Examples with Service org.apereo.cas.authentication.principal.Service used on opensource projects

Example 31 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class DefaultCentralAuthenticationService method grantServiceTicket.

@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
    final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
    final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
    final Service selectedService = resolveServiceFromAuthenticationRequest(service);
    final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
    final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
    final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
    accessResult.throwExceptionIfNeeded();
    final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
    RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
    evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
    // Perform security policy check by getting the authentication that satisfies the configured policy
    getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
    final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
    AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
    final Principal principal = latestAuthentication.getPrincipal();
    final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
    final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
    this.ticketRegistry.updateTicket(ticketGrantingTicket);
    this.ticketRegistry.addTicket(serviceTicket);
    LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
    doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
    return serviceTicket;
}

Example 32 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyValidateServiceTicketWithInvalidUsernameAttribute.

@Test
public void verifyValidateServiceTicketWithInvalidUsernameAttribute() {
    final Service svc = getService("eduPersonTestInvalid");
    final UsernamePasswordCredential cred = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), svc);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc, ctx);
    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();
    /*
         * The attribute specified for this service does not resolve.
         * Therefore, we expect the default to be returned.
         */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}

Example 33 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyGrantServiceTicketWithNoCredsAndSsoFalseAndSsoFalse.

@Test
public void verifyGrantServiceTicketWithNoCredsAndSsoFalseAndSsoFalse() {
    final Service svc = getService("TestSsoFalse");
    final AuthenticationResult ctx = mock(AuthenticationResult.class);
    when(ctx.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication());
    when(ctx.isCredentialProvided()).thenReturn(true);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final Service service = getService("eduPersonTest");
    getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), service, ctx);
    this.thrown.expect(UnauthorizedSsoServiceException.class);
    when(ctx.isCredentialProvided()).thenReturn(false);
    getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc, ctx);
}

Example 34 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyValidateServiceTicketNoAttributesReturned.

@Test
public void verifyValidateServiceTicketNoAttributesReturned() {
    final Service service = getService();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), service);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), service, ctx);
    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(0, auth.getPrincipal().getAttributes().size());
}

Example 35 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyValidateServiceTicketWithDefaultUsernameAttribute.

@Test
public void verifyValidateServiceTicketWithDefaultUsernameAttribute() {
    final Service svc = getService("testDefault");
    final UsernamePasswordCredential cred = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), svc);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc, ctx);
    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}