org.jasig.cas.ticket.TicketGrantingTicket Java Examples

The following examples show how to use org.jasig.cas.ticket.TicketGrantingTicket. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: GenerateServiceTicketActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyTicketGrantingTicketNotTgtButGateway() throws Exception {
    final MockRequestContext context = new MockRequestContext();
    context.getFlowScope().put("service", TestUtils.getService());
    final MockHttpServletRequest request = new MockHttpServletRequest();
    context.setExternalContext(new ServletExternalContext(
            new MockServletContext(), request, new MockHttpServletResponse()));
    request.addParameter("service", "service");
    request.addParameter("gateway", "true");
    final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
    when(tgt.getId()).thenReturn("bleh");
    WebUtils.putTicketGrantingTicketInScopes(context, tgt);


    assertEquals("gateway", this.action.execute(context).getId());
}
 
Example #2
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyValidateServiceTicketWithInvalidUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTestInvalid");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();

    /*
     * The attribute specified for this service does not resolve.
     * Therefore, we expect the default to be returned.
     */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 
Example #3
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test(expected=TicketException.class)
    public void verifyGrantServiceTicketWithExpiredTicketGrantingTicket() throws Exception {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new ExpirationPolicy() {
            private static final long serialVersionUID = 1L;

            public boolean isExpired(final TicketState ticket) {
                return true;
            }});

    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    try {
        getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
            TestUtils.getService());
    } finally {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new NeverExpiresExpirationPolicy());
    }
}
 
Example #4
Source File: AbstractServiceValidateControllerTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyValidServiceTicketWithInvalidPgt() throws Exception {
    this.serviceValidateController.setProxyHandler(new Cas10ProxyHandler());
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "duh");

    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_SUCCESS_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 
Example #5
Source File: CentralAuthenticationServiceImpl.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
/**
 * {@inheritDoc}
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Audit(
        action="TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "DESTROY_TICKET_GRANTING_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
    Assert.notNull(ticketGrantingTicketId);

    logger.debug("Removing ticket [{}] from registry.", ticketGrantingTicketId);
    final TicketGrantingTicket ticket = this.ticketRegistry.getTicket(ticketGrantingTicketId,
            TicketGrantingTicket.class);

    if (ticket == null) {
        logger.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
        return Collections.emptyList();
    }

    logger.debug("Ticket found. Processing logout requests and then deleting the ticket...");
    final List<LogoutRequest> logoutRequests = logoutManager.performLogout(ticket);
    this.ticketRegistry.deleteTicket(ticketGrantingTicketId);

    return logoutRequests;
}
 
Example #6
Source File: OAuth20ProfileControllerTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test
public void testExpiredTicketGrantingTicketImpl() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest("GET", CONTEXT
            + OAuthConstants.PROFILE_URL);
    mockRequest.setParameter(OAuthConstants.ACCESS_TOKEN, TGT_ID);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    final OAuth20WrapperController oauth20WrapperController = new OAuth20WrapperController();
    final TicketRegistry ticketRegistry = mock(TicketRegistry.class);
    final TicketGrantingTicket ticketGrantingTicket = mock(TicketGrantingTicket.class);
    when(ticketGrantingTicket.isExpired()).thenReturn(true);
    when(ticketRegistry.getTicket(TGT_ID)).thenReturn(ticketGrantingTicket);
    oauth20WrapperController.setTicketRegistry(ticketRegistry);
    oauth20WrapperController.afterPropertiesSet();
    oauth20WrapperController.handleRequest(mockRequest, mockResponse);
    assertEquals(200, mockResponse.getStatus());
    assertEquals(CONTENT_TYPE, mockResponse.getContentType());
    assertEquals("{\"error\":\"" + OAuthConstants.EXPIRED_ACCESS_TOKEN + "\"}", mockResponse.getContentAsString());
}
 
Example #7
Source File: AbstractServiceValidateControllerTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyValidServiceTicketAndPgtUrlMismatch() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    
    final Service svc = TestUtils.getService("proxyService");
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), svc);

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", svc.getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "http://www.github.com");
    
    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_FAILURE_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 
Example #8
Source File: TicketsResource.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Create new ticket granting ticket.
 *
 * @param requestBody username and password application/x-www-form-urlencoded values
 * @param request raw HttpServletRequest used to call this method
 * @return ResponseEntity representing RESTful response
 */
@RequestMapping(value = "/tickets", method = RequestMethod.POST, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public final ResponseEntity<String> createTicketGrantingTicket(@RequestBody final MultiValueMap<String, String> requestBody,
                                                               final HttpServletRequest request) {
    try (Formatter fmt = new Formatter()) {
        final TicketGrantingTicket tgtId = this.cas.createTicketGrantingTicket(obtainCredential(requestBody));
        final URI ticketReference = new URI(request.getRequestURL().toString() + '/' + tgtId.getId());
        final HttpHeaders headers = new HttpHeaders();
        headers.setLocation(ticketReference);
        headers.setContentType(MediaType.TEXT_HTML);
        fmt.format("<!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"><html><head><title>");
        //IETF//DTD HTML 2.0//EN\\\"><html><head><title>");
        fmt.format("%s %s", HttpStatus.CREATED, HttpStatus.CREATED.getReasonPhrase())
                .format("</title></head><body><h1>TGT Created</h1><form action=\"%s", ticketReference.toString())
                .format("\" method=\"POST\">Service:<input type=\"text\" name=\"service\" value=\"\">")
                .format("<br><input type=\"submit\" value=\"Submit\"></form></body></html>");
        return new ResponseEntity<String>(fmt.toString(), headers, HttpStatus.CREATED);
    } catch (final Throwable e) {
        LOGGER.error(e.getMessage(), e);
        return new ResponseEntity<String>(e.getMessage(), HttpStatus.BAD_REQUEST);
    }
}
 
Example #9
Source File: CentralAuthenticationServiceImpl.java    From taoshop with Apache License 2.0 6 votes vote down vote up
/**
 * Always keep track of a single authentication object,
 * as opposed to keeping a history of all. This helps with
 * memory consumption. Note that supplemental authentications
 * are to be removed.
 *
 * @param context              authentication context
 * @param ticketGrantingTicket the tgt
 * @return the processed authentication in the current context
 * @throws MixedPrincipalException in case there is a principal mismatch between TGT and the current authN.
 */
private Authentication evaluatePossibilityOfMixedPrincipals(final AuthenticationContext context,
                                                                   final TicketGrantingTicket ticketGrantingTicket)
        throws MixedPrincipalException {
    Authentication currentAuthentication = null;
    if (context != null) {
        currentAuthentication = context.getAuthentication();
        if (currentAuthentication != null) {
            final Authentication original = ticketGrantingTicket.getAuthentication();
            if (!currentAuthentication.getPrincipal().equals(original.getPrincipal())) {
                logger.debug("Principal associated with current authentication {} does not match "
                        + " the principal {} associated with the original authentication",
                        currentAuthentication.getPrincipal(), original.getPrincipal());
                throw new MixedPrincipalException(
                        currentAuthentication, currentAuthentication.getPrincipal(), original.getPrincipal());
            }
            ticketGrantingTicket.getSupplementalAuthentications().clear();
            ticketGrantingTicket.getSupplementalAuthentications().add(currentAuthentication);
            logger.debug("Added authentication to the collection of supplemental authentications");
        }
    }
    return currentAuthentication;
}
 
Example #10
Source File: SendTicketGrantingTicketActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifySsoSessionCookieOnRenewAsParameter() throws Exception {
    final MockHttpServletResponse response = new MockHttpServletResponse();
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(CasProtocolConstants.PARAMETER_RENEW, "true");

    final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
    when(tgt.getId()).thenReturn("test");
    request.setCookies(new Cookie("TGT", "test5"));
    WebUtils.putTicketGrantingTicketInScopes(this.context, tgt);
    this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));

    this.action.setCreateSsoSessionCookieOnRenewAuthentications(false);
    assertEquals("success", this.action.execute(this.context).getId());
    assertEquals(0, response.getCookies().length);
}
 
Example #11
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test(expected=ClassCastException.class)
public void verifyDestroyTicketGrantingTicketWithInvalidTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
            .createTicketGrantingTicket(
                    TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
            .grantServiceTicket(ticketId.getId(), TestUtils.getService());

    getCentralAuthenticationService().destroyTicketGrantingTicket(
            serviceTicketId.getId());

}
 
Example #12
Source File: OAuth20AccessTokenController.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response)
        throws Exception {

    final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
    LOGGER.debug("{} : {}", OAuthConstants.REDIRECT_URI, redirectUri);

    final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
    LOGGER.debug("{} : {}", OAuthConstants.CLIENT_ID, clientId);

    final String clientSecret = request.getParameter(OAuthConstants.CLIENT_SECRET);

    final String code = request.getParameter(OAuthConstants.CODE);
    LOGGER.debug("{} : {}", OAuthConstants.CODE, code);

    final boolean isVerified = verifyAccessTokenRequest(response, redirectUri, clientId, clientSecret, code);
    if (!isVerified) {
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_REQUEST, HttpStatus.SC_BAD_REQUEST);
    }

    final ServiceTicket serviceTicket = (ServiceTicket) ticketRegistry.getTicket(code);
    // service ticket should be valid
    if (serviceTicket == null || serviceTicket.isExpired()) {
        LOGGER.error("Code expired : {}", code);
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_GRANT, HttpStatus.SC_BAD_REQUEST);
    }
    final TicketGrantingTicket ticketGrantingTicket = serviceTicket.getGrantingTicket();
    // remove service ticket
    ticketRegistry.deleteTicket(serviceTicket.getId());

    response.setContentType("text/plain");
    final int expires = (int) (timeout - TimeUnit.MILLISECONDS
            .toSeconds(System.currentTimeMillis() - ticketGrantingTicket.getCreationTime()));

    final String text = String.format("%s=%s&%s=%s", OAuthConstants.ACCESS_TOKEN, ticketGrantingTicket.getId(),
                                                OAuthConstants.EXPIRES, expires);
    LOGGER.debug("text : {}", text);
    return OAuthUtils.writeText(response, text, HttpStatus.SC_OK);
}
 
Example #13
Source File: AuthenticationViaFormAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * Add warning messages to message context if needed.
 *
 * @param tgtId the tgt id
 * @param messageContext the message context
 * @return true if warnings were found and added, false otherwise.
 * @since 4.1.0
 */
protected boolean addWarningMessagesToMessageContextIfNeeded(final TicketGrantingTicket tgtId, final MessageContext messageContext) {
    boolean foundAndAddedWarnings = false;
    for (final Map.Entry<String, HandlerResult> entry : tgtId.getAuthentication().getSuccesses().entrySet()) {
        for (final MessageDescriptor message : entry.getValue().getWarnings()) {
            addWarningToContext(messageContext, message);
            foundAndAddedWarnings = true;
        }
    }
    return foundAndAddedWarnings;

}
 
Example #14
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void checkGrantingOfServiceTicketUsingDefaultTicketIdGen() throws Exception {
    final Service mockService = mock(Service.class);
    when(mockService.getId()).thenReturn("testDefault");
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
            .createTicketGrantingTicket(
                    TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
            .grantServiceTicket(ticketId.getId(), mockService);
    assertNotNull(serviceTicketId);
}
 
Example #15
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test(expected=TicketException.class)
public void verifyValidateServiceTicketWithInvalidServiceTicket() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(
        ticketGrantingTicket.getId());

    getCentralAuthenticationService().validateServiceTicket(
            serviceTicket.getId(), TestUtils.getService());
}
 
Example #16
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyDestroyTicketGrantingTicketWithValidTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
}
 
Example #17
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyValidateServiceTicketWithUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTest");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    assertEquals("developer", assertion.getPrimaryAuthentication().getPrincipal().getId());
}
 
Example #18
Source File: RemoteCentralAuthenticationServiceTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test(expected=IllegalArgumentException.class)
public void verifyDelegateTicketGrantingTicketWithInvalidCredentials() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = this.remoteCentralAuthenticationService
        .createTicketGrantingTicket(TestUtils
            .getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = this.remoteCentralAuthenticationService
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());

    this.remoteCentralAuthenticationService
        .delegateTicketGrantingTicket(serviceTicket.getId(), TestUtils
            .getCredentialsWithDifferentUsernameAndPassword("", ""));
    fail("IllegalArgumentException expected.");
}
 
Example #19
Source File: RemoteCentralAuthenticationServiceTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyDelegateTicketGrantingTicketWithValidCredentials() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = this.remoteCentralAuthenticationService
        .createTicketGrantingTicket(TestUtils
            .getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = this.remoteCentralAuthenticationService
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());
    this.remoteCentralAuthenticationService.delegateTicketGrantingTicket(
        serviceTicket.getId(), TestUtils.getHttpBasedServiceCredentials());
}
 
Example #20
Source File: OAuth20AccessTokenController.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response)
        throws Exception {

    final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
    LOGGER.debug("{} : {}", OAuthConstants.REDIRECT_URI, redirectUri);

    final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
    LOGGER.debug("{} : {}", OAuthConstants.CLIENT_ID, clientId);

    final String clientSecret = request.getParameter(OAuthConstants.CLIENT_SECRET);

    final String code = request.getParameter(OAuthConstants.CODE);
    LOGGER.debug("{} : {}", OAuthConstants.CODE, code);

    final boolean isVerified = verifyAccessTokenRequest(response, redirectUri, clientId, clientSecret, code);
    if (!isVerified) {
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_REQUEST, 400);
    }

    final ServiceTicket serviceTicket = (ServiceTicket) ticketRegistry.getTicket(code);
    // service ticket should be valid
    if (serviceTicket == null || serviceTicket.isExpired()) {
        LOGGER.error("Code expired : {}", code);
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_GRANT, 400);
    }
    final TicketGrantingTicket ticketGrantingTicket = serviceTicket.getGrantingTicket();
    // remove service ticket
    ticketRegistry.deleteTicket(serviceTicket.getId());

    response.setContentType("text/plain");
    final int expires = (int) (timeout - (System.currentTimeMillis()
            - ticketGrantingTicket.getCreationTime()) / 1000);

    final String text = String.format("%s=%s&%s=%s", OAuthConstants.ACCESS_TOKEN, ticketGrantingTicket.getId(),
                                                OAuthConstants.EXPIRES, expires);
    LOGGER.debug("text : {}", text);
    return OAuthUtils.writeText(response, text, 200);
}
 
Example #21
Source File: JBossCacheTicketRegistryTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testGetExistingTicketWithProperClass() {
    try {
        this.ticketRegistry.addTicket(new TicketGrantingTicketImpl("TEST",
                TestUtils.getAuthentication(), new NeverExpiresExpirationPolicy()));
        this.ticketRegistry.getTicket("TEST", TicketGrantingTicket.class);
    } catch (final Exception e) {
        fail("Caught an exception. But no exception should have been thrown.");
    }
}
 
Example #22
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test(expected=TicketException.class)
public void verifyDelegateTicketGrantingTicketWithBadServiceTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
        .grantServiceTicket(ticketId.getId(), TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
    getCentralAuthenticationService().delegateTicketGrantingTicket(
        serviceTicketId.getId(), TestUtils.getHttpBasedServiceCredentials());
}
 
Example #23
Source File: DistributedTicketRegistryTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyProxiedInstancesEqual() {
    final TicketGrantingTicket t = new TicketGrantingTicketImpl("test", TestUtils.getAuthentication(),
            new NeverExpiresExpirationPolicy());
    this.ticketRegistry.addTicket(t);

    final TicketGrantingTicket returned = (TicketGrantingTicket) this.ticketRegistry.getTicket("test");
    assertEquals(t, returned);
    assertEquals(returned, t);

    assertEquals(t.getCreationTime(), returned.getCreationTime());
    assertEquals(t.getAuthentication(), returned.getAuthentication());
    assertEquals(t.getCountOfUses(), returned.getCountOfUses());
    assertEquals(t.getGrantingTicket(), returned.getGrantingTicket());
    assertEquals(t.getId(), returned.getId());
    assertEquals(t.getChainedAuthentications(), returned.getChainedAuthentications());
    assertEquals(t.isExpired(), returned.isExpired());
    assertEquals(t.isRoot(), returned.isRoot());

    final ServiceTicket s = t.grantServiceTicket("stest", TestUtils.getService(),
            new NeverExpiresExpirationPolicy(), false);
    this.ticketRegistry.addTicket(s);

    final ServiceTicket sreturned = (ServiceTicket) this.ticketRegistry.getTicket("stest");
    assertEquals(s, sreturned);
    assertEquals(sreturned, s);

    assertEquals(s.getCreationTime(), sreturned.getCreationTime());
    assertEquals(s.getCountOfUses(), sreturned.getCountOfUses());
    assertEquals(s.getGrantingTicket(), sreturned.getGrantingTicket());
    assertEquals(s.getId(), sreturned.getId());
    assertEquals(s.isExpired(), sreturned.isExpired());
    assertEquals(s.getService(), sreturned.getService());
    assertEquals(s.isFromNewLogin(), sreturned.isFromNewLogin());
}
 
Example #24
Source File: AbstractRegistryCleanerTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyCleanRegistryOneNonExpired() {
    populateRegistryWithExpiredTickets();
    final TicketGrantingTicket ticket = new TicketGrantingTicketImpl("testNoExpire", TestUtils.getAuthentication(),
            new NeverExpiresExpirationPolicy());
    this.ticketRegistry.addTicket(ticket);
    clean();
    assertEquals(this.ticketRegistry.getTickets().size(), 1);
}
 
Example #25
Source File: CasLoggerFactoryTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyLogging771() {
    final TicketGrantingTicket t = mock(TicketGrantingTicket.class);
    when(t.getId()).thenReturn(ID1);
    when(t.toString()).thenReturn(ID1);

    logger.debug(getMessageToLogWithParams(), ID2, t);
    validateLogData();
}
 
Example #26
Source File: AbstractDistributedTicketRegistry.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
protected final Ticket getProxiedTicketInstance(final Ticket ticket) {
    if (ticket == null) {
        return null;
    }

    if (ticket instanceof TicketGrantingTicket) {
        return new TicketGrantingTicketDelegator(this, (TicketGrantingTicket) ticket, needsCallback());
    }

    return new ServiceTicketDelegator(this, (ServiceTicket) ticket, needsCallback());
}
 
Example #27
Source File: KryoTranscoderTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyEncodeDecodeTGTWithUnmodifiableList() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final List<String> values = new ArrayList<>();
    values.add(NICKNAME_VALUE);
    final Map<String, Object> newAttributes = new HashMap<>();
    newAttributes.put(NICKNAME_KEY, Collections.unmodifiableList(values));
    final TicketGrantingTicket expectedTGT = new MockTicketGrantingTicket(TGT_ID, userPassCredential, newAttributes);
    expectedTGT.grantServiceTicket(ST_ID, null, null, false);
    assertEquals(expectedTGT, transcoder.decode(transcoder.encode(expectedTGT)));
}
 
Example #28
Source File: AbstractServiceValidateControllerTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
protected final ModelAndView getModelAndViewUponServiceValidationWithSecurePgtUrl() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "https://www.github.com");


    return this.serviceValidateController
            .handleRequestInternal(request, new MockHttpServletResponse());
}
 
Example #29
Source File: CentralAuthenticationServiceImpl.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Audit(
    action="PROXY_GRANTING_TICKET",
    actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
    resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="GRANT_PROXY_GRANTING_TICKET_METER")
@Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null || serviceTicket.isExpired()) {
        logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    final RegisteredService registeredService = this.servicesManager
            .findServiceBy(serviceTicket.getService());

    verifyRegisteredServiceProperties(registeredService, serviceTicket.getService());
    
    if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
        logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }

    final Authentication authentication = this.authenticationManager.authenticate(credentials);

    final String pgtId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(
            TicketGrantingTicket.PROXY_GRANTING_TICKET_PREFIX);
    final TicketGrantingTicket proxyGrantingTicket = serviceTicket.grantTicketGrantingTicket(pgtId,
                                authentication, this.ticketGrantingTicketExpirationPolicy);

    logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
    this.ticketRegistry.addTicket(proxyGrantingTicket);

    return proxyGrantingTicket;
}
 
Example #30
Source File: CentralAuthenticationServiceImplTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyValidateServiceTicketWithoutUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(),
            TestUtils.getService());

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
            TestUtils.getService());
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}