@Override public final List<Authentication> getChainedAuthentications() { final List<Authentication> list = new ArrayList<>(); list.add(getAuthentication()); if (getGrantingTicket() == null) { return Collections.unmodifiableList(list); } list.addAll(getGrantingTicket().getChainedAuthentications()); return Collections.unmodifiableList(list); }
/** * Update service and track session. * * @param id the id * @param service the service * @param onlyTrackMostRecentSession the only track most recent session */ protected void updateServiceAndTrackSession(final String id, final Service service, final boolean onlyTrackMostRecentSession) { updateState(); final List<Authentication> authentications = getChainedAuthentications(); service.setPrincipal(authentications.get(authentications.size()-1).getPrincipal()); if (onlyTrackMostRecentSession) { final String path = normalizePath(service); final Collection<Service> existingServices = services.values(); // loop on existing services for (final Service existingService : existingServices) { final String existingPath = normalizePath(existingService); // if an existing service has the same normalized path, remove it // and its service ticket to keep the latest one if (StringUtils.equals(path, existingPath)) { existingServices.remove(existingService); LOGGER.trace("Removed previous tickets for service: {}", existingService); break; } } } this.services.put(id, service); }
@Override public <T extends TicketGrantingTicket> T create(final Authentication authentication) { final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl( this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX), authentication, ticketGrantingTicketExpirationPolicy); return (T) ticketGrantingTicket; }
/** * {@inheritDoc} * <p>The state of the ticket is affected by this operation and the * ticket will be considered used. The state update subsequently may * impact the ticket expiration policy in that, depending on the policy * configuration, the ticket may be considered expired. */ @Override public final synchronized ServiceTicket grantServiceTicket(final String id, final Service service, final ExpirationPolicy expirationPolicy, final boolean credentialsProvided, final boolean onlyTrackMostRecentSession) { final ServiceTicket serviceTicket = new ServiceTicketImpl(id, this, service, this.getCountOfUses() == 0 || credentialsProvided, expirationPolicy); updateServiceAndTrackSession(serviceTicket.getId(), service, onlyTrackMostRecentSession); return serviceTicket; }
/** * Return if the TGT has no parent. * * @return if the TGT has no parent. */ @Override public final boolean isRoot() { return this.getGrantingTicket() == null; }
@Override public final boolean equals(final Object object) { if (object == null) { return false; } if (object == this) { return true; } if (!(object instanceof TicketGrantingTicket)) { return false; } final Ticket ticket = (Ticket) object; return new EqualsBuilder() .append(ticket.getId(), this.getId()) .isEquals(); } }
@Override @Audit( action="TICKET_GRANTING_TICKET", actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER") @Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER") @Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER") @Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic=true) public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials) throws TicketException { final MultiFactorCredentials mfaCredentials = (MultiFactorCredentials) credentials[0]; final Authentication authentication = mfaCredentials.getAuthentication(); if (authentication == null) { throw new TicketCreationException(new RuntimeException("Authentication cannot be null")); } final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl( this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX), authentication, this.ticketGrantingTicketExpirationPolicy); this.ticketRegistry.addTicket(ticketGrantingTicket); return ticketGrantingTicket; }