org.jasig.cas.authentication.AuthenticationException Java Examples
The following examples show how to use
org.jasig.cas.authentication.AuthenticationException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: CentralAuthenticationServiceImpl.java From taoshop with Apache License 2.0 | 6 votes |
@Audit( action = "TICKET_GRANTING_TICKET", actionResolverName = "CREATE_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER") @Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER") @Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER") @Counted(name = "CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic = true) @Override public TicketGrantingTicket createTicketGrantingTicket(final AuthenticationContext context) throws AuthenticationException, AbstractTicketException { final Authentication authentication = context.getAuthentication(); final TicketGrantingTicketFactory factory = this.ticketFactory.get(TicketGrantingTicket.class); final TicketGrantingTicket ticketGrantingTicket = factory.create(authentication); this.ticketRegistry.addTicket(ticketGrantingTicket); doPublishEvent(new CasTicketGrantingTicketCreatedEvent(this, ticketGrantingTicket)); return ticketGrantingTicket; }
Example #2
Source File: CentralAuthenticationServiceImpl.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
/** * @throws IllegalArgumentException if the credentials are null. */ @Audit( action="TICKET_GRANTING_TICKET", actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER") @Profiled(tag = "CREATE_TICKET_GRANTING_TICKET", logFailuresSeparately = false) @Transactional(readOnly = false) public String createTicketGrantingTicket(final Credential... credentials) throws AuthenticationException, TicketException { Assert.notNull(credentials, "credentials cannot be null"); final Authentication authentication = this.authenticationManager.authenticate(credentials); final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl( this.ticketGrantingTicketUniqueTicketIdGenerator .getNewTicketId(TicketGrantingTicket.PREFIX), authentication, this.ticketGrantingTicketExpirationPolicy); this.ticketRegistry.addTicket(ticketGrantingTicket); return ticketGrantingTicket.getId(); }
Example #3
Source File: CentralAuthenticationServiceImpl.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Audit( action="SERVICE_TICKET", actionResolverName="GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Timed(name = "GRANT_SERVICE_TICKET_TIMER") @Metered(name="GRANT_SERVICE_TICKET_METER") @Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true) @Override public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service) throws TicketException { try { return this.grantServiceTicket(ticketGrantingTicketId, service, (Credential[]) null); } catch (final AuthenticationException e) { throw new IllegalStateException("Unexpected authentication exception", e); } }
Example #4
Source File: InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapterTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 6 votes |
@Override protected MockHttpServletResponse loginUnsuccessfully(final String username, final String fromAddress) throws Exception { final MockHttpServletRequest request = new MockHttpServletRequest(); final MockHttpServletResponse response = new MockHttpServletResponse(); request.setMethod("POST"); request.setParameter("username", username); request.setRemoteAddr(fromAddress); MockRequestContext context = new MockRequestContext(); context.setCurrentEvent(new Event("", "error")); request.setAttribute("flowRequestContext", context); ClientInfoHolder.setClientInfo(new ClientInfo(request)); getThrottle().preHandle(request, response, null); try { authenticationManager.authenticate(badCredentials(username)); } catch (final AuthenticationException e) { getThrottle().postHandle(request, response, null, null); return response; } fail("Expected AuthenticationException"); return null; }
Example #5
Source File: InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapterTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Override protected MockHttpServletResponse loginUnsuccessfully(final String username, final String fromAddress) throws Exception { final MockHttpServletRequest request = new MockHttpServletRequest(); final MockHttpServletResponse response = new MockHttpServletResponse(); request.setMethod("POST"); request.setParameter("username", username); request.setRemoteAddr(fromAddress); final MockRequestContext context = new MockRequestContext(); context.setCurrentEvent(new Event("", "error")); request.setAttribute("flowRequestContext", context); ClientInfoHolder.setClientInfo(new ClientInfo(request)); getThrottle().preHandle(request, response, null); try { authenticationManager.authenticate(badCredentials(username)); } catch (final AuthenticationException e) { getThrottle().postHandle(request, response, null, null); return response; } fail("Expected AuthenticationException"); return null; }
Example #6
Source File: CentralAuthenticationServiceImplTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
/** * This test simulates : * - a first authentication for a default service * - a second authentication with the renew parameter and the same service (and same credentials) * - a validation of the second ticket. * * When supplemental authentications were returned with the chained authentications, the validation specification * failed as it only expects one authentication. Thus supplemental authentications should not be returned in the * chained authentications. Both concepts are orthogonal. * * @throws TicketException * @throws AuthenticationException */ @Test public void authenticateTwiceWithRenew() throws TicketException, AuthenticationException { final CentralAuthenticationService cas = getCentralAuthenticationService(); final Service svc = TestUtils.getService("testDefault"); final UsernamePasswordCredential goodCredential = TestUtils.getCredentialsWithSameUsernameAndPassword(); final String tgtId = cas.createTicketGrantingTicket(goodCredential); cas.grantServiceTicket(tgtId, svc); // simulate renew with new good same credentials final String st2Id = cas.grantServiceTicket(tgtId, svc, goodCredential); final Assertion assertion = cas.validateServiceTicket(st2Id, svc); final ValidationSpecification validationSpecification = new Cas20WithoutProxyingValidationSpecification(); assertTrue(validationSpecification.isSatisfiedBy(assertion)); }
Example #7
Source File: CentralAuthenticationServiceImpl.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
@Audit( action="SERVICE_TICKET", actionResolverName="GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Profiled(tag = "GRANT_SERVICE_TICKET", logFailuresSeparately = false) @Transactional(readOnly = false) public String grantServiceTicket(final String ticketGrantingTicketId, final Service service) throws TicketException { try { return this.grantServiceTicket(ticketGrantingTicketId, service, null); } catch (final AuthenticationException e) { throw new IllegalStateException("Unexpected authentication exception", e); } }
Example #8
Source File: RemoteCentralAuthenticationService.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
/** * {@inheritDoc} * @throws IllegalArgumentException if the credentials are invalid. */ @Override public String delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials) throws AuthenticationException, TicketException { checkForErrors(credentials); return this.centralAuthenticationService.delegateTicketGrantingTicket(serviceTicketId, credentials); }
Example #9
Source File: RemoteCentralAuthenticationService.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
/** * {@inheritDoc} * @throws IllegalArgumentException if given invalid credentials */ @Override public String grantServiceTicket( final String ticketGrantingTicketId, final Service service, final Credential... credentials) throws AuthenticationException, TicketException { checkForErrors(credentials); return this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials); }
Example #10
Source File: RemoteCentralAuthenticationService.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
/** * {@inheritDoc} * @throws IllegalArgumentException if the Credentials are null or if given * invalid credentials. */ @Override public String createTicketGrantingTicket(final Credential... credentials) throws AuthenticationException, TicketException { Assert.notNull(credentials, "credentials cannot be null"); checkForErrors(credentials); return this.centralAuthenticationService.createTicketGrantingTicket(credentials); }
Example #11
Source File: AuthenticationExceptionHandlerTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
@Test public void handleAccountNotFoundExceptionByDefefault() { final AuthenticationExceptionHandler handler = new AuthenticationExceptionHandler(); final MessageContext ctx = mock(MessageContext.class); final Map<String, Class<? extends Exception>> map = new HashMap<String, Class<? extends Exception>>(); map.put("notFound", AccountNotFoundException.class); final String id = handler.handle(new AuthenticationException(map), ctx); assertEquals(id, AccountNotFoundException.class.getSimpleName()); }
Example #12
Source File: AuthenticationExceptionHandlerTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
@Test public void handleUnknownExceptionByDefefault() { final AuthenticationExceptionHandler handler = new AuthenticationExceptionHandler(); final MessageContext ctx = mock(MessageContext.class); final Map<String, Class<? extends Exception>> map = new HashMap<String, Class<? extends Exception>>(); map.put("unknown", GeneralSecurityException.class); final String id = handler.handle(new AuthenticationException(map), ctx); assertEquals(id, "UNKNOWN"); }
Example #13
Source File: RemoteCentralAuthenticationServiceTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
@Test public void testDontUseValidatorsToCheckValidCredentials() throws Exception { try { this.remoteCentralAuthenticationService.createTicketGrantingTicket( TestUtils.getCredentialsWithDifferentUsernameAndPassword()); fail("AuthenticationException expected."); } catch (final AuthenticationException e) { return; } }
Example #14
Source File: AuthenticationExceptionHandlerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Test public void handleUnknownExceptionByDefefault() { final AuthenticationExceptionHandler handler = new AuthenticationExceptionHandler(); final MessageContext ctx = mock(MessageContext.class); final Map<String, Class<? extends Exception>> map = new HashMap<>(); map.put("unknown", GeneralSecurityException.class); final String id = handler.handle(new AuthenticationException(map), ctx); assertEquals(id, "UNKNOWN"); }
Example #15
Source File: AuthenticationExceptionHandlerTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Test public void handleAccountNotFoundExceptionByDefefault() { final AuthenticationExceptionHandler handler = new AuthenticationExceptionHandler(); final MessageContext ctx = mock(MessageContext.class); final Map<String, Class<? extends Exception>> map = new HashMap<>(); map.put("notFound", AccountNotFoundException.class); final String id = handler.handle(new AuthenticationException(map), ctx); assertEquals(id, AccountNotFoundException.class.getSimpleName()); }
Example #16
Source File: CentralAuthenticationServiceImplTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
@Test(expected=AuthenticationException.class) public void testDelegateTicketGrantingTicketWithBadCredentials() throws Exception { final String ticketId = getCentralAuthenticationService() .createTicketGrantingTicket( TestUtils.getCredentialsWithSameUsernameAndPassword()); final String serviceTicketId = getCentralAuthenticationService() .grantServiceTicket(ticketId, TestUtils.getService()); getCentralAuthenticationService().delegateTicketGrantingTicket( serviceTicketId, TestUtils.getBadHttpBasedServiceCredentials()); }
Example #17
Source File: CentralAuthenticationServiceImplTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
@Test(expected=AuthenticationException.class) public void testGrantServiceTicketWithInvalidCredentials() throws Exception { final String ticketGrantingTicket = getCentralAuthenticationService() .createTicketGrantingTicket( TestUtils.getCredentialsWithSameUsernameAndPassword()); getCentralAuthenticationService().grantServiceTicket( ticketGrantingTicket, TestUtils.getService(), TestUtils.getBadHttpBasedServiceCredentials()); }
Example #18
Source File: CentralAuthenticationServiceImplTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 5 votes |
/** * This test checks that the TGT destruction happens properly for a remote registry. * It previously failed when the deletion happens before the ticket was marked expired because an update was necessary for that. * * @throws AuthenticationException * @throws TicketException */ @Test public void testDestroyRemoteRegistry() throws TicketException, AuthenticationException { final MockOnlyOneTicketRegistry registry = new MockOnlyOneTicketRegistry(); final TicketGrantingTicketImpl tgt = new TicketGrantingTicketImpl("TGT-1", mock(Authentication.class), mock(ExpirationPolicy.class)); final MockExpireUpdateTicketLogoutManager logoutManager = new MockExpireUpdateTicketLogoutManager(registry); // consider authentication has happened and the TGT is in the registry registry.addTicket(tgt); // create a new CASimpl final CentralAuthenticationServiceImpl cas = new CentralAuthenticationServiceImpl(registry, null, null, null, null, null, null, null, logoutManager); // destroy to mark expired and then delete : the opposite would fail with a "No ticket to update" error from the registry cas.destroyTicketGrantingTicket(tgt.getId()); }
Example #19
Source File: CentralAuthenticationServiceImplTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * This test checks that the TGT destruction happens properly for a remote registry. * It previously failed when the deletion happens before the ticket was marked expired because an update was necessary for that. * * @throws AuthenticationException * @throws org.jasig.cas.ticket.TicketException */ @Test public void verifyDestroyRemoteRegistry() throws TicketException, AuthenticationException { final MockOnlyOneTicketRegistry registry = new MockOnlyOneTicketRegistry(); final TicketGrantingTicketImpl tgt = new TicketGrantingTicketImpl("TGT-1", mock(Authentication.class), mock(ExpirationPolicy.class)); final MockExpireUpdateTicketLogoutManager logoutManager = new MockExpireUpdateTicketLogoutManager(registry); // consider authentication has happened and the TGT is in the registry registry.addTicket(tgt); // create a new CASimpl final CentralAuthenticationServiceImpl cas = new CentralAuthenticationServiceImpl(registry, null, null, null, null, null, null, null, logoutManager); // destroy to mark expired and then delete : the opposite would fail with a "No ticket to update" error from the registry cas.destroyTicketGrantingTicket(tgt.getId()); }
Example #20
Source File: CentralAuthenticationServiceImplTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * This test simulates : * - a first authentication for a default service * - a second authentication with the renew parameter and the same service (and same credentials) * - a validation of the second ticket. * * When supplemental authentications were returned with the chained authentications, the validation specification * failed as it only expects one authentication. Thus supplemental authentications should not be returned in the * chained authentications. Both concepts are orthogonal. * * @throws org.jasig.cas.ticket.TicketException * @throws AuthenticationException */ @Test public void authenticateTwiceWithRenew() throws TicketException, AuthenticationException { final CentralAuthenticationService cas = getCentralAuthenticationService(); final Service svc = TestUtils.getService("testDefault"); final UsernamePasswordCredential goodCredential = TestUtils.getCredentialsWithSameUsernameAndPassword(); final TicketGrantingTicket tgtId = cas.createTicketGrantingTicket(goodCredential); cas.grantServiceTicket(tgtId.getId(), svc); // simulate renew with new good same credentials final ServiceTicket st2Id = cas.grantServiceTicket(tgtId.getId(), svc, goodCredential); final Assertion assertion = cas.validateServiceTicket(st2Id.getId(), svc); final ValidationSpecification validationSpecification = new Cas20WithoutProxyingValidationSpecification(); assertTrue(validationSpecification.isSatisfiedBy(assertion)); }
Example #21
Source File: RemoteCentralAuthenticationServiceTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Test public void verifyDontUseValidatorsToCheckValidCredentials() throws Exception { try { this.remoteCentralAuthenticationService.createTicketGrantingTicket( TestUtils.getCredentialsWithDifferentUsernameAndPassword()); fail("AuthenticationException expected."); } catch (final AuthenticationException e) { return; } }
Example #22
Source File: CentralAuthenticationServiceImpl.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Audit( action="TICKET_GRANTING_TICKET", actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER") @Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER") @Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER") @Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic=true) @Override public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials) throws AuthenticationException, TicketException { final Set<Credential> sanitizedCredentials = sanitizeCredentials(credentials); if (sanitizedCredentials.size() > 0) { final Authentication authentication = this.authenticationManager.authenticate(credentials); final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl( this.ticketGrantingTicketUniqueTicketIdGenerator .getNewTicketId(TicketGrantingTicket.PREFIX), authentication, this.ticketGrantingTicketExpirationPolicy); this.ticketRegistry.addTicket(ticketGrantingTicket); return ticketGrantingTicket; } final String msg = "No credentials were specified in the request for creating a new ticket-granting ticket"; logger.warn(msg); throw new TicketCreationException(new IllegalArgumentException(msg)); }
Example #23
Source File: CentralAuthenticationServiceImpl.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Audit( action="PROXY_GRANTING_TICKET", actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER") @Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER") @Metered(name="GRANT_PROXY_GRANTING_TICKET_METER") @Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true) @Override public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials) throws AuthenticationException, TicketException { final ServiceTicket serviceTicket = this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class); if (serviceTicket == null || serviceTicket.isExpired()) { logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId); throw new InvalidTicketException(serviceTicketId); } final RegisteredService registeredService = this.servicesManager .findServiceBy(serviceTicket.getService()); verifyRegisteredServiceProperties(registeredService, serviceTicket.getService()); if (!registeredService.getProxyPolicy().isAllowedToProxy()) { logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId()); throw new UnauthorizedProxyingException(); } final Authentication authentication = this.authenticationManager.authenticate(credentials); final String pgtId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId( TicketGrantingTicket.PROXY_GRANTING_TICKET_PREFIX); final TicketGrantingTicket proxyGrantingTicket = serviceTicket.grantTicketGrantingTicket(pgtId, authentication, this.ticketGrantingTicketExpirationPolicy); logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId); this.ticketRegistry.addTicket(proxyGrantingTicket); return proxyGrantingTicket; }
Example #24
Source File: AbstractMultiFactorAuthenticationViaFormAction.java From cas-mfa with Apache License 2.0 | 5 votes |
/** * In the event of an MFA request, authenticate the credentials by default, and place * the authentication context back into the flow. * <p>Coming from the 'doAuthentication' and checking if the principal mfa source has been ranked or not * Or if coming straight from initial transition. In either case, if there is no mfa service already in the flow scope * try to get the principal attribute sourced mfa request and re-rank the existing mfa tx, so the mfa service is * always available in the flow scope for downstream subflows. * <p>If we get to this method, the mfa transaction is guaranteed to be in the flow scope. * * @param context request context * @param credentials the requesting credentials * @param messageContext the message bundle manager * @param id the identifier of the credential, based on implementation provided in the flow setup. * * @return the resulting event * * @throws Exception the exception */ protected final Event doMultiFactorAuthentication(final RequestContext context, final Credential credentials, final MessageContext messageContext, final String id) throws Exception { Assert.notNull(id); Assert.notNull(credentials); try { final Authentication auth = this.authenticationManager.authenticate(credentials); if (MultiFactorRequestContextUtils.getMultifactorWebApplicationService(context) == null) { final List<MultiFactorAuthenticationRequestContext> mfaRequest = getMfaRequestOrNull(auth, WebUtils.getService(context), context); //No principal attribute sourced mfa method request. Just get the highest ranked mfa service from existing ones if (mfaRequest == null) { MultiFactorRequestContextUtils.setMultifactorWebApplicationService(context, getHighestRankedMfaRequestFromMfaTransaction(context)); } else { final MultiFactorAuthenticationSupportingWebApplicationService highestService = addToMfaTransactionAndGetHighestRankedMfaRequest(mfaRequest, context); MultiFactorRequestContextUtils.setMultifactorWebApplicationService(context, highestService); MultiFactorRequestContextUtils.setRequiredAuthenticationMethod(context, highestService.getAuthenticationMethod()); } } final Event result = multiFactorAuthenticationSuccessful(auth, context, credentials, messageContext, id); MultiFactorRequestContextUtils.setAuthentication(context, auth); return result; } catch (final AuthenticationException e) { populateErrorsInstance(e.getMessage(), messageContext); MultiFactorRequestContextUtils.setAuthenticationExceptionInFlowScope(context, e); logger.error(e.getMessage(), e); } return getErrorEvent(context); }
Example #25
Source File: RemoteCentralAuthenticationService.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * {@inheritDoc} * @throws IllegalArgumentException if the credentials are invalid. */ @Override public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials) throws AuthenticationException, TicketException { checkForErrors(credentials); return this.centralAuthenticationService.delegateTicketGrantingTicket(serviceTicketId, credentials); }
Example #26
Source File: RemoteCentralAuthenticationService.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * {@inheritDoc} * @throws IllegalArgumentException if given invalid credentials */ @Override public ServiceTicket grantServiceTicket( final String ticketGrantingTicketId, final Service service, final Credential... credentials) throws AuthenticationException, TicketException { checkForErrors(credentials); return this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials); }
Example #27
Source File: RemoteCentralAuthenticationService.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * {@inheritDoc} * @throws IllegalArgumentException if the Credentials are null or if given * invalid credentials. */ @Override public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials) throws AuthenticationException, TicketException { Assert.notNull(credentials, "credentials cannot be null"); checkForErrors(credentials); return this.centralAuthenticationService.createTicketGrantingTicket(credentials); }
Example #28
Source File: CentralAuthenticationServiceImpl.java From taoshop with Apache License 2.0 | 5 votes |
@Audit( action = "PROXY_GRANTING_TICKET", actionResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER") @Timed(name = "CREATE_PROXY_GRANTING_TICKET_TIMER") @Metered(name = "CREATE_PROXY_GRANTING_TICKET_METER") @Counted(name = "CREATE_PROXY_GRANTING_TICKET_COUNTER", monotonic = true) @Override public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationContext context) throws AuthenticationException, AbstractTicketException { final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class); if (serviceTicket == null || serviceTicket.isExpired()) { logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId); throw new InvalidTicketException(serviceTicketId); } final RegisteredService registeredService = this.servicesManager .findServiceBy(serviceTicket.getService()); verifyRegisteredServiceProperties(registeredService, serviceTicket.getService()); if (!registeredService.getProxyPolicy().isAllowedToProxy()) { logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId()); throw new UnauthorizedProxyingException(); } final Authentication authentication = context.getAuthentication(); final ProxyGrantingTicketFactory factory = this.ticketFactory.get(ProxyGrantingTicket.class); final ProxyGrantingTicket proxyGrantingTicket = factory.create(serviceTicket, authentication); logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId); this.ticketRegistry.addTicket(proxyGrantingTicket); doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket)); return proxyGrantingTicket; }
Example #29
Source File: AuthenticationViaFormAction.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
private AuthenticationException getAuthenticationExceptionAsCause(final TicketException e) { return (AuthenticationException) e.getCause(); }
Example #30
Source File: CentralAuthenticationServiceImplTests.java From cas4.0.x-server-wechat with Apache License 2.0 | 4 votes |
@Test(expected=AuthenticationException.class) public void testBadCredentialsOnTicketGrantingTicketCreation() throws Exception { getCentralAuthenticationService().createTicketGrantingTicket( TestUtils.getCredentialsWithDifferentUsernameAndPassword()); }