/** * Put service ticket in request scope. * * @param context the context * @param ticketValue the ticket value */ public static void putServiceTicketInRequestScope( final RequestContext context, final ServiceTicket ticketValue) { context.getRequestScope().put("serviceTicketId", ticketValue.getId()); }
@Override public Service getService() { return getTicket().getService(); }
@Override public boolean isFromNewLogin() { return getTicket().isFromNewLogin(); }
if (serviceTicket.isExpired()) { logger.info("ServiceTicket [{}] has expired.", serviceTicketId); throw new InvalidTicketException(serviceTicketId); if (!serviceTicket.isValidFor(service)) { logger.error("Service ticket [{}] with service [{}] does not match supplied service [{}]", serviceTicketId, serviceTicket.getService().getId(), service); throw new UnrecognizableServiceForServiceTicketValidationException(serviceTicket.getService()); final TicketGrantingTicket root = serviceTicket.getGrantingTicket().getRoot(); final Authentication authentication = getAuthenticationSatisfiedByPolicy( root, new ServiceContext(serviceTicket.getService(), registeredService)); final Principal principal = authentication.getPrincipal(); serviceTicket.getGrantingTicket().getChainedAuthentications(), serviceTicket.getService(), serviceTicket.isFromNewLogin()); if (serviceTicket.isExpired()) { this.ticketRegistry.deleteTicket(serviceTicketId);
@Audit( action = "PROXY_GRANTING_TICKET", actionResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER") @Timed(name = "CREATE_PROXY_GRANTING_TICKET_TIMER") @Metered(name = "CREATE_PROXY_GRANTING_TICKET_METER") @Counted(name = "CREATE_PROXY_GRANTING_TICKET_COUNTER", monotonic = true) @Override public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationContext context) throws AuthenticationException, AbstractTicketException { final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class); if (serviceTicket == null || serviceTicket.isExpired()) { logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId); throw new InvalidTicketException(serviceTicketId); } final RegisteredService registeredService = this.servicesManager .findServiceBy(serviceTicket.getService()); verifyRegisteredServiceProperties(registeredService, serviceTicket.getService()); if (!registeredService.getProxyPolicy().isAllowedToProxy()) { logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId()); throw new UnauthorizedProxyingException(); } final Authentication authentication = context.getAuthentication(); final ProxyGrantingTicketFactory factory = this.ticketFactory.get(ProxyGrantingTicket.class); final ProxyGrantingTicket proxyGrantingTicket = factory.create(serviceTicket, authentication); logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId); this.ticketRegistry.addTicket(proxyGrantingTicket); doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket)); return proxyGrantingTicket; }
@Override public boolean isValidFor(final Service service) { final boolean b = this.getTicket().isValidFor(service); updateTicket(); return b; }
@Override public <T extends ProxyGrantingTicket> T create(final ServiceTicket serviceTicket, final Authentication authentication) { final String pgtId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId( ProxyGrantingTicket.PROXY_GRANTING_TICKET_PREFIX); final ProxyGrantingTicket proxyGrantingTicket = serviceTicket.grantProxyGrantingTicket(pgtId, authentication, this.ticketGrantingTicketExpirationPolicy); return (T) proxyGrantingTicket; }
@Transactional(readOnly=false, transactionManager = "ticketTransactionManager") @Override public ProxyGrantingTicket grantProxyGrantingTicket(final String id, final Authentication authentication, final ExpirationPolicy expirationPolicy) { final ProxyGrantingTicket t = this.getTicket().grantProxyGrantingTicket(id, authentication, expirationPolicy); updateTicket(); return t; } }
/** * {@inheritDoc} * <p>The state of the ticket is affected by this operation and the * ticket will be considered used. The state update subsequently may * impact the ticket expiration policy in that, depending on the policy * configuration, the ticket may be considered expired. */ @Override public final synchronized ServiceTicket grantServiceTicket(final String id, final Service service, final ExpirationPolicy expirationPolicy, final boolean credentialsProvided, final boolean onlyTrackMostRecentSession) { final ServiceTicket serviceTicket = new ServiceTicketImpl(id, this, service, this.getCountOfUses() == 0 || credentialsProvided, expirationPolicy); updateServiceAndTrackSession(serviceTicket.getId(), service, onlyTrackMostRecentSession); return serviceTicket; }
/** * Create new service ticket. * * @param requestBody service application/x-www-form-urlencoded value * @param tgtId ticket granting ticket id URI path param * @return {@link ResponseEntity} representing RESTful response */ @RequestMapping(value = "/v1/tickets/{tgtId:.+}", method = RequestMethod.POST, consumes = MediaType .APPLICATION_FORM_URLENCODED_VALUE) public final ResponseEntity<String> createServiceTicket(@RequestBody final MultiValueMap<String, String> requestBody, @PathVariable("tgtId") final String tgtId) { try { final String serviceId = requestBody.getFirst(CasProtocolConstants.PARAMETER_SERVICE); final AuthenticationContextBuilder builder = new DefaultAuthenticationContextBuilder( this.authenticationSystemSupport.getPrincipalElectionStrategy()); final Service service = this.webApplicationServiceFactory.createService(serviceId); final AuthenticationContext authenticationContext = builder.collect(this.ticketRegistrySupport.getAuthenticationFrom(tgtId)).build(service); final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(tgtId, service, authenticationContext); return new ResponseEntity<>(serviceTicketId.getId(), HttpStatus.OK); } catch (final InvalidTicketException e) { return new ResponseEntity<>("TicketGrantingTicket could not be found", HttpStatus.NOT_FOUND); } catch (final Exception e) { LOGGER.error(e.getMessage(), e); return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR); } }