public void TransientServiceIsNotShared()
{
var service = new ServiceDescriptor(typeof(IInterface1), typeof(Class1), ServiceLifetime.Transient);
var registation = new RegisteredService(service);
Assert.IsFalse(registation.IsShared);
}
public void SingletonServiceIsShared()
{
var service = new ServiceDescriptor(typeof(IInterface1), typeof(Class1), ServiceLifetime.Singleton);
var registation = new RegisteredService(service);
Assert.IsTrue(registation.IsShared);
}
//@Transactional(readOnly = false)
//@Audit(action = "SAVE_SERVICE", actionResolverName = "SAVE_SERVICE_ACTION_RESOLVER", resourceResolverName = "SAVE_SERVICE_RESOURCE_RESOLVER")
public RegisteredService save(RegisteredService registeredService)
{
RegisteredService r = this.serviceRegistryDao.save(registeredService);
this.services.TryAdd(r.getId(), r);
return(r);
}
/**
* Constructs an instance of the {@link DefaultServicesManagerImpl} where the default RegisteredService
* can include a set of default attributes to use if no services are defined in the registry.
*
* @param serviceRegistryDao the Service Registry Dao.
* @param defaultAttributes the list of default attributes to use.
*/
public DefaultServicesManagerImpl(ServiceRegistryDao serviceRegistryDao, List<string> defaultAttributes)
{
this.serviceRegistryDao = serviceRegistryDao;
this.disabledRegisteredService = this.constructDefaultRegisteredService(defaultAttributes);
this.load();
}
/**
* Constructs an instance of the {@link DefaultServicesManagerImpl} where the default RegisteredService
* can include a set of default attributes to use if no services are defined in the registry.
*
* @param serviceRegistryDao the Service Registry Dao.
* @param defaultAttributes the list of default attributes to use.
*/
public DefaultServicesManagerImpl(ServiceRegistryDao serviceRegistryDao, List <string> defaultAttributes)
{
this.serviceRegistryDao = serviceRegistryDao;
this.disabledRegisteredService = this.constructDefaultRegisteredService(defaultAttributes);
this.load();
}
/// <summary>
/// Register service
/// </summary>
/// <param name="category">Service category</param>
/// <param name="name">Service name</param>
/// <param name="description">Service description</param>
/// <param name="getData">Service additional data func</param>
/// <returns>Service Id</returns>
public static Guid RegisterService(string category, string name, string description, Func <SerializedObject> getData)
{
var service = new RegisteredService
{
Category = category,
Name = name,
Description = description,
MachineName = Core.MachineName,
ApplicationName = Core.ApplicationName,
FrameworkVersion = Core.FrameworkVersion,
EnvironmentName = Core.EnvironmentName,
GetDataFunc = getData
};
var serviceText = service.Category + service.Name + service.Description + service.MachineName + service.ApplicationName + service.FrameworkVersion + service.EnvironmentName;
service.ServiceId = serviceText.GetHashSHA1Guid();
lock (LocalServices)
{
if (LocalServices.All((s, serviceId) => s.Service.ServiceId != serviceId, service.ServiceId))
{
LocalServices.Add(new RegisteredServiceContainer(service, Serializer, null));
}
}
return(service.ServiceId);
}
protected ModelAndView handleRequestInternal(
HttpRequest request, HttpResponse response)
{
string ticketGrantingTicketId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
string service = request.QueryString[("service")];
if (ticketGrantingTicketId != null)
{
this.centralAuthenticationService
.destroyTicketGrantingTicket(ticketGrantingTicketId);
this.ticketGrantingTicketCookieGenerator.removeCookie(response);
this.warnCookieGenerator.removeCookie(response);
}
if (this.followServiceRedirects && service != null)
{
RegisteredService rService = this.servicesManager.findServiceBy(new SimpleWebApplicationServiceImpl(service));
if (rService != null && rService.isEnabled())
{
return(new ModelAndView(new RedirectView(service)));
}
}
return(new ModelAndView(this.logoutView));
}
/// <summary>
/// Register service
/// </summary>
/// <param name="category">Service category</param>
/// <param name="name">Service name</param>
/// <param name="description">Service description</param>
/// <param name="data">Service additional data</param>
/// <returns>Service Id</returns>
public static Guid RegisterService(string category, string name, string description, SerializedObject data)
{
var service = new RegisteredService
{
Category = category,
Name = name,
Description = description,
InstanceId = Core.InstanceId,
MachineName = Core.MachineName,
ApplicationName = Core.ApplicationName,
FrameworkVersion = Core.FrameworkVersion,
EnvironmentName = Core.EnvironmentName,
Data = data
};
var serviceText = service.InstanceId + service.Category + service.Name + service.Description + service.MachineName + service.ApplicationName + service.FrameworkVersion + service.EnvironmentName;
service.ServiceId = serviceText.GetHashSHA1Guid();
lock (LocalServices)
{
if (LocalServices.All((s, serviceId) => s.Service.ServiceId != serviceId, service.ServiceId))
{
var sObj = new SerializedObject(service, Serializer);
var sObjArr = sObj.ToMultiArray();
LocalServices.Add(new RegisteredServiceContainer(service, Serializer, sObjArr));
HasRegisteredLocalService = true;
}
}
return(service.ServiceId);
}
public void SetsNewGuidOnNew()
{
var service = new ServiceDescriptor(typeof(IInterface1), typeof(Class1), ServiceLifetime.Singleton);
var registation = new RegisteredService(service);
Assert.AreNotEqual(Guid.Empty, registation.Id);
}
public void GetLifetimeAndServiceTypeFromDescriptor()
{
var service = new ServiceDescriptor(typeof(IInterface1), typeof(Class1), ServiceLifetime.Singleton);
var registation = new RegisteredService(service);
Assert.AreEqual(ServiceLifetime.Singleton, registation.Lifetime);
Assert.AreEqual(typeof(IInterface1), registation.ServiceType);
}
/**
* Compares this instance with the <code>other</code> registered service based on
* evaluation order, name. The name comparison is case insensitive.
*
* @see #getEvaluationOrder()
*/
public int compareTo(RegisteredService other)
{
//return new CompareToBuilder()
// .Append(this.getEvaluationOrder(), other.getEvaluationOrder())
// .Append(this.getName().toLowerCase(), other.getName().toLowerCase())
// .toComparison();
throw new NotImplementedException();
}
public void ServiceLocator_GetRegisteredService()
{
RegisteredService instance = new RegisteredService();
ServiceLocator.Instance.RegisterService(instance);
Assert.AreEqual(
instance,
ServiceLocator.Instance.GetService <RegisteredService>());
}
private void changeEnabledState(long id, bool newState)
{
RegisteredService r = this.servicesManager.findServiceBy(id);
//Assert.notNull(r, "invalid RegisteredService id");
// we screwed up our APIs in older versions of CAS, so we need to CAST this to do anything useful.
((RegisteredServiceImpl)r).setEnabled(newState);
this.servicesManager.save(r);
}
public void ActivateFromDescriptor()
{
var container = Mock.Of <IContainer>();
var service = new ServiceDescriptor(typeof(IInterface1), typeof(Class1), ServiceLifetime.Transient);
var registation = new RegisteredService(service);
var result = registation.Activate(container);
Assert.IsInstanceOfType(result, typeof(Class1));
}
public RegisteredService save(RegisteredService registeredService)
{
if (registeredService.getId() == -1)
{
((AbstractRegisteredService)registeredService).setId(this.findHighestId() + 1);
}
this.registeredServices.Remove(registeredService);
this.registeredServices.Add(registeredService);
return registeredService;
}
private void Listen()
{
_serverSocket.Listen(backlog: 1);
_serverSocket.BeginAccept(OnIncomingConnection, state: null);
Log.InfoFormat("{0}: EndPoint listening on {1}", Name, LocalEndPoint);
if (Name != null && _networkServiceDiscoverer != null)
{
_peerNameRegistration = _networkServiceDiscoverer.RegisterService(Name, LocalEndPoint);
Log.InfoFormat("{0}: Endpoint '{1}' published to local cloud", Name, LocalEndPoint);
}
}
public RegisteredService save(RegisteredService registeredService)
{
if (registeredService.getId() == -1)
{
((AbstractRegisteredService)registeredService).setId(this.findHighestId() + 1);
}
this.registeredServices.Remove(registeredService);
this.registeredServices.Add(registeredService);
return(registeredService);
}
public void ActivateFromInstance()
{
var container = Mock.Of <IContainer>();
Class1 instance = new Class1()
{
prop1 = 123456
};
var service = new ServiceDescriptor(typeof(Class1), instance);
var registation = new RegisteredService(service);
var result = (Class1)registation.Activate(container);
Assert.AreEqual(123456, result.prop1);
}
public void ExcludeService(Type serviceType, Type implementation = null)
{
Check.NotNull(serviceType, nameof(serviceType));
if (!serviceType.IsInterface)
{
return;
}
if (!registeredServices.ContainsKey(serviceType))
{
var registeredService = new RegisteredService(serviceType, implementation);
registeredServices.Add(serviceType, registeredService);
}
}
//@Transactional(readOnly = false)
//@Audit(action = "DELETE_SERVICE", actionResolverName = "DELETE_SERVICE_ACTION_RESOLVER", resourceResolverName = "DELETE_SERVICE_RESOURCE_RESOLVER")
public RegisteredService delete(long id)
{
RegisteredService r = this.findServiceBy(id);
if (r == null)
{
return(null);
}
this.serviceRegistryDao.delete(r);
RegisteredService value;
this.services.TryRemove(id, out value);
return(r);
}
//public object clone()
//{
// AbstractRegisteredService clone = newInstance();
// clone.copyFrom(this);
// return clone;
//}
/**
* Copies the properties of the source service into this instance.
*
* @param source Source service from which to copy properties.
*/
public void copyFrom(RegisteredService source)
{
this.setId(source.getId());
this.setAllowedAttributes(new List <string>(source.getAllowedAttributes()));
this.setAllowedToProxy(source.isAllowedToProxy());
this.setDescription(source.getDescription());
this.setEnabled(source.isEnabled());
this.setName(source.getName());
this.setServiceId(source.getServiceId());
this.setSsoEnabled(source.isSsoEnabled());
this.setTheme(source.getTheme());
this.setAnonymousAccess(source.isAnonymousAccess());
this.setIgnoreAttributes(source.isIgnoreAttributes());
this.setEvaluationOrder(source.getEvaluationOrder());
this.setUsernameAttribute(source.getUsernameAttribute());
}
/**
* @throws IllegalArgumentException if the ServiceTicketId or the
* Credentials are null.
*/
//@Audit(
// action="PROXY_GRANTING_TICKET",
// actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
// resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="GRANT_PROXY_GRANTING_TICKET",logFailuresSeparately = false)
//@Transactional(readOnly = false)
public string delegateTicketGrantingTicket(string serviceTicketId,
Credentials credentials)
{
//Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
//Assert.notNull(credentials, "credentials cannot be null");
try
{
Authentication authentication = this.authenticationManager
.authenticate(credentials);
ServiceTicket serviceTicket;
serviceTicket = (ServiceTicket)this.serviceTicketRegistry.getTicket(serviceTicketId, typeof(ServiceTicket));
if (serviceTicket == null || serviceTicket.isExpired())
{
throw new InvalidTicketException();
}
RegisteredService registeredService = this.servicesManager
.findServiceBy(serviceTicket.getService());
if (registeredService == null || !registeredService.isEnabled() ||
!registeredService.isAllowedToProxy())
{
//log.warn("ServiceManagement: Service Attempted to Proxy, but is not allowed. Service: [" + serviceTicket.getService().getId() + "]");
throw new UnauthorizedProxyingException();
}
TicketGrantingTicket ticketGrantingTicket = serviceTicket
.grantTicketGrantingTicket(
this.ticketGrantingTicketUniqueTicketIdGenerator
.getNewTicketId(TicketPrefix.TicketGrantingTicket_PREFIX),
authentication, this.ticketGrantingTicketExpirationPolicy);
this.ticketRegistry.addTicket(ticketGrantingTicket);
return(ticketGrantingTicket.getId());
}
catch (AuthenticationException e)
{
throw new TicketCreationException(e);
}
}
private Dictionary <Type, RegisteredService> BuildDependencyMap(IDictionary <Type, ICollection <IBinding> > allBindings, Context context)
{
var registeredServices = new Dictionary <Type, RegisteredService>();
foreach (var kv in allBindings)
{
var type = kv.Key;
if (IsIgnoredServiceType(type))
{
continue;
}
var bindings = kv.Value;
foreach (IBinding typeBinding in bindings)
{
var scope = typeBinding.GetScope(context);
var dependencies = new HashSet <Type>();
var plan = context.Planner.GetPlan(type);
foreach (ConstructorInjectionDirective injectionDirective in plan.GetAll <ConstructorInjectionDirective>())
{
foreach (ITarget target in injectionDirective.Targets)
{
dependencies.Add(target.Type);
}
}
// TODO multiple bindings
registeredServices[type] = new RegisteredService(scope, dependencies);
}
}
return(registeredServices);
}
/**
* Determines the principal id to use for a {@link RegisteredService} using the following rules:
*
* <ul>
* <li> If the service is marked to allow anonymous access, a persistent id is returned. </li>
* <li> If the attribute name matches {@link RegisteredService#DEFAULT_USERNAME_ATTRIBUTE}, then the default principal id is returned.</li>
* <li>If the service is set to ignore attributes, or the username attribute exists in the allowed attributes for the service,
* the corresponding attribute value will be returned.
* </li>
* <li>Otherwise, the default principal's id is returned as the username attribute with an additional warning.</li>
* </ul>
*
* @param principal The principal object to be validated and constructed
* @param registeredService Requesting service for which a principal is being validated.
* @param serviceTicket An instance of the service ticket used for validation
*
* @return The principal id to use for the requesting registered service
*/
private string determinePrincipalIdForRegisteredService(Principal principal, RegisteredService registeredService,
ServiceTicket serviceTicket)
{
string principalId = null;
string serviceUsernameAttribute = registeredService.getUsernameAttribute();
if (registeredService.isAnonymousAccess())
{
principalId = this.persistentIdGenerator.generate(principal, serviceTicket.getService());
}
else if (string.IsNullOrEmpty(serviceUsernameAttribute))
{
principalId = principal.getId();
}
else
{
if ((registeredService.isIgnoreAttributes() || registeredService.getAllowedAttributes().Contains(serviceUsernameAttribute)) &&
principal.getAttributes().ContainsKey(serviceUsernameAttribute))
{
principalId = principal.getAttributes().First(x => x.Key == registeredService.getUsernameAttribute()).Value.ToString();
}
else
{
principalId = principal.getId();
Object[] errorLogParameters = new Object[] { principalId, registeredService.getUsernameAttribute(),
principal.getAttributes(), registeredService.getServiceId(), principalId };
//log.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot "
// + "provide on the validation response the user attribute the registered service [{}] expects. "
// + "CAS will instead return the default username attribute [{}]", errorLogParameters);
}
}
//log.debug("Principal id to return for service [{}] is [{}]. The default principal id is [{}].",
// new Object[] {registeredService.getName(), principal.getId(), principalId});
return(principalId);
}
/// <summary>
/// Registers a service and creates a new session.
/// <para>If the service is already registered, the already existant service is returned and a new session is generated.</para>
/// </summary>
/// <param name="hostname">The hostname.</param>
/// <param name="nameEndpoint">The name endpoint.</param>
/// <param name="namePort">The name port.</param>
/// <param name="appName">Name of the application.</param>
/// <param name="appVersion">The application version.</param>
/// <param name="nameVersion">The name version.</param>
/// <returns>
/// Returns the <see cref="RegisteredServiceDTO"/>.
/// </returns>
/// <exception cref="RepositoryEntityOperationFailedException">RegisteredService</exception>
public RegisteredServiceDTO RegisterService(
string hostname,
string nameEndpoint,
uint?namePort,
string appName,
string appVersion,
string nameVersion)
{
Guard.NotNull(hostname, nameof(hostname));
Guard.NotNull(nameEndpoint, nameof(nameEndpoint));
Guard.NotNull(appName, nameof(appName));
Guard.NotNull(appVersion, nameof(appVersion));
Guard.NotNull(nameVersion, nameof(nameVersion));
this.logger.LogInformation($"Registering a {nameof(RegisteredService)}.");
string generatedId = Generator.RegisteredServiceId(hostname, nameEndpoint, namePort, appName, appVersion, nameVersion);
var registeredService = this.serviceRepository.GetById(generatedId);
if (registeredService != null)
{
this.logger.LogInformation($"The {nameof(RegisteredService)} already exists. Creating a new {nameof(ServiceSession)}.");
var session = this.sessionManager.CreateSession(generatedId);
this.logger.LogDebug($"Setting the {registeredService.CurrentSessionId} to the newly created {nameof(ServiceSession)}'s id ({session.Id}).");
registeredService.CurrentSessionId = Guid.Parse(session.Id);
registeredService.Updated = DateTime.UtcNow;
this.logger.LogDebug($"Updating the {nameof(RegisteredService)} in the repository.");
if (!this.serviceRepository.Update(registeredService))
{
throw new RepositoryEntityOperationFailedException(registeredService, $"Failed to update the {nameof(RegisteredService)}.");
}
this.logger.LogDebug($"Returning the {nameof(RegisteredService)}: {{{registeredService}}} AND {nameof(ServiceSession)}: {{{session}}}.");
var mappedService = this.mapper.Map <RegisteredService, RegisteredServiceDTO>(registeredService);
mappedService.CurrentSession = session;
return(mappedService);
}
else
{
this.logger.LogInformation($"The provided values are new. Creating a new {nameof(RegisteredService)}.");
this.logger.LogDebug($"Creating a new {nameof(ServiceSession)}.");
var session = this.sessionManager.CreateSession(generatedId);
var service = new RegisteredService()
{
AppName = appName,
AppVersion = appVersion,
Created = DateTime.UtcNow,
Updated = DateTime.UtcNow,
Hostname = hostname,
Id = generatedId,
NAMEEndpoint = nameEndpoint,
NAMEPort = namePort,
NAMEVersion = nameVersion,
CurrentSessionId = Guid.Parse(session.Id)
};
this.logger.LogDebug($"Creating a new {nameof(RegisteredService)} with the {nameof(service.CurrentSessionId)} set to {session.Id}.");
this.serviceRepository.Insert(service);
var mappedService = this.mapper.Map <RegisteredService, RegisteredServiceDTO>(service);
mappedService.CurrentSession = session;
return(mappedService);
}
}
public RegisteredServiceContainer(RegisteredService service, ISerializer serializer, SubArray <byte> dataToSend)
{
Service = service;
Serializer = serializer;
DataToSend = dataToSend;
}
/**
* @throws IllegalArgumentException if the ServiceTicketId or the Service
* are null.
*/
//@Audit(
// action="SERVICE_TICKET_VALIDATE",
// actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
// resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="VALIDATE_SERVICE_TICKET",logFailuresSeparately = false)
//@Transactional(readOnly = false)
public Assertion validateServiceTicket(string serviceTicketId, Service service)
{
//Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
//Assert.notNull(service, "service cannot be null");
ServiceTicket serviceTicket = (ServiceTicket)this.serviceTicketRegistry.getTicket(serviceTicketId, typeof(ServiceTicket));
RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.isEnabled())
{
//log.warn("ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets. Service: [" + service.getId() + "]");
throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
}
if (serviceTicket == null)
{
//log.info("ServiceTicket [" + serviceTicketId + "] does not exist.");
throw new InvalidTicketException();
}
try
{
lock (serviceTicket)
{
if (serviceTicket.isExpired())
{
//log.info("ServiceTicket [" + serviceTicketId + "] has expired.");
throw new InvalidTicketException();
}
if (!serviceTicket.isValidFor(service))
{
//log.error("ServiceTicket [" + serviceTicketId + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
throw new TicketValidationException(serviceTicket.getService());
}
}
List <Authentication> chainedAuthenticationsList = serviceTicket.getGrantingTicket().getChainedAuthentications();
Authentication authentication = chainedAuthenticationsList.ElementAt(chainedAuthenticationsList.Count() - 1);
Principal principal = authentication.getPrincipal();
string principalId = this.determinePrincipalIdForRegisteredService(principal, registeredService, serviceTicket);
Authentication authToUse;
if (!registeredService.isIgnoreAttributes())
{
Dictionary <string, Object> attributes = new Dictionary <string, Object>();
foreach (string attribute in registeredService.getAllowedAttributes())
{
Object value = principal.getAttributes().FirstOrDefault(x => x.Key == attribute).Value;
if (value != null)
{
attributes.Add(attribute, value);
}
}
Principal modifiedPrincipal = new SimplePrincipal(principalId, attributes);
MutableAuthentication mutableAuthentication = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
var mutableAuthenticationattributes = mutableAuthentication.getAttributes();
var U = mutableAuthentication.getAttributes().Concat(authentication.getAttributes());
mutableAuthentication.Attributes = U.ToDictionary(x => x.Key, x => x.Value);
mutableAuthentication.AuthenticatedDate = authentication.getAuthenticatedDate();
//mutableAuthentication.getAuthenticatedDate() = authentication.getAuthenticatedDate();
authToUse = mutableAuthentication;
}
else
{
Principal modifiedPrincipal = new SimplePrincipal(principalId, principal.getAttributes());
authToUse = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
}
List <Authentication> authentications = new List <Authentication>();
for (int i = 0; i < chainedAuthenticationsList.Count() - 1; i++)
{
authentications.Add(serviceTicket.getGrantingTicket().getChainedAuthentications().ElementAt(i));
}
authentications.Add(authToUse);
return(new ImmutableAssertionImpl(authentications, serviceTicket.getService(), serviceTicket.isFromNewLogin()));
}
finally
{
if (serviceTicket.isExpired())
{
this.serviceTicketRegistry.deleteTicket(serviceTicketId);
}
}
}
//@Transactional(readOnly = false)
//@Audit(action = "SAVE_SERVICE", actionResolverName = "SAVE_SERVICE_ACTION_RESOLVER", resourceResolverName = "SAVE_SERVICE_RESOURCE_RESOLVER")
public RegisteredService save(RegisteredService registeredService)
{
RegisteredService r = this.serviceRegistryDao.save(registeredService);
this.services.TryAdd(r.getId(), r);
return r;
}
/**
* Determines the principal id to use for a {@link RegisteredService} using the following rules:
*
* <ul>
* <li> If the service is marked to allow anonymous access, a persistent id is returned. </li>
* <li> If the attribute name matches {@link RegisteredService#DEFAULT_USERNAME_ATTRIBUTE}, then the default principal id is returned.</li>
* <li>If the service is set to ignore attributes, or the username attribute exists in the allowed attributes for the service,
* the corresponding attribute value will be returned.
* </li>
* <li>Otherwise, the default principal's id is returned as the username attribute with an additional warning.</li>
* </ul>
*
* @param principal The principal object to be validated and constructed
* @param registeredService Requesting service for which a principal is being validated.
* @param serviceTicket An instance of the service ticket used for validation
*
* @return The principal id to use for the requesting registered service
*/
private string determinePrincipalIdForRegisteredService(Principal principal, RegisteredService registeredService,
ServiceTicket serviceTicket)
{
string principalId = null;
string serviceUsernameAttribute = registeredService.getUsernameAttribute();
if (registeredService.isAnonymousAccess())
{
principalId = this.persistentIdGenerator.generate(principal, serviceTicket.getService());
}
else if (string.IsNullOrEmpty(serviceUsernameAttribute))
{
principalId = principal.getId();
}
else
{
if ((registeredService.isIgnoreAttributes() || registeredService.getAllowedAttributes().Contains(serviceUsernameAttribute)) &&
principal.getAttributes().ContainsKey(serviceUsernameAttribute))
{
principalId = principal.getAttributes().First(x => x.Key == registeredService.getUsernameAttribute()).Value.ToString();
}
else
{
principalId = principal.getId();
Object[] errorLogParameters = new Object[] { principalId, registeredService.getUsernameAttribute(),
principal.getAttributes(), registeredService.getServiceId(), principalId };
//log.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot "
// + "provide on the validation response the user attribute the registered service [{}] expects. "
// + "CAS will instead return the default username attribute [{}]", errorLogParameters);
}
}
//log.debug("Principal id to return for service [{}] is [{}]. The default principal id is [{}].",
// new Object[] {registeredService.getName(), principal.getId(), principalId});
return principalId;
}
public bool delete(RegisteredService registeredService)
{
return this.registeredServices.Remove(registeredService);
}
/**
* @throws IllegalArgumentException if TicketGrantingTicket ID, Credentials
* or Service are null.
*/
//@Audit(
// action="SERVICE_TICKET",
// actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
// resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="GRANT_SERVICE_TICKET", logFailuresSeparately = false)
//@Transactional(readOnly = false)
public string grantServiceTicket(string ticketGrantingTicketId, Service service, Credentials credentials)
{
//Assert.notNull(ticketGrantingTicketId, "ticketGrantingticketId cannot be null");
//Assert.notNull(service, "service cannot be null");
TicketGrantingTicket ticketGrantingTicket;
ticketGrantingTicket = (TicketGrantingTicket)this.ticketRegistry.getTicket(ticketGrantingTicketId, typeof(TicketGrantingTicket));
if (ticketGrantingTicket == null)
{
throw new InvalidTicketException();
}
lock (ticketGrantingTicket)
{
if (ticketGrantingTicket.isExpired())
{
this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
throw new InvalidTicketException();
}
}
RegisteredService registeredService = this.servicesManager
.findServiceBy(service);
if (registeredService == null || !registeredService.isEnabled())
{
//log.warn("ServiceManagement: Unauthorized Service Access. Service [" + service.getId() + "] not found in Service Registry.");
throw new UnauthorizedServiceException();
}
if (!registeredService.isSsoEnabled() && credentials == null &&
ticketGrantingTicket.getCountOfUses() > 0)
{
//log.warn("ServiceManagement: Service Not Allowed to use SSO. Service [" + service.getId() + "]");
throw new UnauthorizedSsoServiceException();
}
//CAS-1019
List <Authentication> authns = ticketGrantingTicket.getChainedAuthentications();
if (authns.Count > 1)
{
if (!registeredService.isAllowedToProxy())
{
string message = string.Format("ServiceManagement: Service Attempted to Proxy, but is not allowed. Service: [%s] | Registered Service: [%s]", service.getId(), registeredService.ToString());
//log.warn(message);
throw new UnauthorizedProxyingException(message);
}
}
if (credentials != null)
{
try
{
Authentication authentication = this.authenticationManager
.authenticate(credentials);
Authentication originalAuthentication = ticketGrantingTicket.getAuthentication();
if (!(authentication.getPrincipal().Equals(originalAuthentication.getPrincipal()) && authentication.getAttributes().Equals(originalAuthentication.getAttributes())))
{
throw new TicketCreationException();
}
}
catch (AuthenticationException e)
{
throw new TicketCreationException(e);
}
}
// this code is a bit brittle by depending on the class name. Future versions (i.e. CAS4 will know inherently how to identify themselves)
UniqueTicketIdGenerator serviceTicketUniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService
.FirstOrDefault(x => x.Key == service.GetType().FullName).Value;
ServiceTicket serviceTicket = ticketGrantingTicket
.grantServiceTicket(serviceTicketUniqueTicketIdGenerator
.getNewTicketId(TicketPrefix.ServiceTicket_PREFIX), service,
this.serviceTicketExpirationPolicy, credentials != null);
this.serviceTicketRegistry.addTicket(serviceTicket);
//if (log.isInfoEnabled()) {
// List<Authentication> authentications = serviceTicket.getGrantingTicket().getChainedAuthentications();
// string formatString = "Granted %s ticket [%s] for service [%s] for user [%s]";
// string type;
// string principalId = authentications.get(authentications.size()-1).getPrincipal().getId();
// if (authentications.size() == 1) {
// type = "service";
// } else {
// type = "proxy";
// }
// log.info(string.format(formatString, type, serviceTicket.getId(), service.getId(), principalId));
//}
return(serviceTicket.getId());
}
//public object clone()
//{
// AbstractRegisteredService clone = newInstance();
// clone.copyFrom(this);
// return clone;
//}
/**
* Copies the properties of the source service into this instance.
*
* @param source Source service from which to copy properties.
*/
public void copyFrom(RegisteredService source)
{
this.setId(source.getId());
this.setAllowedAttributes(new List<string>(source.getAllowedAttributes()));
this.setAllowedToProxy(source.isAllowedToProxy());
this.setDescription(source.getDescription());
this.setEnabled(source.isEnabled());
this.setName(source.getName());
this.setServiceId(source.getServiceId());
this.setSsoEnabled(source.isSsoEnabled());
this.setTheme(source.getTheme());
this.setAnonymousAccess(source.isAnonymousAccess());
this.setIgnoreAttributes(source.isIgnoreAttributes());
this.setEvaluationOrder(source.getEvaluationOrder());
this.setUsernameAttribute(source.getUsernameAttribute());
}
/**
* Compares this instance with the <code>other</code> registered service based on
* evaluation order, name. The name comparison is case insensitive.
*
* @see #getEvaluationOrder()
*/
public int compareTo(RegisteredService other)
{
//return new CompareToBuilder()
// .Append(this.getEvaluationOrder(), other.getEvaluationOrder())
// .Append(this.getName().toLowerCase(), other.getName().toLowerCase())
// .toComparison();
throw new NotImplementedException();
}
/// <summary>
/// Updates the specified service.
/// </summary>
/// <param name="service">The service.</param>
/// <returns>
/// Returns true if a service is updated.
/// </returns>
public bool Update(RegisteredService service)
{
return(this.serviceCollection.Update(service));
}
/// <summary>
/// Inserts the specified service.
/// </summary>
/// <param name="service">The service.</param>
public void Insert(RegisteredService service)
{
this.serviceCollection.Insert(service);
}
public bool delete(RegisteredService registeredService)
{
return(this.registeredServices.Remove(registeredService));
}
