org.jasig.cas.util.UniqueTicketIdGenerator Java Examples
The following examples show how to use
org.jasig.cas.util.UniqueTicketIdGenerator.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CentralAuthenticationServiceImpl.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
/** * Build the central authentication service implementation. * * @param ticketRegistry the tickets registry. * @param serviceTicketRegistry the service tickets registry. * @param authenticationManager the authentication manager. * @param ticketGrantingTicketUniqueTicketIdGenerator the TGT id generator. * @param uniqueTicketIdGeneratorsForService the map with service and ticket id generators. * @param ticketGrantingTicketExpirationPolicy the TGT expiration policy. * @param serviceTicketExpirationPolicy the service ticket expiration policy. * @param servicesManager the services manager. * @param logoutManager the logout manager. */ public CentralAuthenticationServiceImpl(final TicketRegistry ticketRegistry, final TicketRegistry serviceTicketRegistry, final AuthenticationManager authenticationManager, final UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService, final ExpirationPolicy ticketGrantingTicketExpirationPolicy, final ExpirationPolicy serviceTicketExpirationPolicy, final ServicesManager servicesManager, final LogoutManager logoutManager) { this.ticketRegistry = ticketRegistry; if (serviceTicketRegistry == null) { this.serviceTicketRegistry = ticketRegistry; } else { this.serviceTicketRegistry = serviceTicketRegistry; } this.authenticationManager = authenticationManager; this.ticketGrantingTicketUniqueTicketIdGenerator = ticketGrantingTicketUniqueTicketIdGenerator; this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService; this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy; this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy; this.servicesManager = servicesManager; this.logoutManager = logoutManager; }
Example #2
Source File: X509CertificateCredentialsNonInteractiveActionTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
@Before public void setUp() throws Exception { this.action = new X509CertificateCredentialsNonInteractiveAction(); final Map<String, UniqueTicketIdGenerator> idGenerators = new HashMap<String, UniqueTicketIdGenerator>(); idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator()); final X509CredentialsAuthenticationHandler handler = new X509CredentialsAuthenticationHandler(); handler.setTrustedIssuerDnPattern("CN=\\w+,DC=jasig,DC=org"); final AuthenticationManager authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( handler, new X509SerialNumberPrincipalResolver())); final CentralAuthenticationServiceImpl centralAuthenticationService = new CentralAuthenticationServiceImpl( new DefaultTicketRegistry(), null, authenticationManager, new DefaultUniqueTicketIdGenerator(), idGenerators, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); this.action.setCentralAuthenticationService(centralAuthenticationService); this.action.afterPropertiesSet(); }
Example #3
Source File: OpenIdSingleSignOnActionTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Before public void setUp() throws Exception { this.ticketRegistry = new DefaultTicketRegistry(); final OpenIdCredentialsAuthenticationHandler handler = new OpenIdCredentialsAuthenticationHandler(); handler.setTicketRegistry(this.ticketRegistry); this.authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( handler, new OpenIdPrincipalResolver())); final Map<String, UniqueTicketIdGenerator> generator = new HashMap<>(); generator.put(OpenIdService.class.getName(), new DefaultUniqueTicketIdGenerator()); impl = new CentralAuthenticationServiceImpl(this.ticketRegistry, null, this.authenticationManager, new DefaultUniqueTicketIdGenerator(), generator, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), new DefaultServicesManagerImpl(new InMemoryServiceRegistryDaoImpl()), mock(LogoutManager.class)); this.action = new OpenIdSingleSignOnAction(); this.action.setCentralAuthenticationService(this.impl); this.action.setExtractor(new DefaultOpenIdUserNameExtractor()); this.action.afterPropertiesSet(); }
Example #4
Source File: PrincipalFromRequestRemoteUserNonInteractiveCredentialsActionTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Before public void setUp() throws Exception { this.action = new PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction(); final Map<String, UniqueTicketIdGenerator> idGenerators = new HashMap<>(); idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator()); final AuthenticationManager authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( new PrincipalBearingCredentialsAuthenticationHandler(), new PrincipalBearingPrincipalResolver())); final CentralAuthenticationServiceImpl centralAuthenticationService = new CentralAuthenticationServiceImpl( new DefaultTicketRegistry(), null, authenticationManager, new DefaultUniqueTicketIdGenerator(), idGenerators, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); this.action.setCentralAuthenticationService(centralAuthenticationService); }
Example #5
Source File: PrincipalFromRequestUserPrincipalNonInteractiveCredentialsActionTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Before public void setUp() throws Exception { this.action = new PrincipalFromRequestUserPrincipalNonInteractiveCredentialsAction(); final Map<String, UniqueTicketIdGenerator> idGenerators = new HashMap<>(); idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator()); final AuthenticationManager authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( new PrincipalBearingCredentialsAuthenticationHandler(), new PrincipalBearingPrincipalResolver())); final CentralAuthenticationServiceImpl centralAuthenticationService = new CentralAuthenticationServiceImpl( new DefaultTicketRegistry(), null, authenticationManager, new DefaultUniqueTicketIdGenerator(), idGenerators, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); this.action.setCentralAuthenticationService(centralAuthenticationService); }
Example #6
Source File: PrincipalFromRequestUserPrincipalNonInteractiveCredentialsActionTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
@Before public void setUp() throws Exception { this.action = new PrincipalFromRequestUserPrincipalNonInteractiveCredentialsAction(); final Map<String, UniqueTicketIdGenerator> idGenerators = new HashMap<String, UniqueTicketIdGenerator>(); idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator()); final AuthenticationManager authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( new PrincipalBearingCredentialsAuthenticationHandler(), new PrincipalBearingPrincipalResolver())); final CentralAuthenticationServiceImpl centralAuthenticationService = new CentralAuthenticationServiceImpl( new DefaultTicketRegistry(), null, authenticationManager, new DefaultUniqueTicketIdGenerator(), idGenerators, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); this.action.setCentralAuthenticationService(centralAuthenticationService); }
Example #7
Source File: X509CertificateCredentialsNonInteractiveActionTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Before public void setUp() throws Exception { this.action = new X509CertificateCredentialsNonInteractiveAction(); final Map<String, UniqueTicketIdGenerator> idGenerators = new HashMap<>(); idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator()); final X509CredentialsAuthenticationHandler handler = new X509CredentialsAuthenticationHandler(); handler.setTrustedIssuerDnPattern("CN=\\w+,DC=jasig,DC=org"); final AuthenticationManager authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( handler, new X509SerialNumberPrincipalResolver())); final CentralAuthenticationServiceImpl centralAuthenticationService = new CentralAuthenticationServiceImpl( new DefaultTicketRegistry(), null, authenticationManager, new DefaultUniqueTicketIdGenerator(), idGenerators, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); this.action.setCentralAuthenticationService(centralAuthenticationService); this.action.afterPropertiesSet(); }
Example #8
Source File: PrincipalFromRequestRemoteUserNonInteractiveCredentialsActionTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
@Before public void setUp() throws Exception { this.action = new PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction(); final Map<String, UniqueTicketIdGenerator> idGenerators = new HashMap<String, UniqueTicketIdGenerator>(); idGenerators.put(SimpleWebApplicationServiceImpl.class.getName(), new DefaultUniqueTicketIdGenerator()); final AuthenticationManager authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( new PrincipalBearingCredentialsAuthenticationHandler(), new PrincipalBearingPrincipalResolver())); final CentralAuthenticationServiceImpl centralAuthenticationService = new CentralAuthenticationServiceImpl( new DefaultTicketRegistry(), null, authenticationManager, new DefaultUniqueTicketIdGenerator(), idGenerators, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); this.action.setCentralAuthenticationService(centralAuthenticationService); }
Example #9
Source File: CentralAuthenticationServiceImpl.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
/** * Build the central authentication service implementation. * * @param ticketRegistry the tickets registry. * @param serviceTicketRegistry the service tickets registry. * @param authenticationManager the authentication manager. * @param ticketGrantingTicketUniqueTicketIdGenerator the TGT id generator. * @param uniqueTicketIdGeneratorsForService the map with service and ticket id generators. * @param ticketGrantingTicketExpirationPolicy the TGT expiration policy. * @param serviceTicketExpirationPolicy the service ticket expiration policy. * @param servicesManager the services manager. * @param logoutManager the logout manager. */ public CentralAuthenticationServiceImpl(final TicketRegistry ticketRegistry, final TicketRegistry serviceTicketRegistry, final AuthenticationManager authenticationManager, final UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService, final ExpirationPolicy ticketGrantingTicketExpirationPolicy, final ExpirationPolicy serviceTicketExpirationPolicy, final ServicesManager servicesManager, final LogoutManager logoutManager) { this.ticketRegistry = ticketRegistry; if (serviceTicketRegistry == null) { this.serviceTicketRegistry = ticketRegistry; } else { this.serviceTicketRegistry = serviceTicketRegistry; } this.authenticationManager = authenticationManager; this.ticketGrantingTicketUniqueTicketIdGenerator = ticketGrantingTicketUniqueTicketIdGenerator; this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService; this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy; this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy; this.servicesManager = servicesManager; this.logoutManager = logoutManager; }
Example #10
Source File: OpenIdSingleSignOnActionTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
@Before public void setUp() throws Exception { this.ticketRegistry = new DefaultTicketRegistry(); final OpenIdCredentialsAuthenticationHandler handler = new OpenIdCredentialsAuthenticationHandler(); handler.setTicketRegistry(this.ticketRegistry); this.authenticationManager = new PolicyBasedAuthenticationManager( Collections.<AuthenticationHandler, PrincipalResolver>singletonMap( handler, new OpenIdPrincipalResolver())); final Map<String, UniqueTicketIdGenerator> generator = new HashMap<String, UniqueTicketIdGenerator>(); generator.put(OpenIdService.class.getName(), new DefaultUniqueTicketIdGenerator()); impl = new CentralAuthenticationServiceImpl(this.ticketRegistry, null, this.authenticationManager, new DefaultUniqueTicketIdGenerator(), generator, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), new DefaultServicesManagerImpl(new InMemoryServiceRegistryDaoImpl()), mock(LogoutManager.class)); this.action = new OpenIdSingleSignOnAction(); this.action.setCentralAuthenticationService(this.impl); this.action.setExtractor(new DefaultOpenIdUserNameExtractor()); this.action.afterPropertiesSet(); }
Example #11
Source File: DefaultTicketRegistryCleanerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Override public RegistryCleaner getNewRegistryCleaner(final TicketRegistry ticketRegistry) { this.centralAuthenticationService = new CentralAuthenticationServiceImpl(this.ticketRegistry, this.ticketRegistry, mock(AuthenticationManager.class), mock(UniqueTicketIdGenerator.class), Collections.EMPTY_MAP, new NeverExpiresExpirationPolicy(), new NeverExpiresExpirationPolicy(), mock(ServicesManager.class), mock(LogoutManager.class)); return new DefaultTicketRegistryCleaner(this.centralAuthenticationService, this.ticketRegistry); }
Example #12
Source File: Cas20ProxyHandler.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
/** * @param uniqueTicketIdGenerator The uniqueTicketIdGenerator to set. */ public void setUniqueTicketIdGenerator(final UniqueTicketIdGenerator uniqueTicketIdGenerator) { this.uniqueTicketIdGenerator = uniqueTicketIdGenerator; }
Example #13
Source File: GenerateLoginTicketAction.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
public void setTicketIdGenerator(final UniqueTicketIdGenerator generator) { this.ticketIdGenerator = generator; }
Example #14
Source File: CentralAuthenticationServiceImplWithMokitoTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
@Before public void prepareNewCAS() { this.authentication = mock(Authentication.class); when(this.authentication.getAuthenticatedDate()).thenReturn(new Date()); final CredentialMetaData metadata = new BasicCredentialMetaData(TestUtils.getCredentialsWithSameUsernameAndPassword("principal")); final Map<String, HandlerResult> successes = new HashMap<String, HandlerResult>(); successes.put("handler1", new HandlerResult(mock(AuthenticationHandler.class), metadata)); when(this.authentication.getCredentials()).thenReturn(Arrays.asList(metadata)); when(this.authentication.getSuccesses()).thenReturn(successes); when(this.authentication.getPrincipal()).thenReturn(new SimplePrincipal(PRINCIPAL)); final ServiceTicket stMock = mock(ServiceTicket.class); when(stMock.getService()).thenReturn(TestUtils.getService()); when(stMock.getId()).thenReturn(ST_ID); when(stMock.isValidFor(TestUtils.getService())).thenReturn(true); final TicketGrantingTicket tgtRootMock = mock(TicketGrantingTicket.class); when(tgtRootMock.isExpired()).thenReturn(false); when(tgtRootMock.getAuthentication()).thenReturn(this.authentication); final TicketGrantingTicket tgtMock = mock(TicketGrantingTicket.class); when(tgtMock.isExpired()).thenReturn(false); when(tgtMock.getId()).thenReturn(TGT_ID); when(tgtMock.grantServiceTicket(anyString(), argThat(new VerifyServiceByIdMatcher(TestUtils.getService().getId())), any(ExpirationPolicy.class), anyBoolean())).thenReturn(stMock); when(tgtMock.getRoot()).thenReturn(tgtRootMock); final List<Authentication> authnListMock = mock(List.class); //Size is required to be 2, so that we can simulate proxying capabilities when(authnListMock.size()).thenReturn(2); when(authnListMock.get(anyInt())).thenReturn(this.authentication); when(tgtMock.getChainedAuthentications()).thenReturn(authnListMock); when(stMock.getGrantingTicket()).thenReturn(tgtMock); final Service service2 = TestUtils.getService(SVC2_ID); final ServiceTicket stMock2 = mock(ServiceTicket.class); when(stMock2.getService()).thenReturn(service2); when(stMock2.getId()).thenReturn(ST2_ID); when(stMock2.isValidFor(service2)).thenReturn(true); final TicketGrantingTicket tgtMock2 = mock(TicketGrantingTicket.class); when(tgtMock2.isExpired()).thenReturn(false); when(tgtMock2.getId()).thenReturn(TGT2_ID); when(tgtMock2.grantServiceTicket(anyString(), argThat(new VerifyServiceByIdMatcher(service2.getId())), any(ExpirationPolicy.class), anyBoolean())).thenReturn(stMock2); when(tgtMock2.getRoot()).thenReturn(tgtRootMock); when(tgtMock2.getChainedAuthentications()).thenReturn(authnListMock); when(stMock2.getGrantingTicket()).thenReturn(tgtMock2); //Mock TicketRegistry final TicketRegistry ticketRegMock = mock(TicketRegistry.class); when(ticketRegMock.getTicket(eq(tgtMock.getId()), eq(TicketGrantingTicket.class))).thenReturn(tgtMock); when(ticketRegMock.getTicket(eq(tgtMock2.getId()), eq(TicketGrantingTicket.class))).thenReturn(tgtMock2); when(ticketRegMock.getTicket(eq(stMock.getId()), eq(ServiceTicket.class))).thenReturn(stMock); when(ticketRegMock.getTicket(eq(stMock2.getId()), eq(ServiceTicket.class))).thenReturn(stMock2); //Mock ServicesManager final RegisteredService mockRegSvc1 = mock(RegisteredService.class); when(mockRegSvc1.getServiceId()).thenReturn(SVC1_ID); when(mockRegSvc1.isEnabled()).thenReturn(true); when(mockRegSvc1.isAllowedToProxy()).thenReturn(false); when(mockRegSvc1.getName()).thenReturn(SVC1_ID); final RegisteredService mockRegSvc2 = mock(RegisteredService.class); when(mockRegSvc2.getServiceId()).thenReturn("test"); when(mockRegSvc2.isEnabled()).thenReturn(false); when(mockRegSvc2.getName()).thenReturn("test"); final RegisteredService mockRegSvc3 = mock(RegisteredService.class); when(mockRegSvc3.getServiceId()).thenReturn(service2.getId()); when(mockRegSvc3.isEnabled()).thenReturn(true); when(mockRegSvc3.isAllowedToProxy()).thenReturn(true); when(mockRegSvc3.getName()).thenReturn(service2.getId()); when(mockRegSvc3.matches(argThat(new VerifyServiceByIdMatcher(service2.getId())))).thenReturn(true); final ServicesManager smMock = mock(ServicesManager.class); when(smMock.findServiceBy(argThat(new VerifyServiceByIdMatcher(SVC1_ID)))).thenReturn(mockRegSvc1); when(smMock.findServiceBy(argThat(new VerifyServiceByIdMatcher("test")))).thenReturn(mockRegSvc2); when(smMock.findServiceBy(argThat(new VerifyServiceByIdMatcher(SVC2_ID)))).thenReturn(mockRegSvc3); final Map ticketIdGenForServiceMock = mock(Map.class); when(ticketIdGenForServiceMock.containsKey(any())).thenReturn(true); when(ticketIdGenForServiceMock.get(any())).thenReturn(new DefaultUniqueTicketIdGenerator()); this.cas = new CentralAuthenticationServiceImpl(ticketRegMock, null, mock(AuthenticationManager.class), mock(UniqueTicketIdGenerator.class), ticketIdGenForServiceMock, mock(ExpirationPolicy.class), mock(ExpirationPolicy.class), smMock, mock(LogoutManager.class)); }
Example #15
Source File: CentralAuthenticationServiceImpl.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
/** * @throws IllegalArgumentException if ticketGrantingTicketId or service are null. */ @Audit( action="SERVICE_TICKET", actionResolverName="GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Profiled(tag="GRANT_SERVICE_TICKET", logFailuresSeparately = false) @Transactional(readOnly = false) public String grantServiceTicket( final String ticketGrantingTicketId, final Service service, final Credential... credentials) throws AuthenticationException, TicketException { Assert.notNull(ticketGrantingTicketId, "ticketGrantingticketId cannot be null"); Assert.notNull(service, "service cannot be null"); final TicketGrantingTicket ticketGrantingTicket = this.ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class); if (ticketGrantingTicket == null) { logger.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId); throw new InvalidTicketException(ticketGrantingTicketId); } synchronized (ticketGrantingTicket) { if (ticketGrantingTicket.isExpired()) { this.ticketRegistry.deleteTicket(ticketGrantingTicketId); logger.debug("TicketGrantingTicket[{}] has expired and is now deleted from the ticket registry.", ticketGrantingTicketId); throw new InvalidTicketException(ticketGrantingTicketId); } } final RegisteredService registeredService = this.servicesManager.findServiceBy(service); verifyRegisteredServiceProperties(registeredService, service); if (!registeredService.isSsoEnabled() && credentials == null && ticketGrantingTicket.getCountOfUses() > 0) { logger.warn("ServiceManagement: Service [{}] is not allowed to use SSO.", service.getId()); throw new UnauthorizedSsoServiceException(); } //CAS-1019 final List<Authentication> authns = ticketGrantingTicket.getChainedAuthentications(); if(authns.size() > 1) { if (!registeredService.isAllowedToProxy()) { final String message = String. format("ServiceManagement: Proxy attempt by service [%s] (registered service [%s]) is not allowed.", service.getId(), registeredService.toString()); logger.warn(message); throw new UnauthorizedProxyingException(message); } } if (credentials != null) { final Authentication current = this.authenticationManager.authenticate(credentials); final Authentication original = ticketGrantingTicket.getAuthentication(); if (!current.getPrincipal().equals(original.getPrincipal())) { throw new MixedPrincipalException(current, current.getPrincipal(), original.getPrincipal()); } ticketGrantingTicket.getSupplementalAuthentications().add(current); } // Perform security policy check by getting the authentication that satisfies the configured policy // This throws if no suitable policy is found getAuthenticationSatisfiedByPolicy(ticketGrantingTicket.getRoot(), new ServiceContext(service, registeredService)); final String uniqueTicketIdGenKey = service.getClass().getName(); if (!this.uniqueTicketIdGeneratorsForService.containsKey(uniqueTicketIdGenKey)) { logger.warn("Cannot create service ticket because the key [{}] for service [{}] is not linked to a ticket id generator", uniqueTicketIdGenKey, service.getId()); throw new UnauthorizedSsoServiceException(); } final UniqueTicketIdGenerator serviceTicketUniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService.get(uniqueTicketIdGenKey); final String generatedServiceTicketId = serviceTicketUniqueTicketIdGenerator.getNewTicketId(ServiceTicket.PREFIX); logger.debug("Generated service ticket id [{}] for ticket granting ticket [{}]", generatedServiceTicketId, ticketGrantingTicket.getId()); final ServiceTicket serviceTicket = ticketGrantingTicket.grantServiceTicket(generatedServiceTicketId, service, this.serviceTicketExpirationPolicy, credentials != null); this.serviceTicketRegistry.addTicket(serviceTicket); if (logger.isInfoEnabled()) { final List<Authentication> authentications = serviceTicket.getGrantingTicket().getChainedAuthentications(); final String formatString = "Granted %s ticket [%s] for service [%s] for user [%s]"; final String type; final String principalId = authentications.get(authentications.size() - 1).getPrincipal().getId(); if (authentications.size() == 1) { type = "service"; } else { type = "proxy"; } logger.info(String.format(formatString, type, serviceTicket.getId(), service.getId(), principalId)); } return serviceTicket.getId(); }
Example #16
Source File: Cas20ProxyHandler.java From springboot-shiro-cas-mybatis with MIT License | 4 votes |
/** * @param uniqueTicketIdGenerator The uniqueTicketIdGenerator to set. */ public void setUniqueTicketIdGenerator(final UniqueTicketIdGenerator uniqueTicketIdGenerator) { this.uniqueTicketIdGenerator = uniqueTicketIdGenerator; }
Example #17
Source File: GenerateLoginTicketAction.java From springboot-shiro-cas-mybatis with MIT License | 4 votes |
public void setTicketIdGenerator(final UniqueTicketIdGenerator generator) { this.ticketIdGenerator = generator; }
Example #18
Source File: CentralAuthenticationServiceImplWithMockitoTests.java From springboot-shiro-cas-mybatis with MIT License | 4 votes |
@Before public void prepareNewCAS() { this.authentication = mock(Authentication.class); when(this.authentication.getAuthenticationDate()).thenReturn(new Date()); final CredentialMetaData metadata = new BasicCredentialMetaData(TestUtils.getCredentialsWithSameUsernameAndPassword("principal")); final Map<String, HandlerResult> successes = new HashMap<>(); successes.put("handler1", new DefaultHandlerResult(mock(AuthenticationHandler.class), metadata)); when(this.authentication.getCredentials()).thenReturn(Arrays.asList(metadata)); when(this.authentication.getSuccesses()).thenReturn(successes); when(this.authentication.getPrincipal()).thenReturn(new DefaultPrincipalFactory().createPrincipal(PRINCIPAL)); final Service service1 = TestUtils.getService(SVC1_ID); final ServiceTicket stMock = createMockServiceTicket(ST_ID, service1); final TicketGrantingTicket tgtRootMock = createRootTicketGrantingTicket(); final TicketGrantingTicket tgtMock = createMockTicketGrantingTicket(TGT_ID, stMock, false, tgtRootMock, new ArrayList<Authentication>()); when(tgtMock.getProxiedBy()).thenReturn(TestUtils.getService("proxiedBy")); final List<Authentication> authnListMock = mock(List.class); //Size is required to be 2, so that we can simulate proxying capabilities when(authnListMock.size()).thenReturn(2); when(authnListMock.get(anyInt())).thenReturn(this.authentication); when(tgtMock.getChainedAuthentications()).thenReturn(authnListMock); when(stMock.getGrantingTicket()).thenReturn(tgtMock); final Service service2 = TestUtils.getService(SVC2_ID); final ServiceTicket stMock2 = createMockServiceTicket(ST2_ID, service2); final TicketGrantingTicket tgtMock2 = createMockTicketGrantingTicket(TGT2_ID, stMock2, false, tgtRootMock, authnListMock); //Mock TicketRegistry this.ticketRegMock = mock(TicketRegistry.class); when(ticketRegMock.getTicket(eq(tgtMock.getId()), eq(TicketGrantingTicket.class))).thenReturn(tgtMock); when(ticketRegMock.getTicket(eq(tgtMock2.getId()), eq(TicketGrantingTicket.class))).thenReturn(tgtMock2); when(ticketRegMock.getTicket(eq(stMock.getId()), eq(ServiceTicket.class))).thenReturn(stMock); when(ticketRegMock.getTicket(eq(stMock2.getId()), eq(ServiceTicket.class))).thenReturn(stMock2); when(ticketRegMock.getTickets()).thenReturn(Arrays.asList(tgtMock, tgtMock2, stMock, stMock2)); //Mock ServicesManager final RegisteredService mockRegSvc1 = createMockRegisteredService(service1.getId(), true, getServiceProxyPolicy(false)); final RegisteredService mockRegSvc2 = createMockRegisteredService("test", false, getServiceProxyPolicy(true)); final RegisteredService mockRegSvc3 = createMockRegisteredService(service2.getId(), true, getServiceProxyPolicy(true)); final ServicesManager smMock = mock(ServicesManager.class); when(smMock.findServiceBy(argThat(new VerifyServiceByIdMatcher(service1.getId())))).thenReturn(mockRegSvc1); when(smMock.findServiceBy(argThat(new VerifyServiceByIdMatcher("test")))).thenReturn(mockRegSvc2); when(smMock.findServiceBy(argThat(new VerifyServiceByIdMatcher(service2.getId())))).thenReturn(mockRegSvc3); final Map ticketIdGenForServiceMock = mock(Map.class); when(ticketIdGenForServiceMock.containsKey(any())).thenReturn(true); when(ticketIdGenForServiceMock.get(any())).thenReturn(new DefaultUniqueTicketIdGenerator()); this.cas = new CentralAuthenticationServiceImpl(ticketRegMock, null, mock(AuthenticationManager.class), mock(UniqueTicketIdGenerator.class), ticketIdGenForServiceMock, mock(ExpirationPolicy.class), mock(ExpirationPolicy.class), smMock, mock(LogoutManager.class)); }
Example #19
Source File: CentralAuthenticationServiceImpl.java From springboot-shiro-cas-mybatis with MIT License | 4 votes |
@Audit( action="SERVICE_TICKET", actionResolverName="GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Timed(name="GRANT_SERVICE_TICKET_TIMER") @Metered(name="GRANT_SERVICE_TICKET_METER") @Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true) @Override public ServiceTicket grantServiceTicket( final String ticketGrantingTicketId, final Service service, final Credential... credentials) throws AuthenticationException, TicketException { final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class); final RegisteredService registeredService = this.servicesManager.findServiceBy(service); verifyRegisteredServiceProperties(registeredService, service); final Set<Credential> sanitizedCredentials = sanitizeCredentials(credentials); Authentication currentAuthentication = null; if (sanitizedCredentials.size() > 0) { currentAuthentication = this.authenticationManager.authenticate( sanitizedCredentials.toArray(new Credential[] {})); final Authentication original = ticketGrantingTicket.getAuthentication(); if (!currentAuthentication.getPrincipal().equals(original.getPrincipal())) { throw new MixedPrincipalException( currentAuthentication, currentAuthentication.getPrincipal(), original.getPrincipal()); } ticketGrantingTicket.getSupplementalAuthentications().add(currentAuthentication); } if (currentAuthentication == null && !registeredService.getAccessStrategy().isServiceAccessAllowedForSso()) { logger.warn("ServiceManagement: Service [{}] is not allowed to use SSO.", service.getId()); throw new UnauthorizedSsoServiceException(); } final Service proxiedBy = ticketGrantingTicket.getProxiedBy(); if (proxiedBy != null) { logger.debug("TGT is proxied by [{}]. Locating proxy service in registry...", proxiedBy.getId()); final RegisteredService proxyingService = servicesManager.findServiceBy(proxiedBy); if (proxyingService != null) { logger.debug("Located proxying service [{}] in the service registry", proxyingService); if (!proxyingService.getProxyPolicy().isAllowedToProxy()) { logger.warn("Found proxying service {}, but it is not authorized to fulfill the proxy attempt made by {}", proxyingService.getId(), service.getId()); throw new UnauthorizedProxyingException("Proxying is not allowed for registered service " + registeredService.getId()); } } else { logger.warn("No proxying service found. Proxy attempt by service [{}] (registered service [{}]) is not allowed.", service.getId(), registeredService.getId()); throw new UnauthorizedProxyingException("Proxying is not allowed for registered service " + registeredService.getId()); } } else { logger.trace("TGT is not proxied by another service"); } // Perform security policy check by getting the authentication that satisfies the configured policy // This throws if no suitable policy is found getAuthenticationSatisfiedByPolicy(ticketGrantingTicket, new ServiceContext(service, registeredService)); final List<Authentication> authentications = ticketGrantingTicket.getChainedAuthentications(); final Principal principal = authentications.get(authentications.size() - 1).getPrincipal(); final Map<String, Object> principalAttrs = registeredService.getAttributeReleasePolicy().getAttributes(principal); if (!registeredService.getAccessStrategy().doPrincipalAttributesAllowServiceAccess(principalAttrs)) { logger.warn("ServiceManagement: Cannot grant service ticket because Service [{}] is not authorized for use by [{}].", service.getId(), principal); throw new UnauthorizedServiceForPrincipalException(); } final String uniqueTicketIdGenKey = service.getClass().getName(); logger.debug("Looking up service ticket id generator for [{}]", uniqueTicketIdGenKey); UniqueTicketIdGenerator serviceTicketUniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService.get(uniqueTicketIdGenKey); if (serviceTicketUniqueTicketIdGenerator == null) { serviceTicketUniqueTicketIdGenerator = this.defaultServiceTicketIdGenerator; logger.debug("Service ticket id generator not found for [{}]. Using the default generator...", uniqueTicketIdGenKey); } final String ticketPrefix = authentications.size() == 1 ? ServiceTicket.PREFIX : ServiceTicket.PROXY_TICKET_PREFIX; final String ticketId = serviceTicketUniqueTicketIdGenerator.getNewTicketId(ticketPrefix); final ServiceTicket serviceTicket = ticketGrantingTicket.grantServiceTicket( ticketId, service, this.serviceTicketExpirationPolicy, currentAuthentication != null); this.serviceTicketRegistry.addTicket(serviceTicket); logger.info("Granted ticket [{}] for service [{}] for user [{}]", serviceTicket.getId(), service.getId(), principal.getId()); return serviceTicket; }
Example #20
Source File: MultiFactorAwareCentralAuthenticationService.java From cas-mfa with Apache License 2.0 | 2 votes |
/** * Inject a TGT unique ID generator. * @param uniqueTicketIdGenerator the non-null TGT unique ID generator. */ public void setTicketGrantingTicketUniqueTicketIdGenerator(final UniqueTicketIdGenerator uniqueTicketIdGenerator) { this.ticketGrantingTicketUniqueTicketIdGenerator = uniqueTicketIdGenerator; }