Search in sources :

Example 41 with TicketGrantingTicket

use of org.apereo.cas.ticket.TicketGrantingTicket in project cas by apereo.

the class DefaultCentralAuthenticationService method grantServiceTicket.

@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
    final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
    final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
    final Service selectedService = resolveServiceFromAuthenticationRequest(service);
    final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
    final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
    final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
    accessResult.throwExceptionIfNeeded();
    final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
    RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
    evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
    // Perform security policy check by getting the authentication that satisfies the configured policy
    getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
    final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
    AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
    final Principal principal = latestAuthentication.getPrincipal();
    final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
    final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
    this.ticketRegistry.updateTicket(ticketGrantingTicket);
    this.ticketRegistry.addTicket(serviceTicket);
    LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
    doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
    return serviceTicket;
}
Also used : AuditableContext(org.apereo.cas.audit.AuditableContext) RegisteredService(org.apereo.cas.services.RegisteredService) ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory) CasServiceTicketGrantedEvent(org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) Authentication(org.apereo.cas.authentication.Authentication) ServiceContext(org.apereo.cas.services.ServiceContext) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult) Principal(org.apereo.cas.authentication.principal.Principal) Audit(org.apereo.inspektr.audit.annotation.Audit) Counted(com.codahale.metrics.annotation.Counted) Metered(com.codahale.metrics.annotation.Metered) Timed(com.codahale.metrics.annotation.Timed)

Example 42 with TicketGrantingTicket

use of org.apereo.cas.ticket.TicketGrantingTicket in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyDestroyTicketGrantingTicketWithValidTicket.

@Test
public void verifyDestroyTicketGrantingTicketWithValidTicket() {
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
    final TicketGrantingTicket ticketId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
}
Also used : TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Example 43 with TicketGrantingTicket

use of org.apereo.cas.ticket.TicketGrantingTicket in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyDelegateTicketGrantingTicketWithBadServiceTicket.

@Test
public void verifyDelegateTicketGrantingTicketWithBadServiceTicket() {
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService());
    final TicketGrantingTicket ticketId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicketId = getCentralAuthenticationService().grantServiceTicket(ticketId.getId(), getService(), ctx);
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
    final AuthenticationResult ctx2 = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), RegisteredServiceTestUtils.getHttpBasedServiceCredentials());
    this.thrown.expect(AbstractTicketException.class);
    getCentralAuthenticationService().createProxyGrantingTicket(serviceTicketId.getId(), ctx2);
}
Also used : TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Example 44 with TicketGrantingTicket

use of org.apereo.cas.ticket.TicketGrantingTicket in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyGrantServiceTicketFailsAuthzRule.

@Test
public void verifyGrantServiceTicketFailsAuthzRule() {
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), getService("TestServiceAttributeForAuthzFails"));
    this.thrown.expect(PrincipalException.class);
    final TicketGrantingTicket ticketId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    getCentralAuthenticationService().grantServiceTicket(ticketId.getId(), getService("TestServiceAttributeForAuthzFails"), ctx);
}
Also used : TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Example 45 with TicketGrantingTicket

use of org.apereo.cas.ticket.TicketGrantingTicket in project cas by apereo.

the class CentralAuthenticationServiceImplTests method verifyValidateServiceTicketWithInvalidUsernameAttribute.

@Test
public void verifyValidateServiceTicketWithInvalidUsernameAttribute() {
    final Service svc = getService("eduPersonTestInvalid");
    final UsernamePasswordCredential cred = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), svc);
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc, ctx);
    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();
    /*
         * The attribute specified for this service does not resolve.
         * Therefore, we expect the default to be returned.
         */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
Also used : TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) Authentication(org.apereo.cas.authentication.Authentication) Assertion(org.apereo.cas.validation.Assertion) AbstractWebApplicationService(org.apereo.cas.authentication.principal.AbstractWebApplicationService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Aggregations

TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)155 Test (org.junit.Test)119 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)69 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)67 Service (org.apereo.cas.authentication.principal.Service)43 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)35 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)32 Credential (org.apereo.cas.authentication.Credential)26 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)26 Authentication (org.apereo.cas.authentication.Authentication)24 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)23 TicketGrantingTicketImpl (org.apereo.cas.ticket.TicketGrantingTicketImpl)21 NeverExpiresExpirationPolicy (org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy)20 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)18 AbstractWebApplicationService (org.apereo.cas.authentication.principal.AbstractWebApplicationService)16 MockServiceTicket (org.apereo.cas.mock.MockServiceTicket)16 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)14 Assertion (org.apereo.cas.validation.Assertion)13 CachedData (net.spy.memcached.CachedData)12 MockServletContext (org.springframework.mock.web.MockServletContext)12