Search in sources :

Example 11 with ProxyGrantingTicket

use of org.apereo.cas.ticket.proxy.ProxyGrantingTicket in project cas by apereo.

the class DistributedTicketRegistryTests method verifyDeleteTicketWithPGT.

@Test
public void verifyDeleteTicketWithPGT() {
    final Authentication a = CoreAuthenticationTestUtils.getAuthentication();
    this.ticketRegistry.addTicket(new TicketGrantingTicketImpl(TGT_NAME, a, new NeverExpiresExpirationPolicy()));
    final TicketGrantingTicket tgt = this.ticketRegistry.getTicket(TGT_NAME, TicketGrantingTicket.class);
    final Service service = CoreAuthenticationTestUtils.getService("TGT_DELETE_TEST");
    final ServiceTicket st1 = tgt.grantServiceTicket("ST1", service, new NeverExpiresExpirationPolicy(), true, true);
    this.ticketRegistry.addTicket(st1);
    assertNotNull(this.ticketRegistry.getTicket(TGT_NAME, TicketGrantingTicket.class));
    assertNotNull(this.ticketRegistry.getTicket("ST1", ServiceTicket.class));
    final ProxyGrantingTicket pgt = st1.grantProxyGrantingTicket("PGT-1", a, new NeverExpiresExpirationPolicy());
    assertEquals(a, pgt.getAuthentication());
    this.ticketRegistry.addTicket(pgt);
    assertSame(3, this.ticketRegistry.deleteTicket(tgt.getId()));
    assertNull(this.ticketRegistry.getTicket(TGT_NAME, TicketGrantingTicket.class));
    assertNull(this.ticketRegistry.getTicket("ST1", ServiceTicket.class));
    assertNull(this.ticketRegistry.getTicket("PGT-1", ProxyGrantingTicket.class));
}
Also used : NeverExpiresExpirationPolicy(org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy) Authentication(org.apereo.cas.authentication.Authentication) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) Service(org.apereo.cas.authentication.principal.Service) TicketGrantingTicketImpl(org.apereo.cas.ticket.TicketGrantingTicketImpl) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket) Test(org.junit.Test)

Example 12 with ProxyGrantingTicket

use of org.apereo.cas.ticket.proxy.ProxyGrantingTicket in project cas by apereo.

the class DefaultCentralAuthenticationService method createProxyGrantingTicket.

@Audit(action = "PROXY_GRANTING_TICKET", actionResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOLVER", resourceResolverName = "CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_PROXY_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_PROXY_GRANTING_TICKET_METER")
@Counted(name = "CREATE_PROXY_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
    AuthenticationCredentialsLocalBinder.bindCurrent(authenticationResult.getAuthentication());
    final ServiceTicket serviceTicket = this.ticketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
    if (serviceTicket == null || serviceTicket.isExpired()) {
        LOGGER.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }
    final RegisteredService registeredService = this.servicesManager.findServiceBy(serviceTicket.getService());
    RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(serviceTicket, authenticationResult, registeredService);
    if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
        LOGGER.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }
    final Authentication authentication = authenticationResult.getAuthentication();
    final ProxyGrantingTicketFactory factory = this.ticketFactory.get(ProxyGrantingTicket.class);
    final ProxyGrantingTicket proxyGrantingTicket = factory.create(serviceTicket, authentication);
    LOGGER.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
    this.ticketRegistry.addTicket(proxyGrantingTicket);
    doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket));
    return proxyGrantingTicket;
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket) CasProxyGrantingTicketCreatedEvent(org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent) UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException) ProxyGrantingTicketFactory(org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory) Audit(org.apereo.inspektr.audit.annotation.Audit) Counted(com.codahale.metrics.annotation.Counted) Metered(com.codahale.metrics.annotation.Metered) Timed(com.codahale.metrics.annotation.Timed)

Example 13 with ProxyGrantingTicket

use of org.apereo.cas.ticket.proxy.ProxyGrantingTicket in project cas by apereo.

the class MemCacheTicketRegistryTests method verifyDeleteTicketWithPGT.

@Test
public void verifyDeleteTicketWithPGT() {
    final Authentication a = CoreAuthenticationTestUtils.getAuthentication();
    this.registry.addTicket(new TicketGrantingTicketImpl(TGT_ID, a, new NeverExpiresExpirationPolicy()));
    final TicketGrantingTicket tgt = this.registry.getTicket(TGT_ID, TicketGrantingTicket.class);
    final Service service = RegisteredServiceTestUtils.getService("TGT_DELETE_TEST");
    final ServiceTicket st1 = tgt.grantServiceTicket(ST_1_ID, service, new NeverExpiresExpirationPolicy(), false, true);
    this.registry.addTicket(st1);
    this.registry.updateTicket(tgt);
    assertNotNull(this.registry.getTicket(TGT_ID, TicketGrantingTicket.class));
    assertNotNull(this.registry.getTicket(ST_1_ID, ServiceTicket.class));
    final ProxyGrantingTicket pgt = st1.grantProxyGrantingTicket(PGT_1_ID, a, new NeverExpiresExpirationPolicy());
    this.registry.addTicket(pgt);
    this.registry.updateTicket(tgt);
    this.registry.updateTicket(st1);
    assertEquals(pgt.getGrantingTicket(), tgt);
    assertNotNull(this.registry.getTicket(PGT_1_ID, ProxyGrantingTicket.class));
    assertEquals(a, pgt.getAuthentication());
    assertNotNull(this.registry.getTicket(ST_1_ID, ServiceTicket.class));
    assertTrue(this.registry.deleteTicket(tgt.getId()) > 0);
    assertNull(this.registry.getTicket(TGT_ID, TicketGrantingTicket.class));
    assertNull(this.registry.getTicket(ST_1_ID, ServiceTicket.class));
    assertNull(this.registry.getTicket(PGT_1_ID, ProxyGrantingTicket.class));
}
Also used : NeverExpiresExpirationPolicy(org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy) Authentication(org.apereo.cas.authentication.Authentication) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) Service(org.apereo.cas.authentication.principal.Service) TicketGrantingTicketImpl(org.apereo.cas.ticket.TicketGrantingTicketImpl) MockServiceTicket(org.apereo.cas.mock.MockServiceTicket) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket) Test(org.junit.Test)

Aggregations

ProxyGrantingTicket (org.apereo.cas.ticket.proxy.ProxyGrantingTicket)13 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)7 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)7 Test (org.junit.Test)7 Authentication (org.apereo.cas.authentication.Authentication)5 NeverExpiresExpirationPolicy (org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy)5 Service (org.apereo.cas.authentication.principal.Service)4 TicketGrantingTicketImpl (org.apereo.cas.ticket.TicketGrantingTicketImpl)3 ProxyTicket (org.apereo.cas.ticket.proxy.ProxyTicket)3 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)3 Counted (com.codahale.metrics.annotation.Counted)2 Metered (com.codahale.metrics.annotation.Metered)2 Timed (com.codahale.metrics.annotation.Timed)2 MockServiceTicket (org.apereo.cas.mock.MockServiceTicket)2 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)2 RegisteredService (org.apereo.cas.services.RegisteredService)2 ProxyGrantingTicketImpl (org.apereo.cas.ticket.ProxyGrantingTicketImpl)2 Audit (org.apereo.inspektr.audit.annotation.Audit)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2