Example 1 with Service10ResponseBuilder
use of org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder in project MaxKey by dromara.
the class Cas10AuthorizeEndpoint method validate.
/**
* @param request
* @param response
* @param ticket
* @param service
* @param renew
* @return
*
*2.4. /validate [CAS 1.0]
*/validate checks the validity of a service ticket. /validate is part of the CAS 1.0 protocol and thus does not handle proxy authentication. CAS MUST respond with a ticket validation failure response when a proxy ticket is passed to /validate.
*
*2.4.1. parameters
*The following HTTP request parameters MAY be specified to /validate. They are case sensitive and MUST all be handled by /validate.
*
*service [REQUIRED] - the identifier of the service for which the ticket was issued, as discussed in Section 2.2.1. As a HTTP request parameter, the service value MUST be URL-encoded as described in Section 2.2 of RFC 1738 [4].
*
*Note: It is STRONGLY RECOMMENDED that all service urls be filtered via the service management tool, such that only authorized and known client applications would be able to use the CAS server. Leaving the service management tool open to allow lenient access to all applications will potentially increase the risk of service attacks and other security vulnerabilities. Furthermore, it is RECOMMENDED that only secure protocols such as https be allowed for client applications for further strengthen the authenticating client.
*
*ticket [REQUIRED] - the service ticket issued by /login. Service tickets are described in Section 3.1.
*
*renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed if the service ticket was issued from the presentation of the user��s primary credentials. It will fail if the ticket was issued from a single sign-on session.
*
*2.4.2. response
*/validate will return one of the following two responses:
* On ticket validation success:
* yes<LF>
* username<LF>
*
* On ticket validation failure:
* no<LF>
* <LF>
*/
@Operation(summary = "CAS 1.0 ticket验证接口", description = "通过ticket获取当前登录用户信息", method = "POST")
@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_VALIDATE)
@ResponseBody
public String validate(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = CasConstants.PARAMETER.TICKET) String ticket, @RequestParam(value = CasConstants.PARAMETER.SERVICE) String service, @RequestParam(value = CasConstants.PARAMETER.RENEW, required = false) String renew) {
_logger.debug("serviceValidate " + " ticket " + ticket + " , service " + service + " , renew " + renew);
Ticket storedTicket = null;
try {
storedTicket = ticketServices.consumeTicket(ticket);
} catch (Exception e) {
_logger.error("consume Ticket error ", e);
}
if (storedTicket != null) {
String principal = ((SigninPrincipal) storedTicket.getAuthentication().getPrincipal()).getUsername();
_logger.debug("principal " + principal);
return new Service10ResponseBuilder().success().setUser(principal).serviceResponseBuilder();
} else {
_logger.debug("Ticket not found .");
return new Service10ResponseBuilder().failure().serviceResponseBuilder();
}
}
Also used :
Ticket(org.maxkey.authz.cas.endpoint.ticket.Ticket)
Service10ResponseBuilder(org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder)
SigninPrincipal(org.maxkey.authn.SigninPrincipal)
Operation(io.swagger.v3.oas.annotations.Operation)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Aggregations
Operation (io.swagger.v3.oas.annotations.Operation)1
SigninPrincipal (org.maxkey.authn.SigninPrincipal)1
Service10ResponseBuilder (org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder)1
Ticket (org.maxkey.authz.cas.endpoint.ticket.Ticket)1
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1
