org.jasig.cas.ticket.TicketGrantingTicket Java Examples

@Test
public void verifyTicketGrantingTicketNotTgtButGateway() throws Exception {
    final MockRequestContext context = new MockRequestContext();
    context.getFlowScope().put("service", TestUtils.getService());
    final MockHttpServletRequest request = new MockHttpServletRequest();
    context.setExternalContext(new ServletExternalContext(
            new MockServletContext(), request, new MockHttpServletResponse()));
    request.addParameter("service", "service");
    request.addParameter("gateway", "true");
    final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
    when(tgt.getId()).thenReturn("bleh");
    WebUtils.putTicketGrantingTicketInScopes(context, tgt);


    assertEquals("gateway", this.action.execute(context).getId());
}
 

@Test
public void verifyValidateServiceTicketWithInvalidUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTestInvalid");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    final Authentication auth = assertion.getPrimaryAuthentication();

    /*
     * The attribute specified for this service does not resolve.
     * Therefore, we expect the default to be returned.
     */
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}
 

@Test(expected=TicketException.class)
    public void verifyGrantServiceTicketWithExpiredTicketGrantingTicket() throws Exception {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new ExpirationPolicy() {
            private static final long serialVersionUID = 1L;

            public boolean isExpired(final TicketState ticket) {
                return true;
            }});

    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    try {
        getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
            TestUtils.getService());
    } finally {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new NeverExpiresExpirationPolicy());
    }
}
 

@Test
public void verifyValidServiceTicketWithInvalidPgt() throws Exception {
    this.serviceValidateController.setProxyHandler(new Cas10ProxyHandler());
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "duh");

    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_SUCCESS_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 

/**
 * {@inheritDoc}
 * Destroy a TicketGrantingTicket and perform back channel logout. This has the effect of invalidating any
 * Ticket that was derived from the TicketGrantingTicket being destroyed. May throw an
 * {@link IllegalArgumentException} if the TicketGrantingTicket ID is null.
 *
 * @param ticketGrantingTicketId the id of the ticket we want to destroy
 * @return the logout requests.
 */
@Audit(
        action="TICKET_GRANTING_TICKET_DESTROYED",
        actionResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "DESTROY_TICKET_GRANTING_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
    Assert.notNull(ticketGrantingTicketId);

    logger.debug("Removing ticket [{}] from registry.", ticketGrantingTicketId);
    final TicketGrantingTicket ticket = this.ticketRegistry.getTicket(ticketGrantingTicketId,
            TicketGrantingTicket.class);

    if (ticket == null) {
        logger.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
        return Collections.emptyList();
    }

    logger.debug("Ticket found. Processing logout requests and then deleting the ticket...");
    final List<LogoutRequest> logoutRequests = logoutManager.performLogout(ticket);
    this.ticketRegistry.deleteTicket(ticketGrantingTicketId);

    return logoutRequests;
}
 

@Test
public void testExpiredTicketGrantingTicketImpl() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest("GET", CONTEXT
            + OAuthConstants.PROFILE_URL);
    mockRequest.setParameter(OAuthConstants.ACCESS_TOKEN, TGT_ID);
    final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
    final OAuth20WrapperController oauth20WrapperController = new OAuth20WrapperController();
    final TicketRegistry ticketRegistry = mock(TicketRegistry.class);
    final TicketGrantingTicket ticketGrantingTicket = mock(TicketGrantingTicket.class);
    when(ticketGrantingTicket.isExpired()).thenReturn(true);
    when(ticketRegistry.getTicket(TGT_ID)).thenReturn(ticketGrantingTicket);
    oauth20WrapperController.setTicketRegistry(ticketRegistry);
    oauth20WrapperController.afterPropertiesSet();
    oauth20WrapperController.handleRequest(mockRequest, mockResponse);
    assertEquals(200, mockResponse.getStatus());
    assertEquals(CONTENT_TYPE, mockResponse.getContentType());
    assertEquals("{\"error\":\"" + OAuthConstants.EXPIRED_ACCESS_TOKEN + "\"}", mockResponse.getContentAsString());
}
 

@Test
public void verifyValidServiceTicketAndPgtUrlMismatch() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    
    final Service svc = TestUtils.getService("proxyService");
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), svc);

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", svc.getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "http://www.github.com");
    
    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertEquals(ServiceValidateController.DEFAULT_SERVICE_FAILURE_VIEW_NAME, modelAndView.getViewName());
    assertNull(modelAndView.getModel().get("pgtIou"));
}
 

/**
 * Create new ticket granting ticket.
 *
 * @param requestBody username and password application/x-www-form-urlencoded values
 * @param request raw HttpServletRequest used to call this method
 * @return ResponseEntity representing RESTful response
 */
@RequestMapping(value = "/tickets", method = RequestMethod.POST, consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
public final ResponseEntity<String> createTicketGrantingTicket(@RequestBody final MultiValueMap<String, String> requestBody,
                                                               final HttpServletRequest request) {
    try (Formatter fmt = new Formatter()) {
        final TicketGrantingTicket tgtId = this.cas.createTicketGrantingTicket(obtainCredential(requestBody));
        final URI ticketReference = new URI(request.getRequestURL().toString() + '/' + tgtId.getId());
        final HttpHeaders headers = new HttpHeaders();
        headers.setLocation(ticketReference);
        headers.setContentType(MediaType.TEXT_HTML);
        fmt.format("<!DOCTYPE HTML PUBLIC \\\"-//IETF//DTD HTML 2.0//EN\\\"><html><head><title>");
        //IETF//DTD HTML 2.0//EN\\\"><html><head><title>");
        fmt.format("%s %s", HttpStatus.CREATED, HttpStatus.CREATED.getReasonPhrase())
                .format("</title></head><body><h1>TGT Created</h1><form action=\"%s", ticketReference.toString())
                .format("\" method=\"POST\">Service:<input type=\"text\" name=\"service\" value=\"\">")
                .format("<br><input type=\"submit\" value=\"Submit\"></form></body></html>");
        return new ResponseEntity<String>(fmt.toString(), headers, HttpStatus.CREATED);
    } catch (final Throwable e) {
        LOGGER.error(e.getMessage(), e);
        return new ResponseEntity<String>(e.getMessage(), HttpStatus.BAD_REQUEST);
    }
}
 

/**
 * Always keep track of a single authentication object,
 * as opposed to keeping a history of all. This helps with
 * memory consumption. Note that supplemental authentications
 * are to be removed.
 *
 * @param context              authentication context
 * @param ticketGrantingTicket the tgt
 * @return the processed authentication in the current context
 * @throws MixedPrincipalException in case there is a principal mismatch between TGT and the current authN.
 */
private Authentication evaluatePossibilityOfMixedPrincipals(final AuthenticationContext context,
                                                                   final TicketGrantingTicket ticketGrantingTicket)
        throws MixedPrincipalException {
    Authentication currentAuthentication = null;
    if (context != null) {
        currentAuthentication = context.getAuthentication();
        if (currentAuthentication != null) {
            final Authentication original = ticketGrantingTicket.getAuthentication();
            if (!currentAuthentication.getPrincipal().equals(original.getPrincipal())) {
                logger.debug("Principal associated with current authentication {} does not match "
                        + " the principal {} associated with the original authentication",
                        currentAuthentication.getPrincipal(), original.getPrincipal());
                throw new MixedPrincipalException(
                        currentAuthentication, currentAuthentication.getPrincipal(), original.getPrincipal());
            }
            ticketGrantingTicket.getSupplementalAuthentications().clear();
            ticketGrantingTicket.getSupplementalAuthentications().add(currentAuthentication);
            logger.debug("Added authentication to the collection of supplemental authentications");
        }
    }
    return currentAuthentication;
}
 

@Test
public void verifySsoSessionCookieOnRenewAsParameter() throws Exception {
    final MockHttpServletResponse response = new MockHttpServletResponse();
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(CasProtocolConstants.PARAMETER_RENEW, "true");

    final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
    when(tgt.getId()).thenReturn("test");
    request.setCookies(new Cookie("TGT", "test5"));
    WebUtils.putTicketGrantingTicketInScopes(this.context, tgt);
    this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));

    this.action.setCreateSsoSessionCookieOnRenewAuthentications(false);
    assertEquals("success", this.action.execute(this.context).getId());
    assertEquals(0, response.getCookies().length);
}
 

@Test(expected=ClassCastException.class)
public void verifyDestroyTicketGrantingTicketWithInvalidTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
            .createTicketGrantingTicket(
                    TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
            .grantServiceTicket(ticketId.getId(), TestUtils.getService());

    getCentralAuthenticationService().destroyTicketGrantingTicket(
            serviceTicketId.getId());

}
 

@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response)
        throws Exception {

    final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
    LOGGER.debug("{} : {}", OAuthConstants.REDIRECT_URI, redirectUri);

    final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
    LOGGER.debug("{} : {}", OAuthConstants.CLIENT_ID, clientId);

    final String clientSecret = request.getParameter(OAuthConstants.CLIENT_SECRET);

    final String code = request.getParameter(OAuthConstants.CODE);
    LOGGER.debug("{} : {}", OAuthConstants.CODE, code);

    final boolean isVerified = verifyAccessTokenRequest(response, redirectUri, clientId, clientSecret, code);
    if (!isVerified) {
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_REQUEST, HttpStatus.SC_BAD_REQUEST);
    }

    final ServiceTicket serviceTicket = (ServiceTicket) ticketRegistry.getTicket(code);
    // service ticket should be valid
    if (serviceTicket == null || serviceTicket.isExpired()) {
        LOGGER.error("Code expired : {}", code);
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_GRANT, HttpStatus.SC_BAD_REQUEST);
    }
    final TicketGrantingTicket ticketGrantingTicket = serviceTicket.getGrantingTicket();
    // remove service ticket
    ticketRegistry.deleteTicket(serviceTicket.getId());

    response.setContentType("text/plain");
    final int expires = (int) (timeout - TimeUnit.MILLISECONDS
            .toSeconds(System.currentTimeMillis() - ticketGrantingTicket.getCreationTime()));

    final String text = String.format("%s=%s&%s=%s", OAuthConstants.ACCESS_TOKEN, ticketGrantingTicket.getId(),
                                                OAuthConstants.EXPIRES, expires);
    LOGGER.debug("text : {}", text);
    return OAuthUtils.writeText(response, text, HttpStatus.SC_OK);
}
 

/**
 * Add warning messages to message context if needed.
 *
 * @param tgtId the tgt id
 * @param messageContext the message context
 * @return true if warnings were found and added, false otherwise.
 * @since 4.1.0
 */
protected boolean addWarningMessagesToMessageContextIfNeeded(final TicketGrantingTicket tgtId, final MessageContext messageContext) {
    boolean foundAndAddedWarnings = false;
    for (final Map.Entry<String, HandlerResult> entry : tgtId.getAuthentication().getSuccesses().entrySet()) {
        for (final MessageDescriptor message : entry.getValue().getWarnings()) {
            addWarningToContext(messageContext, message);
            foundAndAddedWarnings = true;
        }
    }
    return foundAndAddedWarnings;

}
 

@Test
public void checkGrantingOfServiceTicketUsingDefaultTicketIdGen() throws Exception {
    final Service mockService = mock(Service.class);
    when(mockService.getId()).thenReturn("testDefault");
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
            .createTicketGrantingTicket(
                    TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
            .grantServiceTicket(ticketId.getId(), mockService);
    assertNotNull(serviceTicketId);
}
 

@Test(expected=TicketException.class)
public void verifyValidateServiceTicketWithInvalidServiceTicket() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(
        ticketGrantingTicket.getId());

    getCentralAuthenticationService().validateServiceTicket(
            serviceTicket.getId(), TestUtils.getService());
}
 

@Test
public void verifyDestroyTicketGrantingTicketWithValidTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
}
 

@Test
public void verifyValidateServiceTicketWithUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);

    final Service svc = TestUtils.getService("eduPersonTest");
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(), svc);

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(), svc);
    assertEquals("developer", assertion.getPrimaryAuthentication().getPrincipal().getId());
}
 

@Test(expected=IllegalArgumentException.class)
public void verifyDelegateTicketGrantingTicketWithInvalidCredentials() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = this.remoteCentralAuthenticationService
        .createTicketGrantingTicket(TestUtils
            .getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = this.remoteCentralAuthenticationService
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());

    this.remoteCentralAuthenticationService
        .delegateTicketGrantingTicket(serviceTicket.getId(), TestUtils
            .getCredentialsWithDifferentUsernameAndPassword("", ""));
    fail("IllegalArgumentException expected.");
}
 

@Test
public void verifyDelegateTicketGrantingTicketWithValidCredentials() throws Exception {
    final TicketGrantingTicket ticketGrantingTicket = this.remoteCentralAuthenticationService
        .createTicketGrantingTicket(TestUtils
            .getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicket = this.remoteCentralAuthenticationService
        .grantServiceTicket(ticketGrantingTicket.getId(), TestUtils.getService());
    this.remoteCentralAuthenticationService.delegateTicketGrantingTicket(
        serviceTicket.getId(), TestUtils.getHttpBasedServiceCredentials());
}
 

@Override
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response)
        throws Exception {

    final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
    LOGGER.debug("{} : {}", OAuthConstants.REDIRECT_URI, redirectUri);

    final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
    LOGGER.debug("{} : {}", OAuthConstants.CLIENT_ID, clientId);

    final String clientSecret = request.getParameter(OAuthConstants.CLIENT_SECRET);

    final String code = request.getParameter(OAuthConstants.CODE);
    LOGGER.debug("{} : {}", OAuthConstants.CODE, code);

    final boolean isVerified = verifyAccessTokenRequest(response, redirectUri, clientId, clientSecret, code);
    if (!isVerified) {
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_REQUEST, 400);
    }

    final ServiceTicket serviceTicket = (ServiceTicket) ticketRegistry.getTicket(code);
    // service ticket should be valid
    if (serviceTicket == null || serviceTicket.isExpired()) {
        LOGGER.error("Code expired : {}", code);
        return OAuthUtils.writeTextError(response, OAuthConstants.INVALID_GRANT, 400);
    }
    final TicketGrantingTicket ticketGrantingTicket = serviceTicket.getGrantingTicket();
    // remove service ticket
    ticketRegistry.deleteTicket(serviceTicket.getId());

    response.setContentType("text/plain");
    final int expires = (int) (timeout - (System.currentTimeMillis()
            - ticketGrantingTicket.getCreationTime()) / 1000);

    final String text = String.format("%s=%s&%s=%s", OAuthConstants.ACCESS_TOKEN, ticketGrantingTicket.getId(),
                                                OAuthConstants.EXPIRES, expires);
    LOGGER.debug("text : {}", text);
    return OAuthUtils.writeText(response, text, 200);
}
 

@Test
public void testGetExistingTicketWithProperClass() {
    try {
        this.ticketRegistry.addTicket(new TicketGrantingTicketImpl("TEST",
                TestUtils.getAuthentication(), new NeverExpiresExpirationPolicy()));
        this.ticketRegistry.getTicket("TEST", TicketGrantingTicket.class);
    } catch (final Exception e) {
        fail("Caught an exception. But no exception should have been thrown.");
    }
}
 

@Test(expected=TicketException.class)
public void verifyDelegateTicketGrantingTicketWithBadServiceTicket() throws Exception {
    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket serviceTicketId = getCentralAuthenticationService()
        .grantServiceTicket(ticketId.getId(), TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId.getId());
    getCentralAuthenticationService().delegateTicketGrantingTicket(
        serviceTicketId.getId(), TestUtils.getHttpBasedServiceCredentials());
}
 

@Test
public void verifyProxiedInstancesEqual() {
    final TicketGrantingTicket t = new TicketGrantingTicketImpl("test", TestUtils.getAuthentication(),
            new NeverExpiresExpirationPolicy());
    this.ticketRegistry.addTicket(t);

    final TicketGrantingTicket returned = (TicketGrantingTicket) this.ticketRegistry.getTicket("test");
    assertEquals(t, returned);
    assertEquals(returned, t);

    assertEquals(t.getCreationTime(), returned.getCreationTime());
    assertEquals(t.getAuthentication(), returned.getAuthentication());
    assertEquals(t.getCountOfUses(), returned.getCountOfUses());
    assertEquals(t.getGrantingTicket(), returned.getGrantingTicket());
    assertEquals(t.getId(), returned.getId());
    assertEquals(t.getChainedAuthentications(), returned.getChainedAuthentications());
    assertEquals(t.isExpired(), returned.isExpired());
    assertEquals(t.isRoot(), returned.isRoot());

    final ServiceTicket s = t.grantServiceTicket("stest", TestUtils.getService(),
            new NeverExpiresExpirationPolicy(), false);
    this.ticketRegistry.addTicket(s);

    final ServiceTicket sreturned = (ServiceTicket) this.ticketRegistry.getTicket("stest");
    assertEquals(s, sreturned);
    assertEquals(sreturned, s);

    assertEquals(s.getCreationTime(), sreturned.getCreationTime());
    assertEquals(s.getCountOfUses(), sreturned.getCountOfUses());
    assertEquals(s.getGrantingTicket(), sreturned.getGrantingTicket());
    assertEquals(s.getId(), sreturned.getId());
    assertEquals(s.isExpired(), sreturned.isExpired());
    assertEquals(s.getService(), sreturned.getService());
    assertEquals(s.isFromNewLogin(), sreturned.isFromNewLogin());
}
 

@Test
public void verifyCleanRegistryOneNonExpired() {
    populateRegistryWithExpiredTickets();
    final TicketGrantingTicket ticket = new TicketGrantingTicketImpl("testNoExpire", TestUtils.getAuthentication(),
            new NeverExpiresExpirationPolicy());
    this.ticketRegistry.addTicket(ticket);
    clean();
    assertEquals(this.ticketRegistry.getTickets().size(), 1);
}
 

@Test
public void verifyLogging771() {
    final TicketGrantingTicket t = mock(TicketGrantingTicket.class);
    when(t.getId()).thenReturn(ID1);
    when(t.toString()).thenReturn(ID1);

    logger.debug(getMessageToLogWithParams(), ID2, t);
    validateLogData();
}
 

protected final Ticket getProxiedTicketInstance(final Ticket ticket) {
    if (ticket == null) {
        return null;
    }

    if (ticket instanceof TicketGrantingTicket) {
        return new TicketGrantingTicketDelegator(this, (TicketGrantingTicket) ticket, needsCallback());
    }

    return new ServiceTicketDelegator(this, (ServiceTicket) ticket, needsCallback());
}
 

@Test
public void verifyEncodeDecodeTGTWithUnmodifiableList() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final List<String> values = new ArrayList<>();
    values.add(NICKNAME_VALUE);
    final Map<String, Object> newAttributes = new HashMap<>();
    newAttributes.put(NICKNAME_KEY, Collections.unmodifiableList(values));
    final TicketGrantingTicket expectedTGT = new MockTicketGrantingTicket(TGT_ID, userPassCredential, newAttributes);
    expectedTGT.grantServiceTicket(ST_ID, null, null, false);
    assertEquals(expectedTGT, transcoder.decode(transcoder.encode(expectedTGT)));
}
 

protected final ModelAndView getModelAndViewUponServiceValidationWithSecurePgtUrl() throws Exception {
    final TicketGrantingTicket tId = getCentralAuthenticationService()
            .createTicketGrantingTicket(TestUtils.getCredentialsWithSameUsernameAndPassword());
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), TestUtils.getService());

    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter("service", TestUtils.getService().getId());
    request.addParameter("ticket", sId.getId());
    request.addParameter("pgtUrl", "https://www.github.com");


    return this.serviceValidateController
            .handleRequestInternal(request, new MockHttpServletResponse());
}
 

@Audit(
    action="PROXY_GRANTING_TICKET",
    actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
    resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="GRANT_PROXY_GRANTING_TICKET_METER")
@Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null || serviceTicket.isExpired()) {
        logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    final RegisteredService registeredService = this.servicesManager
            .findServiceBy(serviceTicket.getService());

    verifyRegisteredServiceProperties(registeredService, serviceTicket.getService());
    
    if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
        logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }

    final Authentication authentication = this.authenticationManager.authenticate(credentials);

    final String pgtId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(
            TicketGrantingTicket.PROXY_GRANTING_TICKET_PREFIX);
    final TicketGrantingTicket proxyGrantingTicket = serviceTicket.grantTicketGrantingTicket(pgtId,
                                authentication, this.ticketGrantingTicketExpirationPolicy);

    logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
    this.ticketRegistry.addTicket(proxyGrantingTicket);

    return proxyGrantingTicket;
}
 

@Test
public void verifyValidateServiceTicketWithoutUsernameAttribute() throws Exception {
    final UsernamePasswordCredential cred =  TestUtils.getCredentialsWithSameUsernameAndPassword();
    final TicketGrantingTicket ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(cred);
    final ServiceTicket serviceTicket = getCentralAuthenticationService().grantServiceTicket(ticketGrantingTicket.getId(),
            TestUtils.getService());

    final Assertion assertion = getCentralAuthenticationService().validateServiceTicket(serviceTicket.getId(),
            TestUtils.getService());
    final Authentication auth = assertion.getPrimaryAuthentication();
    assertEquals(auth.getPrincipal().getId(), cred.getUsername());
}