Example 6 with InvalidTicketException
use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class TicketsResourceTests method creationOfSTWithInvalidTicketException.
@Test
public void creationOfSTWithInvalidTicketException() throws Throwable {
configureCasMockSTCreationToThrow(new InvalidTicketException("TGT-1"));
this.mockMvc.perform(post(TICKETS_RESOURCE_URL + "/TGT-1").param(SERVICE, CoreAuthenticationTestUtils.getService().getId())).andExpect(status().isNotFound()).andExpect(content().string("TicketGrantingTicket could not be found"));
}
Also used :
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
Test(org.junit.Test)
Example 7 with InvalidTicketException
use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class AbstractServiceValidateController method handleTicketValidation.
/**
* Handle ticket validation model and view.
*
* @param request the request
* @param service the service
* @param serviceTicketId the service ticket id
* @return the model and view
*/
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final WebApplicationService service, final String serviceTicketId) {
TicketGrantingTicket proxyGrantingTicketId = null;
final Credential serviceCredential = getServiceCredentialsFromRequest(service, request);
if (serviceCredential != null) {
try {
proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
} catch (final AuthenticationException e) {
LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
} catch (final InvalidTicketException e) {
LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential, e);
return generateErrorView(e.getCode(), new Object[] { serviceTicketId }, request, service);
} catch (final AbstractTicketException e) {
LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential, e);
return generateErrorView(e.getCode(), new Object[] { serviceCredential.getId() }, request, service);
}
}
final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
if (!validateAssertion(request, serviceTicketId, assertion)) {
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request, service);
}
final Pair<Boolean, Optional<MultifactorAuthenticationProvider>> ctxResult = validateAuthenticationContext(assertion, request);
if (!ctxResult.getKey()) {
throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
}
String proxyIou = null;
if (serviceCredential != null && this.proxyHandler.canHandle(serviceCredential)) {
proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
if (StringUtils.isEmpty(proxyIou)) {
return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
}
} else {
LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", this.proxyHandler.getClass().getSimpleName());
}
onSuccessfulValidation(serviceTicketId, assertion);
LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getValue(), proxyGrantingTicketId);
}
Also used :
Credential(org.apereo.cas.authentication.Credential)
HttpBasedServiceCredential(org.apereo.cas.authentication.HttpBasedServiceCredential)
Optional(java.util.Optional)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
Assertion(org.apereo.cas.validation.Assertion)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)
Example 8 with InvalidTicketException
use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class TicketOrCredentialPrincipalResolver method resolveArgument.
/**
* Resolve the join point argument.
*
* @param arg1 the arg
* @return the resolved string
*/
private String resolveArgument(final Object arg1) {
LOGGER.debug("Resolving argument [{}] for audit", arg1.getClass().getSimpleName());
if (arg1 instanceof AuthenticationTransaction) {
final AuthenticationTransaction transaction = AuthenticationTransaction.class.cast(arg1);
return resolveArguments(new StringBuilder(), transaction.getCredentials());
}
if (arg1 instanceof Credential) {
return arg1.toString();
}
if (arg1 instanceof String) {
try {
final Ticket ticket = this.centralAuthenticationService.getTicket((String) arg1, Ticket.class);
Authentication authentication = null;
if (ticket instanceof ServiceTicket) {
authentication = ServiceTicket.class.cast(ticket).getGrantingTicket().getAuthentication();
} else if (ticket instanceof TicketGrantingTicket) {
authentication = TicketGrantingTicket.class.cast(ticket).getAuthentication();
}
return this.principalIdProvider.getPrincipalIdFrom(authentication);
} catch (final InvalidTicketException e) {
LOGGER.trace(e.getMessage(), e);
}
LOGGER.debug("Could not locate ticket [{}] in the registry", arg1);
}
return WebUtils.getAuthenticatedUsername();
}
Also used :
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
Ticket(org.apereo.cas.ticket.Ticket)
Credential(org.apereo.cas.authentication.Credential)
Authentication(org.apereo.cas.authentication.Authentication)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
AuthenticationTransaction(org.apereo.cas.authentication.AuthenticationTransaction)
Example 9 with InvalidTicketException
use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class AuthenticationExceptionHandlerTests method handleUnknownTicketExceptionByDefault.
@Test
public void handleUnknownTicketExceptionByDefault() {
final AuthenticationExceptionHandler handler = new AuthenticationExceptionHandler();
final MessageContext ctx = mock(MessageContext.class);
final String id = handler.handle(new InvalidTicketException("TGT"), ctx);
assertEquals(id, "UNKNOWN");
verifyZeroInteractions(ctx);
}
Also used :
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
MessageContext(org.springframework.binding.message.MessageContext)
Test(org.junit.Test)
Example 10 with InvalidTicketException
use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class DefaultCentralAuthenticationService method createProxyGrantingTicket.
@Audit(action = "PROXY_GRANTING_TICKET", actionResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_PROXY_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_PROXY_GRANTING_TICKET_METER")
@Counted(name = "CREATE_PROXY_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
AuthenticationCredentialsLocalBinder.bindCurrent(authenticationResult.getAuthentication());
final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
if (serviceTicket == null || serviceTicket.isExpired()) {
LOGGER.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
throw new InvalidTicketException(serviceTicketId);
}
final RegisteredService registeredService = this.servicesManager.findServiceBy(serviceTicket.getService());
RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(serviceTicket, authenticationResult, registeredService);
if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
LOGGER.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
throw new UnauthorizedProxyingException();
}
final Authentication authentication = authenticationResult.getAuthentication();
final ProxyGrantingTicketFactory factory = this.ticketFactory.get(ProxyGrantingTicket.class);
final ProxyGrantingTicket proxyGrantingTicket = factory.create(serviceTicket, authentication);
LOGGER.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
this.ticketRegistry.addTicket(proxyGrantingTicket);
doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket));
return proxyGrantingTicket;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket)
CasProxyGrantingTicketCreatedEvent(org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent)
UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException)
ProxyGrantingTicketFactory(org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Aggregations
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)12
ServiceTicket (org.apereo.cas.ticket.ServiceTicket)6
Authentication (org.apereo.cas.authentication.Authentication)5
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)5
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)4
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)4
Credential (org.apereo.cas.authentication.Credential)4
Service (org.apereo.cas.authentication.principal.Service)4
RegisteredService (org.apereo.cas.services.RegisteredService)4
Counted (com.codahale.metrics.annotation.Counted)3
Metered (com.codahale.metrics.annotation.Metered)3
Timed (com.codahale.metrics.annotation.Timed)3
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)3
AuthenticationResultBuilder (org.apereo.cas.authentication.AuthenticationResultBuilder)3
Audit (org.apereo.inspektr.audit.annotation.Audit)3
Test (org.junit.Test)3
Principal (org.apereo.cas.authentication.principal.Principal)2
AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)2
Assertion (org.apereo.cas.validation.Assertion)2
ResponseEntity (org.springframework.http.ResponseEntity)2
