public AuthenticationInfo extractCredentials( HttpServletRequest request, HttpServletResponse response) { LOGGER.debug("extractCredentials called"); AuthenticationInfo authnInfo = null; final HttpSession session = request.getSession(false); final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null; if (assertion != null) { LOGGER.debug("assertion found"); authnInfo = createAuthnInfo(assertion); } else { final String serviceUrl = constructServiceUrl(request, response); final String ticket = CommonUtils.safeGetParameter(request, artifactParameterName); final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl); if (CommonUtils.isNotBlank(ticket) || wasGatewayed) { LOGGER.debug("found ticket: \"{}\" or was gatewayed", ticket); authnInfo = getUserFromTicket(ticket, serviceUrl, request); } else { LOGGER.debug("no ticket and no assertion found"); } } return authnInfo; }