org.jasig.cas.ticket.ServiceTicket Java Examples

@Test
public void verifyResolverServiceTicket() throws Exception {
    final Credential c = TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
            .createTicketGrantingTicket(c);
    final ServiceTicket st = getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
            TestUtils.getService());

    final TicketOrCredentialPrincipalResolver res =
            new TicketOrCredentialPrincipalResolver(getCentralAuthenticationService());
    final JoinPoint jp = mock(JoinPoint.class);

    when(jp.getArgs()).thenReturn(new Object[] {st.getId()});

    final String result = res.resolveFrom(jp, null);
    assertNotNull(result);
    assertEquals(result, c.getId());
}
 

@Test
public void testExpiredServiceTicket() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest("GET", CONTEXT
            + OAuthConstants.ACCESS_TOKEN_URL);
    mockRequest.setParameter(OAuthConstants.CLIENT_ID, CLIENT_ID);
    mockRequest.setParameter(OAuthConstants.REDIRECT_URI, REDIRECT_URI);
    mockRequest.setParameter(OAuthConstants.CLIENT_SECRET, CLIENT_SECRET);
    mockRequest.setParameter(OAuthConstants.CODE, CODE);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    final ServicesManager servicesManager = mock(ServicesManager.class);
    final List<RegisteredService> services = new ArrayList<RegisteredService>();
    services.add(getRegisteredService(REDIRECT_URI, CLIENT_SECRET));
    when(servicesManager.getAllServices()).thenReturn(services);
    final TicketRegistry ticketRegistry = mock(TicketRegistry.class);
    final ServiceTicket serviceTicket = mock(ServiceTicket.class);
    when(serviceTicket.isExpired()).thenReturn(true);
    when(ticketRegistry.getTicket(CODE)).thenReturn(serviceTicket);
    final OAuth20WrapperController oauth20WrapperController = new OAuth20WrapperController();
    oauth20WrapperController.setServicesManager(servicesManager);
    oauth20WrapperController.setTicketRegistry(ticketRegistry);
    oauth20WrapperController.afterPropertiesSet();
    oauth20WrapperController.handleRequest(mockRequest, mockResponse);
    assertEquals(400, mockResponse.getStatus());
    assertEquals("error=" + OAuthConstants.INVALID_GRANT, mockResponse.getContentAsString());
}
 

@Test
public void verifyUpdateOfRegistry() {
    final TicketGrantingTicket t = new TicketGrantingTicketImpl("test", TestUtils.getAuthentication(),
            new NeverExpiresExpirationPolicy());
    this.ticketRegistry.addTicket(t);
    final TicketGrantingTicket returned = (TicketGrantingTicket) this.ticketRegistry.getTicket("test");

    final ServiceTicket s = returned.grantServiceTicket("test2", TestUtils.getService(),
            new NeverExpiresExpirationPolicy(), true);

    this.ticketRegistry.addTicket(s);
    final ServiceTicket s2 = (ServiceTicket) this.ticketRegistry.getTicket("test2");
    assertNotNull(s2.grantTicketGrantingTicket("ff", TestUtils.getAuthentication(),
            new NeverExpiresExpirationPolicy()));

    assertTrue(s2.isValidFor(TestUtils.getService()));
    assertTrue(this.wasTicketUpdated);

    returned.markTicketExpired();
    assertTrue(t.isExpired());
}
 

@Test
public void verifyValidateServiceTicketWithInvalidUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTestInvalid");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();

    /*
     * The attribute specified for this service does not resolve.
     * Therefore, we expect the default to be returned.
     */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Transactional(readOnly = false)
public boolean deleteTicket(final String ticketId) {
    final Ticket ticket = getRawTicket(ticketId);

    if (ticket == null) {
        return false;
    }

    if (ticket instanceof ServiceTicket) {
        removeTicket(ticket);
        logger.debug("Deleted ticket [{}] from the registry.", ticket);
        return true;
    }

    deleteTicketAndChildren(ticket);
    logger.debug("Deleted ticket [{}] and its children from the registry.", ticket);
    return true;
}
 

@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, (Credential[]) null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}
 

@Test
public void verifyValidateServiceTicketWithExpires() throws Exception {
    ((CentralAuthenticationServiceImpl) getCentralAuthenticationService())
        .setServiceTicketExpirationPolicy(new MultiTimeUseOrTimeoutExpirationPolicy(
            1, 1100));
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());

    getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
        TestUtils.getService());

    assertFalse(getTicketRegistry().deleteTicket(serviceTicket.getId()));
    ((CentralAuthenticationServiceImpl) getCentralAuthenticationService())
        .setServiceTicketExpirationPolicy(new NeverExpiresExpirationPolicy());
}
 

private TicketGrantingTicket createMockTicketGrantingTicket(final String id,
        final ServiceTicket svcTicket, final boolean isExpired, 
        final TicketGrantingTicket root, final List<Authentication> chainedAuthnList) {
    final TicketGrantingTicket tgtMock = mock(TicketGrantingTicket.class);
    when(tgtMock.isExpired()).thenReturn(isExpired);
    when(tgtMock.getId()).thenReturn(id);

    final String svcId = svcTicket.getService().getId();
    when(tgtMock.grantServiceTicket(anyString(), argThat(new VerifyServiceByIdMatcher(svcId)),
            any(ExpirationPolicy.class), anyBoolean())).thenReturn(svcTicket);
    when(tgtMock.getRoot()).thenReturn(root);
    when(tgtMock.getChainedAuthentications()).thenReturn(chainedAuthnList);
    when(svcTicket.getGrantingTicket()).thenReturn(tgtMock);   
    
    return tgtMock;
}
 

@Transactional(readOnly = false)
@Override
public boolean deleteTicket(final String ticketId) {
    final Ticket ticket = getRawTicket(ticketId);

    if (ticket == null) {
        return false;
    }

    if (ticket instanceof ServiceTicket) {
        removeTicket(ticket);
        logger.debug("Deleted ticket [{}] from the registry.", ticket);
        return true;
    }

    deleteTicketAndChildren(ticket);
    logger.debug("Deleted ticket [{}] and its children from the registry.", ticket);
    return true;
}
 

@Test
public void verifyValidServiceTicketWithInvalidPgt() throws Exception {
    this.serviceValidateController.setProxyHandler(new Cas10ProxyHandler());
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "duh");

    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_SUCCESS_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 

@Test
public void verifyValidServiceTicketWithDifferentEncodingAndIgnoringCase() throws Exception {
    this.serviceValidateController.setProxyHandler(new Cas10ProxyHandler());
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    
    final String origSvc = "http://www.jasig.org?param=hello+world";
    final ServiceTicket sId = getCentralAuthenticationService()
            .grantServiceTicket(tId.getId(), TestUtils.getService(origSvc));

    final String reqSvc = "http://WWW.JASIG.ORG?PARAM=hello%20world";
    
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService(reqSvc).getId());
    request.addParameter("ticket", sId.getId());
    
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_SUCCESS_VIEW_NAME,
            this.serviceValidateController.handleRequestInternal(request,
                    new MockHttpServletResponse()).getViewName());
}
 

@Test
public void verifyValidServiceTicketWithDifferentEncoding() throws Exception {
    this.serviceValidateController.setProxyHandler(new Cas10ProxyHandler());
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    
    final String origSvc = "http://www.jasig.org?param=hello+world";
    final ServiceTicket sId = getCentralAuthenticationService()
            .grantServiceTicket(tId.getId(), TestUtils.getService(origSvc));

    final String reqSvc = "http://www.jasig.org?param=hello%20world";
    
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService(reqSvc).getId());
    request.addParameter("ticket", sId.getId());
    
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_SUCCESS_VIEW_NAME,
            this.serviceValidateController.handleRequestInternal(request,
                    new MockHttpServletResponse()).getViewName());
}
 

@Test
public void verifyValidServiceTicketAndPgtUrlMismatch() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    
    final Service svc = TestUtils.getService("proxyService");
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), svc);

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", svc.getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "http://www.github.com");
    
    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_FAILURE_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 

protected final ModelAndView getModelAndViewUponServiceValidationWithSecurePgtUrl() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "https://www.github.com");


    return this.serviceValidateController
            .handleRequestInternal(request, new MockHttpServletResponse());
}
 

@Test
public void testGetTicketsFromRegistryEqualToTicketsAdded() {
    final Collection<Ticket> tickets = new ArrayList<Ticket>();

    for (int i = 0; i < TICKETS_IN_REGISTRY; i++) {
        final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl("TEST" + i,
                TestUtils.getAuthentication(), new NeverExpiresExpirationPolicy());
        final ServiceTicket st = ticketGrantingTicket.grantServiceTicket("tests" + i, TestUtils.getService(),
                new NeverExpiresExpirationPolicy(), false);
        tickets.add(ticketGrantingTicket);
        tickets.add(st);
        this.ticketRegistry.addTicket(ticketGrantingTicket);
        this.ticketRegistry.addTicket(st);
    }

    try {
        Collection<Ticket> ticketRegistryTickets = this.ticketRegistry.getTickets();
        assertEquals("The size of the registry is not the same as the collection.", ticketRegistryTickets.size(),
                tickets.size());

        for (final Ticket ticket : tickets) {
            if (!ticketRegistryTickets.contains(ticket)) {
                fail("Ticket was added to registry but was not found in retrieval of collection of all tickets.");
            }
        }
    } catch (final Exception e) {
        fail("Caught an exception. But no exception should have been thrown.");
    }
}
 

private HttpServletRequest getHttpServletRequest() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());
    final ServiceTicket sId2 = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId2.getId());
    request.addParameter("renew", "true");

    return request;
}
 

@Test
public void verifyValidateServiceTicketAnonymous() throws Exception {
    final Service service = TestUtils.getService("testAnonymous");
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(),
            service);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
            service);
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertNotEquals(cred.getUsername(), auth.getPrincipal().getId());
}
 

/**
 * A method to get the starting TTL for a ticket based upon type.
 *
 * @param t Ticket to get starting TTL for
 *
 * @return Initial TTL for ticket
 */
private long getTimeout(final Ticket t) {
    if (t instanceof TicketGrantingTicket) {
        return this.ticketGrantingTicketTimoutInSeconds;
    } else if (t instanceof ServiceTicket) {
        return this.serviceTicketTimeoutInSeconds;
    }
    throw new IllegalArgumentException(
            String.format("Invalid ticket type [%s]. Expecting either [TicketGrantingTicket] or [ServiceTicket]",
                    t.getClass().getName()));
}
 

@Override
public ServiceTicket grantServiceTicket(
        final String id,
        final Service service,
        final ExpirationPolicy expirationPolicy,
        final boolean credentialsProvided) {
    this.usageCount++;
    return new MockServiceTicket(id);
}
 

@Test
public void verifyEncodeDecodeTGTImpl() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final AuthenticationBuilder bldr = new DefaultAuthenticationBuilder(
            new DefaultPrincipalFactory()
                    .createPrincipal("user", Collections.unmodifiableMap(this.principalAttributes)));
    bldr.setAttributes(Collections.unmodifiableMap(this.principalAttributes));
    bldr.setAuthenticationDate(new Date());
    bldr.addCredential(new BasicCredentialMetaData(userPassCredential));
    bldr.addFailure("error", AccountNotFoundException.class);
    bldr.addSuccess("authn", new DefaultHandlerResult(
            new AcceptUsersAuthenticationHandler(),
            new BasicCredentialMetaData(userPassCredential)));

    final TicketGrantingTicket parent =
            new TicketGrantingTicketImpl(TGT_ID, TestUtils.getService(), null, bldr.build(),
                    new NeverExpiresExpirationPolicy());

    final TicketGrantingTicket expectedTGT =
            new TicketGrantingTicketImpl(TGT_ID, TestUtils.getService(),
                    null, bldr.build(),
                    new NeverExpiresExpirationPolicy());

    final ServiceTicket ticket = expectedTGT.grantServiceTicket(ST_ID,
            TestUtils.getService(),
            new NeverExpiresExpirationPolicy(), false);
    CachedData result = transcoder.encode(expectedTGT);
    final TicketGrantingTicket resultTicket = (TicketGrantingTicket) transcoder.decode(result);

    assertEquals(expectedTGT, resultTicket);
    result = transcoder.encode(ticket);
    final ServiceTicket resultStTicket = (ServiceTicket) transcoder.decode(result);
    assertEquals(ticket, resultStTicket);

}
 

@Test
public void testTicketCreationAndDeletion() throws Exception {
    final TicketGrantingTicket newTgt = newTGT();
    addTicketInTransaction(newTgt);
    final TicketGrantingTicket tgtFromDb = (TicketGrantingTicket) getTicketInTransaction(newTgt.getId());
    assertNotNull(tgtFromDb);
    assertEquals(newTgt.getId(), tgtFromDb.getId());
    final ServiceTicket newSt = grantServiceTicketInTransaction(tgtFromDb);
    final ServiceTicket stFromDb = (ServiceTicket) getTicketInTransaction(newSt.getId());
    assertNotNull(stFromDb);
    assertEquals(newSt.getId(), stFromDb.getId());
    deleteTicketInTransaction(newTgt.getId());
    assertNull(getTicketInTransaction(newTgt.getId()));
    assertNull(getTicketInTransaction(newSt.getId()));
}
 

@Test
public void verifyValidateServiceTicketWithUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTest");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    assertEquals("developer", assertion.getPrimaryAuthentication().getPrincipal().getId());
}
 

protected final Ticket getProxiedTicketInstance(final Ticket ticket) {
    if (ticket == null) {
        return null;
    }

    if (ticket instanceof TicketGrantingTicket) {
        return new TicketGrantingTicketDelegator(this, (TicketGrantingTicket) ticket, needsCallback());
    }

    return new ServiceTicketDelegator(this, (ServiceTicket) ticket, needsCallback());
}
 

@Test(expected=TicketException.class)
public void verifyValidateServiceTicketWithInvalidServiceTicket() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(
        ticketGrantingTicket.getId());

    getCentralAuthenticationService().validateServiceTicket(
            serviceTicket.getId(), TestUtils.getService());
}
 

@Test(expected=UnauthorizedServiceException.class)
public void verifyValidateServiceTicketWithInvalidService() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());

    getCentralAuthenticationService().validateServiceTicket(
        serviceTicket.getId(), TestUtils.getService("test2"));
}
 

@Test
public void verifyValidateServiceTicketWithValidService() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());

    getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
        TestUtils.getService());
}
 

@Test(expected=TicketException.class)
public void verifyDelegateTicketGrantingTicketWithBadServiceTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
        .grantServiceTicket(ticketId.getId(), TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
    getCentralAuthenticationService().delegateTicketGrantingTicket(
        serviceTicketId.getId(), TestUtils.getHttpBasedServiceCredentials());
}
 

/**
 * Determines the principal id to use for a {@link RegisteredService} using the following rules:
 *
 * <ul>
 *  <li> If the service is marked to allow anonymous access, a persistent id is returned. </li>
 *  <li> If the {@link org.jasig.cas.services.RegisteredService#getUsernameAttribute()} is blank, then the default
 *  principal id is returned.</li>
 *  <li>If the username attribute is available as part of the principal's attributes,
 *  the corresponding attribute value will be returned.
 *  </li>
 *   <li>Otherwise, the default principal's id is returned as the username attribute
 *   with an additional warning.</li>
 * </ul>
 *
 * @param principal The principal object to be validated and constructed
 * @param registeredService Requesting service for which a principal is being validated.
 * @param serviceTicket An instance of the service ticket used for validation
 *
 * @return The principal id to use for the requesting registered service
 */
private String determinePrincipalIdForRegisteredService(final Principal principal,
                                                        final RegisteredService registeredService,
                                                        final ServiceTicket serviceTicket) {
    String principalId = null;
    final String serviceUsernameAttribute = registeredService.getUsernameAttribute();

    if (registeredService.isAnonymousAccess()) {
        principalId = this.persistentIdGenerator.generate(principal, serviceTicket.getService());
    } else if (StringUtils.isBlank(serviceUsernameAttribute)) {
        principalId = principal.getId();
    } else {
        if (principal.getAttributes().containsKey(serviceUsernameAttribute)) {
            principalId = principal.getAttributes().get(serviceUsernameAttribute).toString();
        } else {
            principalId = principal.getId();
            final Object[] errorLogParameters = new Object[] {
                    principalId,
                    registeredService.getUsernameAttribute(),
                    principal.getAttributes(),
                    registeredService.getServiceId(),
                    principalId };
            logger.warn("Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot "
                    + "provide on the validation response the user attribute the registered service [{}] expects. "
                    + "CAS will instead return the default username attribute [{}]", errorLogParameters);
        }

    }

    logger.debug("Principal id to return for service [{}] is [{}]. The default principal id is [{}].",
            new Object[]{registeredService.getName(), principal.getId(), principalId});
    return principalId;
}
 

@Test
public void verifyGrantProxyTicketWithValidTicketGrantingTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
            .createTicketGrantingTicket(
                    TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
            .grantServiceTicket(ticketId.getId(), TestUtils.getService());
    final TicketGrantingTicket pgt = getCentralAuthenticationService().delegateTicketGrantingTicket(
            serviceTicketId.getId(), TestUtils.getHttpBasedServiceCredentials());

    final ServiceTicket pt = getCentralAuthenticationService().grantServiceTicket(pgt.getId(),
            TestUtils.getService(), new Credential[] {});
    assertTrue(pt.getId().startsWith(ServiceTicket.PROXY_TICKET_PREFIX));
}
 

private int getTimeout(final Ticket t) {
    if (t instanceof TicketGrantingTicket) {
        return this.tgtTimeout;
    } else if (t instanceof ServiceTicket) {
        return this.stTimeout;
    }
    throw new IllegalArgumentException("Invalid ticket type");
}