Search in sources :

Example 1 with AbstractTicketException

use of org.apereo.cas.ticket.AbstractTicketException in project cas by apereo.

the class ServiceTicketRequestWebflowEventResolver method grantServiceTicket.

/**
     * Grant service ticket for the given credential based on the service and tgt
     * that are found in the request context.
     *
     * @param context the context
     * @return the resulting event. Warning, authentication failure or error.
     * @since 4.1.0
     */
protected Event grantServiceTicket(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final Credential credential = getCredentialFromContext(context);
    try {
        final Service service = WebUtils.getService(context);
        final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, authenticationResult);
        WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
        WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context);
        return newEvent(CasWebflowConstants.TRANSITION_ID_WARN);
    } catch (final AuthenticationException | AbstractTicketException e) {
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
    }
}
Also used : Credential(org.apereo.cas.authentication.Credential) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)

Example 2 with AbstractTicketException

use of org.apereo.cas.ticket.AbstractTicketException in project cas by apereo.

the class InitialAuthenticationAttemptWebflowEventResolver method returnAuthenticationExceptionEventIfNeeded.

private Event returnAuthenticationExceptionEventIfNeeded(final Exception e) {
    final Exception ex;
    if (e instanceof AuthenticationException || e instanceof AbstractTicketException) {
        ex = e;
    } else if (e.getCause() instanceof AuthenticationException || e.getCause() instanceof AbstractTicketException) {
        ex = (Exception) e.getCause();
    } else {
        return null;
    }
    LOGGER.debug(ex.getMessage(), ex);
    return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, ex);
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)

Example 3 with AbstractTicketException

use of org.apereo.cas.ticket.AbstractTicketException in project cas by apereo.

the class TicketGrantingTicketCheckAction method doExecute.

/**
     * Determines whether the TGT in the flow request context is valid.
     *
     * @param requestContext Flow request context.
     *
     * @throws Exception in case ticket cannot be retrieved from the service layer
     * @return {@link #NOT_EXISTS}, {@link #INVALID}, or {@link #VALID}.
     */
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final String tgtId = WebUtils.getTicketGrantingTicketId(requestContext);
    if (!StringUtils.hasText(tgtId)) {
        return new Event(this, NOT_EXISTS);
    }
    String eventId = INVALID;
    try {
        final Ticket ticket = this.centralAuthenticationService.getTicket(tgtId, Ticket.class);
        if (ticket != null && !ticket.isExpired()) {
            eventId = VALID;
        }
    } catch (final AbstractTicketException e) {
        LOGGER.trace("Could not retrieve ticket id [{}] from registry.", e.getMessage());
    }
    return new Event(this, eventId);
}
Also used : Ticket(org.apereo.cas.ticket.Ticket) Event(org.springframework.webflow.execution.Event) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)

Example 4 with AbstractTicketException

use of org.apereo.cas.ticket.AbstractTicketException in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyGoodCredentialsOnTicketGrantingTicketCreation.

@Test
public void verifyGoodCredentialsOnTicketGrantingTicketCreation() throws Exception {
    try {
        final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
        assertNotNull(getCentralAuthenticationService().createTicketGrantingTicket(ctx));
    } catch (final AbstractTicketException e) {
        fail("Exception expected");
    }
}
Also used : AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Example 5 with AbstractTicketException

use of org.apereo.cas.ticket.AbstractTicketException in project cas by apereo.

the class AbstractServiceValidateController method handleTicketValidation.

/**
     * Handle ticket validation model and view.
     *
     * @param request         the request
     * @param service         the service
     * @param serviceTicketId the service ticket id
     * @return the model and view
     */
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final WebApplicationService service, final String serviceTicketId) {
    TicketGrantingTicket proxyGrantingTicketId = null;
    final Credential serviceCredential = getServiceCredentialsFromRequest(service, request);
    if (serviceCredential != null) {
        try {
            proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
        } catch (final AuthenticationException e) {
            LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
        } catch (final InvalidTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential, e);
            return generateErrorView(e.getCode(), new Object[] { serviceTicketId }, request, service);
        } catch (final AbstractTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential, e);
            return generateErrorView(e.getCode(), new Object[] { serviceCredential.getId() }, request, service);
        }
    }
    final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
    if (!validateAssertion(request, serviceTicketId, assertion)) {
        return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request, service);
    }
    final Pair<Boolean, Optional<MultifactorAuthenticationProvider>> ctxResult = validateAuthenticationContext(assertion, request);
    if (!ctxResult.getKey()) {
        throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
    }
    String proxyIou = null;
    if (serviceCredential != null && this.proxyHandler.canHandle(serviceCredential)) {
        proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
        if (StringUtils.isEmpty(proxyIou)) {
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
        }
    } else {
        LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", this.proxyHandler.getClass().getSimpleName());
    }
    onSuccessfulValidation(serviceTicketId, assertion);
    LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
    return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getValue(), proxyGrantingTicketId);
}
Also used : Credential(org.apereo.cas.authentication.Credential) HttpBasedServiceCredential(org.apereo.cas.authentication.HttpBasedServiceCredential) Optional(java.util.Optional) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) Assertion(org.apereo.cas.validation.Assertion) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)

Aggregations

AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)10 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)4 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)4 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)4 Service (org.apereo.cas.authentication.principal.Service)4 Credential (org.apereo.cas.authentication.Credential)3 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)2 RegisteredService (org.apereo.cas.services.RegisteredService)2 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)2 InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)2 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)2 Assertion (org.apereo.cas.validation.Assertion)2 HashMap (java.util.HashMap)1 Optional (java.util.Optional)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpSession (javax.servlet.http.HttpSession)1 Authentication (org.apereo.cas.authentication.Authentication)1 AuthenticationResultBuilder (org.apereo.cas.authentication.AuthenticationResultBuilder)1 HttpBasedServiceCredential (org.apereo.cas.authentication.HttpBasedServiceCredential)1 UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)1