Connection errors on no-auth unless logout first.

classic Classic list List threaded Threaded
19 messages Options
Reply | Threaded
Open this post in threaded view
|

Connection errors on no-auth unless logout first.

tek0011
This post was updated on .
I use no-auth.
I wrote a simple php script that checks if a server exists in noauth-config.xml.  If it doesn't, it adds it and then redirects them to http://guachost:9000/guacamole/#/client/<fqdn_of_server>

This works all great, until I attempt to run this on the next host.  Because it is using some sort of session or tokens?, it thinks that user doesnt have access to that new session.  The only way I have found around this is to manually click logout.  Then I can click on the new session that was added and access it just fine.

My question is how can I get around this?  I want to be able to just run the script and get directly to the host.  Is there a way to create a new session/token/user ID each time something is added to noauth-config.xml?  

Thanks for any assistance.


11:26:02.637 [http-bio-9000-exec-127] INFO  o.g.g.net.basic.TunnelRequestService - Connection "currahee.deploy.lab.beer.town" does not exist for user "c3522530-34f8-4a84-a67c-2ad30d2cd432".
11:26:02.637 [http-bio-9000-exec-127] ERROR o.g.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested connection is not authorized.
11:26:02.637 [http-bio-9000-exec-127] DEBUG o.g.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.glyptodon.guacamole.GuacamoleSecurityException: Requested connection is not authorized.
        at org.glyptodon.guacamole.net.basic.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:169) ~[classes/:na]
        at org.glyptodon.guacamole.net.basic.TunnelRequestService.createTunnel(TunnelRequestService.java:338) ~[classes/:na]
        at org.glyptodon.guacamole.net.basic.websocket.BasicGuacamoleWebSocketTunnelEndpoint.createTunnel(BasicGuacamoleWebSocketTunnelEndpoint.java:116) ~[classes/:na]
        at org.glyptodon.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:114) ~[guacamole-common-0.9.9.jar:na]
        at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:137) [tomcat7-websocket.jar:7.0.72]
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:666) [tomcat-coyote.jar:7.0.72]
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) [tomcat-coyote.jar:7.0.72]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.72]
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

Al Gore
This post has NOT been accepted by the mailing list yet.
You are using the legacy URL extension?

just wanted to clarify something from your post.

are you redirecting to

http:// guachost:9000/guacamole/#/client/<fqdn_of_server>

or

http:// guachost:9000/guacamole/#/client/c/<fqdn_of_server>

you need the /c in there if you don't have it.

the parameters in the source are

    // Redirect /client/TYPE/IDENTIFIER to /client/...
    $routeProvider.when('/client/:type/:id/:params?', {
        resolve       : { redirectToClient : redirectToClient }
    });

setting TYPE to "c" specifies a connection
setting TYPE to "g" specifies a balancing group



I am pretty sure we are doing the exact same thing. If that change above still doesn't work for you, I did make the following change to the legacy-url plugin (before compiling) as part of my troubleshooting (guacamole-legacy-urls/src/main/resources/legacyUrlRouteConfig.js:59-74):

Original
        // Re-authenticate including any parameters in URL
        authenticationService.updateCurrentToken($location.search())
        .then(function reauthenticationSucceeded() {

            // Derive client identifier directly from connection identifier
            var clientIdentifier = ClientIdentifier.toString({
                dataSource : authenticationService.getDataSource(),
                type       : $route.current.params.type,
                id         : $route.current.params.id
            });

            // Redirect to proper client URL
            $location.url('/client/' + encodeURIComponent(clientIdentifier));
            route.reject();

        })


Modified
        // Re-authenticate including any parameters in URL

            // Derive client identifier directly from connection identifier
            var clientIdentifier = ClientIdentifier.toString({
                dataSource : authenticationService.getDataSource(),
                type       : $route.current.params.type,
                id         : $route.current.params.id
            });

            // Redirect to proper client URL
            $location.url('/client/' + encodeURIComponent(clientIdentifier));
            route.reject();

So it doesn't try to reauthenticate before redirecting
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
Thank you for your reply.  I am not using the legacy URL extension.  I just simply tried http:// guachost:9000/guacamole/#/client/<fqdn_of_server> to see if it would work and it did.  I will try adding the /c on Monday and report back.  
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
This post was updated on .
In reply to this post by Al Gore
Same issue using /c.  Actually if I use /c , I can't access any hosts, not even on the first try.


08:47:23.488 [http-bio-9000-exec-126] INFO  o.g.g.net.basic.TunnelRequestService - Connection "c" does not exist for user "1f787786-3417-4cfb-a2bc-bf9bbde28cb1".
08:47:23.488 [http-bio-9000-exec-126] ERROR o.g.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested connection is not authorized.
08:47:23.488 [http-bio-9000-exec-126] DEBUG o.g.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.glyptodon.guacamole.GuacamoleSecurityException: Requested connection is not authorized.
        at org.glyptodon.guacamole.net.basic.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:169) ~[classes/:na]
        at org.glyptodon.guacamole.net.basic.TunnelRequestService.createTunnel(TunnelRequestService.java:338) ~[classes/:na]
        at org.glyptodon.guacamole.net.basic.websocket.BasicGuacamoleWebSocketTunnelEndpoint.createTunnel(BasicGuacamoleWebSocketTunnelEndpoint.java:116) ~[classes/:na]
        at org.glyptodon.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:114) ~[guacamole-common-0.9.9.jar:na]
        at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:137) [tomcat7-websocket.jar:7.0.72]
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:666) [tomcat-coyote.jar:7.0.72]
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) [tomcat-coyote.jar:7.0.72]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_40]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_40]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.72]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_40]
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
Does this mean I should/have to use the legacy URL extension?  /c seems to do nothing but fail.
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
Anyone have a response to this?
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

maxkc2
I came across the same error in my logs of 0.9.11
 Connection "HOST_FQDN" does not exist for user "USER_NAME"
no matter using mysql auth backend
with legacy urls extension.

While investigating I found followng explantion of Michael Jumper
https://sourceforge.net/p/guacamole/discussion/1110834/thread/d24c506e/

"
Here - give this a shot: https://github.com/mike-jumper/guacamole-legacy-urls
That extension will add support for the old-style URLs, resolving the multi-extension ambiguity by assuming the connection (or connection group) is coming from the backend which authenticated the current user.
Just build the above, plop it in your GUACAMOLE_HOME/extensions, restart Tomcat, and you should be all set. The old .../client/c/IDENTIFIER style should work."

I thought that IDENTIFIER is the server FQDN so as you, but it is not.

I found what the IDENTIFIER is when I looked into MYSQL database, table guacamole_connection.
There is a column named connection_id.

So i tried:

https://example.com/guacamole/#/client/c/5
instead of
https://example.com/guacamole/#/client/c/10.3.5.129

where 5 is actually the connection_id column value from the host entry in guacamole_connection table.

and it worked!

As I'm not a programmer I can not explain whether it is a bug or feature of legacy urls extension but it seems that it is a bug, because you have no way to get that connection Id other way than make sql query.

Hope Mr. Jumper will read this and explain the correct workflow.
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
I am back to working on this.   Using the legacy url, and then removing the reauth does help a bit.  However, I still run into an issue of connections being "not authorized".

14:09:07.572 [http-bio-9000-exec-9] DEBUG o.a.g.a.n.NoAuthenticationProvider - Configuration file "/etc/guacamole/noauth-config.xml" has been modified.
14:09:07.573 [http-bio-9000-exec-9] DEBUG o.a.g.a.n.NoAuthenticationProvider - Reading configuration file: "/etc/guacamole/noauth-config.xml"
14:09:07.592 [http-bio-9000-exec-9] INFO  o.a.g.r.auth.AuthenticationService - User "ae4972e5-ea84-4760-a744-5bf45a99847e" successfully authenticated from 100.91.160.25.
14:09:07.599 [http-bio-9000-exec-9] DEBUG o.a.g.a.f.FileAuthenticationProvider - User mapping file "/root/.guacamole/user-mapping.xml" does not exist and will not be read.
14:09:07.599 [http-bio-9000-exec-9] DEBUG o.a.g.r.auth.AuthenticationService - Login was successful for user "ae4972e5-ea84-4760-a744-5bf45a99847e".
14:09:07.757 [http-bio-9000-exec-6] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
14:09:07.810 [http-bio-9000-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "ae4972e5-ea84-4760-a744-5bf45a99847e" connected to connection "deldnstest.deploy.lab.beer.town".
14:09:19.817 [http-bio-9000-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "ae4972e5-ea84-4760-a744-5bf45a99847e" disconnected from connection "deldnstest.deploy.lab.beer.town". Duration: 12005 milliseconds
14:09:19.817 [http-bio-9000-exec-6] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.
14:09:19.823 [Thread-3] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Connection to guacd closed.
org.apache.guacamole.GuacamoleConnectionClosedException: Connection to guacd is closed.
        at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:185) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.guacamole.io.ReaderGuacamoleReader.readInstruction(ReaderGuacamoleReader.java:197) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:83) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.guacamole.protocol.FilteredGuacamoleReader.readInstruction(FilteredGuacamoleReader.java:83) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.guacamole.protocol.FilteredGuacamoleReader.read(FilteredGuacamoleReader.java:66) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:162) ~[guacamole-common-0.9.10-incubating.jar:na]
Caused by: java.net.SocketException: Socket closed
        at java.net.SocketInputStream.socketRead0(Native Method) ~[na:1.8.0_111]
        at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[na:1.8.0_111]
        at java.net.SocketInputStream.read(SocketInputStream.java:170) ~[na:1.8.0_111]
        at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[na:1.8.0_111]
        at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284) ~[na:1.8.0_111]
        at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326) ~[na:1.8.0_111]
        at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178) ~[na:1.8.0_111]
        at java.io.InputStreamReader.read(InputStreamReader.java:184) ~[na:1.8.0_111]
        at org.apache.guacamole.io.ReaderGuacamoleReader.read(ReaderGuacamoleReader.java:171) ~[guacamole-common-0.9.10-incubating.jar:na]
        ... 5 common frames omitted
14:09:27.830 [http-bio-9000-exec-2] DEBUG o.a.g.resource.ResourceServlet - Resource not modified: "/app.css"
14:09:27.840 [http-bio-9000-exec-2] DEBUG o.a.g.resource.ResourceServlet - Resource not modified: "/app.js"
14:09:28.060 [http-bio-9000-exec-2] DEBUG o.a.g.resource.ResourceServlet - Resource not modified: "/translations/en.json"
14:09:28.295 [http-bio-9000-exec-8] INFO  o.a.g.tunnel.TunnelRequestService - Connection "asdtest.deploy.lab.beer.town" does not exist for user "ae4972e5-ea84-4760-a744-5bf45a99847e".
14:09:28.296 [http-bio-9000-exec-8] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested connection is not authorized.
14:09:28.296 [http-bio-9000-exec-8] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleSecurityException: Requested connection is not authorized.
        at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:159) ~[classes/:na]
        at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:332) ~[classes/:na]
        at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) ~[classes/:na]
        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:112) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:137) [tomcat7-websocket.jar:7.0.72]
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:666) [tomcat-coyote.jar:7.0.72]
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) [tomcat-coyote.jar:7.0.72]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.72]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
14:09:28.390 [http-bio-9000-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - Connection "asdtest.deploy.lab.beer.town" does not exist for user "ae4972e5-ea84-4760-a744-5bf45a99847e".
14:09:28.390 [http-bio-9000-exec-2] WARN  o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Requested connection is not authorized.

This is an attempt at connecting to a host, then clicking back on the browser, then attempting to connect to a different host.  You can see the first try works, but the second try fails with

14:09:28.390 [http-bio-9000-exec-2] WARN  o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Requested connection is not authorized.

There has got to be a way to automate all this with no auth.  We just want to let people get into whatever session they want, at any time, from any machine on the network.   No authentication should mean NO AUTHENTICATION.
Reply | Threaded
Open this post in threaded view
|

RE: Connection errors on no-auth unless logout first.

rhawkins
I'm surprised it works at all..

Normally a user will ctl-alt-shift.  Then go home and then click another
connection..

Hitting the back button would be a crapshoot..
r

-----Original Message-----
From: tek0011 [mailto:[hidden email]]
Sent: Thursday, March 16, 2017 2:07 PM
To: [hidden email]
Subject: Re: Connection errors on no-auth unless logout first.

I am back to working on this.   Using the legacy url, and then removing
the
reauth does help a bit.  However, I still run into an issue of
connections being "not authorized".



This is an attempt at connecting to a host, then clicking back on the
browser, then attempting to connect to a different host.  You can see
the first try works, but the second try fails with



There has got to be a way to automate all this with no auth.  We just
want to let people get into whatever session they want, at any time,
from any
machine on the network.   No authentication should mean *NO
AUTHENTICATION*.




--
View this message in context:
http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Connectio
n-errors-on-no-auth-unless-logout-first-tp93p569.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive
at Nabble.com.
Reply | Threaded
Open this post in threaded view
|

RE: Connection errors on no-auth unless logout first.

tek0011
This post was updated on .
But when you click back, its the exact same thing:

ctrl-alt-shift -> disconnect:

14:50:00.608 [http-bio-9000-exec-10] INFO  o.a.g.tunnel.TunnelRequestService - User "a7f2480b-376f-41a3-9c12-33c200d1d040" disconnected from connection "asdtest.deploy.lab.beer.town". Duration: 8234 milliseconds
14:50:00.608 [http-bio-9000-exec-10] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.

clicking back:

14:46:27.852 [http-bio-9000-exec-8] INFO  o.a.g.tunnel.TunnelRequestService - User "a7f2480b-376f-41a3-9c12-33c200d1d040" disconnected from connection "asdtest.deploy.lab.beer.town". Duration: 6449 milliseconds
Exception in thread "Thread-10" 14:46:27.852 [http-bio-9000-exec-8] DEBUG o.a.g.net.InetGuacamoleSocket - Closing socket to guacd.

Identical calls.  

Seems like something isnt working correctly.  I can also reproduce this by actually doing ctl-alt-shift > disconnect.  Then attempt a brand new connection.  Same issue.  

I don't get why a second connection fails unless I log out first.  Which makes no sense since its no auth and there shouldnt be a need to log out.

Anyhow, thanks for confirming.  


edit:  oh, actually its not the exact same.  I just noticed -
Exception in thread "Thread-10"
 when clicking back.
Reply | Threaded
Open this post in threaded view
|

RE: Connection errors on no-auth unless logout first.

Mike Jumper
Part of the problem with NoAuth is that the configuration is cached. This combined with the fact that the webapp inherently expects a user account (and NoAuth provides a placeholder user) means the backend essentially lies to the frontend about the semantics of the situation.

With recent changes to the extension API, there is now a concept of an anonymous user, which lacks the same caching and allows the interface to adjust itself for the semantics of anonymity.

The true correct way to approach Guacamole integration is to write an extension which does so, and NoAuth doesn't really fill that space well as a general case solution.

IMHO - it's probably time to euthanize NoAuth, reinvestigate/define the high-level need that it's meant to fill, and search for a better approach.

- Mike


On Mar 16, 2017 12:53, "tek0011" <[hidden email]> wrote:
But when you click back, its the exact same thing:

ctrl-alt-shift -> disconnect:



clicking back:



Identical calls.

Seems like something isnt working correctly.  I can also reproduce this by
actually doing ctl-alt-shift > disconnect.  Then attempt a brand new
connection.  Same issue.

I don't get why a second connection fails unless I log out first.  Which
makes no sense since its no auth and there shouldnt be a need to log out.

Anyhow, thanks for confirming.




--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Connection-errors-on-no-auth-unless-logout-first-tp93p578.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|

RE: Connection errors on no-auth unless logout first.

tek0011
This post was updated on .
Still working on this.  Another person is trying to fork our own no-auth extension, that will be a true no-auth.   In the meantime, we may have found another possible way, but I also don't understand why this isn't working.

We moved from no-auth to user-mapping but we run into the exact same issue.  PHP script runs, checks for the existence of <hostname> in user-mapping.xml.   If it doesn't exist, it add's it, then redirects the user to it.

Example:
<user-mapping>
    <!-- Per-user authentication and config information -->
    <authorize username="some_user" password="some_password">
        <connection name="2016nagles.deploy.lab.beer.town">
            <protocol>rdp</protocol>
            <param name="hostname">2016nagles.deploy.lab.beer.town</param>
            <param name="port">3389</param>
        </connection>
        <connection name="ppt-tomcattest.deploy.lab.beer.town">
            <protocol>rdp</protocol>
            <param name="hostname">ppt-tomcattest.deploy.lab.beer.town</param>
            <param name="port">3389</param>
        </connection>
        <connection name="dsmdctest1.deploy.lab.beer.town">
            <protocol>rdp</protocol>
            <param name="hostname">dsmdctest1.deploy.lab.beer.town</param>
            <param name="port">3389</param>
        </connection>
        <connection name="deldnstest.deploy.lab.beer.town">
            <protocol>rdp</protocol>
            <param name="hostname">deldnstest.deploy.lab.beer.town</param>
            <param name="port">3389</param>
        </connection>
    </authorize>
</user-mapping>

All of those were added, via sed, to user-mapping.xml.  We then redirect to this url in attempt to access the host.  http://someserver.com:9000/guacamole/#/client/dsmdctest1.deploy.lab.beer.town/?username=some_user&password=some_password.   This again works great, until we attempt to make another connection.   Disconnect or hit back, then attempt the next host.  Same process, it gets added to user-mapping.xml, however right back to square one:  

13:02:18.777 [http-bio-9000-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - Connection "deldnstest.deploy.lab.beer.town" does not exist for user "some_user".
13:02:18.777 [http-bio-9000-exec-2] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested connection is not authorized.

Yet, we can literally see it sitting right there in user-mapping.xml.

Any idea what is going on here?  Does there need to be some cache or logout happening for this to work?  How come it doesn't think that deldnstest.deploy.lab.beer.town exists for some_user?

Thanks.

Edit:  It should be noted that it is possible to log out <some_user>, which does not close out other peoples sessions.  So maybe I just need to find a way to issue some log out command.  Possible?
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

Mike Jumper
On Mon, Mar 20, 2017 at 10:59 AM, tek0011 <[hidden email]> wrote:
Still working on this.  Another person is trying to fork our own no-auth
extension, that will be a true no-auth.

I strongly recommend against any approach centered around the idea of disabling authentication.

The idea when integrating Guacamole with an external authentication system should be to (1) verify the authentication result with that system and (2) pull/generate the connection data required for each user based on that result. If the connection data is generated dynamically, you will need to look into both getUserContext() (which is called to generate the data available for the user upon login) and updateUserContext() (which is called for every request for users who are already logged in) for the AuthenticationProvider interface:



In the meantime, we may have found
another possible way, but I also don't understand why this isn't working.

We moved from no-auth to user-mapping but we run into the exact same issue.
PHP script runs, checks for the existence of <hostname> in user-mapping.xml.
If it doesn't exist, it add's it, then redirects the user to it.


Both NoAuth and the default XML-driver authentication (user-mapping.xml) will cache the data available to a user upon login. In the case of NoAuth, users are logged in to a placeholder account without checking credentials of any kind, but they are still logged in. Because the data is cached until the user logs out, external changes to configuration will not take effect as you expect.

It is possible to write an extension which does not cache configuration (see updateUserContext() mentioned above), but there is still a client-side cache of REST responses, including the response which contains all connections available to a particular user. This will not affect the ability to connect to a particular connection if you happen to know its URL, but it will affect the contents of the home screen renders.

Ultimately, relying on a script to update XML configuration will always be a hack. The proper approach is to write an authentication extension which directly integrates things the way you need. If that still doesn't fit the way you're intending to embed Guacamole, then it sounds like you should be looking toward using the Guacamole API itself:


The web application is kept separate from the APIs which drive it for exactly this sort of scenario. The expectation is that either Guacamole will work as needed out-of-the-box, an authentication extension can be written to integrate Guacamole with an external auth sytem (and then otherwise function normally), or a different web application can be written based on the same core (the Guacamole API).

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
Thanks Mike.  Really good info.  

Perhaps you are right, and we should forego removing authentication.  The trick with writing an extension to manage auth, is how we are implementing it.  We have various needs to pass data back and forth between many systems.  Some of those have poor communication.  Thus the php script is handling some of that (mostly getting hostnames, doing DNS lookups, protocol types, fqdns) and then passing all those into Guacamole to create the correct connection type.

I think ultimately what I will end up doing is using the mysql auth, and just having the php script add and remove the individual db entries.  Then we'll have a much easier manageable source of data, and shared/concurrent connections benefit as well! If doing that, can we then avoid the no-auth/user-mapping 'caching'?
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

Mike Jumper
On Mon, Mar 20, 2017 at 12:12 PM, tek0011 <[hidden email]> wrote:
...
I think ultimately what I will end up doing is using the mysql auth, and
just having the php script add and remove the individual db entries.  Then
we'll have a much easier manageable source of data, and shared/concurrent
connections benefit as well! If doing that, can we then avoid the
no-auth/user-mapping 'caching'?

Yes, that should work, however the client interface will still be caching the results of most REST calls, so the user interface may not realize that the data has changed, even though attempts to access that data or the connections will succeed. If all you're doing is generating URLs on a per-connection basis and sending users directly to those URLs, then this will work as a stop-gap measure.

It's still a hack, but not as bad a hack.

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
This post was updated on .
So I moved everything over to mysql, with the same exact issue.  

I create the following table entries:

$fqdn is the hostname (in this case its ppt-tomcattest.deploy.lab.beer.town, as shown in the attached image)
$protocol is the procotol derived from type of OS

INSERT INTO guacamole_connection (connection_name, protocol) VALUES ('{$fqdn}', '{$protocol}');
Get the new connection_id
SELECT connection_id FROM guacamole_connection WHERE connection_name = '{$fqdn}' AND parent_id IS NULL;
 
Add data to tables:
INSERT INTO guacamole_connection_parameter VALUES ({$connection_id}, 'hostname', '{$fqdn}');
INSERT INTO guacamole_connection_parameter VALUES ({$connection_id}, 'port', '{$port}');
INSERT IGNORE INTO guacamole_connection_permission (user_id, permission, connection_id) VALUES ('2', 'READ', '{$connection_id}'), ('2', 'UPDATE', '{$connection_id}'), ('2', 'DELETE', '{$connection_id}'), ('2', 'ADMINISTER', '{$connection_id}');

Here is an image showing the database tables.  http://i.imgur.com/u9gtiai.png  You can see that all the expected db information exists.  I added some manually, to compare to the data I am adding and I dont see any differences.

We then redirect the user to http://guac_url.com/guacamole/#/client/ppt-tomcattest.deploy.lab.beer.town/?username=guacadmin&password=somepassword

and still get:  

12:54:08.039 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:54:08.040 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.041 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.041 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadableIdentifiersWithin - ==>  Preparing: SELECT guacamole_connection.connection_id FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE parent_id IS NULL AND user_id = ? AND permission = 'READ'
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadableIdentifiersWithin - ==> Parameters: 2(Integer)
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadableIdentifiersWithin - <==      Total: 2
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.042 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.043 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadableIdentifiersWithin - ==>  Preparing: SELECT guacamole_connection_group.connection_group_id FROM guacamole_connection_group JOIN guacamole_connection_group_permission ON guacamole_connection_group_permission.connection_group_id = guacamole_connection_group.connection_group_id WHERE parent_id IS NULL AND user_id = ? AND permission = 'READ'
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadableIdentifiersWithin - ==> Parameters: 2(Integer)
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadableIdentifiersWithin - <==      Total: 0
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.Connection> org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession not set for thread: 23, creating a new one
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? , ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? , ? ) AND user_id = ? AND permission = 'READ';
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 27(String), 2(Integer), 26(String), 27(String), 2(Integer)
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 2
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.Connection> org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 23 committing
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.Connection> org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 23 terminated its life-cycle, closing it
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.Connection> org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession not set for thread: 23, creating a new one
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:54:08.044 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? , ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? , ? ) AND user_id = ? AND permission = 'READ';
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 27(String), 2(Integer), 26(String), 27(String), 2(Integer)
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 2
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:54:08.045 [http-bio-9000-exec-1] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.Connection> org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 23 committing
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.Connection> org.apache.guacamole.auth.jdbc.connection.ConnectionDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 23 terminated its life-cycle, closing it
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.046 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.083 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.083 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:54:08.083 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.084 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.084 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.084 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.select - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ?
12:54:08.084 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.select - ==> Parameters: 2(Integer)
12:54:08.084 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.select - <==      Total: 3
12:54:08.084 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.C.select - ==>  Preparing: SELECT guacamole_connection_permission.user_id, username, permission, connection_id FROM guacamole_connection_permission JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id WHERE guacamole_connection_permission.user_id = ?
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.C.select - ==> Parameters: 2(Integer)
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.C.select - <==      Total: 8
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:54:08.085 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.C.select - ==>  Preparing: SELECT guacamole_connection_group_permission.user_id, username, permission, connection_group_id FROM guacamole_connection_group_permission JOIN guacamole_user ON guacamole_connection_group_permission.user_id = guacamole_user.user_id WHERE guacamole_connection_group_permission.user_id = ?
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.C.select - ==> Parameters: 2(Integer)
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.C.select - <==      Total: 0
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.select - ==>  Preparing: SELECT guacamole_sharing_profile_permission.user_id, username, permission, sharing_profile_id FROM guacamole_sharing_profile_permission JOIN guacamole_user ON guacamole_sharing_profile_permission.user_id = guacamole_user.user_id WHERE guacamole_sharing_profile_permission.user_id = ?
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.select - ==> Parameters: 2(Integer)
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.select - <==      Total: 0
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:54:08.086 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.U.select - ==>  Preparing: SELECT guacamole_user_permission.user_id, guacamole_user.username, permission, affected.username AS affected_username FROM guacamole_user_permission JOIN guacamole_user ON guacamole_user_permission.user_id = guacamole_user.user_id JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id WHERE guacamole_user_permission.user_id = ?
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.U.select - ==> Parameters: 2(Integer)
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.g.a.j.p.U.select - <==      Total: 1
12:54:08.087 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.088 [http-bio-9000-exec-1] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:54:08.088 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:54:08.088 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:54:08.088 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.088 [http-bio-9000-exec-1] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:54:08.140 [http-bio-9000-exec-9] INFO  o.a.g.tunnel.TunnelRequestService - Connection "ppt-tomcattest.deploy.lab.beer.town" does not exist for user "cmlapiuser".
12:54:08.140 [http-bio-9000-exec-9] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: Requested connection is not authorized.
12:54:08.140 [http-bio-9000-exec-9] DEBUG o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Error connecting WebSocket tunnel.
org.apache.guacamole.GuacamoleSecurityException: Requested connection is not authorized.
        at org.apache.guacamole.tunnel.TunnelRequestService.createConnectedTunnel(TunnelRequestService.java:156) ~[classes/:na]
        at org.apache.guacamole.tunnel.TunnelRequestService.createTunnel(TunnelRequestService.java:329) ~[classes/:na]
        at org.apache.guacamole.tunnel.websocket.RestrictedGuacamoleWebSocketTunnelEndpoint.createTunnel(RestrictedGuacamoleWebSocketTunnelEndpoint.java:113) ~[classes/:na]
        at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.onOpen(GuacamoleWebSocketTunnelEndpoint.java:110) ~[guacamole-common-0.9.10-incubating.jar:na]
        at org.apache.tomcat.websocket.server.WsHttpUpgradeHandler.init(WsHttpUpgradeHandler.java:137) [tomcat7-websocket.jar:7.0.72]
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:666) [tomcat-coyote.jar:7.0.72]
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316) [tomcat-coyote.jar:7.0.72]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_111]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_111]
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.72]
        at java.lang.Thread.run(Thread.java:745) [na:1.8.0_111]
12:54:08.208 [http-bio-9000-exec-8] INFO  o.a.g.tunnel.TunnelRequestService - Connection "ppt-tomcattest.deploy.lab.beer.town" does not exist for user "cmlapiuser".
12:54:08.208 [http-bio-9000-exec-8] WARN  o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: Requested connection is not authorized.


and the output from when you just go back to "home" and then click on it from there:


12:56:27.919 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.919 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:27.919 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:27.919 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.920 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:27.920 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.920 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:27.920 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.920 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:27.920 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.920 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? ) AND user_id = ? AND permission = 'READ';
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 2(Integer), 26(String), 2(Integer)
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 1
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:27.921 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:27.921 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? ) AND user_id = ? AND permission = 'READ';
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 2(Integer), 26(String), 2(Integer)
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 1
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.922 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.C.selectOne - ==>  Preparing: SELECT guacamole_connection_permission.user_id, username, permission, connection_id FROM guacamole_connection_permission JOIN guacamole_user ON guacamole_connection_permission.user_id = guacamole_user.user_id WHERE guacamole_connection_permission.user_id = ? AND permission = ? AND connection_id = ?
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.C.selectOne - ==> Parameters: 2(Integer), READ(String), 26(String)
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.p.C.selectOne - <==      Total: 1
12:56:27.923 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.924 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:27.924 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:27.924 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:27.924 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:27.924 [http-bio-9000-exec-8] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public org.apache.guacamole.net.GuacamoleTunnel org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation) throws org.apache.guacamole.GuacamoleException] - SqlSession not set for thread: 30, creating a new one
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.select - ==>  Preparing: SELECT connection_id, parameter_name, parameter_value FROM guacamole_connection_parameter WHERE connection_id = ?
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.select - ==> Parameters: 26(String)
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.g.a.j.c.C.select - <==      Total: 2
12:56:27.925 [http-bio-9000-exec-8] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at localhost:4822.
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public org.apache.guacamole.net.GuacamoleTunnel org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 30 committing
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public org.apache.guacamole.net.GuacamoleTunnel org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 30 terminated its life-cycle, closing it
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public org.apache.guacamole.net.GuacamoleTunnel org.apache.guacamole.auth.jdbc.tunnel.AbstractGuacamoleTunnelService.getGuacamoleTunnel(org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser,org.apache.guacamole.auth.jdbc.connection.ModeledConnection,org.apache.guacamole.protocol.GuacamoleClientInformation) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 30 terminated its life-cycle, closing it
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:27.969 [http-bio-9000-exec-8] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:27.969 [http-bio-9000-exec-8] INFO  o.a.g.tunnel.TunnelRequestService - User "cmlapiuser" connected to connection "26".
12:56:28.015 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.015 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:28.015 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.016 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? ) AND user_id = ? AND permission = 'READ';
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 2(Integer), 26(String), 2(Integer)
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 1
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.017 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.018 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? ) AND user_id = ? AND permission = 'READ';
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 2(Integer), 26(String), 2(Integer)
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 1
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.019 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 169685229 from pool.
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==>  Preparing: SELECT guacamole_connection.connection_id, connection_name, parent_id, protocol, max_connections, max_connections_per_user FROM guacamole_connection JOIN guacamole_connection_permission ON guacamole_connection_permission.connection_id = guacamole_connection.connection_id WHERE guacamole_connection.connection_id IN ( ? ) AND user_id = ? AND permission = 'READ'; SELECT primary_connection_id, guacamole_sharing_profile.sharing_profile_id FROM guacamole_sharing_profile JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id WHERE primary_connection_id IN ( ? ) AND user_id = ? AND permission = 'READ';
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 2(Integer), 26(String), 2(Integer)
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 1
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.SharingProfile> org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession not set for thread: 33, creating a new one
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.SharingProfile> org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 33 committing
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.SharingProfile> org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 33 terminated its life-cycle, closing it
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - ==> Parameters: 26(String), 2(Integer), 26(String), 2(Integer)
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 1
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.c.C.selectReadable - <==      Total: 0
12:56:28.020 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@a1d30ed]
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 169685229 ...
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 169685229 is GOOD!
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 169685229 to pool.
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Opening JDBC Connection
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Checked out connection 1902211430 from pool.
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Setting autocommit to false on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==>  Preparing: SELECT guacamole_system_permission.user_id, username, permission FROM guacamole_system_permission JOIN guacamole_user ON guacamole_system_permission.user_id = guacamole_user.user_id WHERE guacamole_system_permission.user_id = ? AND permission = ?
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - ==> Parameters: 2(Integer), ADMINISTER(String)
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.g.a.j.p.S.selectOne - <==      Total: 0
12:56:28.021 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Resetting autocommit to true on JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.t.jdbc.JdbcTransaction - Closing JDBC Connection [com.mysql.jdbc.JDBC4Connection@71617166]
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Testing connection 1902211430 ...
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Connection 1902211430 is GOOD!
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.a.i.d.pooled.PooledDataSource - Returned connection 1902211430 to pool.
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.SharingProfile> org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession not set for thread: 33, creating a new one
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.SharingProfile> org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 33 committing
12:56:28.022 [http-bio-9000-exec-10] DEBUG o.m.g.t.TransactionalMethodInterceptor - [Intercepted method: public java.util.Collection<org.apache.guacamole.net.auth.SharingProfile> org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileDirectory.getAll(java.util.Collection<java.lang.String>) throws org.apache.guacamole.GuacamoleException] - SqlSession of thread: 33 terminated its life-cycle, closing it
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

Mike Jumper
On Tue, Mar 21, 2017 at 10:50 AM, tek0011 <[hidden email]> wrote:
So I moved everything over to mysql, with the same exact issue.

...

We then redirect the user to
http://guac_url.com/guacamole/#/client/ppt-tomcattest.deploy.lab.beer.town/?username=guacadmin&password=somepassword

and still get:


The MySQL and PostgreSQL authentication extensions identify connections using their integer IDs from the connection_id column in the guacamole_connection table. They don't use the connection_name column to identify connections - that's there purely to provide a human-readable description. The URL should be something like:


Though NoAuth and the built-in XML auth happen to use the name as the connection identifier, the two properties are distinct at the API level.

For the sake of anyone happening across this email while searching for similar things: beware that this is not a recommended approach. Embedding credentials within a URL not good practice. This will work in the short term, but things really should be replaced with a purpose-built extension that actually integrates with the external system (or integrate the Guacamole API directly within that external system).

- Mike

Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

tek0011
Mike Jumper wrote
The MySQL and PostgreSQL authentication extensions identify connections using their integer IDs from the connection_id column in the guacamole_connection table. They don't use the connection_name column to identify connections
Correct.  That was the issue!  I encoded the connections via base64 ({$fqdn}\0c\0mysql) and then redirected to the encoded string.   Its working just great.  Even hitting back, and attempting the next connection (original issue of this ticket) also works.

Mike Jumper wrote
For the sake of anyone happening across this email while searching for similar things: beware that this is not a recommended approach. Embedding credentials within a URL not good practice.
While true, I am so happy I found the ability to do that after 100's of links opened in google.  Our internal lab houses a good 10,000 servers and there is no access to the outside world, so we really hate security.  In this day and age its almost more difficult to get around it or turn it off.  

Regarding the API, I thought that it wasnt external?  We were looking for some way to make RESTful API calls to manage most of this, when we first took on the project.  

Thank you again for your assistance on this, and your past ticket responses that helped come up with a working integration for us.  
Reply | Threaded
Open this post in threaded view
|

Re: Connection errors on no-auth unless logout first.

Mike Jumper
On Tue, Mar 21, 2017 at 12:31 PM, tek0011 <[hidden email]> wrote:
Mike Jumper wrote
> For the sake of anyone happening across this email while searching for
> similar things: beware that this is not a recommended approach. Embedding
> credentials within a URL not good practice.

While true, I am so happy I found the ability to do that after 100's of
links opened in google.  Our internal lab houses a good 10,000 servers and
there is no access to the outside world, so we really hate security.  In
this day and age its almost more difficult to get around it or turn it off.

Regarding the API, I thought that it wasnt external?  We were looking for
some way to make RESTful API calls to manage most of this, when we first
took on the project.


The REST API used by the Guacamole web application is not external, correct. What I refer to here is the core API which drives Guacamole. It's not REST, but client-side JavaScript and server-side Java. The core API (guacamole-common and guacamole-common-js) implements the means of communicating with guacd via tunnels, the means of displaying the remote desktop session within the browser, as well as convenient handling for keyboard/mouse/touch events.

The authentication subsystem (and extension subsystem) are specific to the Guacamole web application. If you write your own web application using the same core, you can dictate how connections are established, how authentication works, and if authentication is even present.

- Mike