/** * Grant ticket granting ticket. * * @param context the context * @param authenticationResultBuilder the authentication result builder * @param service the service * @return the event * @throws Exception the exception */ protected Event grantTicketGrantingTicketToAuthenticationResult( final RequestContext context, final AuthenticationResultBuilder authenticationResultBuilder, final Service service) throws Exception { logger.debug("Finalizing authentication transactions and issuing ticket-granting ticket"); final AuthenticationResult authenticationResult = this.authenticationSystemSupport.finalizeAllAuthenticationTransactions( authenticationResultBuilder, service); boolean issueTicketGrantingTicket = true; final Authentication authentication = authenticationResult.getAuthentication(); final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context); if (StringUtils.isNotBlank(ticketGrantingTicket)) { logger.debug( "Located ticket-granting ticket in the context. Retrieving associated authentication"); final Authentication authenticationFromTgt = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket); if (authenticationFromTgt == null) { logger.debug( "Authentication session associated with {} is no longer valid", ticketGrantingTicket); this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket); } else if (authentication.getPrincipal().equals(authenticationFromTgt.getPrincipal())) { logger.debug("Resulting authentication matches the authentication from context"); issueTicketGrantingTicket = false; } else { logger.debug("Resulting authentication is different from the context"); } } final TicketGrantingTicket tgt; if (issueTicketGrantingTicket) { tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult); } else { tgt = this.centralAuthenticationService.getTicket( ticketGrantingTicket, TicketGrantingTicket.class); tgt.getAuthentication().update(authentication); this.centralAuthenticationService.updateTicket(tgt); } WebUtils.putTicketGrantingTicketInScopes(context, tgt); WebUtils.putAuthenticationResult(authenticationResult, context); WebUtils.putAuthentication(tgt.getAuthentication(), context); if (addWarningMessagesToMessageContextIfNeeded(tgt, context.getMessageContext())) { return newEvent(SUCCESS_WITH_WARNINGS); } return newEvent(CasWebflowConstants.TRANSITION_ID_SUCCESS); }