@Override public WebApplicationService extractService(final HttpServletRequest request) { val service = extractServiceInternal(request); if (service == null) { LOGGER.trace("Extractor did not generate service."); } else { LOGGER.trace("Extractor generated service type [{}] for: [{}]", service.getClass().getName(), DigestUtils.abbreviate(service.getId())); } return service; }
/** * Read object from json. * * @param jsonString the json string * @return the type */ protected T readObjectFromString(final String jsonString) { try { LOGGER.trace("Attempting to consume [{}]", jsonString); return this.objectMapper.readValue(jsonString, getTypeToSerialize()); } catch (final Exception e) { LOGGER.error("Cannot read/parse [{}] to deserialize into type [{}]. This may be caused " + "in the absence of a configuration/support module that knows how to interpret the fragment, " + "specially if the fragment describes a CAS registered service definition. " + "Internal parsing error is [{}]", DigestUtils.abbreviate(jsonString), getTypeToSerialize(), e.getMessage()); LOGGER.debug(e.getMessage(), e); } return null; } }
/** * Redirect request for authentication. * * @param pair the pair * @param request the request * @param response the response * @throws Exception the exception */ protected void issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair, final HttpServletRequest request, final HttpServletResponse response) throws Exception { val authnRequest = (AuthnRequest) pair.getLeft(); val serviceUrl = constructServiceUrl(request, response, pair); LOGGER.debug("Created service url [{}]", DigestUtils.abbreviate(serviceUrl)); val initialUrl = CommonUtils.constructRedirectUrl(casProperties.getServer().getLoginUrl(), CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(), authnRequest.isPassive()); val urlToRedirectTo = buildRedirectUrlByRequestedAuthnContext(initialUrl, authnRequest, request); LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo); val authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo); }
@Audit( action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Override public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException { val credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided(); val ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class); val selectedService = resolveServiceFromAuthenticationRequest(service); val registeredService = this.servicesManager.findServiceBy(selectedService); enforceRegisteredServiceAccess(selectedService, ticketGrantingTicket, registeredService); val currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket); RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided); evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService); getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService)); val latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication(); AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication); val principal = latestAuthentication.getPrincipal(); val factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class); val serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class); this.ticketRegistry.updateTicket(ticketGrantingTicket); this.ticketRegistry.addTicket(serviceTicket); LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId()); doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket)); return serviceTicket; }