org.jasig.cas.ticket.TicketException Java Examples

The following examples show how to use org.jasig.cas.ticket.TicketException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: MultiFactorAwareCentralAuthenticationService.java    From cas-mfa with Apache License 2.0 6 votes vote down vote up
@Override
@Audit(
        action="TICKET_GRANTING_TICKET",
        actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER")
@Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic=true)
public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials) throws TicketException {
    final MultiFactorCredentials mfaCredentials = (MultiFactorCredentials) credentials[0];
    final Authentication authentication = mfaCredentials.getAuthentication();

    if (authentication == null) {
        throw new TicketCreationException(new RuntimeException("Authentication cannot be null"));
    }
    final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
            this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX),
            authentication,
            this.ticketGrantingTicketExpirationPolicy);

    this.ticketRegistry.addTicket(ticketGrantingTicket);
    return ticketGrantingTicket;
}
 
Example #2
Source File: CentralAuthenticationServiceImpl.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
/**
 * @throws IllegalArgumentException if the credentials are null.
 */
@Audit(
    action="TICKET_GRANTING_TICKET",
    actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
    resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "CREATE_TICKET_GRANTING_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public String createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    Assert.notNull(credentials, "credentials cannot be null");

    final Authentication authentication = this.authenticationManager.authenticate(credentials);

    final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
        this.ticketGrantingTicketUniqueTicketIdGenerator
            .getNewTicketId(TicketGrantingTicket.PREFIX),
        authentication, this.ticketGrantingTicketExpirationPolicy);

    this.ticketRegistry.addTicket(ticketGrantingTicket);
    return ticketGrantingTicket.getId();
}
 
Example #3
Source File: GenerateServiceTicketAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) {
    final Service service = WebUtils.getService(context);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);

    try {
        final String serviceTicketId = this.centralAuthenticationService
            .grantServiceTicket(ticketGrantingTicket,
                service);
        WebUtils.putServiceTicketInRequestScope(context,
            serviceTicketId);
        return success();
    } catch (final TicketException e) {
        if (isGatewayPresent(context)) {
            return result("gateway");
        }
    }

    return error();
}
 
Example #4
Source File: TicketGrantingTicketCheckAction.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Determines whether the TGT in the flow request context is valid.
 *
 * @param requestContext Flow request context.
 *
 * @throws Exception in case ticket cannot be retrieved from the service layer
 * @return {@link #NOT_EXISTS}, {@link #INVALID}, or {@link #VALID}.
 */
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final String tgtId = WebUtils.getTicketGrantingTicketId(requestContext);
    if (!StringUtils.hasText(tgtId)) {
        return new Event(this, NOT_EXISTS);
    }

    String eventId = INVALID;
    try {
        final Ticket ticket = this.centralAuthenticationService.getTicket(tgtId, Ticket.class);
        if (ticket != null && !ticket.isExpired()) {
            eventId = VALID;
        }
    } catch (final TicketException e) {
        logger.trace("Could not retrieve ticket id {} from registry.", e);
    }
    return new Event(this,  eventId);
}
 
Example #5
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, (Credential[]) null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}
 
Example #6
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test(expected=TicketException.class)
    public void verifyGrantServiceTicketWithExpiredTicketGrantingTicket() throws Exception {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new ExpirationPolicy() {
            private static final long serialVersionUID = 1L;

            public boolean isExpired(final TicketState ticket) {
                return true;
            }});

    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    try {
        getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
            TestUtils.getService());
    } finally {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new NeverExpiresExpirationPolicy());
    }
}
 
Example #7
Source File: CentralAuthenticationServiceImplWithMokitoTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test
public void testChainedAuthenticationsOnValidation() throws TicketException {
    final Service svc = TestUtils.getService(SVC2_ID);
    final String st = this.cas.grantServiceTicket(TGT2_ID, svc);
    assertNotNull(st);
    
    final Assertion assertion = this.cas.validateServiceTicket(st, svc);
    assertNotNull(assertion);
    
    assertEquals(assertion.getService(), svc);
    assertEquals(assertion.getPrimaryAuthentication().getPrincipal().getId(), PRINCIPAL);
    assertTrue(assertion.getChainedAuthentications().size()  == 2);
    for (int i = 0; i < assertion.getChainedAuthentications().size(); i++) {
        final Authentication auth = assertion.getChainedAuthentications().get(i);
        assertEquals(auth, authentication);
    }
}
 
Example #8
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Gets the authentication satisfied by policy.
 *
 * @param ticket the ticket
 * @param context the context
 * @return the authentication satisfied by policy
 * @throws org.jasig.cas.ticket.TicketException the ticket exception
 */
private Authentication getAuthenticationSatisfiedByPolicy(
        final TicketGrantingTicket ticket, final ServiceContext context) throws TicketException {

    final ContextualAuthenticationPolicy<ServiceContext> policy =
            serviceContextAuthenticationPolicyFactory.createPolicy(context);
    if (policy.isSatisfiedBy(ticket.getAuthentication())) {
        return ticket.getAuthentication();
    }
    for (final Authentication auth : ticket.getSupplementalAuthentications()) {
        if (policy.isSatisfiedBy(auth)) {
            return auth;
        }
    }
    throw new UnsatisfiedAuthenticationPolicyException(policy);
}
 
Example #9
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test(expected=TicketException.class)
    public void testGrantServiceTicketWithExpiredTicketGrantingTicket() throws Exception {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new ExpirationPolicy() {
            private static final long serialVersionUID = 1L;

            public boolean isExpired(final TicketState ticket) {
                return true;
            }});
    final String ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    try {
        getCentralAuthenticationService().grantServiceTicket(ticketId,
            TestUtils.getService());
    } finally {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new NeverExpiresExpirationPolicy());
    }
}
 
Example #10
Source File: CentralAuthenticationServiceImplWithMockitoTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyChainedAuthenticationsOnValidation() throws TicketException {
    final Service svc = TestUtils.getService(SVC2_ID);
    final ServiceTicket st = this.cas.grantServiceTicket(TGT2_ID, svc);
    assertNotNull(st);
    
    final Assertion assertion = this.cas.validateServiceTicket(st.getId(), svc);
    assertNotNull(assertion);
    
    assertEquals(assertion.getService(), svc);
    assertEquals(assertion.getPrimaryAuthentication().getPrincipal().getId(), PRINCIPAL);
    assertTrue(assertion.getChainedAuthentications().size()  == 2);
    for (int i = 0; i < assertion.getChainedAuthentications().size(); i++) {
        final Authentication auth = assertion.getChainedAuthentications().get(i);
        assertEquals(auth, authentication);
    }
}
 
Example #11
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * This test checks that the TGT destruction happens properly for a remote registry.
 * It previously failed when the deletion happens before the ticket was marked expired because an update was necessary for that.
 *
 * @throws AuthenticationException
 * @throws TicketException
 */
@Test
public void testDestroyRemoteRegistry() throws TicketException, AuthenticationException {
    final MockOnlyOneTicketRegistry registry = new MockOnlyOneTicketRegistry();
    final TicketGrantingTicketImpl tgt = new TicketGrantingTicketImpl("TGT-1", mock(Authentication.class),
            mock(ExpirationPolicy.class));
    final MockExpireUpdateTicketLogoutManager logoutManager = new MockExpireUpdateTicketLogoutManager(registry);
    // consider authentication has happened and the TGT is in the registry
    registry.addTicket(tgt);
    // create a new CASimpl
    final CentralAuthenticationServiceImpl cas = new CentralAuthenticationServiceImpl(registry,  null,  null, null, null, null, null,
            null, logoutManager);
    // destroy to mark expired and then delete : the opposite would fail with a "No ticket to update" error from the registry
    cas.destroyTicketGrantingTicket(tgt.getId());
}
 
Example #12
Source File: MultiFactorAwareCentralAuthenticationService.java    From cas-mfa with Apache License 2.0 5 votes vote down vote up
@Audit(
        action="PROXY_GRANTING_TICKET",
        actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
        resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="GRANT_PROXY_GRANTING_TICKET_METER")
@Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws org.jasig.cas.authentication.AuthenticationException, TicketException {
    return this.delegate.delegateTicketGrantingTicket(serviceTicketId, credentials);
}
 
Example #13
Source File: RemoteCentralAuthenticationService.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the credentials are invalid.
 */
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.delegateTicketGrantingTicket(serviceTicketId, credentials);
}
 
Example #14
Source File: MultiFactorAwareCentralAuthenticationService.java    From cas-mfa with Apache License 2.0 5 votes vote down vote up
@Audit(
        action="SERVICE_TICKET",
        actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
        resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(
        final String ticketGrantingTicketId,
        final Service service, final Credential... credentials)
        throws org.jasig.cas.authentication.AuthenticationException, TicketException {
    return this.delegate.grantServiceTicket(ticketGrantingTicketId, service, credentials);
}
 
Example #15
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Audit(
    action="PROXY_GRANTING_TICKET",
    actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
    resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="GRANT_PROXY_GRANTING_TICKET_METER")
@Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null || serviceTicket.isExpired()) {
        logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    final RegisteredService registeredService = this.servicesManager
            .findServiceBy(serviceTicket.getService());

    verifyRegisteredServiceProperties(registeredService, serviceTicket.getService());
    
    if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
        logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }

    final Authentication authentication = this.authenticationManager.authenticate(credentials);

    final String pgtId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(
            TicketGrantingTicket.PROXY_GRANTING_TICKET_PREFIX);
    final TicketGrantingTicket proxyGrantingTicket = serviceTicket.grantTicketGrantingTicket(pgtId,
                                authentication, this.ticketGrantingTicketExpirationPolicy);

    logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
    this.ticketRegistry.addTicket(proxyGrantingTicket);

    return proxyGrantingTicket;
}
 
Example #16
Source File: MultiFactorAwareCentralAuthenticationService.java    From cas-mfa with Apache License 2.0 5 votes vote down vote up
@Audit(
        action="SERVICE_TICKET_VALIDATE",
        actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
        resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name="VALIDATE_SERVICE_TICKET_METER")
@Counted(name="VALIDATE_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
    return this.delegate.validateServiceTicket(serviceTicketId, service);
}
 
Example #17
Source File: RemoteCentralAuthenticationService.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if given invalid credentials
 */
@Override
public ServiceTicket grantServiceTicket(
        final String ticketGrantingTicketId, final Service service, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);
}
 
Example #18
Source File: RemoteCentralAuthenticationService.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the Credentials are null or if given
 * invalid credentials.
 */
@Override
public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    Assert.notNull(credentials, "credentials cannot be null");
    checkForErrors(credentials);

    return this.centralAuthenticationService.createTicketGrantingTicket(credentials);
}
 
Example #19
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Audit(
    action="TICKET_GRANTING_TICKET",
    actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
    resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER")
@Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    final Set<Credential> sanitizedCredentials = sanitizeCredentials(credentials);
    if (sanitizedCredentials.size() > 0) {
        final Authentication authentication = this.authenticationManager.authenticate(credentials);

        final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
                this.ticketGrantingTicketUniqueTicketIdGenerator
                        .getNewTicketId(TicketGrantingTicket.PREFIX),
                authentication, this.ticketGrantingTicketExpirationPolicy);

        this.ticketRegistry.addTicket(ticketGrantingTicket);
        return ticketGrantingTicket;
    }
    final String msg = "No credentials were specified in the request for creating a new ticket-granting ticket";
    logger.warn(msg);
    throw new TicketCreationException(new IllegalArgumentException(msg));
}
 
Example #20
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * This test checks that the TGT destruction happens properly for a remote registry.
 * It previously failed when the deletion happens before the ticket was marked expired because an update was necessary for that.
 *
 * @throws AuthenticationException
 * @throws org.jasig.cas.ticket.TicketException
 */
@Test
public void verifyDestroyRemoteRegistry() throws TicketException, AuthenticationException {
    final MockOnlyOneTicketRegistry registry = new MockOnlyOneTicketRegistry();
    final TicketGrantingTicketImpl tgt = new TicketGrantingTicketImpl("TGT-1", mock(Authentication.class),
            mock(ExpirationPolicy.class));
    final MockExpireUpdateTicketLogoutManager logoutManager = new MockExpireUpdateTicketLogoutManager(registry);
    // consider authentication has happened and the TGT is in the registry
    registry.addTicket(tgt);
    // create a new CASimpl
    final CentralAuthenticationServiceImpl cas = new CentralAuthenticationServiceImpl(registry,  null,  null, null, null, null, null,
            null, logoutManager);
    // destroy to mark expired and then delete : the opposite would fail with a "No ticket to update" error from the registry
    cas.destroyTicketGrantingTicket(tgt.getId());
}
 
Example #21
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * This test simulates :
 * - a first authentication for a default service
 * - a second authentication with the renew parameter and the same service (and same credentials)
 * - a validation of the second ticket.
 * 
 * When supplemental authentications were returned with the chained authentications, the validation specification
 * failed as it only expects one authentication. Thus supplemental authentications should not be returned in the
 * chained authentications. Both concepts are orthogonal.
 *  
 * @throws TicketException
 * @throws AuthenticationException
 */
@Test
public void authenticateTwiceWithRenew() throws TicketException, AuthenticationException {
    final CentralAuthenticationService cas = getCentralAuthenticationService();
    final Service svc = TestUtils.getService("testDefault");
    final UsernamePasswordCredential goodCredential = TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String tgtId = cas.createTicketGrantingTicket(goodCredential);
    cas.grantServiceTicket(tgtId, svc);
    // simulate renew with new good same credentials
    final String st2Id = cas.grantServiceTicket(tgtId, svc, goodCredential);
    final Assertion assertion = cas.validateServiceTicket(st2Id, svc);
    final ValidationSpecification validationSpecification = new Cas20WithoutProxyingValidationSpecification();
    assertTrue(validationSpecification.isSatisfiedBy(assertion));
}
 
Example #22
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test(expected=TicketException.class)
public void testValidateServiceTicketWithInvalidServiceTicket() throws Exception {
    final String ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final String serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket, TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(
        ticketGrantingTicket);

    getCentralAuthenticationService().validateServiceTicket(
            serviceTicket, TestUtils.getService());
}
 
Example #23
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test(expected=TicketException.class)
public void testDelegateTicketGrantingTicketWithBadServiceTicket() throws Exception {
    final String ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final String serviceTicketId = getCentralAuthenticationService()
        .grantServiceTicket(ticketId, TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId);
    getCentralAuthenticationService().delegateTicketGrantingTicket(
        serviceTicketId, TestUtils.getHttpBasedServiceCredentials());
}
 
Example #24
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test(expected=TicketException.class)
public void testGrantServiceTicketWithInvalidTicketGrantingTicket() throws Exception {
    final String ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId);
        getCentralAuthenticationService().grantServiceTicket(ticketId,
            TestUtils.getService());
}
 
Example #25
Source File: CentralAuthenticationServiceImplTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testGoodCredentialsOnTicketGrantingTicketCreation() throws Exception {
    try {
        assertNotNull(getCentralAuthenticationService()
            .createTicketGrantingTicket(
                TestUtils.getCredentialsWithSameUsernameAndPassword()));
    } catch (final TicketException e) {
        fail(TestUtils.CONST_EXCEPTION_NON_EXPECTED);
    }
}
 
Example #26
Source File: RemoteCentralAuthenticationService.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the Credentials are null or if given
 * invalid credentials.
 */
@Override
public String createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    Assert.notNull(credentials, "credentials cannot be null");
    checkForErrors(credentials);

    return this.centralAuthenticationService.createTicketGrantingTicket(credentials);
}
 
Example #27
Source File: CentralAuthenticationServiceImpl.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
private Authentication getAuthenticationSatisfiedByPolicy(
        final TicketGrantingTicket ticket, final ServiceContext context) throws TicketException {

    final ContextualAuthenticationPolicy<ServiceContext> policy =
            serviceContextAuthenticationPolicyFactory.createPolicy(context);
    if (policy.isSatisfiedBy(ticket.getAuthentication())) {
        return ticket.getAuthentication();
    }
    for (final Authentication auth : ticket.getSupplementalAuthentications()) {
        if (policy.isSatisfiedBy(auth)) {
            return auth;
        }
    }
    throw new UnsatisfiedAuthenticationPolicyException(policy);
}
 
Example #28
Source File: RemoteCentralAuthenticationService.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if given invalid credentials
 */
@Override
public String grantServiceTicket(
        final String ticketGrantingTicketId, final Service service, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);
}
 
Example #29
Source File: RemoteCentralAuthenticationService.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the credentials are invalid.
 */
@Override
public String delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.delegateTicketGrantingTicket(serviceTicketId, credentials);
}
 
Example #30
Source File: CentralAuthenticationServiceImpl.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "GRANT_SERVICE_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public String grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}