Example 1 with UnauthorizedProxyingException
use of org.apereo.cas.services.UnauthorizedProxyingException in project cas by apereo.
the class AbstractServiceValidateController method handleRequestInternal.
@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final WebApplicationService service = this.argumentExtractor.extractService(request);
final String serviceTicketId = service != null ? service.getArtifactId() : null;
if (service == null || serviceTicketId == null) {
LOGGER.debug("Could not identify service and/or service ticket for service: [{}]", service);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_REQUEST, null, request, service);
}
try {
return handleTicketValidation(request, service, serviceTicketId);
} catch (final AbstractTicketValidationException e) {
final String code = e.getCode();
return generateErrorView(code, new Object[] { serviceTicketId, e.getOriginalService().getId(), service.getId() }, request, service);
} catch (final AbstractTicketException e) {
return generateErrorView(e.getCode(), new Object[] { serviceTicketId }, request, service);
} catch (final UnauthorizedProxyingException e) {
return generateErrorView(CasProtocolConstants.ERROR_CODE_UNAUTHORIZED_SERVICE_PROXY, new Object[] { service.getId() }, request, service);
} catch (final UnauthorizedServiceException e) {
return generateErrorView(CasProtocolConstants.ERROR_CODE_UNAUTHORIZED_SERVICE, null, request, service);
}
}
Also used :
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
AbstractTicketValidationException(org.apereo.cas.ticket.AbstractTicketValidationException)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException)
Example 2 with UnauthorizedProxyingException
use of org.apereo.cas.services.UnauthorizedProxyingException in project cas by apereo.
the class AbstractCentralAuthenticationService method evaluateProxiedServiceIfNeeded.
/**
* Evaluate proxied service if needed.
*
* @param service the service
* @param ticketGrantingTicket the ticket granting ticket
* @param registeredService the registered service
*/
protected void evaluateProxiedServiceIfNeeded(final Service service, final TicketGrantingTicket ticketGrantingTicket, final RegisteredService registeredService) {
final Service proxiedBy = ticketGrantingTicket.getProxiedBy();
if (proxiedBy != null) {
LOGGER.debug("TGT is proxied by [{}]. Locating proxy service in registry...", proxiedBy.getId());
final RegisteredService proxyingService = this.servicesManager.findServiceBy(proxiedBy);
if (proxyingService != null) {
LOGGER.debug("Located proxying service [{}] in the service registry", proxyingService);
if (!proxyingService.getProxyPolicy().isAllowedToProxy()) {
LOGGER.warn("Found proxying service [{}], but it is not authorized to fulfill the proxy attempt made by [{}]", proxyingService.getId(), service.getId());
throw new UnauthorizedProxyingException(UnauthorizedProxyingException.MESSAGE + registeredService.getId());
}
} else {
LOGGER.warn("No proxying service found. Proxy attempt by service [{}] (registered service [{}]) is not allowed.", service.getId(), registeredService.getId());
throw new UnauthorizedProxyingException(UnauthorizedProxyingException.MESSAGE + registeredService.getId());
}
} else {
LOGGER.trace("TGT is not proxied by another service");
}
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException)
Example 3 with UnauthorizedProxyingException
use of org.apereo.cas.services.UnauthorizedProxyingException in project cas by apereo.
the class DefaultCentralAuthenticationService method createProxyGrantingTicket.
@Audit(action = "PROXY_GRANTING_TICKET", actionResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_PROXY_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_PROXY_GRANTING_TICKET_METER")
@Counted(name = "CREATE_PROXY_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
AuthenticationCredentialsLocalBinder.bindCurrent(authenticationResult.getAuthentication());
final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
if (serviceTicket == null || serviceTicket.isExpired()) {
LOGGER.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
throw new InvalidTicketException(serviceTicketId);
}
final RegisteredService registeredService = this.servicesManager.findServiceBy(serviceTicket.getService());
RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(serviceTicket, authenticationResult, registeredService);
if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
LOGGER.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
throw new UnauthorizedProxyingException();
}
final Authentication authentication = authenticationResult.getAuthentication();
final ProxyGrantingTicketFactory factory = this.ticketFactory.get(ProxyGrantingTicket.class);
final ProxyGrantingTicket proxyGrantingTicket = factory.create(serviceTicket, authentication);
LOGGER.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
this.ticketRegistry.addTicket(proxyGrantingTicket);
doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket));
return proxyGrantingTicket;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket)
CasProxyGrantingTicketCreatedEvent(org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent)
UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException)
ProxyGrantingTicketFactory(org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Aggregations
UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)3
RegisteredService (org.apereo.cas.services.RegisteredService)2
Counted (com.codahale.metrics.annotation.Counted)1
Metered (com.codahale.metrics.annotation.Metered)1
Timed (com.codahale.metrics.annotation.Timed)1
Authentication (org.apereo.cas.authentication.Authentication)1
Service (org.apereo.cas.authentication.principal.Service)1
WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1
CasProxyGrantingTicketCreatedEvent (org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent)1
AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)1
AbstractTicketValidationException (org.apereo.cas.ticket.AbstractTicketValidationException)1
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)1
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)1
ProxyGrantingTicket (org.apereo.cas.ticket.proxy.ProxyGrantingTicket)1
ProxyGrantingTicketFactory (org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory)1
Audit (org.apereo.inspektr.audit.annotation.Audit)1
