Search in sources :

Example 1 with AlwaysExpiresExpirationPolicy

use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.

the class CasCoreTicketsConfiguration method ticketGrantingTicketExpirationPolicy.

@ConditionalOnMissingBean(name = "ticketGrantingTicketExpirationPolicy")
@Bean
public ExpirationPolicy ticketGrantingTicketExpirationPolicy() {
    final TicketGrantingTicketProperties tgt = casProperties.getTicket().getTgt();
    if (tgt.getMaxTimeToLiveInSeconds() <= 0 && tgt.getTimeToKillInSeconds() <= 0) {
        LOGGER.warn("Ticket-granting ticket expiration policy is set to NEVER expire tickets.");
        return new NeverExpiresExpirationPolicy();
    }
    if (tgt.getTimeout().getMaxTimeToLiveInSeconds() > 0) {
        LOGGER.debug("Ticket-granting ticket expiration policy is based on a timeout of [{}] seconds", tgt.getTimeout().getMaxTimeToLiveInSeconds());
        return new TimeoutExpirationPolicy(tgt.getTimeout().getMaxTimeToLiveInSeconds());
    }
    if (tgt.getMaxTimeToLiveInSeconds() > 0 && tgt.getTimeToKillInSeconds() > 0) {
        LOGGER.debug("Ticket-granting ticket expiration policy is based on hard/idle timeouts of [{}]/[{}] seconds", tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
        return new TicketGrantingTicketExpirationPolicy(tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
    }
    if (tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds() > 0 && tgt.getThrottledTimeout().getTimeToKillInSeconds() > 0) {
        final ThrottledUseAndTimeoutExpirationPolicy p = new ThrottledUseAndTimeoutExpirationPolicy();
        p.setTimeToKillInSeconds(tgt.getThrottledTimeout().getTimeToKillInSeconds());
        p.setTimeInBetweenUsesInSeconds(tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds());
        LOGGER.debug("Ticket-granting ticket expiration policy is based on throttled timeouts");
        return p;
    }
    if (tgt.getHardTimeout().getTimeToKillInSeconds() > 0) {
        LOGGER.debug("Ticket-granting ticket expiration policy is based on a hard timeout of [{}] seconds", tgt.getHardTimeout().getTimeToKillInSeconds());
        return new HardTimeoutExpirationPolicy(tgt.getHardTimeout().getTimeToKillInSeconds());
    }
    LOGGER.warn("Ticket-granting ticket expiration policy is set to ALWAYS expire tickets.");
    return new AlwaysExpiresExpirationPolicy();
}
Also used : ThrottledUseAndTimeoutExpirationPolicy(org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy) NeverExpiresExpirationPolicy(org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy) TicketGrantingTicketProperties(org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties) TicketGrantingTicketExpirationPolicy(org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy) AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy) ThrottledUseAndTimeoutExpirationPolicy(org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy) MultiTimeUseOrTimeoutExpirationPolicy(org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy) TimeoutExpirationPolicy(org.apereo.cas.ticket.support.TimeoutExpirationPolicy) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with AlwaysExpiresExpirationPolicy

use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.

the class AbstractTicketRegistryTests method verifyExpiration.

@Test
public void verifyExpiration() {
    final String id = "ST-1234567890ABCDEFGHIJKL-exp1";
    final MockServiceTicket ticket = new MockServiceTicket(id, RegisteredServiceTestUtils.getService(), new MockTicketGrantingTicket("test"));
    ticket.setExpiration(new AlwaysExpiresExpirationPolicy());
    ticketRegistry.addTicket(ticket);
    assertNull(ticketRegistry.getTicket(id, ServiceTicket.class));
}
Also used : MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) MockServiceTicket(org.apereo.cas.mock.MockServiceTicket) AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy) MockServiceTicket(org.apereo.cas.mock.MockServiceTicket) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) Test(org.junit.Test)

Example 3 with AlwaysExpiresExpirationPolicy

use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.

the class OAuth20AccessTokenControllerTests method verifyClientExpiredCode.

@Test
public void verifyClientExpiredCode() throws Exception {
    final RegisteredService registeredService = getRegisteredService(REDIRECT_URI, CLIENT_SECRET);
    servicesManager.save(registeredService);
    final Map<String, Object> map = new HashMap<>();
    map.put(NAME, VALUE);
    final List<String> list = Arrays.asList(VALUE, VALUE);
    map.put(NAME2, list);
    final Principal principal = CoreAuthenticationTestUtils.getPrincipal(ID, map);
    final Authentication authentication = getAuthentication(principal);
    final DefaultOAuthCodeFactory expiringOAuthCodeFactory = new DefaultOAuthCodeFactory(new AlwaysExpiresExpirationPolicy());
    final WebApplicationServiceFactory factory = new WebApplicationServiceFactory();
    final Service service = factory.createService(registeredService.getServiceId());
    final OAuthCode code = expiringOAuthCodeFactory.create(service, authentication, new MockTicketGrantingTicket("casuser"), new ArrayList<>());
    this.ticketRegistry.addTicket(code);
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(HttpMethod.GET.name(), CONTEXT + OAuth20Constants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuth20Constants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuth20Constants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuth20Constants.CODE, code.getId());
    mockRequest.setParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
    servicesManager.save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
    oAuth20AccessTokenController.handleRequest(mockRequest, mockResponse);
    assertEquals(HttpStatus.SC_BAD_REQUEST, mockResponse.getStatus());
    assertEquals(ERROR_EQUALS + OAuth20Constants.INVALID_REQUEST, mockResponse.getContentAsString());
}
Also used : OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) HashMap(java.util.HashMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy) OAuthCode(org.apereo.cas.ticket.code.OAuthCode) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) Authentication(org.apereo.cas.authentication.Authentication) WebApplicationServiceFactory(org.apereo.cas.authentication.principal.WebApplicationServiceFactory) DefaultOAuthCodeFactory(org.apereo.cas.ticket.code.DefaultOAuthCodeFactory) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 4 with AlwaysExpiresExpirationPolicy

use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.

the class OAuth20ProfileControllerTests method verifyExpiredAccessToken.

@Test
public void verifyExpiredAccessToken() throws Exception {
    final Principal principal = CoreAuthenticationTestUtils.getPrincipal(ID, new HashMap<>());
    final Authentication authentication = getAuthentication(principal);
    final DefaultAccessTokenFactory expiringAccessTokenFactory = new DefaultAccessTokenFactory(new AlwaysExpiresExpirationPolicy());
    final AccessToken accessToken = expiringAccessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket("casuser"), new ArrayList<>());
    this.ticketRegistry.addTicket(accessToken);
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuth20Constants.PROFILE_URL);
    mockRequest.setParameter(OAuth20Constants.ACCESS_TOKEN, accessToken.getId());
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    final ResponseEntity<String> entity = oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
    assertEquals(HttpStatus.UNAUTHORIZED, entity.getStatusCode());
    assertEquals(CONTENT_TYPE, mockResponse.getContentType());
    assertTrue(entity.getBody().contains(OAuth20Constants.EXPIRED_ACCESS_TOKEN));
}
Also used : MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) Authentication(org.apereo.cas.authentication.Authentication) DefaultAccessTokenFactory(org.apereo.cas.ticket.accesstoken.DefaultAccessTokenFactory) AccessToken(org.apereo.cas.ticket.accesstoken.AccessToken) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy) Principal(org.apereo.cas.authentication.principal.Principal) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 5 with AlwaysExpiresExpirationPolicy

use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.

the class CasCoreTicketsConfiguration method buildTicketGrantingTicketExpirationPolicy.

private ExpirationPolicy buildTicketGrantingTicketExpirationPolicy() {
    final TicketGrantingTicketProperties tgt = casProperties.getTicket().getTgt();
    if (tgt.getMaxTimeToLiveInSeconds() < 0 && tgt.getTimeToKillInSeconds() < 0) {
        LOGGER.warn("Ticket-granting ticket expiration policy is set to NEVER expire tickets.");
        return new NeverExpiresExpirationPolicy();
    }
    if (tgt.getTimeout().getMaxTimeToLiveInSeconds() > 0) {
        LOGGER.debug("Ticket-granting ticket expiration policy is based on a timeout of [{}] seconds", tgt.getTimeout().getMaxTimeToLiveInSeconds());
        return new TimeoutExpirationPolicy(tgt.getTimeout().getMaxTimeToLiveInSeconds());
    }
    if (tgt.getMaxTimeToLiveInSeconds() > 0 && tgt.getTimeToKillInSeconds() > 0) {
        LOGGER.debug("Ticket-granting ticket expiration policy is based on hard/idle timeouts of [{}]/[{}] seconds", tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
        return new TicketGrantingTicketExpirationPolicy(tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
    }
    if (tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds() > 0 && tgt.getThrottledTimeout().getTimeToKillInSeconds() > 0) {
        final ThrottledUseAndTimeoutExpirationPolicy p = new ThrottledUseAndTimeoutExpirationPolicy();
        p.setTimeToKillInSeconds(tgt.getThrottledTimeout().getTimeToKillInSeconds());
        p.setTimeInBetweenUsesInSeconds(tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds());
        LOGGER.debug("Ticket-granting ticket expiration policy is based on throttled timeouts");
        return p;
    }
    if (tgt.getHardTimeout().getTimeToKillInSeconds() > 0) {
        LOGGER.debug("Ticket-granting ticket expiration policy is based on a hard timeout of [{}] seconds", tgt.getHardTimeout().getTimeToKillInSeconds());
        return new HardTimeoutExpirationPolicy(tgt.getHardTimeout().getTimeToKillInSeconds());
    }
    LOGGER.warn("Ticket-granting ticket expiration policy is set to ALWAYS expire tickets.");
    return new AlwaysExpiresExpirationPolicy();
}
Also used : ThrottledUseAndTimeoutExpirationPolicy(org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy) NeverExpiresExpirationPolicy(org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy) TicketGrantingTicketProperties(org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties) TicketGrantingTicketExpirationPolicy(org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy) AlwaysExpiresExpirationPolicy(org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy) ThrottledUseAndTimeoutExpirationPolicy(org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy) HardTimeoutExpirationPolicy(org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy) MultiTimeUseOrTimeoutExpirationPolicy(org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy) TimeoutExpirationPolicy(org.apereo.cas.ticket.support.TimeoutExpirationPolicy)

Aggregations

AlwaysExpiresExpirationPolicy (org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy)7 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)5 Test (org.junit.Test)5 Authentication (org.apereo.cas.authentication.Authentication)3 Principal (org.apereo.cas.authentication.principal.Principal)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 Service (org.apereo.cas.authentication.principal.Service)2 WebApplicationServiceFactory (org.apereo.cas.authentication.principal.WebApplicationServiceFactory)2 TicketGrantingTicketProperties (org.apereo.cas.configuration.model.core.ticket.TicketGrantingTicketProperties)2 MockServiceTicket (org.apereo.cas.mock.MockServiceTicket)2 RegisteredService (org.apereo.cas.services.RegisteredService)2 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)2 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)2 HardTimeoutExpirationPolicy (org.apereo.cas.ticket.support.HardTimeoutExpirationPolicy)2 MultiTimeUseOrTimeoutExpirationPolicy (org.apereo.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy)2 NeverExpiresExpirationPolicy (org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy)2 ThrottledUseAndTimeoutExpirationPolicy (org.apereo.cas.ticket.support.ThrottledUseAndTimeoutExpirationPolicy)2 TicketGrantingTicketExpirationPolicy (org.apereo.cas.ticket.support.TicketGrantingTicketExpirationPolicy)2 TimeoutExpirationPolicy (org.apereo.cas.ticket.support.TimeoutExpirationPolicy)2