//public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager,
// TicketRegistry ticketRegistry,
// TicketRegistry serviceTicketRegistry,
// UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator,
// ExpirationPolicy ticketGrantingTicketExpirationPolicy,
// ExpirationPolicy serviceTicketExpirationPolicy,
// ServicesManager servicesManager)
// : this(authenticationManager, ticketRegistry, serviceTicketRegistry, ticketGrantingTicketUniqueTicketIdGenerator, null, ticketGrantingTicketExpirationPolicy, serviceTicketExpirationPolicy, servicesManager)
//{
//}
public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager,
TicketRegistry ticketRegistry,
TicketRegistry serviceTicketRegistry,
UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator,
Dictionary <string, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService,
ExpirationPolicy ticketGrantingTicketExpirationPolicy,
ExpirationPolicy serviceTicketExpirationPolicy,
ServicesManager servicesManager)
{
this.authenticationManager = authenticationManager;
this.ticketRegistry = ticketRegistry;
this.serviceTicketRegistry = serviceTicketRegistry;
this.ticketGrantingTicketUniqueTicketIdGenerator = ticketGrantingTicketUniqueTicketIdGenerator;
this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService;
this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy;
this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy;
this.servicesManager = servicesManager;
}
public Cas20ProxyHandler(HttpClient httpClient, UniqueTicketIdGenerator uniqueTicketIdGenerator)
{
this.httpClient = httpClient;
this.uniqueTicketIdGenerator = uniqueTicketIdGenerator;
}
public void setTicketIdGenerator(UniqueTicketIdGenerator generator)
{
this.ticketIdGenerator = generator;
}
//public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager,
// TicketRegistry ticketRegistry,
// TicketRegistry serviceTicketRegistry,
// UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator,
// ExpirationPolicy ticketGrantingTicketExpirationPolicy,
// ExpirationPolicy serviceTicketExpirationPolicy,
// ServicesManager servicesManager)
// : this(authenticationManager, ticketRegistry, serviceTicketRegistry, ticketGrantingTicketUniqueTicketIdGenerator, null, ticketGrantingTicketExpirationPolicy, serviceTicketExpirationPolicy, servicesManager)
//{
//}
public CentralAuthenticationServiceImpl(AuthenticationManager authenticationManager,
TicketRegistry ticketRegistry,
TicketRegistry serviceTicketRegistry,
UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator,
Dictionary<string, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService,
ExpirationPolicy ticketGrantingTicketExpirationPolicy,
ExpirationPolicy serviceTicketExpirationPolicy,
ServicesManager servicesManager)
{
this.authenticationManager = authenticationManager;
this.ticketRegistry = ticketRegistry;
this.serviceTicketRegistry = serviceTicketRegistry;
this.ticketGrantingTicketUniqueTicketIdGenerator = ticketGrantingTicketUniqueTicketIdGenerator;
this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService;
this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy;
this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy;
this.servicesManager = servicesManager;
}
/**
* @throws IllegalArgumentException if TicketGrantingTicket ID, Credentials
* or Service are null.
*/
//@Audit(
// action="SERVICE_TICKET",
// actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
// resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="GRANT_SERVICE_TICKET", logFailuresSeparately = false)
//@Transactional(readOnly = false)
public string grantServiceTicket(string ticketGrantingTicketId, Service service, Credentials credentials)
{
//Assert.notNull(ticketGrantingTicketId, "ticketGrantingticketId cannot be null");
//Assert.notNull(service, "service cannot be null");
TicketGrantingTicket ticketGrantingTicket;
ticketGrantingTicket = (TicketGrantingTicket)this.ticketRegistry.getTicket(ticketGrantingTicketId, typeof(TicketGrantingTicket));
if (ticketGrantingTicket == null)
{
throw new InvalidTicketException();
}
lock (ticketGrantingTicket)
{
if (ticketGrantingTicket.isExpired())
{
this.ticketRegistry.deleteTicket(ticketGrantingTicketId);
throw new InvalidTicketException();
}
}
RegisteredService registeredService = this.servicesManager
.findServiceBy(service);
if (registeredService == null || !registeredService.isEnabled())
{
//log.warn("ServiceManagement: Unauthorized Service Access. Service [" + service.getId() + "] not found in Service Registry.");
throw new UnauthorizedServiceException();
}
if (!registeredService.isSsoEnabled() && credentials == null &&
ticketGrantingTicket.getCountOfUses() > 0)
{
//log.warn("ServiceManagement: Service Not Allowed to use SSO. Service [" + service.getId() + "]");
throw new UnauthorizedSsoServiceException();
}
//CAS-1019
List <Authentication> authns = ticketGrantingTicket.getChainedAuthentications();
if (authns.Count > 1)
{
if (!registeredService.isAllowedToProxy())
{
string message = string.Format("ServiceManagement: Service Attempted to Proxy, but is not allowed. Service: [%s] | Registered Service: [%s]", service.getId(), registeredService.ToString());
//log.warn(message);
throw new UnauthorizedProxyingException(message);
}
}
if (credentials != null)
{
try
{
Authentication authentication = this.authenticationManager
.authenticate(credentials);
Authentication originalAuthentication = ticketGrantingTicket.getAuthentication();
if (!(authentication.getPrincipal().Equals(originalAuthentication.getPrincipal()) && authentication.getAttributes().Equals(originalAuthentication.getAttributes())))
{
throw new TicketCreationException();
}
}
catch (AuthenticationException e)
{
throw new TicketCreationException(e);
}
}
// this code is a bit brittle by depending on the class name. Future versions (i.e. CAS4 will know inherently how to identify themselves)
UniqueTicketIdGenerator serviceTicketUniqueTicketIdGenerator = this.uniqueTicketIdGeneratorsForService
.FirstOrDefault(x => x.Key == service.GetType().FullName).Value;
ServiceTicket serviceTicket = ticketGrantingTicket
.grantServiceTicket(serviceTicketUniqueTicketIdGenerator
.getNewTicketId(TicketPrefix.ServiceTicket_PREFIX), service,
this.serviceTicketExpirationPolicy, credentials != null);
this.serviceTicketRegistry.addTicket(serviceTicket);
//if (log.isInfoEnabled()) {
// List<Authentication> authentications = serviceTicket.getGrantingTicket().getChainedAuthentications();
// string formatString = "Granted %s ticket [%s] for service [%s] for user [%s]";
// string type;
// string principalId = authentications.get(authentications.size()-1).getPrincipal().getId();
// if (authentications.size() == 1) {
// type = "service";
// } else {
// type = "proxy";
// }
// log.info(string.format(formatString, type, serviceTicket.getId(), service.getId(), principalId));
//}
return(serviceTicket.getId());
}
public void setTicketIdGenerator(UniqueTicketIdGenerator generator)
{
this.ticketIdGenerator = generator;
}
public Cas20ProxyHandler(HttpClient httpClient, UniqueTicketIdGenerator uniqueTicketIdGenerator)
{
this.httpClient = httpClient;
this.uniqueTicketIdGenerator = uniqueTicketIdGenerator;
}
