Example 1 with ServiceTicketFactory
use of org.apereo.cas.ticket.ServiceTicketFactory in project cas by apereo.
the class DefaultCentralAuthenticationService method grantServiceTicket.
@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
final Service selectedService = resolveServiceFromAuthenticationRequest(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
accessResult.throwExceptionIfNeeded();
final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
// Perform security policy check by getting the authentication that satisfies the configured policy
getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
final Principal principal = latestAuthentication.getPrincipal();
final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
this.ticketRegistry.updateTicket(ticketGrantingTicket);
this.ticketRegistry.addTicket(serviceTicket);
LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
return serviceTicket;
}
Also used :
AuditableContext(org.apereo.cas.audit.AuditableContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
CasServiceTicketGrantedEvent(org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
Authentication(org.apereo.cas.authentication.Authentication)
ServiceContext(org.apereo.cas.services.ServiceContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)
Principal(org.apereo.cas.authentication.principal.Principal)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Example 2 with ServiceTicketFactory
use of org.apereo.cas.ticket.ServiceTicketFactory in project cas by apereo.
the class JpaTicketRegistryCleanerTests method verifyOperation.
@Test
@Order(10)
public void verifyOperation() throws Exception {
val tgtFactory = (TicketGrantingTicketFactory) ticketFactory.get(TicketGrantingTicket.class);
val tgt = tgtFactory.create(RegisteredServiceTestUtils.getAuthentication(), RegisteredServiceTestUtils.getService(), TicketGrantingTicket.class);
ticketRegistry.addTicket(tgt);
val stFactory = (ServiceTicketFactory) ticketFactory.get(ServiceTicket.class);
val st = stFactory.create(tgt, RegisteredServiceTestUtils.getService(), true, ServiceTicket.class);
ticketRegistry.addTicket(st);
ticketRegistry.updateTicket(tgt);
assertEquals(1, ticketRegistry.sessionCount());
assertEquals(1, ticketRegistry.serviceTicketCount());
st.markTicketExpired();
tgt.markTicketExpired();
ticketRegistry.updateTicket(st);
ticketRegistry.updateTicket(tgt);
assertTrue(ticketRegistryCleaner.clean() > 0);
assertEquals(0, ticketRegistry.sessionCount());
assertEquals(0, ticketRegistry.serviceTicketCount());
}
Also used :
lombok.val(lombok.val)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
TicketGrantingTicketFactory(org.apereo.cas.ticket.TicketGrantingTicketFactory)
Order(org.junit.jupiter.api.Order)
TestMethodOrder(org.junit.jupiter.api.TestMethodOrder)
RepeatedTest(org.junit.jupiter.api.RepeatedTest)
Test(org.junit.jupiter.api.Test)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Example 3 with ServiceTicketFactory
use of org.apereo.cas.ticket.ServiceTicketFactory in project cas by apereo.
the class AbstractSamlIdPProfileHandlerController method buildResponseBasedSingleSignOnSession.
/**
* Build response based single sign on session.
* The http response before encoding the SAML response is reset
* to ensure a clean slate from previous attempts, specially
* when requests/responses are produced rapidly.
*
* @param context the pair
* @param ticketGrantingTicket the authentication
* @param request the request
* @param response the response
* @throws Exception the exception
*/
protected void buildResponseBasedSingleSignOnSession(final Pair<? extends RequestAbstractType, MessageContext> context, final TicketGrantingTicket ticketGrantingTicket, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
val authnRequest = (AuthnRequest) context.getLeft();
val id = SamlIdPUtils.getIssuerFromSamlObject(authnRequest);
val service = configurationContext.getWebApplicationServiceFactory().createService(id);
service.getAttributes().put(SamlProtocolConstants.PARAMETER_ENTITY_ID, CollectionUtils.wrapList(id));
val registeredService = configurationContext.getServicesManager().findServiceBy(service, SamlRegisteredService.class);
val audit = AuditableContext.builder().service(service).authentication(ticketGrantingTicket.getAuthentication()).registeredService(registeredService).httpRequest(request).httpResponse(response).build();
val accessResult = configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(audit);
accessResult.throwExceptionIfNeeded();
val assertion = buildCasAssertion(ticketGrantingTicket.getAuthentication(), service, registeredService, Map.of());
val authenticationContext = buildAuthenticationContextPair(request, response, context);
val binding = determineProfileBinding(authenticationContext);
val messageContext = authenticationContext.getRight();
val relayState = SAMLBindingSupport.getRelayState(messageContext);
SAMLBindingSupport.setRelayState(authenticationContext.getRight(), relayState);
response.reset();
val factory = (ServiceTicketFactory) getConfigurationContext().getTicketFactory().get(ServiceTicket.class);
val st = factory.create(ticketGrantingTicket, service, false, ServiceTicket.class);
getConfigurationContext().getTicketRegistry().addTicket(st);
getConfigurationContext().getTicketRegistry().updateTicket(ticketGrantingTicket);
buildSamlResponse(response, request, authenticationContext, assertion, binding);
}
Also used :
lombok.val(lombok.val)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
Example 4 with ServiceTicketFactory
use of org.apereo.cas.ticket.ServiceTicketFactory in project cas by apereo.
the class DefaultServiceTicketFactoryTests method verifyBadType.
@Test
public void verifyBadType() {
val factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
assertThrows(ClassCastException.class, () -> factory.create(new MockTicketGrantingTicket("casuser"), RegisteredServiceTestUtils.getService("customExpirationPolicy"), true, BaseMockTicketServiceTicket.class));
}
Also used :
lombok.val(lombok.val)
MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
Test(org.junit.jupiter.api.Test)
Example 5 with ServiceTicketFactory
use of org.apereo.cas.ticket.ServiceTicketFactory in project cas by apereo.
the class DefaultServiceTicketFactoryTests method verifyCustomExpirationPolicy.
@Test
public void verifyCustomExpirationPolicy() {
val svc = RegisteredServiceTestUtils.getRegisteredService("customExpirationPolicy", RegexRegisteredService.class);
svc.setServiceTicketExpirationPolicy(new DefaultRegisteredServiceServiceTicketExpirationPolicy(10, "666"));
servicesManager.save(svc);
val factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
val serviceTicket = factory.create(new MockTicketGrantingTicket("casuser"), RegisteredServiceTestUtils.getService("customExpirationPolicy"), true, ServiceTicket.class);
assertNotNull(serviceTicket);
assertEquals(666, serviceTicket.getExpirationPolicy().getTimeToLive());
}
Also used :
lombok.val(lombok.val)
MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
DefaultRegisteredServiceServiceTicketExpirationPolicy(org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy)
Test(org.junit.jupiter.api.Test)
Aggregations
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)6
ServiceTicketFactory (org.apereo.cas.ticket.ServiceTicketFactory)6
lombok.val (lombok.val)5
MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)4
Test (org.junit.jupiter.api.Test)4
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)2
Counted (com.codahale.metrics.annotation.Counted)1
Metered (com.codahale.metrics.annotation.Metered)1
Timed (com.codahale.metrics.annotation.Timed)1
AuditableContext (org.apereo.cas.audit.AuditableContext)1
AuditableExecutionResult (org.apereo.cas.audit.AuditableExecutionResult)1
Authentication (org.apereo.cas.authentication.Authentication)1
Principal (org.apereo.cas.authentication.principal.Principal)1
Service (org.apereo.cas.authentication.principal.Service)1
DefaultRegisteredServiceServiceTicketExpirationPolicy (org.apereo.cas.services.DefaultRegisteredServiceServiceTicketExpirationPolicy)1
RegisteredService (org.apereo.cas.services.RegisteredService)1
ServiceContext (org.apereo.cas.services.ServiceContext)1
CasServiceTicketGrantedEvent (org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent)1
TicketGrantingTicketFactory (org.apereo.cas.ticket.TicketGrantingTicketFactory)1
Audit (org.apereo.inspektr.audit.annotation.Audit)1
