centralauthenticationserviceimpl.java

来自「CAS在Tomcat中实现单点登录项目,单点登录（Single Sign On 」· Java 代码 · 共 464 行 · 第 1/2 页

     * Credentials are null.
     */
    public String delegateTicketGrantingTicket(final String serviceTicketId,
        final Credentials credentials) throws TicketException {

        Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
        Assert.notNull(credentials, "credentials cannot be null");

        try {
            final Authentication authentication = this.authenticationManager
                .authenticate(credentials);

            final ServiceTicket serviceTicket;
            serviceTicket = (ServiceTicket) this.ticketRegistry.getTicket(
                serviceTicketId, ServiceTicket.class);

            if (serviceTicket == null || serviceTicket.isExpired()) {
                throw new InvalidTicketException();
            }

            final RegisteredService registeredService = this.servicesManager
                .findServiceBy(serviceTicket.getService());

            if (registeredService == null
                || !registeredService.isAllowedToProxy()) {
                throw new UnauthorizedProxyingException();
            }

            final TicketGrantingTicket ticketGrantingTicket = serviceTicket
                .grantTicketGrantingTicket(
                    this.ticketGrantingTicketUniqueTicketIdGenerator
                        .getNewTicketId(TicketGrantingTicket.PREFIX),
                    authentication, this.ticketGrantingTicketExpirationPolicy);

            this.ticketRegistry.addTicket(ticketGrantingTicket);

            return ticketGrantingTicket.getId();
        } catch (final AuthenticationException e) {
            throw new TicketCreationException(e);
        }
    }

    /**
     * @throws IllegalArgumentException if the ServiceTicketId or the Service
     * are null.
     */
    public Assertion validateServiceTicket(final String serviceTicketId,
        final Service service) throws TicketException {
        Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
        Assert.notNull(service, "service cannot be null");

        final ServiceTicket serviceTicket = (ServiceTicket) this.ticketRegistry
            .getTicket(serviceTicketId, ServiceTicket.class);

        final RegisteredService registeredService = this.servicesManager
            .findServiceBy(service);

        if (registeredService == null) {
            throw new UnauthorizedServiceException(
                "Service not allowed to validate tickets.");
        }

        if (serviceTicket == null) {
            if (log.isDebugEnabled()) {
                log.debug("ServiceTicket [" + serviceTicketId
                    + "] does not exist.");
            }
            throw new InvalidTicketException();
        }

        try {
            synchronized (serviceTicket) {
                if (serviceTicket.isExpired()) {
                    if (log.isDebugEnabled()) {
                        log.debug("ServiceTicket [" + serviceTicketId
                            + "] has expired.");
                    }
                    throw new InvalidTicketException();
                }

                if (!serviceTicket.isValidFor(service)) {
                    if (log.isErrorEnabled()) {
                        log.error("ServiceTicket [" + serviceTicketId
                            + "] with service [" + serviceTicket.getService().getId() + " does not match supplied service [" + service + "]");
                    }

                    throw new TicketValidationException(serviceTicket.getService());
                }
            }

            final int authenticationChainSize = serviceTicket
                .getGrantingTicket().getChainedAuthentications().size();
            final Authentication authentication = serviceTicket
                .getGrantingTicket().getChainedAuthentications().get(
                    authenticationChainSize - 1);
            final Principal principal = authentication.getPrincipal();
            final String principalId = registeredService.isAnonymousAccess()
                ? this.persistentIdGenerator.generate(principal, serviceTicket
                    .getService()) : principal.getId();
            final Map<String, Object> attributes = new HashMap<String, Object>();

            for (final String attribute : registeredService
                .getAllowedAttributes()) {
                final Object value = principal.getAttributes().get(
                    attribute);

                if (value != null) {
                    attributes.put(attribute, value);
                }
            }

            final Principal modifiedPrincipal = new SimplePrincipal(
                principalId, attributes);
            final MutableAuthentication mutableAuthentication = new MutableAuthentication(
                modifiedPrincipal);
            mutableAuthentication.getAttributes().putAll(
                authentication.getAttributes());
            mutableAuthentication.getAuthenticatedDate().setTime(
                authentication.getAuthenticatedDate().getTime());

            final List<Authentication> authentications = new ArrayList<Authentication>();

            for (int i = 0; i < authenticationChainSize - 1; i++) {
                authentications.add(serviceTicket.getGrantingTicket()
                    .getChainedAuthentications().get(i));
            }
            authentications.add(mutableAuthentication);

            return new ImmutableAssertionImpl(authentications, serviceTicket
                .getService(), serviceTicket.isFromNewLogin());
        } finally {
            if (serviceTicket.isExpired()) {
                this.ticketRegistry.deleteTicket(serviceTicketId);
            }
        }
    }

    /**
     * @throws IllegalArgumentException if the credentials are null.
     */
    public String createTicketGrantingTicket(final Credentials credentials)
        throws TicketCreationException {
        Assert.notNull(credentials, "credentials cannot be null");

        if (log.isDebugEnabled()) {
            log.debug("Attempting to create TicketGrantingTicket for "
                + credentials);
        }

        try {
            final Authentication authentication = this.authenticationManager
                .authenticate(credentials);

            final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(
                this.ticketGrantingTicketUniqueTicketIdGenerator
                    .getNewTicketId(TicketGrantingTicket.PREFIX),
                authentication, this.ticketGrantingTicketExpirationPolicy);

            this.ticketRegistry.addTicket(ticketGrantingTicket);

            return ticketGrantingTicket.getId();
        } catch (final AuthenticationException e) {
            throw new TicketCreationException(e);
        }
    }

    /**
     * Method to set the TicketRegistry.
     * 
     * @param ticketRegistry the TicketRegistry to set.
     */
    public void setTicketRegistry(final TicketRegistry ticketRegistry) {
        this.ticketRegistry = ticketRegistry;
    }

    /**
     * Method to inject the AuthenticationManager into the class.
     * 
     * @param authenticationManager The authenticationManager to set.
     */
    public void setAuthenticationManager(
        final AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    /**
     * Method to inject the TicketGrantingTicket Expiration Policy.
     * 
     * @param ticketGrantingTicketExpirationPolicy The
     * ticketGrantingTicketExpirationPolicy to set.
     */
    public void setTicketGrantingTicketExpirationPolicy(
        final ExpirationPolicy ticketGrantingTicketExpirationPolicy) {
        this.ticketGrantingTicketExpirationPolicy = ticketGrantingTicketExpirationPolicy;
    }

    /**
     * Method to inject the Unique Ticket Id Generator into the class.
     * 
     * @param uniqueTicketIdGenerator The uniqueTicketIdGenerator to use
     */
    public void setTicketGrantingTicketUniqueTicketIdGenerator(
        final UniqueTicketIdGenerator uniqueTicketIdGenerator) {
        this.ticketGrantingTicketUniqueTicketIdGenerator = uniqueTicketIdGenerator;
    }

    /**
     * Method to inject the TicketGrantingTicket Expiration Policy.
     * 
     * @param serviceTicketExpirationPolicy The serviceTicketExpirationPolicy to
     * set.
     */
    public void setServiceTicketExpirationPolicy(
        final ExpirationPolicy serviceTicketExpirationPolicy) {
        this.serviceTicketExpirationPolicy = serviceTicketExpirationPolicy;
    }

    public void setUniqueTicketIdGeneratorsForService(
        final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService) {
        this.uniqueTicketIdGeneratorsForService = uniqueTicketIdGeneratorsForService;
    }

    public void setServicesManager(final ServicesManager servicesManager) {
        this.servicesManager = servicesManager;
    }

    public void setPersistentIdGenerator(
        final PersistentIdGenerator persistentIdGenerator) {
        this.persistentIdGenerator = persistentIdGenerator;
    }
}