org.jasig.cas.authentication.principal.Service Java Examples

@Override
protected Credential constructCredentialsFromRequest(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String userName = this.extractor
            .extractLocalUsernameFromUri(context.getRequestParameters()
                    .get("openid.identity"));
    final Service service = WebUtils.getService(context);

    context.getExternalContext().getSessionMap().put("openIdLocalId", userName);

    // clear the service because otherwise we can fake the username
    if (service instanceof OpenIdService && userName == null) {
        context.getFlowScope().remove("service");
    }

    if (ticketGrantingTicketId == null || userName == null) {
        return null;
    }

    return new OpenIdCredential(
            ticketGrantingTicketId, userName);
}
 

@Override
public final Map<String, Object> encodeAttributes(final Map<String, Object> attributes,
                                                  final Service service) {
    logger.debug("Starting to encode attributes for release to service [{}]", service);
    final Map<String, Object> newEncodedAttributes = new HashMap<>(attributes);
    final Map<String, String> cachedAttributesToEncode = initialize(newEncodedAttributes);

    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    if (registeredService != null && registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        encodeAttributesInternal(newEncodedAttributes, cachedAttributesToEncode,
                this.cipherExecutor, registeredService);
        logger.debug("[{}] Encoded attributes are available for release to [{}]",
                newEncodedAttributes.size(), service);
    } else {
        logger.debug("Service [{}] is not found and/or enabled in the service registry. "
                + "No encoding has taken place.", service);
    }

    return newEncodedAttributes;
}
 

@Test
public void testValidateServiceTicketWithInvalidUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTestInvalid");
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket, svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket, svc);
    final Authentication auth = assertion.getPrimaryAuthentication();

    /*
     * The attribute specified for this service does not resolve.
     * Therefore, we expect the default to be returned.
     */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

/**
 * Prepare the data for the login page.
 *
 * @param context The current webflow context
 */
protected void prepareForLoginPage(final RequestContext context) {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final HttpSession session = request.getSession();

    // web context
    final WebContext webContext = new J2EContext(request, response);

    // save parameters in web session
    final Service service = (Service) context.getFlowScope().get(SERVICE);
    logger.info("save service: {}", service);
    session.setAttribute(SERVICE, service);
    saveRequestParameter(request, session, THEME);
    saveRequestParameter(request, session, LOCALE);
    saveRequestParameter(request, session, METHOD);

    // for all clients, generate redirection urls
    for (final Client client : this.clients.findAllClients()) {
        final String key = client.getName() + "Url";
        final BaseClient baseClient = (BaseClient) client;
        final String redirectionUrl = baseClient.getRedirectionUrl(webContext);
        logger.info("{} -> {}", key, redirectionUrl);
        context.getFlowScope().put(key, redirectionUrl);
    }
}
 

@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, (Credential[]) null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}
 

/**
 * Creates a new instance with required parameters.
 *
 * @param primary Primary authentication.
 * @param chained Chained authentitications.
 * @param service The service we are asserting this ticket for.
 * @param fromNewLogin True if the ticket was issued as a result of authentication, false otherwise.
 *
 * @throws IllegalArgumentException If any of the given arguments do not meet requirements.
 */
public ImmutableAssertion(
        final Authentication primary,
        final List<Authentication> chained,
        final Service service,
        final boolean fromNewLogin) {

    Assert.notNull(primary, "primary authentication cannot be null");
    Assert.notNull(chained, "chained authentications cannot be null");
    Assert.notNull(service, "service cannot be null");
    Assert.notEmpty(chained, "chained authentications cannot be empty");

    this.primaryAuthentication = primary;
    this.chainedAuthentications = chained;
    this.service = service;
    this.fromNewLogin = fromNewLogin;
}
 

@Override
public String resolveUsername(final Principal principal, final Service service) {
    String principalId = principal.getId();
    
    if (principal.getAttributes().containsKey(this.usernameAttribute)) {
        principalId = principal.getAttributes().get(this.usernameAttribute).toString();
    } else {
        logger.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot "
                + "provide the user attribute the service expects. "
                + "CAS will instead return the default principal id [{}]",
                principalId,
                this.usernameAttribute,
                principal.getAttributes(),
                principalId);
    }
    
    logger.debug("Principal id to return is [{}]. The default principal id is [{}].",
            principalId, principal.getId());
    return principalId;
}
 

@Override
protected Event doExecute(final RequestContext context) {
    final Service service = WebUtils.getService(context);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);

    try {
        final String serviceTicketId = this.centralAuthenticationService
            .grantServiceTicket(ticketGrantingTicket,
                service);
        WebUtils.putServiceTicketInRequestScope(context,
            serviceTicketId);
        return success();
    } catch (final TicketException e) {
        if (isGatewayPresent(context)) {
            return result("gateway");
        }
    }

    return error();
}
 

@Test
public void verifyValidServiceTicketAndPgtUrlMismatch() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    
    final Service svc = TestUtils.getService("proxyService");
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), svc);

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", svc.getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "http://www.github.com");
    
    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_FAILURE_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 

/**
 * Is request asking for service ticket?
 *
 * @param context the context
 * @return true, if both service and tgt are found, and the request is not asking to renew.
 * @since 4.1.0
 */
protected boolean isRequestAskingForServiceTicket(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final Service service = WebUtils.getService(context);
    return (StringUtils.isNotBlank(context.getRequestParameters().get(CasProtocolConstants.PARAMETER_RENEW))
            && ticketGrantingTicketId != null
            && service != null);
}
 

@Test
public void verifyGetTicket() {
    final Service simpleService = TestUtils.getService();
    final ServiceTicket s = new ServiceTicketImpl("stest1", this.ticketGrantingTicket, simpleService, false,
            new NeverExpiresExpirationPolicy());
    assertEquals(this.ticketGrantingTicket, s.getGrantingTicket());
}
 

@Test
public void verifyGetService() {
    final Service simpleService = TestUtils.getService();
    final ServiceTicket s = new ServiceTicketImpl("stest1", this.ticketGrantingTicket, simpleService, false,
            new NeverExpiresExpirationPolicy());
    assertEquals(simpleService, s.getService());
}
 

/**
 * {@inheritDoc}
 */
@Override
public RegisteredService findServiceBy(final Service service) {
    final Collection<RegisteredService> c = convertToTreeSet();

    for (final RegisteredService r : c) {
        if (r.matches(service)) {
            return r;
        }
    }

    return null;
}
 

@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "GRANT_SERVICE_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public String grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}
 

@Test
public void testMatches() throws Exception {
    final Service testService;
    if (serviceToMatch == null) {
        testService = null;
    } else {
        testService = new MockService(serviceToMatch);
    }
    assertEquals(expected, service.matches(testService));
}
 

@Override
public String[] resolveFrom(final JoinPoint joinPoint, final Object retval) {
    final Service service = (Service) AopUtils.unWrapJoinPoint(joinPoint).getArgs()[1];
    final StringBuilder builder = new StringBuilder(retval.toString());
    builder.append(" for ");
    builder.append(service.getId());

    return new String[] {builder.toString()};
}
 

@Before
public void setUp() throws Exception {
    this.warnCookieGenerator = new CookieRetrievingCookieGenerator();
    this.tgtCookieGenerator = new CookieRetrievingCookieGenerator();
    this.action.setTicketGrantingTicketCookieGenerator(this.tgtCookieGenerator);
    this.action.setWarnCookieGenerator(this.warnCookieGenerator);
    final ArgumentExtractor[] argExtractors = new ArgumentExtractor[] {new CasArgumentExtractor()};
    this.action.setArgumentExtractors(Arrays.asList(argExtractors));

    this.servicesManager = mock(ServicesManager.class);
    when(this.servicesManager.findServiceBy(any(Service.class))).thenReturn(TestUtils.getRegisteredService("test"));
    this.action.setServicesManager(this.servicesManager);

    this.action.afterPropertiesSet();
}
 

@Test
public void testObtainService() {
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.setParameter("TARGET", "test");
    final Service service = this.extractor.extractService(request);
    assertEquals("test", service.getId());
}
 

@Audit(
        action="SERVICE_TICKET",
        actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
        resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId,
                                        final Service service) throws TicketException {
    return this.delegate.grantServiceTicket(ticketGrantingTicketId, service);
}
 

@Override
public ServiceTicket grantServiceTicket(
        final String id,
        final Service service,
        final ExpirationPolicy expirationPolicy,
        final boolean credentialsProvided) {
    usageCount++;
    return new MockServiceTicket(id, service, this);
}
 

@Test
public void verifyValidateServiceTicketReturnOnlyAllowedAttribute() throws Exception {
    final Service service = TestUtils.getService("eduPersonTestInvalid");
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(),
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    final Map<String, Object> attributes = auth.getPrincipal().getAttributes();
    assertEquals(1, attributes.size());
    assertEquals("adopters", attributes.get("groupMembership"));
}
 

@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final Service service = WebUtils.getService(context);

    final boolean match = this.servicesManager.matchesExistingService(service);

    if (match) {
        return success();
    }

    final String msg = String.format("ServiceManagement: Unauthorized Service Access. "
            + "Service [%s] does not match entries in service registry.", service.getId());
    logger.warn(msg);
    throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
 

@Test
public void checkNoPublicKeyDefined() {
    final Service service = TestUtils.getService("testDefault");
    final CasAttributeEncoder encoder = new DefaultCasAttributeEncoder(this.servicesManager);
    final Map<String, Object> encoded = encoder.encodeAttributes(this.attributes, service);
    assertEquals(encoded.size(), this.attributes.size() - 2);
}
 

/**
 * Resolve the theme for the service. This method's logic is taken from ServiceThemeResolver.
 *
 * @param request
 * @return configured theme for this service
 */
protected String resolveServiceThemeName(HttpServletRequest request) {
    if (this.servicesManager == null) {
        return getDefaultThemeName();
    }

    final Service service = WebUtils.getService(this.argumentExtractors, request);

    final RegisteredService rService = this.servicesManager.findServiceBy(service);

    return service != null && rService != null && StringUtils.hasText(rService.getTheme())
            ? rService.getTheme()
            : getDefaultThemeName();
}
 

@Test
public void testServiceWithDefaultMfaAttribute() {
    final List<ArgumentExtractor> set = new ArrayList<>();
    set.add(new CasArgumentExtractor());
    
    final MultiFactorWebApplicationServiceFactory factory = mock(MultiFactorWebApplicationServiceFactory.class);
    when(factory.create(anyString(), anyString(), anyString(), any(Response.ResponseType.class),
            anyString(), any(AuthenticationMethodSource.class)))
        .thenReturn(getMfaService());
    
    final AuthenticationMethodVerifier verifier = mock(AuthenticationMethodVerifier.class);

    final RegisteredService svc = TestUtils.getRegisteredService(CAS_SERVICE);
    final DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
    prop.setValues(Collections.singleton(CAS_AUTHN_METHOD));
    svc.getProperties().put(MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD, prop);
    
    final ServicesManager mgmr = mock(ServicesManager.class);
    when(mgmr.findServiceBy(anyInt())).thenReturn(svc);
    when(mgmr.findServiceBy(any(Service.class))).thenReturn(svc);
    
    final RegisteredServiceAttributeMultiFactorAuthenticationArgumentExtractor extractor = 
            new RegisteredServiceAttributeMultiFactorAuthenticationArgumentExtractor(set, factory, mgmr, verifier);

    final MultiFactorAuthenticationSupportingWebApplicationService webSvc =
            (MultiFactorAuthenticationSupportingWebApplicationService) extractor.extractService(getRequest());
    assertNotNull(webSvc);
    assertEquals(webSvc.getAuthenticationMethod(), CAS_AUTHN_METHOD);
}
 

@Test
public void testValidateServiceTicketNoAttributesReturned() throws Exception {
    final Service service = TestUtils.getService();
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final String serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket,
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket,
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(0, auth.getPrincipal().getAttributes().size());
}
 

@Test
public void testMatches() throws Exception {
    final Service testService;
    if (serviceToMatch == null) {
        testService = null;
    } else {
        testService = new MockService(serviceToMatch);
    }
    assertEquals(expected, service.matches(testService));
}
 

@Test
public void verifyMatches() throws Exception {
    final Service testService;
    if (serviceToMatch == null) {
        testService = null;
    } else {
        testService = new MockService(serviceToMatch);
    }
    assertEquals(expected, service.matches(testService));
}
 

@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);

    final String contextPath = context.getExternalContext().getContextPath();
    final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + '/' : "/";

    if (!StringUtils.hasText(warnCookieGenerator.getCookiePath())) {
        logger.info("Setting path for cookies for warn cookie generator to: " + cookiePath);
        this.warnCookieGenerator.setCookiePath(cookiePath);
    } else {
        logger.debug("Warning cookie domain is set to " + warnCookieGenerator.getCookieDomain()
                + " and path " +  warnCookieGenerator.getCookiePath());
    }
    if (!StringUtils.hasText(ticketGrantingTicketCookieGenerator.getCookiePath())) {
        logger.info("Setting path for cookies for TGC cookie generator to: " + cookiePath);
        this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);
    } else {
        logger.debug("TGC cookie domain is set to " + ticketGrantingTicketCookieGenerator.getCookieDomain()
                + " and path " +  ticketGrantingTicketCookieGenerator.getCookiePath());
    }

    context.getFlowScope().put(
        "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
    context.getFlowScope().put(
        "warnCookieValue",
        Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));

    final Service service = WebUtils.getService(this.argumentExtractors,
        context);

    if (service != null && logger.isDebugEnabled()) {
        logger.debug("Placing service in FlowScope: " + service.getId());
    }

    context.getFlowScope().put("service", service);

    return result("success");
}
 

@Test
public void verifyValidateServiceTicketWithUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTest");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    assertEquals("developer", assertion.getPrimaryAuthentication().getPrincipal().getId());
}