/** * Determines the principal id to use for a {@link RegisteredService} using the following rules: * * <ul> * <li>If the service is marked to allow anonymous access, a persistent id is returned. * <li>If the {@link org.jasig.cas.services.RegisteredService#getUsernameAttribute()} is blank, * then the default principal id is returned. * <li>If the username attribute is available as part of the principal's attributes, the * corresponding attribute value will be returned. * <li>Otherwise, the default principal's id is returned as the username attribute with an * additional warning. * </ul> * * @param principal The principal object to be validated and constructed * @param registeredService Requesting service for which a principal is being validated. * @param serviceTicket An instance of the service ticket used for validation * @return The principal id to use for the requesting registered service */ private String determinePrincipalIdForRegisteredService( final Principal principal, final RegisteredService registeredService, final ServiceTicket serviceTicket) { String principalId = null; final String serviceUsernameAttribute = registeredService.getUsernameAttribute(); if (registeredService.isAnonymousAccess()) { principalId = this.persistentIdGenerator.generate(principal, serviceTicket.getService()); } else if (StringUtils.isBlank(serviceUsernameAttribute)) { principalId = principal.getId(); } else { if (principal.getAttributes().containsKey(serviceUsernameAttribute)) { principalId = principal.getAttributes().get(serviceUsernameAttribute).toString(); } else { principalId = principal.getId(); final Object[] errorLogParameters = new Object[] { principalId, registeredService.getUsernameAttribute(), principal.getAttributes(), registeredService.getServiceId(), principalId }; logger.warn( "Principal [{}] did not have attribute [{}] among attributes [{}] so CAS cannot " + "provide on the validation response the user attribute the registered service [{}] expects. " + "CAS will instead return the default username attribute [{}]", errorLogParameters); } } logger.debug( "Principal id to return for service [{}] is [{}]. The default principal id is [{}].", new Object[] {registeredService.getName(), principal.getId(), principalId}); return principalId; }