Examples with CasAuthenticationToken org.springframework.security.cas.authentication.CasAuthenticationToken used on opensource projects

Example 1 with CasAuthenticationToken

use of org.springframework.security.cas.authentication.CasAuthenticationToken in project spring-security by spring-projects.

the class ProxyTicketSampleServlet method doGet.

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // NOTE: The CasAuthenticationToken can also be obtained using
    // SecurityContextHolder.getContext().getAuthentication()
    final CasAuthenticationToken token = (CasAuthenticationToken) request.getUserPrincipal();
    // proxyTicket could be reused to make calls to the CAS service even if the
    // target url differs
    final String proxyTicket = token.getAssertion().getPrincipal().getProxyTicketFor(targetUrl);
    // Make a remote call to ourself. This is a bit silly, but it works well to
    // demonstrate how to use proxy tickets.
    final String serviceUrl = targetUrl + "?ticket=" + URLEncoder.encode(proxyTicket, "UTF-8");
    String proxyResponse = CommonUtils.getResponseFromServer(serviceUrl, "UTF-8");
    // modify the response and write it out to inform the user that it was obtained
    // using a proxy ticket.
    proxyResponse = proxyResponse.replaceFirst("Secure Page", "Secure Page using a Proxy Ticket");
    proxyResponse = proxyResponse.replaceFirst("<p>", "<p>This page is rendered by " + getClass().getSimpleName() + " by making a remote call to the Secure Page using a proxy ticket (" + proxyTicket + ") and inserts this message. ");
    final PrintWriter writer = response.getWriter();
    writer.write(proxyResponse);
}

Example 2 with CasAuthenticationToken

use of org.springframework.security.cas.authentication.CasAuthenticationToken in project spring-security by spring-projects.

the class CasAuthenticationTokenMixinTests method deserializeCasAuthenticationTest.

@Test
public void deserializeCasAuthenticationTest() throws IOException, JSONException {
    CasAuthenticationToken token = mapper.readValue(CAS_TOKEN_JSON, CasAuthenticationToken.class);
    assertThat(token).isNotNull();
    assertThat(token.getPrincipal()).isNotNull().isInstanceOf(User.class);
    assertThat(((User) token.getPrincipal()).getUsername()).isEqualTo("admin");
    assertThat(((User) token.getPrincipal()).getPassword()).isEqualTo("1234");
    assertThat(token.getUserDetails()).isNotNull().isInstanceOf(User.class);
    assertThat(token.getAssertion()).isNotNull().isInstanceOf(AssertionImpl.class);
    assertThat(token.getKeyHash()).isEqualTo(KEY.hashCode());
    assertThat(token.getUserDetails().getAuthorities()).hasSize(1).contains(new SimpleGrantedAuthority("ROLE_USER"));
    assertThat(token.getAssertion().getAuthenticationDate()).isEqualTo(START_DATE);
    assertThat(token.getAssertion().getValidFromDate()).isEqualTo(START_DATE);
    assertThat(token.getAssertion().getValidUntilDate()).isEqualTo(END_DATE);
    assertThat(token.getAssertion().getPrincipal().getName()).isEqualTo("assertName");
    assertThat(token.getAssertion().getAttributes()).hasSize(0);
}

Example 3 with CasAuthenticationToken

use of org.springframework.security.cas.authentication.CasAuthenticationToken in project spring-security by spring-projects.

the class CasAuthenticationTokenMixinTests method createCasAuthenticationToken.

private CasAuthenticationToken createCasAuthenticationToken() {
    User principal = new User("admin", "1234", Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER")));
    Collection<? extends GrantedAuthority> authorities = Collections.singletonList(new SimpleGrantedAuthority("ROLE_USER"));
    Assertion assertion = new AssertionImpl(new AttributePrincipalImpl("assertName"), START_DATE, END_DATE, START_DATE, Collections.<String, Object>emptyMap());
    return new CasAuthenticationToken(KEY, principal, principal.getPassword(), authorities, new User("admin", "1234", authorities), assertion);
}

Example 4 with CasAuthenticationToken

use of org.springframework.security.cas.authentication.CasAuthenticationToken in project spring-security by spring-projects.

the class EhCacheBasedTicketCacheTests method testCacheOperation.

@Test
public void testCacheOperation() throws Exception {
    EhCacheBasedTicketCache cache = new EhCacheBasedTicketCache();
    cache.setCache(cacheManager.getCache("castickets"));
    cache.afterPropertiesSet();
    final CasAuthenticationToken token = getToken();
    // Check it gets stored in the cache
    cache.putTicketInCache(token);
    assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isEqualTo(token);
    // Check it gets removed from the cache
    cache.removeTicketFromCache(getToken());
    assertThat(cache.getByTicketId("ST-0-ER94xMJmn6pha35CQRoZ")).isNull();
    // Check it doesn't return values for null or unknown service tickets
    assertThat(cache.getByTicketId(null)).isNull();
    assertThat(cache.getByTicketId("UNKNOWN_SERVICE_TICKET")).isNull();
}

Example 5 with CasAuthenticationToken

use of org.springframework.security.cas.authentication.CasAuthenticationToken in project spring-security by spring-projects.

the class CasAuthenticationTokenMixinTests method serializeCasAuthenticationTest.

@Test
public void serializeCasAuthenticationTest() throws JsonProcessingException, JSONException {
    CasAuthenticationToken token = createCasAuthenticationToken();
    String actualJson = mapper.writeValueAsString(token);
    JSONAssert.assertEquals(CAS_TOKEN_JSON, actualJson, true);
}