org.jasig.cas.ticket.TicketException Java Examples

@Override
@Audit(
        action="TICKET_GRANTING_TICKET",
        actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
        resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER")
@Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic=true)
public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials) throws TicketException {
    final MultiFactorCredentials mfaCredentials = (MultiFactorCredentials) credentials[0];
    final Authentication authentication = mfaCredentials.getAuthentication();

    if (authentication == null) {
        throw new TicketCreationException(new RuntimeException("Authentication cannot be null"));
    }
    final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
            this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX),
            authentication,
            this.ticketGrantingTicketExpirationPolicy);

    this.ticketRegistry.addTicket(ticketGrantingTicket);
    return ticketGrantingTicket;
}
 

/**
 * @throws IllegalArgumentException if the credentials are null.
 */
@Audit(
    action="TICKET_GRANTING_TICKET",
    actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
    resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "CREATE_TICKET_GRANTING_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public String createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    Assert.notNull(credentials, "credentials cannot be null");

    final Authentication authentication = this.authenticationManager.authenticate(credentials);

    final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
        this.ticketGrantingTicketUniqueTicketIdGenerator
            .getNewTicketId(TicketGrantingTicket.PREFIX),
        authentication, this.ticketGrantingTicketExpirationPolicy);

    this.ticketRegistry.addTicket(ticketGrantingTicket);
    return ticketGrantingTicket.getId();
}
 

@Override
protected Event doExecute(final RequestContext context) {
    final Service service = WebUtils.getService(context);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);

    try {
        final String serviceTicketId = this.centralAuthenticationService
            .grantServiceTicket(ticketGrantingTicket,
                service);
        WebUtils.putServiceTicketInRequestScope(context,
            serviceTicketId);
        return success();
    } catch (final TicketException e) {
        if (isGatewayPresent(context)) {
            return result("gateway");
        }
    }

    return error();
}
 

/**
 * Determines whether the TGT in the flow request context is valid.
 *
 * @param requestContext Flow request context.
 *
 * @throws Exception in case ticket cannot be retrieved from the service layer
 * @return {@link #NOT_EXISTS}, {@link #INVALID}, or {@link #VALID}.
 */
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final String tgtId = WebUtils.getTicketGrantingTicketId(requestContext);
    if (!StringUtils.hasText(tgtId)) {
        return new Event(this, NOT_EXISTS);
    }

    String eventId = INVALID;
    try {
        final Ticket ticket = this.centralAuthenticationService.getTicket(tgtId, Ticket.class);
        if (ticket != null && !ticket.isExpired()) {
            eventId = VALID;
        }
    } catch (final TicketException e) {
        logger.trace("Could not retrieve ticket id {} from registry.", e);
    }
    return new Event(this,  eventId);
}
 

@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, (Credential[]) null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}
 

@Test(expected=TicketException.class)
    public void verifyGrantServiceTicketWithExpiredTicketGrantingTicket() throws Exception {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new ExpirationPolicy() {
            private static final long serialVersionUID = 1L;

            public boolean isExpired(final TicketState ticket) {
                return true;
            }});

    final TicketGrantingTicket ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    try {
        getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
            TestUtils.getService());
    } finally {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new NeverExpiresExpirationPolicy());
    }
}
 

@Test
public void testChainedAuthenticationsOnValidation() throws TicketException {
    final Service svc = TestUtils.getService(SVC2_ID);
    final String st = this.cas.grantServiceTicket(TGT2_ID, svc);
    assertNotNull(st);
    
    final Assertion assertion = this.cas.validateServiceTicket(st, svc);
    assertNotNull(assertion);
    
    assertEquals(assertion.getService(), svc);
    assertEquals(assertion.getPrimaryAuthentication().getPrincipal().getId(), PRINCIPAL);
    assertTrue(assertion.getChainedAuthentications().size()  == 2);
    for (int i = 0; i < assertion.getChainedAuthentications().size(); i++) {
        final Authentication auth = assertion.getChainedAuthentications().get(i);
        assertEquals(auth, authentication);
    }
}
 

/**
 * Gets the authentication satisfied by policy.
 *
 * @param ticket the ticket
 * @param context the context
 * @return the authentication satisfied by policy
 * @throws org.jasig.cas.ticket.TicketException the ticket exception
 */
private Authentication getAuthenticationSatisfiedByPolicy(
        final TicketGrantingTicket ticket, final ServiceContext context) throws TicketException {

    final ContextualAuthenticationPolicy<ServiceContext> policy =
            serviceContextAuthenticationPolicyFactory.createPolicy(context);
    if (policy.isSatisfiedBy(ticket.getAuthentication())) {
        return ticket.getAuthentication();
    }
    for (final Authentication auth : ticket.getSupplementalAuthentications()) {
        if (policy.isSatisfiedBy(auth)) {
            return auth;
        }
    }
    throw new UnsatisfiedAuthenticationPolicyException(policy);
}
 

@Test(expected=TicketException.class)
    public void testGrantServiceTicketWithExpiredTicketGrantingTicket() throws Exception {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new ExpirationPolicy() {
            private static final long serialVersionUID = 1L;

            public boolean isExpired(final TicketState ticket) {
                return true;
            }});
    final String ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    try {
        getCentralAuthenticationService().grantServiceTicket(ticketId,
            TestUtils.getService());
    } finally {
        ((CentralAuthenticationServiceImpl) getCentralAuthenticationService()).setTicketGrantingTicketExpirationPolicy(
                new NeverExpiresExpirationPolicy());
    }
}
 

@Test
public void verifyChainedAuthenticationsOnValidation() throws TicketException {
    final Service svc = TestUtils.getService(SVC2_ID);
    final ServiceTicket st = this.cas.grantServiceTicket(TGT2_ID, svc);
    assertNotNull(st);
    
    final Assertion assertion = this.cas.validateServiceTicket(st.getId(), svc);
    assertNotNull(assertion);
    
    assertEquals(assertion.getService(), svc);
    assertEquals(assertion.getPrimaryAuthentication().getPrincipal().getId(), PRINCIPAL);
    assertTrue(assertion.getChainedAuthentications().size()  == 2);
    for (int i = 0; i < assertion.getChainedAuthentications().size(); i++) {
        final Authentication auth = assertion.getChainedAuthentications().get(i);
        assertEquals(auth, authentication);
    }
}
 

/**
 * This test checks that the TGT destruction happens properly for a remote registry.
 * It previously failed when the deletion happens before the ticket was marked expired because an update was necessary for that.
 *
 * @throws AuthenticationException
 * @throws TicketException
 */
@Test
public void testDestroyRemoteRegistry() throws TicketException, AuthenticationException {
    final MockOnlyOneTicketRegistry registry = new MockOnlyOneTicketRegistry();
    final TicketGrantingTicketImpl tgt = new TicketGrantingTicketImpl("TGT-1", mock(Authentication.class),
            mock(ExpirationPolicy.class));
    final MockExpireUpdateTicketLogoutManager logoutManager = new MockExpireUpdateTicketLogoutManager(registry);
    // consider authentication has happened and the TGT is in the registry
    registry.addTicket(tgt);
    // create a new CASimpl
    final CentralAuthenticationServiceImpl cas = new CentralAuthenticationServiceImpl(registry,  null,  null, null, null, null, null,
            null, logoutManager);
    // destroy to mark expired and then delete : the opposite would fail with a "No ticket to update" error from the registry
    cas.destroyTicketGrantingTicket(tgt.getId());
}
 

@Audit(
        action="PROXY_GRANTING_TICKET",
        actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
        resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="GRANT_PROXY_GRANTING_TICKET_METER")
@Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws org.jasig.cas.authentication.AuthenticationException, TicketException {
    return this.delegate.delegateTicketGrantingTicket(serviceTicketId, credentials);
}
 

/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the credentials are invalid.
 */
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.delegateTicketGrantingTicket(serviceTicketId, credentials);
}
 

@Audit(
        action="SERVICE_TICKET",
        actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
        resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_SERVICE_TICKET_TIMER")
@Metered(name="GRANT_SERVICE_TICKET_METER")
@Counted(name="GRANT_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public ServiceTicket grantServiceTicket(
        final String ticketGrantingTicketId,
        final Service service, final Credential... credentials)
        throws org.jasig.cas.authentication.AuthenticationException, TicketException {
    return this.delegate.grantServiceTicket(ticketGrantingTicketId, service, credentials);
}
 

@Audit(
    action="PROXY_GRANTING_TICKET",
    actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
    resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name="GRANT_PROXY_GRANTING_TICKET_TIMER")
@Metered(name="GRANT_PROXY_GRANTING_TICKET_METER")
@Counted(name="GRANT_PROXY_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    final ServiceTicket serviceTicket =  this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);

    if (serviceTicket == null || serviceTicket.isExpired()) {
        logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }

    final RegisteredService registeredService = this.servicesManager
            .findServiceBy(serviceTicket.getService());

    verifyRegisteredServiceProperties(registeredService, serviceTicket.getService());
    
    if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
        logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }

    final Authentication authentication = this.authenticationManager.authenticate(credentials);

    final String pgtId = this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(
            TicketGrantingTicket.PROXY_GRANTING_TICKET_PREFIX);
    final TicketGrantingTicket proxyGrantingTicket = serviceTicket.grantTicketGrantingTicket(pgtId,
                                authentication, this.ticketGrantingTicketExpirationPolicy);

    logger.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
    this.ticketRegistry.addTicket(proxyGrantingTicket);

    return proxyGrantingTicket;
}
 

@Audit(
        action="SERVICE_TICKET_VALIDATE",
        actionResolverName="VALIDATE_SERVICE_TICKET_RESOLVER",
        resourceResolverName="VALIDATE_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name="VALIDATE_SERVICE_TICKET_TIMER")
@Metered(name="VALIDATE_SERVICE_TICKET_METER")
@Counted(name="VALIDATE_SERVICE_TICKET_COUNTER", monotonic=true)
@Override
public Assertion validateServiceTicket(final String serviceTicketId, final Service service) throws TicketException {
    return this.delegate.validateServiceTicket(serviceTicketId, service);
}
 

/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if given invalid credentials
 */
@Override
public ServiceTicket grantServiceTicket(
        final String ticketGrantingTicketId, final Service service, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);
}
 

/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the Credentials are null or if given
 * invalid credentials.
 */
@Override
public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    Assert.notNull(credentials, "credentials cannot be null");
    checkForErrors(credentials);

    return this.centralAuthenticationService.createTicketGrantingTicket(credentials);
}
 

@Audit(
    action="TICKET_GRANTING_TICKET",
    actionResolverName="CREATE_TICKET_GRANTING_TICKET_RESOLVER",
    resourceResolverName="CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "CREATE_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "CREATE_TICKET_GRANTING_TICKET_METER")
@Counted(name="CREATE_TICKET_GRANTING_TICKET_COUNTER", monotonic=true)
@Override
public TicketGrantingTicket createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    final Set<Credential> sanitizedCredentials = sanitizeCredentials(credentials);
    if (sanitizedCredentials.size() > 0) {
        final Authentication authentication = this.authenticationManager.authenticate(credentials);

        final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
                this.ticketGrantingTicketUniqueTicketIdGenerator
                        .getNewTicketId(TicketGrantingTicket.PREFIX),
                authentication, this.ticketGrantingTicketExpirationPolicy);

        this.ticketRegistry.addTicket(ticketGrantingTicket);
        return ticketGrantingTicket;
    }
    final String msg = "No credentials were specified in the request for creating a new ticket-granting ticket";
    logger.warn(msg);
    throw new TicketCreationException(new IllegalArgumentException(msg));
}
 

/**
 * This test checks that the TGT destruction happens properly for a remote registry.
 * It previously failed when the deletion happens before the ticket was marked expired because an update was necessary for that.
 *
 * @throws AuthenticationException
 * @throws org.jasig.cas.ticket.TicketException
 */
@Test
public void verifyDestroyRemoteRegistry() throws TicketException, AuthenticationException {
    final MockOnlyOneTicketRegistry registry = new MockOnlyOneTicketRegistry();
    final TicketGrantingTicketImpl tgt = new TicketGrantingTicketImpl("TGT-1", mock(Authentication.class),
            mock(ExpirationPolicy.class));
    final MockExpireUpdateTicketLogoutManager logoutManager = new MockExpireUpdateTicketLogoutManager(registry);
    // consider authentication has happened and the TGT is in the registry
    registry.addTicket(tgt);
    // create a new CASimpl
    final CentralAuthenticationServiceImpl cas = new CentralAuthenticationServiceImpl(registry,  null,  null, null, null, null, null,
            null, logoutManager);
    // destroy to mark expired and then delete : the opposite would fail with a "No ticket to update" error from the registry
    cas.destroyTicketGrantingTicket(tgt.getId());
}
 

/**
 * This test simulates :
 * - a first authentication for a default service
 * - a second authentication with the renew parameter and the same service (and same credentials)
 * - a validation of the second ticket.
 * 
 * When supplemental authentications were returned with the chained authentications, the validation specification
 * failed as it only expects one authentication. Thus supplemental authentications should not be returned in the
 * chained authentications. Both concepts are orthogonal.
 *  
 * @throws TicketException
 * @throws AuthenticationException
 */
@Test
public void authenticateTwiceWithRenew() throws TicketException, AuthenticationException {
    final CentralAuthenticationService cas = getCentralAuthenticationService();
    final Service svc = TestUtils.getService("testDefault");
    final UsernamePasswordCredential goodCredential = TestUtils.getCredentialsWithSameUsernameAndPassword();
    final String tgtId = cas.createTicketGrantingTicket(goodCredential);
    cas.grantServiceTicket(tgtId, svc);
    // simulate renew with new good same credentials
    final String st2Id = cas.grantServiceTicket(tgtId, svc, goodCredential);
    final Assertion assertion = cas.validateServiceTicket(st2Id, svc);
    final ValidationSpecification validationSpecification = new Cas20WithoutProxyingValidationSpecification();
    assertTrue(validationSpecification.isSatisfiedBy(assertion));
}
 

@Test(expected=TicketException.class)
public void testValidateServiceTicketWithInvalidServiceTicket() throws Exception {
    final String ticketGrantingTicket = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final String serviceTicket = getCentralAuthenticationService()
        .grantServiceTicket(ticketGrantingTicket, TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(
        ticketGrantingTicket);

    getCentralAuthenticationService().validateServiceTicket(
            serviceTicket, TestUtils.getService());
}
 

@Test(expected=TicketException.class)
public void testDelegateTicketGrantingTicketWithBadServiceTicket() throws Exception {
    final String ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    final String serviceTicketId = getCentralAuthenticationService()
        .grantServiceTicket(ticketId, TestUtils.getService());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId);
    getCentralAuthenticationService().delegateTicketGrantingTicket(
        serviceTicketId, TestUtils.getHttpBasedServiceCredentials());
}
 

@Test(expected=TicketException.class)
public void testGrantServiceTicketWithInvalidTicketGrantingTicket() throws Exception {
    final String ticketId = getCentralAuthenticationService()
        .createTicketGrantingTicket(
            TestUtils.getCredentialsWithSameUsernameAndPassword());
    getCentralAuthenticationService().destroyTicketGrantingTicket(ticketId);
        getCentralAuthenticationService().grantServiceTicket(ticketId,
            TestUtils.getService());
}
 

@Test
public void testGoodCredentialsOnTicketGrantingTicketCreation() throws Exception {
    try {
        assertNotNull(getCentralAuthenticationService()
            .createTicketGrantingTicket(
                TestUtils.getCredentialsWithSameUsernameAndPassword()));
    } catch (final TicketException e) {
        fail(TestUtils.CONST_EXCEPTION_NON_EXPECTED);
    }
}
 

/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the Credentials are null or if given
 * invalid credentials.
 */
@Override
public String createTicketGrantingTicket(final Credential... credentials)
        throws AuthenticationException, TicketException {

    Assert.notNull(credentials, "credentials cannot be null");
    checkForErrors(credentials);

    return this.centralAuthenticationService.createTicketGrantingTicket(credentials);
}
 

private Authentication getAuthenticationSatisfiedByPolicy(
        final TicketGrantingTicket ticket, final ServiceContext context) throws TicketException {

    final ContextualAuthenticationPolicy<ServiceContext> policy =
            serviceContextAuthenticationPolicyFactory.createPolicy(context);
    if (policy.isSatisfiedBy(ticket.getAuthentication())) {
        return ticket.getAuthentication();
    }
    for (final Authentication auth : ticket.getSupplementalAuthentications()) {
        if (policy.isSatisfiedBy(auth)) {
            return auth;
        }
    }
    throw new UnsatisfiedAuthenticationPolicyException(policy);
}
 

/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if given invalid credentials
 */
@Override
public String grantServiceTicket(
        final String ticketGrantingTicketId, final Service service, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);
}
 

/**
 * {@inheritDoc}
 * @throws IllegalArgumentException if the credentials are invalid.
 */
@Override
public String delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
        throws AuthenticationException, TicketException {

    checkForErrors(credentials);

    return this.centralAuthenticationService.delegateTicketGrantingTicket(serviceTicketId, credentials);
}
 

@Audit(
    action="SERVICE_TICKET",
    actionResolverName="GRANT_SERVICE_TICKET_RESOLVER",
    resourceResolverName="GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Profiled(tag = "GRANT_SERVICE_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public String grantServiceTicket(final String ticketGrantingTicketId,
    final Service service) throws TicketException {
    try {
        return this.grantServiceTicket(ticketGrantingTicketId, service, null);
    } catch (final AuthenticationException e) {
        throw new IllegalStateException("Unexpected authentication exception", e);
    }
}