//public object clone()
//{
// AbstractRegisteredService clone = newInstance();
// clone.copyFrom(this);
// return clone;
//}
/**
* Copies the properties of the source service into this instance.
*
* @param source Source service from which to copy properties.
*/
public void copyFrom(RegisteredService source)
{
this.setId(source.getId());
this.setAllowedAttributes(new List <string>(source.getAllowedAttributes()));
this.setAllowedToProxy(source.isAllowedToProxy());
this.setDescription(source.getDescription());
this.setEnabled(source.isEnabled());
this.setName(source.getName());
this.setServiceId(source.getServiceId());
this.setSsoEnabled(source.isSsoEnabled());
this.setTheme(source.getTheme());
this.setAnonymousAccess(source.isAnonymousAccess());
this.setIgnoreAttributes(source.isIgnoreAttributes());
this.setEvaluationOrder(source.getEvaluationOrder());
this.setUsernameAttribute(source.getUsernameAttribute());
}
/**
* Determines the principal id to use for a {@link RegisteredService} using the following rules:
*
* <ul>
* <li> If the service is marked to allow anonymous access, a persistent id is returned. </li>
* <li> If the attribute name matches {@link RegisteredService#DEFAULT_USERNAME_ATTRIBUTE}, then the default principal id is returned.</li>
* <li>If the service is set to ignore attributes, or the username attribute exists in the allowed attributes for the service,
* the corresponding attribute value will be returned.
* </li>
* <li>Otherwise, the default principal's id is returned as the username attribute with an additional warning.</li>
* </ul>
*
* @param principal The principal object to be validated and constructed
* @param registeredService Requesting service for which a principal is being validated.
* @param serviceTicket An instance of the service ticket used for validation
*
* @return The principal id to use for the requesting registered service
*/
private string determinePrincipalIdForRegisteredService(Principal principal, RegisteredService registeredService,
ServiceTicket serviceTicket)
{
string principalId = null;
string serviceUsernameAttribute = registeredService.getUsernameAttribute();
if (registeredService.isAnonymousAccess())
{
principalId = this.persistentIdGenerator.generate(principal, serviceTicket.getService());
}
else if (string.IsNullOrEmpty(serviceUsernameAttribute))
{
principalId = principal.getId();
}
else
{
if ((registeredService.isIgnoreAttributes() || registeredService.getAllowedAttributes().Contains(serviceUsernameAttribute)) &&
principal.getAttributes().ContainsKey(serviceUsernameAttribute))
{
principalId = principal.getAttributes().First(x => x.Key == registeredService.getUsernameAttribute()).Value.ToString();
}
else
{
principalId = principal.getId();
Object[] errorLogParameters = new Object[] { principalId, registeredService.getUsernameAttribute(),
principal.getAttributes(), registeredService.getServiceId(), principalId };
//log.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot "
// + "provide on the validation response the user attribute the registered service [{}] expects. "
// + "CAS will instead return the default username attribute [{}]", errorLogParameters);
}
}
//log.debug("Principal id to return for service [{}] is [{}]. The default principal id is [{}].",
// new Object[] {registeredService.getName(), principal.getId(), principalId});
return(principalId);
}
/**
* Determines the principal id to use for a {@link RegisteredService} using the following rules:
*
* <ul>
* <li> If the service is marked to allow anonymous access, a persistent id is returned. </li>
* <li> If the attribute name matches {@link RegisteredService#DEFAULT_USERNAME_ATTRIBUTE}, then the default principal id is returned.</li>
* <li>If the service is set to ignore attributes, or the username attribute exists in the allowed attributes for the service,
* the corresponding attribute value will be returned.
* </li>
* <li>Otherwise, the default principal's id is returned as the username attribute with an additional warning.</li>
* </ul>
*
* @param principal The principal object to be validated and constructed
* @param registeredService Requesting service for which a principal is being validated.
* @param serviceTicket An instance of the service ticket used for validation
*
* @return The principal id to use for the requesting registered service
*/
private string determinePrincipalIdForRegisteredService(Principal principal, RegisteredService registeredService,
ServiceTicket serviceTicket)
{
string principalId = null;
string serviceUsernameAttribute = registeredService.getUsernameAttribute();
if (registeredService.isAnonymousAccess())
{
principalId = this.persistentIdGenerator.generate(principal, serviceTicket.getService());
}
else if (string.IsNullOrEmpty(serviceUsernameAttribute))
{
principalId = principal.getId();
}
else
{
if ((registeredService.isIgnoreAttributes() || registeredService.getAllowedAttributes().Contains(serviceUsernameAttribute)) &&
principal.getAttributes().ContainsKey(serviceUsernameAttribute))
{
principalId = principal.getAttributes().First(x => x.Key == registeredService.getUsernameAttribute()).Value.ToString();
}
else
{
principalId = principal.getId();
Object[] errorLogParameters = new Object[] { principalId, registeredService.getUsernameAttribute(),
principal.getAttributes(), registeredService.getServiceId(), principalId };
//log.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot "
// + "provide on the validation response the user attribute the registered service [{}] expects. "
// + "CAS will instead return the default username attribute [{}]", errorLogParameters);
}
}
//log.debug("Principal id to return for service [{}] is [{}]. The default principal id is [{}].",
// new Object[] {registeredService.getName(), principal.getId(), principalId});
return principalId;
}
/**
* @throws IllegalArgumentException if the ServiceTicketId or the Service
* are null.
*/
//@Audit(
// action="SERVICE_TICKET_VALIDATE",
// actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
// resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="VALIDATE_SERVICE_TICKET",logFailuresSeparately = false)
//@Transactional(readOnly = false)
public Assertion validateServiceTicket(string serviceTicketId, Service service)
{
//Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
//Assert.notNull(service, "service cannot be null");
ServiceTicket serviceTicket = (ServiceTicket)this.serviceTicketRegistry.getTicket(serviceTicketId, typeof(ServiceTicket));
RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.isEnabled())
{
//log.warn("ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets. Service: [" + service.getId() + "]");
throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
}
if (serviceTicket == null)
{
//log.info("ServiceTicket [" + serviceTicketId + "] does not exist.");
throw new InvalidTicketException();
}
try
{
lock (serviceTicket)
{
if (serviceTicket.isExpired())
{
//log.info("ServiceTicket [" + serviceTicketId + "] has expired.");
throw new InvalidTicketException();
}
if (!serviceTicket.isValidFor(service))
{
//log.error("ServiceTicket [" + serviceTicketId + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
throw new TicketValidationException(serviceTicket.getService());
}
}
List <Authentication> chainedAuthenticationsList = serviceTicket.getGrantingTicket().getChainedAuthentications();
Authentication authentication = chainedAuthenticationsList.ElementAt(chainedAuthenticationsList.Count() - 1);
Principal principal = authentication.getPrincipal();
string principalId = this.determinePrincipalIdForRegisteredService(principal, registeredService, serviceTicket);
Authentication authToUse;
if (!registeredService.isIgnoreAttributes())
{
Dictionary <string, Object> attributes = new Dictionary <string, Object>();
foreach (string attribute in registeredService.getAllowedAttributes())
{
Object value = principal.getAttributes().FirstOrDefault(x => x.Key == attribute).Value;
if (value != null)
{
attributes.Add(attribute, value);
}
}
Principal modifiedPrincipal = new SimplePrincipal(principalId, attributes);
MutableAuthentication mutableAuthentication = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
var mutableAuthenticationattributes = mutableAuthentication.getAttributes();
var U = mutableAuthentication.getAttributes().Concat(authentication.getAttributes());
mutableAuthentication.Attributes = U.ToDictionary(x => x.Key, x => x.Value);
mutableAuthentication.AuthenticatedDate = authentication.getAuthenticatedDate();
//mutableAuthentication.getAuthenticatedDate() = authentication.getAuthenticatedDate();
authToUse = mutableAuthentication;
}
else
{
Principal modifiedPrincipal = new SimplePrincipal(principalId, principal.getAttributes());
authToUse = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
}
List <Authentication> authentications = new List <Authentication>();
for (int i = 0; i < chainedAuthenticationsList.Count() - 1; i++)
{
authentications.Add(serviceTicket.getGrantingTicket().getChainedAuthentications().ElementAt(i));
}
authentications.Add(authToUse);
return(new ImmutableAssertionImpl(authentications, serviceTicket.getService(), serviceTicket.isFromNewLogin()));
}
finally
{
if (serviceTicket.isExpired())
{
this.serviceTicketRegistry.deleteTicket(serviceTicketId);
}
}
}
//public object clone()
//{
// AbstractRegisteredService clone = newInstance();
// clone.copyFrom(this);
// return clone;
//}
/**
* Copies the properties of the source service into this instance.
*
* @param source Source service from which to copy properties.
*/
public void copyFrom(RegisteredService source)
{
this.setId(source.getId());
this.setAllowedAttributes(new List<string>(source.getAllowedAttributes()));
this.setAllowedToProxy(source.isAllowedToProxy());
this.setDescription(source.getDescription());
this.setEnabled(source.isEnabled());
this.setName(source.getName());
this.setServiceId(source.getServiceId());
this.setSsoEnabled(source.isSsoEnabled());
this.setTheme(source.getTheme());
this.setAnonymousAccess(source.isAnonymousAccess());
this.setIgnoreAttributes(source.isIgnoreAttributes());
this.setEvaluationOrder(source.getEvaluationOrder());
this.setUsernameAttribute(source.getUsernameAttribute());
}
