//@Audit(
// action="AUTHENTICATION",
// actionResolverName="AUTHENTICATION_RESOLVER",
// resourceResolverName="AUTHENTICATION_RESOURCE_RESOLVER")
//@Profiled(tag = "AUTHENTICATE", logFailuresSeparately = false)
public override Authentication authenticate(Credentials credentials)
{
Pair <AuthenticationHandler, Principal> pair = this.authenticateAndObtainPrincipal(credentials);
// we can only get here if the above method doesn't throw an exception. And if it doesn't, then the pair must not be null.
Principal p = pair.getSecond();
//log.info("{} authenticated {} with credential {}.", pair.getFirst(), p, credentials);
//log.debug("Attribute map for {}: {}", p.getId(), p.getAttributes());
Authentication authentication = new MutableAuthentication(p);
if (pair.getFirst() is NamedAuthenticationHandler)
{
NamedAuthenticationHandler a = (NamedAuthenticationHandler)pair.getFirst();
authentication.getAttributes().Add(AuthenticationManager.AUTHENTICATION_METHOD_ATTRIBUTE, a.getName());
}
foreach (AuthenticationMetaDataPopulator authenticationMetaDataPopulator in this.authenticationMetaDataPopulators)
{
authentication = authenticationMetaDataPopulator
.populateAttributes(authentication, credentials);
}
return(new ImmutableAuthentication(authentication.getPrincipal(),
authentication.getAttributes()));
}
/**
* @throws IllegalArgumentException if the ServiceTicketId or the Service
* are null.
*/
//@Audit(
// action="SERVICE_TICKET_VALIDATE",
// actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
// resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
//@Profiled(tag="VALIDATE_SERVICE_TICKET",logFailuresSeparately = false)
//@Transactional(readOnly = false)
public Assertion validateServiceTicket(string serviceTicketId, Service service)
{
//Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
//Assert.notNull(service, "service cannot be null");
ServiceTicket serviceTicket = (ServiceTicket)this.serviceTicketRegistry.getTicket(serviceTicketId, typeof(ServiceTicket));
RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null || !registeredService.isEnabled())
{
//log.warn("ServiceManagement: Service does not exist is not enabled, and thus not allowed to validate tickets. Service: [" + service.getId() + "]");
throw new UnauthorizedServiceException("Service not allowed to validate tickets.");
}
if (serviceTicket == null)
{
//log.info("ServiceTicket [" + serviceTicketId + "] does not exist.");
throw new InvalidTicketException();
}
try
{
lock (serviceTicket)
{
if (serviceTicket.isExpired())
{
//log.info("ServiceTicket [" + serviceTicketId + "] has expired.");
throw new InvalidTicketException();
}
if (!serviceTicket.isValidFor(service))
{
//log.error("ServiceTicket [" + serviceTicketId + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
throw new TicketValidationException(serviceTicket.getService());
}
}
List<Authentication> chainedAuthenticationsList = serviceTicket.getGrantingTicket().getChainedAuthentications();
Authentication authentication = chainedAuthenticationsList.ElementAt(chainedAuthenticationsList.Count() - 1);
Principal principal = authentication.getPrincipal();
string principalId = this.determinePrincipalIdForRegisteredService(principal, registeredService, serviceTicket);
Authentication authToUse;
if (!registeredService.isIgnoreAttributes())
{
Dictionary<string, Object> attributes = new Dictionary<string, Object>();
foreach (string attribute in registeredService.getAllowedAttributes())
{
Object value = principal.getAttributes().FirstOrDefault(x => x.Key == attribute).Value;
if (value != null)
{
attributes.Add(attribute, value);
}
}
Principal modifiedPrincipal = new SimplePrincipal(principalId, attributes);
MutableAuthentication mutableAuthentication = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
var mutableAuthenticationattributes = mutableAuthentication.getAttributes();
var U = mutableAuthentication.getAttributes().Concat(authentication.getAttributes());
mutableAuthentication.Attributes = U.ToDictionary(x => x.Key, x => x.Value);
mutableAuthentication.AuthenticatedDate = authentication.getAuthenticatedDate();
//mutableAuthentication.getAuthenticatedDate() = authentication.getAuthenticatedDate();
authToUse = mutableAuthentication;
}
else
{
Principal modifiedPrincipal = new SimplePrincipal(principalId, principal.getAttributes());
authToUse = new MutableAuthentication(modifiedPrincipal, authentication.getAuthenticatedDate());
}
List<Authentication> authentications = new List<Authentication>();
for (int i = 0; i < chainedAuthenticationsList.Count() - 1; i++)
{
authentications.Add(serviceTicket.getGrantingTicket().getChainedAuthentications().ElementAt(i));
}
authentications.Add(authToUse);
return new ImmutableAssertionImpl(authentications, serviceTicket.getService(), serviceTicket.isFromNewLogin());
}
finally
{
if (serviceTicket.isExpired())
{
this.serviceTicketRegistry.deleteTicket(serviceTicketId);
}
}
}
