use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.
the class HttpBasedServiceCredentialTests method verifyEqualsWithTrue.
@Test
public void verifyEqualsWithTrue() throws Exception {
val registeredService = RegisteredServiceTestUtils.getRegisteredService(CoreAuthenticationTestUtils.CONST_TEST_URL);
val callbackUrl = new URL(CoreAuthenticationTestUtils.CONST_GOOD_URL);
val c = new HttpBasedServiceCredential(callbackUrl, registeredService);
val c2 = new HttpBasedServiceCredential(callbackUrl, registeredService);
assertEquals(c2, c);
assertEquals(c, c2);
}
use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.
the class HttpBasedServiceCredentialTests method verifySerializeAnHttpBasedServiceCredentialToJson.
@Test
public void verifySerializeAnHttpBasedServiceCredentialToJson() throws IOException {
val credentialMetaDataWritten = new HttpBasedServiceCredential(new URL(CoreAuthenticationTestUtils.CONST_GOOD_URL), RegisteredServiceTestUtils.getRegisteredService(CoreAuthenticationTestUtils.CONST_TEST_URL));
MAPPER.writeValue(JSON_FILE, credentialMetaDataWritten);
val credentialMetaDataRead = MAPPER.readValue(JSON_FILE, HttpBasedServiceCredential.class);
assertEquals(credentialMetaDataWritten, credentialMetaDataRead);
}
use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.
the class AbstractServiceValidateController method getServiceCredentialsFromRequest.
/**
* Overrideable method to determine which credentials to use to grant a
* proxy granting ticket. Default is to use the pgtUrl.
*
* @param service the webapp service requesting proxy
* @param request the HttpServletRequest object.
* @return the credentials or null if there was an error or no credentials
* provided.
*/
protected Credential getServiceCredentialsFromRequest(final WebApplicationService service, final HttpServletRequest request) {
val pgtUrl = request.getParameter(CasProtocolConstants.PARAMETER_PROXY_CALLBACK_URL);
if (StringUtils.isNotBlank(pgtUrl)) {
try {
val registeredService = serviceValidateConfigurationContext.getServicesManager().findServiceBy(service);
verifyRegisteredServiceProperties(registeredService, service);
return new HttpBasedServiceCredential(new URL(pgtUrl), registeredService);
} catch (final Exception e) {
LOGGER.error("Error constructing [{}]", CasProtocolConstants.PARAMETER_PROXY_CALLBACK_URL);
LoggingUtils.error(LOGGER, e);
}
}
return null;
}
use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.
the class AbstractServiceValidateController method handleTicketValidation.
/**
* Handle ticket validation model and view.
*
* @param request the request
* @param response the response
* @param service the service
* @param serviceTicketId the service ticket id
* @return the model and view
*/
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final HttpServletResponse response, final WebApplicationService service, final String serviceTicketId) {
var proxyGrantingTicketId = (ProxyGrantingTicket) null;
val serviceCredential = getServiceCredentialsFromRequest(service, request);
if (serviceCredential != null) {
try {
proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
} catch (final AuthenticationException e) {
LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, description, request, service);
} catch (final InvalidTicketException e) {
LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential);
LoggingUtils.error(LOGGER, e);
val description = getTicketValidationErrorDescription(e.getCode(), new Object[] { serviceTicketId }, request);
return generateErrorView(e.getCode(), description, request, service);
} catch (final AbstractTicketException e) {
LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential);
LoggingUtils.error(LOGGER, e);
val description = getTicketValidationErrorDescription(e.getCode(), new Object[] { serviceCredential.getId() }, request);
return generateErrorView(e.getCode(), description, request, service);
}
}
val assertion = validateServiceTicket(service, serviceTicketId);
if (!validateAssertion(request, serviceTicketId, assertion, service)) {
val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, description, request, service);
}
val ctxResult = serviceValidateConfigurationContext.getRequestedContextValidator().validateAuthenticationContext(assertion, request, response);
if (!ctxResult.isSuccess()) {
throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
}
var proxyIou = StringUtils.EMPTY;
val proxyHandler = serviceValidateConfigurationContext.getProxyHandler();
if (serviceCredential != null && proxyHandler != null && proxyHandler.canHandle(serviceCredential)) {
val registeredService = ((HttpBasedServiceCredential) serviceCredential).getService();
val authorizedToReleaseProxyGrantingTicket = registeredService.getAttributeReleasePolicy().isAuthorizedToReleaseProxyGrantingTicket();
if (!authorizedToReleaseProxyGrantingTicket) {
LOGGER.debug("Service [{}] is not authorized to release the PGT directly, make a proxy callback", registeredService);
proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
if (StringUtils.isEmpty(proxyIou)) {
val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, description, request, service);
}
} else {
LOGGER.debug("Service [{}] is authorized to release the PGT directly, skip the proxy callback", registeredService);
}
} else {
LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", proxyHandler);
}
onSuccessfulValidation(serviceTicketId, assertion);
LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getContextId(), proxyGrantingTicketId);
}
use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.
the class Cas20ProxyHandlerTests method verifyNonValidProxyTicket.
@Test
public void verifyNonValidProxyTicket() throws Exception {
val clientFactory = new SimpleHttpClientFactoryBean();
clientFactory.setAcceptableCodes(CollectionUtils.wrapList(900));
this.handler = new Cas20ProxyHandler(clientFactory.getObject(), new DefaultUniqueTicketIdGenerator());
assertNull(this.handler.handle(new HttpBasedServiceCredential(new URL("http://www.rutgers.edu"), CoreAuthenticationTestUtils.getRegisteredService("https://some.app.edu")), proxyGrantingTicket));
}
Aggregations