use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.
the class CasCoreTicketsConfiguration method ticketGrantingTicketExpirationPolicy.
@ConditionalOnMissingBean(name = "ticketGrantingTicketExpirationPolicy")
@Bean
public ExpirationPolicy ticketGrantingTicketExpirationPolicy() {
final TicketGrantingTicketProperties tgt = casProperties.getTicket().getTgt();
if (tgt.getMaxTimeToLiveInSeconds() <= 0 && tgt.getTimeToKillInSeconds() <= 0) {
LOGGER.warn("Ticket-granting ticket expiration policy is set to NEVER expire tickets.");
return new NeverExpiresExpirationPolicy();
}
if (tgt.getTimeout().getMaxTimeToLiveInSeconds() > 0) {
LOGGER.debug("Ticket-granting ticket expiration policy is based on a timeout of [{}] seconds", tgt.getTimeout().getMaxTimeToLiveInSeconds());
return new TimeoutExpirationPolicy(tgt.getTimeout().getMaxTimeToLiveInSeconds());
}
if (tgt.getMaxTimeToLiveInSeconds() > 0 && tgt.getTimeToKillInSeconds() > 0) {
LOGGER.debug("Ticket-granting ticket expiration policy is based on hard/idle timeouts of [{}]/[{}] seconds", tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
return new TicketGrantingTicketExpirationPolicy(tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
}
if (tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds() > 0 && tgt.getThrottledTimeout().getTimeToKillInSeconds() > 0) {
final ThrottledUseAndTimeoutExpirationPolicy p = new ThrottledUseAndTimeoutExpirationPolicy();
p.setTimeToKillInSeconds(tgt.getThrottledTimeout().getTimeToKillInSeconds());
p.setTimeInBetweenUsesInSeconds(tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds());
LOGGER.debug("Ticket-granting ticket expiration policy is based on throttled timeouts");
return p;
}
if (tgt.getHardTimeout().getTimeToKillInSeconds() > 0) {
LOGGER.debug("Ticket-granting ticket expiration policy is based on a hard timeout of [{}] seconds", tgt.getHardTimeout().getTimeToKillInSeconds());
return new HardTimeoutExpirationPolicy(tgt.getHardTimeout().getTimeToKillInSeconds());
}
LOGGER.warn("Ticket-granting ticket expiration policy is set to ALWAYS expire tickets.");
return new AlwaysExpiresExpirationPolicy();
}
use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.
the class AbstractTicketRegistryTests method verifyExpiration.
@Test
public void verifyExpiration() {
final String id = "ST-1234567890ABCDEFGHIJKL-exp1";
final MockServiceTicket ticket = new MockServiceTicket(id, RegisteredServiceTestUtils.getService(), new MockTicketGrantingTicket("test"));
ticket.setExpiration(new AlwaysExpiresExpirationPolicy());
ticketRegistry.addTicket(ticket);
assertNull(ticketRegistry.getTicket(id, ServiceTicket.class));
}
use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.
the class OAuth20AccessTokenControllerTests method verifyClientExpiredCode.
@Test
public void verifyClientExpiredCode() throws Exception {
final RegisteredService registeredService = getRegisteredService(REDIRECT_URI, CLIENT_SECRET);
servicesManager.save(registeredService);
final Map<String, Object> map = new HashMap<>();
map.put(NAME, VALUE);
final List<String> list = Arrays.asList(VALUE, VALUE);
map.put(NAME2, list);
final Principal principal = CoreAuthenticationTestUtils.getPrincipal(ID, map);
final Authentication authentication = getAuthentication(principal);
final DefaultOAuthCodeFactory expiringOAuthCodeFactory = new DefaultOAuthCodeFactory(new AlwaysExpiresExpirationPolicy());
final WebApplicationServiceFactory factory = new WebApplicationServiceFactory();
final Service service = factory.createService(registeredService.getServiceId());
final OAuthCode code = expiringOAuthCodeFactory.create(service, authentication, new MockTicketGrantingTicket("casuser"), new ArrayList<>());
this.ticketRegistry.addTicket(code);
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(HttpMethod.GET.name(), CONTEXT + OAuth20Constants.ACCESS_TOKEN_URL);
mockRequest.setParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
mockRequest.setParameter(OAuth20Constants.REDIRECT_URI, REDIRECT_URI);
mockRequest.setParameter(OAuth20Constants.CLIENT_SECRET, CLIENT_SECRET);
mockRequest.setParameter(OAuth20Constants.CODE, code.getId());
mockRequest.setParameter(OAuth20Constants.GRANT_TYPE, OAuth20GrantTypes.AUTHORIZATION_CODE.name().toLowerCase());
servicesManager.save(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
requiresAuthenticationInterceptor.preHandle(mockRequest, mockResponse, null);
oAuth20AccessTokenController.handleRequest(mockRequest, mockResponse);
assertEquals(HttpStatus.SC_BAD_REQUEST, mockResponse.getStatus());
assertEquals(ERROR_EQUALS + OAuth20Constants.INVALID_REQUEST, mockResponse.getContentAsString());
}
use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.
the class OAuth20ProfileControllerTests method verifyExpiredAccessToken.
@Test
public void verifyExpiredAccessToken() throws Exception {
final Principal principal = CoreAuthenticationTestUtils.getPrincipal(ID, new HashMap<>());
final Authentication authentication = getAuthentication(principal);
final DefaultAccessTokenFactory expiringAccessTokenFactory = new DefaultAccessTokenFactory(new AlwaysExpiresExpirationPolicy());
final AccessToken accessToken = expiringAccessTokenFactory.create(RegisteredServiceTestUtils.getService(), authentication, new MockTicketGrantingTicket("casuser"), new ArrayList<>());
this.ticketRegistry.addTicket(accessToken);
final MockHttpServletRequest mockRequest = new MockHttpServletRequest(GET, CONTEXT + OAuth20Constants.PROFILE_URL);
mockRequest.setParameter(OAuth20Constants.ACCESS_TOKEN, accessToken.getId());
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final ResponseEntity<String> entity = oAuth20ProfileController.handleRequest(mockRequest, mockResponse);
assertEquals(HttpStatus.UNAUTHORIZED, entity.getStatusCode());
assertEquals(CONTENT_TYPE, mockResponse.getContentType());
assertTrue(entity.getBody().contains(OAuth20Constants.EXPIRED_ACCESS_TOKEN));
}
use of org.apereo.cas.ticket.support.AlwaysExpiresExpirationPolicy in project cas by apereo.
the class CasCoreTicketsConfiguration method buildTicketGrantingTicketExpirationPolicy.
private ExpirationPolicy buildTicketGrantingTicketExpirationPolicy() {
final TicketGrantingTicketProperties tgt = casProperties.getTicket().getTgt();
if (tgt.getMaxTimeToLiveInSeconds() < 0 && tgt.getTimeToKillInSeconds() < 0) {
LOGGER.warn("Ticket-granting ticket expiration policy is set to NEVER expire tickets.");
return new NeverExpiresExpirationPolicy();
}
if (tgt.getTimeout().getMaxTimeToLiveInSeconds() > 0) {
LOGGER.debug("Ticket-granting ticket expiration policy is based on a timeout of [{}] seconds", tgt.getTimeout().getMaxTimeToLiveInSeconds());
return new TimeoutExpirationPolicy(tgt.getTimeout().getMaxTimeToLiveInSeconds());
}
if (tgt.getMaxTimeToLiveInSeconds() > 0 && tgt.getTimeToKillInSeconds() > 0) {
LOGGER.debug("Ticket-granting ticket expiration policy is based on hard/idle timeouts of [{}]/[{}] seconds", tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
return new TicketGrantingTicketExpirationPolicy(tgt.getMaxTimeToLiveInSeconds(), tgt.getTimeToKillInSeconds());
}
if (tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds() > 0 && tgt.getThrottledTimeout().getTimeToKillInSeconds() > 0) {
final ThrottledUseAndTimeoutExpirationPolicy p = new ThrottledUseAndTimeoutExpirationPolicy();
p.setTimeToKillInSeconds(tgt.getThrottledTimeout().getTimeToKillInSeconds());
p.setTimeInBetweenUsesInSeconds(tgt.getThrottledTimeout().getTimeInBetweenUsesInSeconds());
LOGGER.debug("Ticket-granting ticket expiration policy is based on throttled timeouts");
return p;
}
if (tgt.getHardTimeout().getTimeToKillInSeconds() > 0) {
LOGGER.debug("Ticket-granting ticket expiration policy is based on a hard timeout of [{}] seconds", tgt.getHardTimeout().getTimeToKillInSeconds());
return new HardTimeoutExpirationPolicy(tgt.getHardTimeout().getTimeToKillInSeconds());
}
LOGGER.warn("Ticket-granting ticket expiration policy is set to ALWAYS expire tickets.");
return new AlwaysExpiresExpirationPolicy();
}
Aggregations