Search in sources :

Example 11 with InvalidTicketException

use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.

the class GenerateServiceTicketAction method doExecute.

/**
     * {@inheritDoc}
     * <p>
     * In the initial primary authentication flow, credentials are cached and available.
     * Since they are authenticated as part of submission first, there is no need to doubly
     * authenticate and verify credentials.
     * <p>
     * In subsequent authentication flows where a TGT is available and only an ST needs to be
     * created, there are no cached copies of the credential, since we do have a TGT available.
     * So we will simply grab the available authentication and produce the final result based on that.
     */
@Override
protected Event doExecute(final RequestContext context) {
    final Service service = WebUtils.getService(context);
    LOGGER.debug("Service asking for service ticket is [{}]", service);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
    LOGGER.debug("Ticket-granting ticket found in the context is [{}]", ticketGrantingTicket);
    try {
        final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
        if (authentication == null) {
            throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
        }
        final RegisteredService registeredService = servicesManager.findServiceBy(service);
        LOGGER.debug("Registered service asking for service ticket is [{}]", registeredService);
        WebUtils.putRegisteredService(context, registeredService);
        WebUtils.putService(context, service);
        if (registeredService != null) {
            if (!StringUtils.isEmpty(registeredService.getAccessStrategy().getUnauthorizedRedirectUrl())) {
                LOGGER.debug("Registered service may redirect to [{}] for unauthorized access requests", registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
            }
            WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
        }
        if (WebUtils.getWarningCookie(context)) {
            LOGGER.debug("Warning cookie is present in the request context. Routing result to [{}] state", CasWebflowConstants.STATE_ID_WARN);
            return result(CasWebflowConstants.STATE_ID_WARN);
        }
        final Credential credential = WebUtils.getCredential(context);
        final AuthenticationResultBuilder builder = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
        final AuthenticationResult authenticationResult = builder.build(service);
        LOGGER.debug("Built the final authentication result [{}] to grant service ticket to [{}]", authenticationResult, service);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
        WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
        LOGGER.debug("Granted service ticket [{}] and added it to the request scope", serviceTicketId);
        return success();
    } catch (final AbstractTicketException e) {
        if (e instanceof InvalidTicketException) {
            LOGGER.debug("CAS has determined ticket-granting ticket [{}] is invalid and must be destroyed", ticketGrantingTicket);
            this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket);
        }
        if (isGatewayPresent(context)) {
            LOGGER.debug("Request indicates that it is gateway. Routing result to [{}] state", CasWebflowConstants.STATE_ID_GATEWAY);
            return result(CasWebflowConstants.STATE_ID_GATEWAY);
        }
        LOGGER.warn("Could not grant service ticket [{}]. Routing to [{}]", e.getMessage(), CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE);
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
    }
}
Also used : Credential(org.apereo.cas.authentication.Credential) RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AuthenticationResultBuilder(org.apereo.cas.authentication.AuthenticationResultBuilder) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)

Example 12 with InvalidTicketException

use of org.apereo.cas.ticket.InvalidTicketException in project cas by apereo.

the class TicketsResource method createServiceTicket.

/**
     * Create new service ticket.
     *
     * @param requestBody service application/x-www-form-urlencoded value
     * @param tgtId       ticket granting ticket id URI path param
     * @return {@link ResponseEntity} representing RESTful response
     */
@PostMapping(value = "/v1/tickets/{tgtId:.+}", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public ResponseEntity<String> createServiceTicket(@RequestBody final MultiValueMap<String, String> requestBody, @PathVariable("tgtId") final String tgtId) {
    try {
        final String serviceId = requestBody.getFirst(CasProtocolConstants.PARAMETER_SERVICE);
        final AuthenticationResultBuilder builder = new DefaultAuthenticationResultBuilder(this.authenticationSystemSupport.getPrincipalElectionStrategy());
        final Service service = this.webApplicationServiceFactory.createService(serviceId);
        final AuthenticationResult authenticationResult = builder.collect(this.ticketRegistrySupport.getAuthenticationFrom(tgtId)).build(service);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(tgtId, service, authenticationResult);
        return new ResponseEntity<>(serviceTicketId.getId(), HttpStatus.OK);
    } catch (final InvalidTicketException e) {
        return new ResponseEntity<>("TicketGrantingTicket could not be found", HttpStatus.NOT_FOUND);
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
    }
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) DefaultAuthenticationResultBuilder(org.apereo.cas.authentication.DefaultAuthenticationResultBuilder) AuthenticationResultBuilder(org.apereo.cas.authentication.AuthenticationResultBuilder) DefaultAuthenticationResultBuilder(org.apereo.cas.authentication.DefaultAuthenticationResultBuilder) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) JsonProcessingException(com.fasterxml.jackson.core.JsonProcessingException) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Aggregations

InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)12 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)6 Authentication (org.apereo.cas.authentication.Authentication)5 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)5 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)4 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)4 Credential (org.apereo.cas.authentication.Credential)4 Service (org.apereo.cas.authentication.principal.Service)4 RegisteredService (org.apereo.cas.services.RegisteredService)4 Counted (com.codahale.metrics.annotation.Counted)3 Metered (com.codahale.metrics.annotation.Metered)3 Timed (com.codahale.metrics.annotation.Timed)3 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)3 AuthenticationResultBuilder (org.apereo.cas.authentication.AuthenticationResultBuilder)3 Audit (org.apereo.inspektr.audit.annotation.Audit)3 Test (org.junit.Test)3 Principal (org.apereo.cas.authentication.principal.Principal)2 AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)2 Assertion (org.apereo.cas.validation.Assertion)2 ResponseEntity (org.springframework.http.ResponseEntity)2