//public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager, // TicketRegistry ticketRegistry, // TicketRegistry serviceTicketRegistry, // UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, // ExpirationPolicy ticketGrantingTicketExpirationPolicy, // ExpirationPolicy serviceTicketExpirationPolicy, // ServicesManager servicesManager) // : this(authenticationManager, ticketRegistry, serviceTicketRegistry, ticketGrantingTicketUniqueTicketIdGenerator, null, ticketGrantingTicketExpirationPolicy, serviceTicketExpirationPolicy, servicesManager) //{ //} public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager, TicketRegistry ticketRegistry, TicketRegistry serviceTicketRegistry, UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, Dictionary <string, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService, ExpirationPolicy ticketGrantingTicketExpirationPolicy, ExpirationPolicy serviceTicketExpirationPolicy, ServicesManager servicesManager) { this.authenticationManager = authenticationManager; this.ticketRegistry = ticketRegistry; this.serviceTicketRegistry = serviceTicketRegistry; this.ticketGrantingTicketUniqueTicketIdGenerator = ticketGrantingTicketUniqueTicketIdGenerator; this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService; this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy; this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy; this.servicesManager = servicesManager; }
public Cas20ProxyHandler(HttpClient httpClient, UniqueTicketIdGenerator uniqueTicketIdGenerator) { this.httpClient = httpClient; this.uniqueTicketIdGenerator = uniqueTicketIdGenerator; }
public void setTicketIdGenerator(UniqueTicketIdGenerator generator) { this.ticketIdGenerator = generator; }
//public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager, // TicketRegistry ticketRegistry, // TicketRegistry serviceTicketRegistry, // UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, // ExpirationPolicy ticketGrantingTicketExpirationPolicy, // ExpirationPolicy serviceTicketExpirationPolicy, // ServicesManager servicesManager) // : this(authenticationManager, ticketRegistry, serviceTicketRegistry, ticketGrantingTicketUniqueTicketIdGenerator, null, ticketGrantingTicketExpirationPolicy, serviceTicketExpirationPolicy, servicesManager) //{ //} public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager, TicketRegistry ticketRegistry, TicketRegistry serviceTicketRegistry, UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, Dictionary<string, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService, ExpirationPolicy ticketGrantingTicketExpirationPolicy, ExpirationPolicy serviceTicketExpirationPolicy, ServicesManager servicesManager) { this.authenticationManager = authenticationManager; this.ticketRegistry = ticketRegistry; this.serviceTicketRegistry = serviceTicketRegistry; this.ticketGrantingTicketUniqueTicketIdGenerator = ticketGrantingTicketUniqueTicketIdGenerator; this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService; this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy; this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy; this.servicesManager = servicesManager; }
/** * @throws IllegalArgumentException if TicketGrantingTicket ID, Credentials * or Service are null. */ //@Audit( // action="SERVICE_TICKET", // actionResolverName="GRANT_SERVICE_TICKET_RESOLVER", // resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") //@Profiled(tag="GRANT_SERVICE_TICKET", logFailuresSeparately = false) //@Transactional(readOnly = false) public string grantServiceTicket(string ticketGrantingTicketId, Service service, Credentials credentials) { //Assert.notNull(ticketGrantingTicketId, "ticketGrantingticketId cannot be null"); //Assert.notNull(service, "service cannot be null"); TicketGrantingTicket ticketGrantingTicket; ticketGrantingTicket = (TicketGrantingTicket)this.ticketRegistry.getTicket(ticketGrantingTicketId, typeof(TicketGrantingTicket)); if (ticketGrantingTicket == null) { throw new InvalidTicketException(); } lock (ticketGrantingTicket) { if (ticketGrantingTicket.isExpired()) { this.ticketRegistry.deleteTicket(ticketGrantingTicketId); throw new InvalidTicketException(); } } RegisteredService registeredService = this.servicesManager .findServiceBy(service); if (registeredService == null || !registeredService.isEnabled()) { //log.warn("ServiceManagement: Unauthorized Service Access. Service [" + service.getId() + "] not found in Service Registry."); throw new UnauthorizedServiceException(); } if (!registeredService.isSsoEnabled() && credentials == null && ticketGrantingTicket.getCountOfUses() > 0) { //log.warn("ServiceManagement: Service Not Allowed to use SSO. Service [" + service.getId() + "]"); throw new UnauthorizedSsoServiceException(); } //CAS-1019 List <Authentication> authns = ticketGrantingTicket.getChainedAuthentications(); if (authns.Count > 1) { if (!registeredService.isAllowedToProxy()) { string message = string.Format("ServiceManagement: Service Attempted to Proxy, but is not allowed. Service: [%s] | Registered Service: [%s]", service.getId(), registeredService.ToString()); //log.warn(message); throw new UnauthorizedProxyingException(message); } } if (credentials != null) { try { Authentication authentication = this.authenticationManager .authenticate(credentials); Authentication originalAuthentication = ticketGrantingTicket.getAuthentication(); if (!(authentication.getPrincipal().Equals(originalAuthentication.getPrincipal()) && authentication.getAttributes().Equals(originalAuthentication.getAttributes()))) { throw new TicketCreationException(); } } catch (AuthenticationException e) { throw new TicketCreationException(e); } } // this code is a bit brittle by depending on the class name. Future versions (i.e. CAS4 will know inherently how to identify themselves) UniqueTicketIdGenerator serviceTicketUniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService .FirstOrDefault(x => x.Key == service.GetType().FullName).Value; ServiceTicket serviceTicket = ticketGrantingTicket .grantServiceTicket(serviceTicketUniqueTicketIdGenerator .getNewTicketId(TicketPrefix.ServiceTicket_PREFIX), service, this.serviceTicketExpirationPolicy, credentials != null); this.serviceTicketRegistry.addTicket(serviceTicket); //if (log.isInfoEnabled()) { // List<Authentication> authentications = serviceTicket.getGrantingTicket().getChainedAuthentications(); // string formatString = "Granted %s ticket [%s] for service [%s] for user [%s]"; // string type; // string principalId = authentications.get(authentications.size()-1).getPrincipal().getId(); // if (authentications.size() == 1) { // type = "service"; // } else { // type = "proxy"; // } // log.info(string.format(formatString, type, serviceTicket.getId(), service.getId(), principalId)); //} return(serviceTicket.getId()); }