/**
* Grant ticket granting ticket.
*
* @param context the context
* @param authenticationResultBuilder the authentication result builder
* @param service the service
* @return the event
* @throws Exception the exception
*/
protected Event grantTicketGrantingTicketToAuthenticationResult(
final RequestContext context,
final AuthenticationResultBuilder authenticationResultBuilder,
final Service service)
throws Exception {
logger.debug("Finalizing authentication transactions and issuing ticket-granting ticket");
final AuthenticationResult authenticationResult =
this.authenticationSystemSupport.finalizeAllAuthenticationTransactions(
authenticationResultBuilder, service);
boolean issueTicketGrantingTicket = true;
final Authentication authentication = authenticationResult.getAuthentication();
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
if (StringUtils.isNotBlank(ticketGrantingTicket)) {
logger.debug(
"Located ticket-granting ticket in the context. Retrieving associated authentication");
final Authentication authenticationFromTgt =
this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
if (authenticationFromTgt == null) {
logger.debug(
"Authentication session associated with {} is no longer valid", ticketGrantingTicket);
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket);
} else if (authentication.getPrincipal().equals(authenticationFromTgt.getPrincipal())) {
logger.debug("Resulting authentication matches the authentication from context");
issueTicketGrantingTicket = false;
} else {
logger.debug("Resulting authentication is different from the context");
}
}
final TicketGrantingTicket tgt;
if (issueTicketGrantingTicket) {
tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
} else {
tgt =
this.centralAuthenticationService.getTicket(
ticketGrantingTicket, TicketGrantingTicket.class);
tgt.getAuthentication().update(authentication);
this.centralAuthenticationService.updateTicket(tgt);
}
WebUtils.putTicketGrantingTicketInScopes(context, tgt);
WebUtils.putAuthenticationResult(authenticationResult, context);
WebUtils.putAuthentication(tgt.getAuthentication(), context);
if (addWarningMessagesToMessageContextIfNeeded(tgt, context.getMessageContext())) {
return newEvent(SUCCESS_WITH_WARNINGS);
}
return newEvent(CasWebflowConstants.TRANSITION_ID_SUCCESS);
}
/**
* Add warning messages to message context if needed.
*
* @param tgtId the tgt id
* @param messageContext the message context
* @return true if warnings were found and added, false otherwise.
* @since 4.1.0
*/
private static boolean addWarningMessagesToMessageContextIfNeeded(
final TicketGrantingTicket tgtId, final MessageContext messageContext) {
boolean foundAndAddedWarnings = false;
for (final Map.Entry<String, HandlerResult> entry :
tgtId.getAuthentication().getSuccesses().entrySet()) {
for (final MessageDescriptor message : entry.getValue().getWarnings()) {
addMessageDescriptorToMessageContext(messageContext, message);
foundAndAddedWarnings = true;
}
}
return foundAndAddedWarnings;
}