We've got our interception of the guacamole connection
working to trigger our house-keeping (basically, setting up an app &
environment on the target machine). For reference, we're:
- Providing a custom auth provider which uses our back-end to verify
credentials
- Providing our own AuthenticatedUser class which then uses the
'decorate' method to generate a custom UserContext
- In our custom UserContext, we're overriding the following methods to
eventually get the DelegatingConnectionGroup 'connect()' method which lets
us get the tunnel id and connection id, and from that, the address of the
target machine
Behind all that, we're using the JDBC balancing connection group feature to
actually go from authentication to a valid connection. But now we have a
problem if our housekeeping (at the 'connect()' level fails and we want the
balancing group to 'move on' to the next available connection. I can't work
out how we're supposed to signal this. The connect() method is supposed to
return a tunnel, which we get like this:
public class CustomUserContext extends DelegatingUserContext {
// initialisation, etc.
// .
// .
@Override
public Directory<ConnectionGroup> getConnectionGroupDirectory() throws
GuacamoleException {
return new
DecoratingDirectory<ConnectionGroup>(super.getConnectionGroupDirectory()) {
@Override
protected ConnectionGroup decorate(ConnectionGroup connectionGroup)
throws GuacamoleException {
originalConnectionGroup = connectionGroup;
return new DelegatingConnectionGroup(connectionGroup) {
@Override
public GuacamoleTunnel connect(GuacamoleClientInformation
info, Map<String, String> tokens) throws GuacamoleException {
GuacamoleTunnel tunnel = super.connect(info, tokens);
and it's only after this point that we can check if the 'housekeeping' was
successful (because only after this point can we get the remote endpoint
address). If that happens, I've tried throwing an exception and returning
null, but both just result in the front-end reporting "The Guacamole server
is denying access to this connection because you have exhausted the limit
for simultaneous connection use by an individual user. Please close one or
more connections and try again."
Is it even possible to 'reject' the connection at this point? I couldn't
find in the source code where the underlying object actually makes the
connection and what it does in case of failure, and the GuacamoleTunnel
doesn't have a 'disconnect()' or similar method that I can see. Note the
user is correctly authenticated, so I don't want to abandon the whole
authentication flow, just this particular connection (as if it had not
responded at all, or was already in use by someone else). so that the
balancing group would try a different one.
Many thanks,
David
