/**
* This method verify the ticket.
*
* @param ticket String, ticket to validate
* @param userId String, user id
* @return String
* @throws SecurityException the security exception
*/
public void validateTicket(String ticket, String userId) throws SecurityException {
logger.debug("IN");
ConfigSingleton config = ConfigSingleton.getInstance();
String validateUrl = null;
String validateService = null;
if (config != null) {
// only server side...
validateUrl = SingletonConfig.getInstance().getConfigValue("CAS_SSO.VALIDATE-USER.URL");
logger.debug("Read validateUrl=" + validateUrl);
validateService =
SingletonConfig.getInstance().getConfigValue("CAS_SSO.VALIDATE-USER.SERVICE");
logger.debug("Read validateService=" + validateService);
}
logger.debug("userId:" + userId);
try {
AttributePrincipal principal = null;
Cas20ProxyTicketValidator sv = new Cas20ProxyTicketValidator(validateUrl);
sv.setAcceptAnyProxy(true);
Assertion a = sv.validate(ticket, validateService);
principal = a.getPrincipal();
logger.debug("Ticket is VALID, username="******"An exception occured while validating the cas token");
throw new SecurityException("An exception occured while validating the cas token", e);
} catch (Throwable e) {
logger.error("An exception occured while validating the cas token");
throw new SecurityException("An exception occured while validating the cas token", e);
} finally {
logger.debug("OUT");
}
}
protected TicketValidator getTicketValidator(long companyId) throws Exception {
TicketValidator ticketValidator = _ticketValidators.get(companyId);
if (ticketValidator != null) {
return ticketValidator;
}
String serverName =
PrefsPropsUtil.getString(companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);
String serverUrl =
PrefsPropsUtil.getString(companyId, PropsKeys.CAS_SERVER_URL, PropsValues.CAS_SERVER_URL);
String loginUrl =
PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);
Cas20ProxyTicketValidator cas20ProxyTicketValidator = new Cas20ProxyTicketValidator(serverUrl);
Map<String, String> parameters = new HashMap<String, String>();
parameters.put("serverName", serverName);
parameters.put("casServerUrlPrefix", serverUrl);
parameters.put("casServerLoginUrl", loginUrl);
parameters.put("redirectAfterValidation", "false");
cas20ProxyTicketValidator.setCustomParameters(parameters);
_ticketValidators.put(companyId, cas20ProxyTicketValidator);
return cas20ProxyTicketValidator;
}
public void validateTicket(HttpServletRequest httpRequest, String ticket) throws Exception {
Cas20ProxyTicketValidator ticketValidator = new Cas20ProxyTicketValidator(casServerUrl);
ticketValidator.setRenew(this.renewTicket);
// String serviceUrl = "http://"+ httpRequest.getServerName() +":" + httpRequest.getServerPort()
// +
// httpRequest.getContextPath() +"/private/classic";
Assertion assertion = ticketValidator.validate(ticket, this.casServiceUrl);
log.debug(
"------------------------------------------------------------------------------------");
log.debug("Service: " + this.casServiceUrl);
log.debug("Principal: " + assertion.getPrincipal().getName());
log.debug(
"------------------------------------------------------------------------------------");
String principal = assertion.getPrincipal().getName();
this.saveSSOCredentials(principal, httpRequest);
}
@Override
protected void internalInit() {
CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
CommonHelper.assertNotNull("logoutHandler", this.logoutHandler);
if (CommonHelper.isBlank(this.casLoginUrl) && CommonHelper.isBlank(this.casPrefixUrl)) {
throw new TechnicalException("casLoginUrl and casPrefixUrl cannot be both blank");
}
if (this.casPrefixUrl != null && !this.casPrefixUrl.endsWith("/")) {
this.casPrefixUrl += "/";
}
if (CommonHelper.isBlank(this.casPrefixUrl)) {
this.casPrefixUrl = this.casLoginUrl.replaceFirst("/login", "/");
} else if (CommonHelper.isBlank(this.casLoginUrl)) {
this.casLoginUrl = this.casPrefixUrl + "login";
}
if (this.casProtocol == CasProtocol.CAS10) {
this.ticketValidator = new Cas10TicketValidator(this.casPrefixUrl);
} else if (this.casProtocol == CasProtocol.CAS20) {
this.ticketValidator = new Cas20ServiceTicketValidator(this.casPrefixUrl);
if (this.casProxyReceptor != null) {
final Cas20ServiceTicketValidator cas20ServiceTicketValidator =
(Cas20ServiceTicketValidator) this.ticketValidator;
cas20ServiceTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.getCallbackUrl());
cas20ServiceTicketValidator.setProxyGrantingTicketStorage(
this.casProxyReceptor.getProxyGrantingTicketStorage());
}
} else if (this.casProtocol == CasProtocol.CAS20_PROXY) {
this.ticketValidator = new Cas20ProxyTicketValidator(this.casPrefixUrl);
final Cas20ProxyTicketValidator cas20ProxyTicketValidator =
(Cas20ProxyTicketValidator) this.ticketValidator;
cas20ProxyTicketValidator.setAcceptAnyProxy(this.acceptAnyProxy);
cas20ProxyTicketValidator.setAllowedProxyChains(this.allowedProxyChains);
if (this.casProxyReceptor != null) {
cas20ProxyTicketValidator.setProxyCallbackUrl(this.casProxyReceptor.getCallbackUrl());
cas20ProxyTicketValidator.setProxyGrantingTicketStorage(
this.casProxyReceptor.getProxyGrantingTicketStorage());
}
} else if (this.casProtocol == CasProtocol.SAML) {
this.ticketValidator = new Saml11TicketValidator(this.casPrefixUrl);
}
}
protected void initializeCas20ProxyProtocol(final WebContext context) {
this.ticketValidator = new Cas20ProxyTicketValidator(this.casPrefixUrl);
final Cas20ProxyTicketValidator cas20ProxyTicketValidator =
(Cas20ProxyTicketValidator) this.ticketValidator;
cas20ProxyTicketValidator.setEncoding(this.encoding);
cas20ProxyTicketValidator.setAcceptAnyProxy(this.acceptAnyProxy);
cas20ProxyTicketValidator.setAllowedProxyChains(this.allowedProxyChains);
if (this.casProxyReceptor != null) {
cas20ProxyTicketValidator.setProxyCallbackUrl(
this.casProxyReceptor.computeFinalCallbackUrl(context));
cas20ProxyTicketValidator.setProxyGrantingTicketStorage(
this.casProxyReceptor.getProxyGrantingTicketStorage());
}
}