/** * Ensure service sso access is allowed. * * @param registeredService the registered service * @param service the service * @param ticketGrantingTicket the ticket granting ticket */ public static void ensureServiceSsoAccessIsAllowed(final RegisteredService registeredService, final Service service, final TicketGrantingTicket ticketGrantingTicket) { ensureServiceSsoAccessIsAllowed(registeredService, service, ticketGrantingTicket, false); }
@Audit( action = "PROXY_TICKET", actionResolverName = "GRANT_PROXY_TICKET_RESOLVER", resourceResolverName = "GRANT_PROXY_TICKET_RESOURCE_RESOLVER") @Override public ProxyTicket grantProxyTicket(final String proxyGrantingTicket, final Service service) throws AbstractTicketException { val proxyGrantingTicketObject = getTicket(proxyGrantingTicket, ProxyGrantingTicket.class); val registeredService = this.servicesManager.findServiceBy(service); try { enforceRegisteredServiceAccess(service, proxyGrantingTicketObject, registeredService); RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, service, proxyGrantingTicketObject); } catch (final PrincipalException e) { throw new UnauthorizedSsoServiceException(); } evaluateProxiedServiceIfNeeded(service, proxyGrantingTicketObject, registeredService); getAuthenticationSatisfiedByPolicy(proxyGrantingTicketObject.getRoot().getAuthentication(), new ServiceContext(service, registeredService)); val authentication = proxyGrantingTicketObject.getRoot().getAuthentication(); AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication); val principal = authentication.getPrincipal(); val factory = (ProxyTicketFactory) this.ticketFactory.get(ProxyTicket.class); val proxyTicket = factory.create(proxyGrantingTicketObject, service, ProxyTicket.class); this.ticketRegistry.updateTicket(proxyGrantingTicketObject); this.ticketRegistry.addTicket(proxyTicket); LOGGER.info("Granted ticket [{}] for service [{}] for user [{}]", proxyTicket.getId(), service.getId(), principal.getId()); doPublishEvent(new CasProxyTicketGrantedEvent(this, proxyGrantingTicketObject, proxyTicket)); return proxyTicket; }
@Audit( action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Override public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException { val credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided(); val ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class); val selectedService = resolveServiceFromAuthenticationRequest(service); val registeredService = this.servicesManager.findServiceBy(selectedService); enforceRegisteredServiceAccess(selectedService, ticketGrantingTicket, registeredService); val currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket); RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided); evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService); getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService)); val latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication(); AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication); val principal = latestAuthentication.getPrincipal(); val factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class); val serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class); this.ticketRegistry.updateTicket(ticketGrantingTicket); this.ticketRegistry.addTicket(serviceTicket); LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId()); doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket)); return serviceTicket; }