org.jasig.cas.client.validation.TicketValidationException Java Examples

The following examples show how to use org.jasig.cas.client.validation.TicketValidationException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ShibcasAuthServlet.java    From shib-cas-authn3 with Apache License 2.0 6 votes vote down vote up
private void validatevalidateCasTicket(final HttpServletRequest request, final HttpServletResponse response, final String ticket,
                                       final String authenticationKey, final boolean force) throws ExternalAuthenticationException, IOException {
    try {
        ticketValidator.setRenew(force);
        final String serviceUrl = constructServiceUrl(request, response, true);
        logger.debug("validating ticket: {} with service url: {}", ticket, serviceUrl);
        final Assertion assertion = ticketValidator.validate(ticket, serviceUrl);
        if (assertion == null) {
            throw new TicketValidationException("Validation failed. Assertion could not be retrieved for ticket " + ticket);
        }
        for (final CasToShibTranslator casToShibTranslator : translators) {
            casToShibTranslator.doTranslation(request, response, assertion, authenticationKey);
        }
    } catch (final Exception e) {
        logger.error("Ticket validation failed, returning InvalidTicket", e);
        request.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, "InvalidTicket");
    }
    ExternalAuthentication.finishExternalAuthentication(authenticationKey, request, response);
}
 
Example #2
Source File: ShibcasAuthServletTest.java    From shib-cas-authn3 with Apache License 2.0 6 votes vote down vote up
@Test
public void testDoGetBadTicket() throws Exception {
    //Mock some objects.
    final HttpServletRequest request = createDoGetHttpServletRequest(CONVERSATION_TICKET, TICKET, "false");
    final HttpServletResponse response = createMockHttpServletResponse();
    final Cas20ServiceTicketValidator ticketValidator = PowerMockito.mock(Cas20ServiceTicketValidator.class);
    PowerMockito.when(ticketValidator.validate(TICKET, URL_WITH_CONVERSATION)).thenThrow(new TicketValidationException("Invalid Ticket"));

    PowerMockito.mockStatic(ExternalAuthentication.class);
    BDDMockito.given(ExternalAuthentication.startExternalAuthentication(request)).willThrow(new ExternalAuthenticationException());

    //Prep our object
    final ShibcasAuthServlet shibcasAuthServlet = createShibcasAuthServlet();

    //Override the internal Cas20TicketValidator because we don't want it to call a real server
    MemberModifier.field(ShibcasAuthServlet.class, "ticketValidator").set(shibcasAuthServlet, ticketValidator);

    //Standard request/response - bad ticket
    BDDMockito.given(request.getAttribute(ExternalAuthentication.FORCE_AUTHN_PARAM)).willReturn("false");
    BDDMockito.given(request.getAttribute(ExternalAuthentication.PASSIVE_AUTHN_PARAM)).willReturn("false");
    shibcasAuthServlet.doGet(request, response);

    //Verify
    verify(request).getRequestDispatcher("/no-conversation-state.jsp");
    verify(response).setStatus(404);
}
 
Example #3
Source File: ShibcasAuthServlet.java    From shib-cas-authn3 with Apache License 2.0 6 votes vote down vote up
private void validatevalidateCasTicket(final HttpServletRequest request, final HttpServletResponse response, final String ticket,
                                       final String authenticationKey, final boolean force) throws ExternalAuthenticationException, IOException {
    try {
        ticketValidator.setRenew(force);
        final String serviceUrl = constructServiceUrl(request, response, true);
        logger.debug("validating ticket: {} with service url: {}", ticket, serviceUrl);
        final Assertion assertion = ticketValidator.validate(ticket, serviceUrl);
        if (assertion == null) {
            throw new TicketValidationException("Validation failed. Assertion could not be retrieved for ticket " + ticket);
        }
        for (final CasToShibTranslator casToShibTranslator : translators) {
            casToShibTranslator.doTranslation(request, response, assertion, authenticationKey);
        }
    } catch (final Exception e) {
        logger.error("Ticket validation failed, returning InvalidTicket", e);
        request.setAttribute(ExternalAuthentication.AUTHENTICATION_ERROR_KEY, "InvalidTicket");
    }
    ExternalAuthentication.finishExternalAuthentication(authenticationKey, request, response);
}
 
Example #4
Source File: ShibcasAuthServletTest.java    From shib-cas-authn3 with Apache License 2.0 6 votes vote down vote up
@Test
public void testDoGetBadTicket() throws Exception {
    //Mock some objects.
    final HttpServletRequest request = createDoGetHttpServletRequest(CONVERSATION_TICKET, TICKET, "false");
    final HttpServletResponse response = createMockHttpServletResponse();
    final Cas20ServiceTicketValidator ticketValidator = PowerMockito.mock(Cas20ServiceTicketValidator.class);
    PowerMockito.when(ticketValidator.validate(TICKET, URL_WITH_CONVERSATION)).thenThrow(new TicketValidationException("Invalid Ticket"));

    PowerMockito.mockStatic(ExternalAuthentication.class);
    BDDMockito.given(ExternalAuthentication.startExternalAuthentication(request)).willThrow(new ExternalAuthenticationException());

    //Prep our object
    final ShibcasAuthServlet shibcasAuthServlet = createShibcasAuthServlet();

    //Override the internal Cas20TicketValidator because we don't want it to call a real server
    MemberModifier.field(ShibcasAuthServlet.class, "ticketValidator").set(shibcasAuthServlet, ticketValidator);

    //Standard request/response - bad ticket
    BDDMockito.given(request.getAttribute(ExternalAuthentication.FORCE_AUTHN_PARAM)).willReturn("false");
    BDDMockito.given(request.getAttribute(ExternalAuthentication.PASSIVE_AUTHN_PARAM)).willReturn("false");
    shibcasAuthServlet.doGet(request, response);

    //Verify
    verify(request).getRequestDispatcher("/no-conversation-state.jsp");
    verify(response).setStatus(404);
}
 
Example #5
Source File: JboneErrorPageRegister.java    From jbone with Apache License 2.0 5 votes vote down vote up
@Override
public void registerErrorPages(ErrorPageRegistry errorPageRegistry) {
    ErrorPage e404 = new ErrorPage(HttpStatus.NOT_FOUND, "/errors/404.html");
    ErrorPage e500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/errors/500.html");

    ErrorPage ticketValidateError = new ErrorPage(TicketValidationException.class,"/errors/ticketValidateError.html");
    errorPageRegistry.addErrorPages(ticketValidateError,e404, e500);
}
 
Example #6
Source File: TicketValidationService.java    From guacamole-client with Apache License 2.0 4 votes vote down vote up
/**
 * Validates and parses the given ID ticket, returning a map of all
 * available tokens for the given user based on attributes provided by the
 * CAS server.  If the ticket is invalid an exception is thrown.
 *
 * @param ticket
 *     The ID ticket to validate and parse.
 *
 * @param credentials
 *     The Credentials object to store retrieved username and
 *     password values in.
 *
 * @return
 *     A Map all of tokens for the user parsed from attributes returned
 *     by the CAS server.
 *
 * @throws GuacamoleException
 *     If the ID ticket is not valid or guacamole.properties could
 *     not be parsed.
 */
public Map<String, String> validateTicket(String ticket,
        Credentials credentials) throws GuacamoleException {

    // Retrieve the configured CAS URL, establish a ticket validator,
    // and then attempt to validate the supplied ticket.  If that succeeds,
    // grab the principal returned by the validator.
    URI casServerUrl = confService.getAuthorizationEndpoint();
    Cas20ProxyTicketValidator validator = new Cas20ProxyTicketValidator(casServerUrl.toString());
    validator.setAcceptAnyProxy(true);
    validator.setEncoding("UTF-8");
    try {
        Map<String, String> tokens = new HashMap<>();
        URI confRedirectURI = confService.getRedirectURI();
        Assertion a = validator.validate(ticket, confRedirectURI.toString());
        AttributePrincipal principal =  a.getPrincipal();
        Map<String, Object> ticketAttrs =
                new HashMap<>(principal.getAttributes());

        // Retrieve username and set the credentials.
        String username = principal.getName();
        if (username == null)
            throw new GuacamoleSecurityException("No username provided by CAS.");
        
        credentials.setUsername(username);

        // Retrieve password, attempt decryption, and set credentials.
        Object credObj = ticketAttrs.remove("credential");
        if (credObj != null) {
            String clearPass = decryptPassword(credObj.toString());
            if (clearPass != null && !clearPass.isEmpty())
                credentials.setPassword(clearPass);
        }
        
        // Convert remaining attributes that have values to Strings
        for (Entry <String, Object> attr : ticketAttrs.entrySet()) {
            String tokenName = TokenName.canonicalize(attr.getKey(),
                    CAS_ATTRIBUTE_TOKEN_PREFIX);
            Object value = attr.getValue();
            if (value != null)
                tokens.put(tokenName, value.toString());
        }

        return tokens;

    } 
    catch (TicketValidationException e) {
        throw new GuacamoleException("Ticket validation failed.", e);
    }

}
 
Example #7
Source File: TicketValidationService.java    From guacamole-client with Apache License 2.0 4 votes vote down vote up
/**
 * Validates and parses the given ID ticket, returning a map of all
 * available tokens for the given user based on attributes provided by the
 * CAS server.  If the ticket is invalid an exception is thrown.
 *
 * @param ticket
 *     The ID ticket to validate and parse.
 *
 * @param credentials
 *     The Credentials object to store retrieved username and
 *     password values in.
 *
 * @return
 *     A Map all of tokens for the user parsed from attributes returned
 *     by the CAS server.
 *
 * @throws GuacamoleException
 *     If the ID ticket is not valid or guacamole.properties could
 *     not be parsed.
 */
public Map<String, String> validateTicket(String ticket,
        Credentials credentials) throws GuacamoleException {

    // Retrieve the configured CAS URL, establish a ticket validator,
    // and then attempt to validate the supplied ticket.  If that succeeds,
    // grab the principal returned by the validator.
    URI casServerUrl = confService.getAuthorizationEndpoint();
    Cas20ProxyTicketValidator validator = new Cas20ProxyTicketValidator(casServerUrl.toString());
    validator.setAcceptAnyProxy(true);
    validator.setEncoding("UTF-8");
    try {
        Map<String, String> tokens = new HashMap<>();
        URI confRedirectURI = confService.getRedirectURI();
        Assertion a = validator.validate(ticket, confRedirectURI.toString());
        AttributePrincipal principal =  a.getPrincipal();
        Map<String, Object> ticketAttrs =
                new HashMap<>(principal.getAttributes());

        // Retrieve username and set the credentials.
        String username = principal.getName();
        if (username == null)
            throw new GuacamoleSecurityException("No username provided by CAS.");
        
        credentials.setUsername(username);

        // Retrieve password, attempt decryption, and set credentials.
        Object credObj = ticketAttrs.remove("credential");
        if (credObj != null) {
            String clearPass = decryptPassword(credObj.toString());
            if (clearPass != null && !clearPass.isEmpty())
                credentials.setPassword(clearPass);
        }
        
        // Convert remaining attributes that have values to Strings
        for (Entry <String, Object> attr : ticketAttrs.entrySet()) {
            String tokenName = TokenName.canonicalize(attr.getKey(),
                    CAS_ATTRIBUTE_TOKEN_PREFIX);
            Object value = attr.getValue();
            if (value != null)
                tokens.put(tokenName, value.toString());
        }

        return tokens;

    } 
    catch (TicketValidationException e) {
        throw new GuacamoleException("Ticket validation failed.", e);
    }

}