use of org.apereo.cas.ticket.proxy.ProxyGrantingTicket in project cas by apereo.
the class DistributedTicketRegistryTests method verifyDeleteTicketWithPGT.
@Test
public void verifyDeleteTicketWithPGT() {
final Authentication a = CoreAuthenticationTestUtils.getAuthentication();
this.ticketRegistry.addTicket(new TicketGrantingTicketImpl(TGT_NAME, a, new NeverExpiresExpirationPolicy()));
final TicketGrantingTicket tgt = this.ticketRegistry.getTicket(TGT_NAME, TicketGrantingTicket.class);
final Service service = CoreAuthenticationTestUtils.getService("TGT_DELETE_TEST");
final ServiceTicket st1 = tgt.grantServiceTicket("ST1", service, new NeverExpiresExpirationPolicy(), true, true);
this.ticketRegistry.addTicket(st1);
assertNotNull(this.ticketRegistry.getTicket(TGT_NAME, TicketGrantingTicket.class));
assertNotNull(this.ticketRegistry.getTicket("ST1", ServiceTicket.class));
final ProxyGrantingTicket pgt = st1.grantProxyGrantingTicket("PGT-1", a, new NeverExpiresExpirationPolicy());
assertEquals(a, pgt.getAuthentication());
this.ticketRegistry.addTicket(pgt);
assertSame(3, this.ticketRegistry.deleteTicket(tgt.getId()));
assertNull(this.ticketRegistry.getTicket(TGT_NAME, TicketGrantingTicket.class));
assertNull(this.ticketRegistry.getTicket("ST1", ServiceTicket.class));
assertNull(this.ticketRegistry.getTicket("PGT-1", ProxyGrantingTicket.class));
}
use of org.apereo.cas.ticket.proxy.ProxyGrantingTicket in project cas by apereo.
the class DefaultCentralAuthenticationService method createProxyGrantingTicket.
@Audit(action = "PROXY_GRANTING_TICKET", actionResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_PROXY_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_PROXY_GRANTING_TICKET_METER")
@Counted(name = "CREATE_PROXY_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
AuthenticationCredentialsLocalBinder.bindCurrent(authenticationResult.getAuthentication());
final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
if (serviceTicket == null || serviceTicket.isExpired()) {
LOGGER.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
throw new InvalidTicketException(serviceTicketId);
}
final RegisteredService registeredService = this.servicesManager.findServiceBy(serviceTicket.getService());
RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(serviceTicket, authenticationResult, registeredService);
if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
LOGGER.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
throw new UnauthorizedProxyingException();
}
final Authentication authentication = authenticationResult.getAuthentication();
final ProxyGrantingTicketFactory factory = this.ticketFactory.get(ProxyGrantingTicket.class);
final ProxyGrantingTicket proxyGrantingTicket = factory.create(serviceTicket, authentication);
LOGGER.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
this.ticketRegistry.addTicket(proxyGrantingTicket);
doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket));
return proxyGrantingTicket;
}
use of org.apereo.cas.ticket.proxy.ProxyGrantingTicket in project cas by apereo.
the class MemCacheTicketRegistryTests method verifyDeleteTicketWithPGT.
@Test
public void verifyDeleteTicketWithPGT() {
final Authentication a = CoreAuthenticationTestUtils.getAuthentication();
this.registry.addTicket(new TicketGrantingTicketImpl(TGT_ID, a, new NeverExpiresExpirationPolicy()));
final TicketGrantingTicket tgt = this.registry.getTicket(TGT_ID, TicketGrantingTicket.class);
final Service service = RegisteredServiceTestUtils.getService("TGT_DELETE_TEST");
final ServiceTicket st1 = tgt.grantServiceTicket(ST_1_ID, service, new NeverExpiresExpirationPolicy(), false, true);
this.registry.addTicket(st1);
this.registry.updateTicket(tgt);
assertNotNull(this.registry.getTicket(TGT_ID, TicketGrantingTicket.class));
assertNotNull(this.registry.getTicket(ST_1_ID, ServiceTicket.class));
final ProxyGrantingTicket pgt = st1.grantProxyGrantingTicket(PGT_1_ID, a, new NeverExpiresExpirationPolicy());
this.registry.addTicket(pgt);
this.registry.updateTicket(tgt);
this.registry.updateTicket(st1);
assertEquals(pgt.getGrantingTicket(), tgt);
assertNotNull(this.registry.getTicket(PGT_1_ID, ProxyGrantingTicket.class));
assertEquals(a, pgt.getAuthentication());
assertNotNull(this.registry.getTicket(ST_1_ID, ServiceTicket.class));
assertTrue(this.registry.deleteTicket(tgt.getId()) > 0);
assertNull(this.registry.getTicket(TGT_ID, TicketGrantingTicket.class));
assertNull(this.registry.getTicket(ST_1_ID, ServiceTicket.class));
assertNull(this.registry.getTicket(PGT_1_ID, ProxyGrantingTicket.class));
}
Aggregations