use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class GenerateServiceTicketAction method doExecute.
/**
* {@inheritDoc}
* <p>
* In the initial primary authentication flow, credentials are cached and available.
* Since they are authenticated as part of submission first, there is no need to doubly
* authenticate and verify credentials.
* <p>
* In subsequent authentication flows where a TGT is available and only an ST needs to be
* created, there are no cached copies of the credential, since we do have a TGT available.
* So we will simply grab the available authentication and produce the final result based on that.
*/
@Override
protected Event doExecute(final RequestContext context) {
final Service service = WebUtils.getService(context);
LOGGER.debug("Service asking for service ticket is [{}]", service);
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
LOGGER.debug("Ticket-granting ticket found in the context is [{}]", ticketGrantingTicket);
try {
final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
if (authentication == null) {
throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
}
final RegisteredService registeredService = servicesManager.findServiceBy(service);
LOGGER.debug("Registered service asking for service ticket is [{}]", registeredService);
WebUtils.putRegisteredService(context, registeredService);
WebUtils.putService(context, service);
if (registeredService != null) {
if (!StringUtils.isEmpty(registeredService.getAccessStrategy().getUnauthorizedRedirectUrl())) {
LOGGER.debug("Registered service may redirect to [{}] for unauthorized access requests", registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
}
WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
}
if (WebUtils.getWarningCookie(context)) {
LOGGER.debug("Warning cookie is present in the request context. Routing result to [{}] state", CasWebflowConstants.STATE_ID_WARN);
return result(CasWebflowConstants.STATE_ID_WARN);
}
final Credential credential = WebUtils.getCredential(context);
final AuthenticationResultBuilder builder = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
final AuthenticationResult authenticationResult = builder.build(service);
LOGGER.debug("Built the final authentication result [{}] to grant service ticket to [{}]", authenticationResult, service);
final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
LOGGER.debug("Granted service ticket [{}] and added it to the request scope", serviceTicketId);
return success();
} catch (final AbstractTicketException e) {
if (e instanceof InvalidTicketException) {
LOGGER.debug("CAS has determined ticket-granting ticket [{}] is invalid and must be destroyed", ticketGrantingTicket);
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket);
}
if (isGatewayPresent(context)) {
LOGGER.debug("Request indicates that it is gateway. Routing result to [{}] state", CasWebflowConstants.STATE_ID_GATEWAY);
return result(CasWebflowConstants.STATE_ID_GATEWAY);
}
LOGGER.warn("Could not grant service ticket [{}]. Routing to [{}]", e.getMessage(), CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE);
return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
}
}
use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.
the class TicketsResource method createServiceTicket.
/**
* Create new service ticket.
*
* @param requestBody service application/x-www-form-urlencoded value
* @param tgtId ticket granting ticket id URI path param
* @return {@link ResponseEntity} representing RESTful response
*/
@PostMapping(value = "/v1/tickets/{tgtId:.+}", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public ResponseEntity<String> createServiceTicket(@RequestBody final MultiValueMap<String, String> requestBody, @PathVariable("tgtId") final String tgtId) {
try {
final String serviceId = requestBody.getFirst(CasProtocolConstants.PARAMETER_SERVICE);
final AuthenticationResultBuilder builder = new DefaultAuthenticationResultBuilder(this.authenticationSystemSupport.getPrincipalElectionStrategy());
final Service service = this.webApplicationServiceFactory.createService(serviceId);
final AuthenticationResult authenticationResult = builder.collect(this.ticketRegistrySupport.getAuthenticationFrom(tgtId)).build(service);
final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(tgtId, service, authenticationResult);
return new ResponseEntity<>(serviceTicketId.getId(), HttpStatus.OK);
} catch (final InvalidTicketException e) {
return new ResponseEntity<>("TicketGrantingTicket could not be found", HttpStatus.NOT_FOUND);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
}
}
Aggregations