org.jasig.cas.validation.ImmutableAssertion Java Examples

The following examples show how to use org.jasig.cas.validation.ImmutableAssertion. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Saml10SuccessResponseViewTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test
public void testResponseWithoutAuthMethod() throws Exception {
    final Map<String, Object> model = new HashMap<String, Object>();

    final Map<String, Object> attributes = new HashMap<String, Object>();
    attributes.put("testAttribute", "testValue");
    final SimplePrincipal principal = new SimplePrincipal("testPrincipal", attributes);

    final Authentication primary = TestUtils.getAuthentication(principal);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertTrue(written.contains("urn:oasis:names:tc:SAML:1.0:am:unspecified"));
}
 
Example #2
Source File: Saml10SuccessResponseViewTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyResponse() throws Exception {
    final Map<String, Object> model = new HashMap<>();

    final Map<String, Object> attributes = new HashMap<>();
    attributes.put("testAttribute", "testValue");
    attributes.put("testEmptyCollection", Collections.emptyList());
    attributes.put("testAttributeCollection", Arrays.asList("tac1", "tac2"));
    final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal", attributes);

    final Map<String, Object> authAttributes = new HashMap<>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);
    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertFalse(written.contains("testEmptyCollection"));
    assertTrue(written.contains("testAttributeCollection"));
    assertTrue(written.contains("tac1"));
    assertTrue(written.contains("tac2"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
    assertTrue(written.contains("AssertionID"));
}
 
Example #3
Source File: Saml10SuccessResponseViewTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyResponseWithNoAttributes() throws Exception {
    final Map<String, Object> model = new HashMap<>();

    final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal");

    final Map<String, Object> authAttributes = new HashMap<>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod="));
}
 
Example #4
Source File: Saml10SuccessResponseViewTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyResponseWithoutAuthMethod() throws Exception {
    final Map<String, Object> model = new HashMap<>();

    final Map<String, Object> attributes = new HashMap<>();
    attributes.put("testAttribute", "testValue");
    final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal", attributes);

    final Map<String, Object> authnAttributes = new HashMap<>();
    authnAttributes.put("authnAttribute1", "authnAttrbuteV1");
    authnAttributes.put("authnAttribute2", "authnAttrbuteV2");
    authnAttributes.put(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, Boolean.TRUE);

    final Authentication primary = TestUtils.getAuthentication(principal, authnAttributes);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertTrue(written.contains("authnAttribute1"));
    assertTrue(written.contains("authnAttribute2"));
    assertTrue(written.contains(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME));
    assertTrue(written.contains("urn:oasis:names:tc:SAML:1.0:am:unspecified"));
}
 
Example #5
Source File: TestUtils.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
public static Assertion getAssertion(final boolean fromNewLogin,
    final String[] extraPrincipals) {
    final List<Authentication> list = new ArrayList<>();
    list.add(TestUtils.getAuthentication());

    for (int i = 0; i < extraPrincipals.length; i++) {
        list.add(TestUtils.getAuthentication(extraPrincipals[i]));
    }
    return new ImmutableAssertion(TestUtils.getAuthentication(), list, TestUtils.getService(), fromNewLogin);
}
 
Example #6
Source File: Cas10ResponseViewTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Before
public void setUp() throws Exception {
    this.model = new HashMap<>();
    final List<Authentication> list = new ArrayList<>();
    list.add(TestUtils.getAuthentication("someothername"));
    this.model.put("assertion", new ImmutableAssertion(
            TestUtils.getAuthentication(), list, TestUtils.getService("TestService"), true));
}
 
Example #7
Source File: Saml10SuccessResponseViewTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testResponse() throws Exception {
    final Map<String, Object> model = new HashMap<String, Object>();

    final Map<String, Object> attributes = new HashMap<String, Object>();
    attributes.put("testAttribute", "testValue");
    attributes.put("testEmptyCollection", Collections.emptyList());
    attributes.put("testAttributeCollection", Arrays.asList(new String[] {"tac1", "tac2"}));
    final SimplePrincipal principal = new SimplePrincipal("testPrincipal", attributes);

    final Map<String, Object> authAttributes = new HashMap<String, Object>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);
    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains("testAttribute"));
    assertTrue(written.contains("testValue"));
    assertFalse(written.contains("testEmptyCollection"));
    assertTrue(written.contains("testAttributeCollection"));
    assertTrue(written.contains("tac1"));
    assertTrue(written.contains("tac2"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
    assertTrue(written.contains("AssertionID"));
}
 
Example #8
Source File: Saml10SuccessResponseViewTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testResponseWithNoAttributes() throws Exception {
    final Map<String, Object> model = new HashMap<String, Object>();

    final SimplePrincipal principal = new SimplePrincipal("testPrincipal");

    final Map<String, Object> authAttributes = new HashMap<String, Object>();
    authAttributes.put(
            SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD,
            SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT);
    authAttributes.put("testSamlAttribute", "value");

    final Authentication primary = TestUtils.getAuthentication(principal, authAttributes);

    final Assertion assertion = new ImmutableAssertion(
            primary, Collections.singletonList(primary), TestUtils.getService(), true);
    model.put("assertion", assertion);

    final MockHttpServletResponse servletResponse = new MockHttpServletResponse();

    this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse);
    final String written = servletResponse.getContentAsString();

    assertTrue(written.contains("testPrincipal"));
    assertTrue(written.contains(SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_SSL_TLS_CLIENT));
    assertTrue(written.contains("AuthenticationMethod"));
}
 
Example #9
Source File: TestUtils.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
public static Assertion getAssertion(final boolean fromNewLogin,
    final String[] extraPrincipals) {
    final List<Authentication> list = new ArrayList<Authentication>();
    list.add(TestUtils.getAuthentication());

    for (int i = 0; i < extraPrincipals.length; i++) {
        list.add(TestUtils.getAuthentication(extraPrincipals[i]));
    }
    return new ImmutableAssertion(TestUtils.getAuthentication(), list, TestUtils.getService(), fromNewLogin);
}
 
Example #10
Source File: Cas10ResponseViewTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Before
public void setUp() throws Exception {
    this.model = new HashMap<String, Object>();
    List<Authentication> list = new ArrayList<Authentication>();
    list.add(TestUtils.getAuthentication("someothername"));
    this.model.put("assertion", new ImmutableAssertion(
            TestUtils.getAuthentication(), list, TestUtils.getService("TestService"), true));
}
 
Example #11
Source File: CentralAuthenticationServiceImpl.java    From taoshop with Apache License 2.0 4 votes vote down vote up
@Audit(
        action = "SERVICE_TICKET_VALIDATE",
        actionResolverName = "VALIDATE_SERVICE_TICKET_RESOLVER",
        resourceResolverName = "VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name = "VALIDATE_SERVICE_TICKET_METER")
@Counted(name = "VALIDATE_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws AbstractTicketException {
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    verifyRegisteredServiceProperties(registeredService, service);

    final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null) {
        logger.info("Service ticket [{}] does not exist.", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    try {
        synchronized (serviceTicket) {
            if (serviceTicket.isExpired()) {
                logger.info("ServiceTicket [{}] has expired.", serviceTicketId);
                throw new InvalidTicketException(serviceTicketId);
            }

            if (!serviceTicket.isValidFor(service)) {
                logger.error("Service ticket [{}] with service [{}] does not match supplied service [{}]",
                        serviceTicketId, serviceTicket.getService().getId(), service);
                throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService());
            }
        }

        final TicketGrantingTicket root = serviceTicket.getGrantingTicket().getRoot();
        final Authentication authentication = getAuthenticationSatisfiedByPolicy(
                root, new ServiceContext(serviceTicket.getService(), registeredService));
        final Principal principal = authentication.getPrincipal();

        final RegisteredServiceAttributeReleasePolicy attributePolicy = registeredService.getAttributeReleasePolicy();
        logger.debug("Attribute policy [{}] is associated with service [{}]", attributePolicy, registeredService);

        @SuppressWarnings("unchecked")
        final Map<String, Object> attributesToRelease = attributePolicy != null
                ? attributePolicy.getAttributes(principal) : Collections.EMPTY_MAP;

        final String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service);
        final Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, attributesToRelease);
        final AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
        builder.setPrincipal(modifiedPrincipal);

        final Assertion assertion = new ImmutableAssertion(
                builder.build(),
                serviceTicket.getGrantingTicket().getChainedAuthentications(),
                serviceTicket.getService(),
                serviceTicket.isFromNewLogin());

        doPublishEvent(new CasServiceTicketValidatedEvent(this, serviceTicket, assertion));

        return assertion;

    } finally {
        if (serviceTicket.isExpired()) {
            this.ticketRegistry.deleteTicket(serviceTicketId);
        }
    }
}
 
Example #12
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 4 votes vote down vote up
@Audit(
    action="SERVICE_TICKET_VALIDATE",
    actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
    resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name="VALIDATE_SERVICE_TICKET_METER")
@Counted(name="VALIDATE_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    verifyRegisteredServiceProperties(registeredService, service);

    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null) {
        logger.info("Service ticket [{}] does not exist.", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    try {
        synchronized (serviceTicket) {
            if (serviceTicket.isExpired()) {
                logger.info("ServiceTicket [{}] has expired.", serviceTicketId);
                throw new InvalidTicketException(serviceTicketId);
            }

            if (!serviceTicket.isValidFor(service)) {
                logger.error("Service ticket [{}] with service [{}] does not match supplied service [{}]",
                        serviceTicketId, serviceTicket.getService().getId(), service);
                throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService());
            }
        }

        final TicketGrantingTicket root = serviceTicket.getGrantingTicket().getRoot();
        final Authentication authentication = getAuthenticationSatisfiedByPolicy(
                root, new ServiceContext(serviceTicket.getService(), registeredService));
        final Principal principal = authentication.getPrincipal();

        final AttributeReleasePolicy attributePolicy = registeredService.getAttributeReleasePolicy();
        logger.debug("Attribute policy [{}] is associated with service [{}]", attributePolicy, registeredService);
        
        @SuppressWarnings("unchecked")
        final Map<String, Object> attributesToRelease = attributePolicy != null
                ? attributePolicy.getAttributes(principal) : Collections.EMPTY_MAP;
        
        final String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service);
        final Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, attributesToRelease);
        final AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
        builder.setPrincipal(modifiedPrincipal);

        return new ImmutableAssertion(
                builder.build(),
                serviceTicket.getGrantingTicket().getChainedAuthentications(),
                serviceTicket.getService(),
                serviceTicket.isFromNewLogin());
    } finally {
        if (serviceTicket.isExpired()) {
            this.serviceTicketRegistry.deleteTicket(serviceTicketId);
        }
    }
}
 
Example #13
Source File: CentralAuthenticationServiceImpl.java    From cas4.0.x-server-wechat with Apache License 2.0 4 votes vote down vote up
/**
 * @throws IllegalArgumentException if the ServiceTicketId or the Service
 * are null.
 */
@Audit(
    action="SERVICE_TICKET_VALIDATE",
    actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
    resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Profiled(tag="VALIDATE_SERVICE_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
    Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
    Assert.notNull(service, "service cannot be null");
 
    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null) {
        logger.info("ServiceTicket [{}] does not exist.", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);

    verifyRegisteredServiceProperties(registeredService, serviceTicket.getService());
    
    try {
        synchronized (serviceTicket) {
            if (serviceTicket.isExpired()) {
                logger.info("ServiceTicket [{}] has expired.", serviceTicketId);
                throw new InvalidTicketException(serviceTicketId);
            }

            if (!serviceTicket.isValidFor(service)) {
                logger.error("ServiceTicket [{}] with service [{}] does not match supplied service [{}]",
                        serviceTicketId, serviceTicket.getService().getId(), service);
                throw new TicketValidationException(serviceTicket.getService());
            }
        }

        final TicketGrantingTicket root = serviceTicket.getGrantingTicket().getRoot();
        final Authentication authentication = getAuthenticationSatisfiedByPolicy(
                root, new ServiceContext(serviceTicket.getService(), registeredService));
        final Principal principal = authentication.getPrincipal();

        Map<String, Object> attributesToRelease = this.defaultAttributeFilter.filter(principal.getId(),
                principal.getAttributes(), registeredService);
        if (registeredService.getAttributeFilter() != null) {
            attributesToRelease = registeredService.getAttributeFilter().filter(principal.getId(),
                    attributesToRelease, registeredService);
        }

        final String principalId = determinePrincipalIdForRegisteredService(principal, registeredService, serviceTicket);
        final Principal modifiedPrincipal = new SimplePrincipal(principalId, attributesToRelease);
        final AuthenticationBuilder builder = AuthenticationBuilder.newInstance(authentication);
        builder.setPrincipal(modifiedPrincipal);

        return new ImmutableAssertion(
                builder.build(),
                serviceTicket.getGrantingTicket().getChainedAuthentications(),
                serviceTicket.getService(),
                serviceTicket.isFromNewLogin());
    } finally {
        if (serviceTicket.isExpired()) {
            this.serviceTicketRegistry.deleteTicket(serviceTicketId);
        }
    }
}