/**
* Grant ticket granting ticket.
*
* @param context the context
* @param authenticationResultBuilder the authentication result builder
* @param service the service
* @return the event
* @throws Exception the exception
*/
protected Event grantTicketGrantingTicketToAuthenticationResult(
final RequestContext context,
final AuthenticationResultBuilder authenticationResultBuilder,
final Service service)
throws Exception {
logger.debug("Finalizing authentication transactions and issuing ticket-granting ticket");
final AuthenticationResult authenticationResult =
this.authenticationSystemSupport.finalizeAllAuthenticationTransactions(
authenticationResultBuilder, service);
boolean issueTicketGrantingTicket = true;
final Authentication authentication = authenticationResult.getAuthentication();
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
if (StringUtils.isNotBlank(ticketGrantingTicket)) {
logger.debug(
"Located ticket-granting ticket in the context. Retrieving associated authentication");
final Authentication authenticationFromTgt =
this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
if (authenticationFromTgt == null) {
logger.debug(
"Authentication session associated with {} is no longer valid", ticketGrantingTicket);
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket);
} else if (authentication.getPrincipal().equals(authenticationFromTgt.getPrincipal())) {
logger.debug("Resulting authentication matches the authentication from context");
issueTicketGrantingTicket = false;
} else {
logger.debug("Resulting authentication is different from the context");
}
}
final TicketGrantingTicket tgt;
if (issueTicketGrantingTicket) {
tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
} else {
tgt =
this.centralAuthenticationService.getTicket(
ticketGrantingTicket, TicketGrantingTicket.class);
tgt.getAuthentication().update(authentication);
this.centralAuthenticationService.updateTicket(tgt);
}
WebUtils.putTicketGrantingTicketInScopes(context, tgt);
WebUtils.putAuthenticationResult(authenticationResult, context);
WebUtils.putAuthentication(tgt.getAuthentication(), context);
if (addWarningMessagesToMessageContextIfNeeded(tgt, context.getMessageContext())) {
return newEvent(SUCCESS_WITH_WARNINGS);
}
return newEvent(CasWebflowConstants.TRANSITION_ID_SUCCESS);
}
/**
* Add warning messages to message context if needed.
*
* @param tgtId the tgt id
* @param messageContext the message context
* @return true if warnings were found and added, false otherwise.
* @since 4.1.0
*/
private static boolean addWarningMessagesToMessageContextIfNeeded(
final TicketGrantingTicket tgtId, final MessageContext messageContext) {
boolean foundAndAddedWarnings = false;
for (final Map.Entry<String, HandlerResult> entry :
tgtId.getAuthentication().getSuccesses().entrySet()) {
for (final MessageDescriptor message : entry.getValue().getWarnings()) {
addMessageDescriptorToMessageContext(messageContext, message);
foundAndAddedWarnings = true;
}
}
return foundAndAddedWarnings;
}
@Test
public void verifyGetTicketsFromRegistryEqualToTicketsAdded() {
final Collection<Ticket> tickets = new ArrayList<>();
for (int i = 0; i < TICKETS_IN_REGISTRY; i++) {
final TicketGrantingTicket ticketGrantingTicket =
new TicketGrantingTicketImpl(
"TEST" + i, TestUtils.getAuthentication(), new NeverExpiresExpirationPolicy());
final ServiceTicket st =
ticketGrantingTicket.grantServiceTicket(
"tests" + i,
org.apereo.cas.services.TestUtils.getService(),
new NeverExpiresExpirationPolicy(),
false,
true);
tickets.add(ticketGrantingTicket);
tickets.add(st);
this.ticketRegistry.addTicket(ticketGrantingTicket);
this.ticketRegistry.addTicket(st);
}
try {
final Collection<Ticket> ticketRegistryTickets = this.ticketRegistry.getTickets();
assertEquals(
"The size of the registry is not the same as the collection.",
ticketRegistryTickets.size(),
tickets.size());
tickets
.stream()
.filter(ticket -> !ticketRegistryTickets.contains(ticket))
.forEach(
ticket ->
fail(
"Ticket was added to registry but was not found in retrieval of collection of all tickets."));
} catch (final Exception e) {
fail("Caught an exception. But no exception should have been thrown.");
}
}
@Test
public void verifyDeleteTicketWithChildren() {
try {
this.ticketRegistry.addTicket(
new TicketGrantingTicketImpl(
"TGT", TestUtils.getAuthentication(), new NeverExpiresExpirationPolicy()));
final TicketGrantingTicket tgt =
this.ticketRegistry.getTicket("TGT", TicketGrantingTicket.class);
final Service service = org.apereo.cas.services.TestUtils.getService("TGT_DELETE_TEST");
final ServiceTicket st1 =
tgt.grantServiceTicket("ST1", service, new NeverExpiresExpirationPolicy(), true, false);
final ServiceTicket st2 =
tgt.grantServiceTicket("ST2", service, new NeverExpiresExpirationPolicy(), true, false);
final ServiceTicket st3 =
tgt.grantServiceTicket("ST3", service, new NeverExpiresExpirationPolicy(), true, false);
this.ticketRegistry.addTicket(st1);
this.ticketRegistry.addTicket(st2);
this.ticketRegistry.addTicket(st3);
assertNotNull(this.ticketRegistry.getTicket("TGT", TicketGrantingTicket.class));
assertNotNull(this.ticketRegistry.getTicket("ST1", ServiceTicket.class));
assertNotNull(this.ticketRegistry.getTicket("ST2", ServiceTicket.class));
assertNotNull(this.ticketRegistry.getTicket("ST3", ServiceTicket.class));
this.ticketRegistry.deleteTicket(tgt.getId());
assertNull(this.ticketRegistry.getTicket("TGT", TicketGrantingTicket.class));
assertNull(this.ticketRegistry.getTicket("ST1", ServiceTicket.class));
assertNull(this.ticketRegistry.getTicket("ST2", ServiceTicket.class));
assertNull(this.ticketRegistry.getTicket("ST3", ServiceTicket.class));
} catch (final Exception e) {
fail("Caught an exception. But no exception should have been thrown.");
}
}
