Coverage Report

Coverage Report - org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator

Classes in this File

67%

2.5

 /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 
 package org.acegisecurity.providers.cas.ticketvalidator;
 
 import edu.yale.its.tp.cas.client.ProxyTicketValidator;
 
 import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.AuthenticationServiceException;
 import org.acegisecurity.BadCredentialsException;
 
 import org.acegisecurity.providers.cas.TicketResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 
 /**
  * Uses CAS' <code>ProxyTicketValidator</code> to validate a service ticket.
  *
  * @author Ben Alex
  * @version $Id: CasProxyTicketValidator.java 1784 2007-02-24 21:00:24Z luke_t $
  */
 public class CasProxyTicketValidator extends AbstractTicketValidator {
     //~ Static fields/initializers =====================================================================================
 
     private static final Log logger = LogFactory.getLog(CasProxyTicketValidator.class);
 
     //~ Instance fields ================================================================================================
 
     private String proxyCallbackUrl;
 
     //~ Methods ========================================================================================================
 
     public TicketResponse confirmTicketValid(String serviceTicket)
         throws AuthenticationException {
         // Attempt to validate presented ticket using CAS' ProxyTicketValidator class
         ProxyTicketValidator pv = new ProxyTicketValidator();
 
         pv.setCasValidateUrl(super.getCasValidate());
         pv.setServiceTicket(serviceTicket);
         pv.setService(super.getServiceProperties().getService());
 
         if (super.getServiceProperties().isSendRenew()) {
             logger.warn(
                   "The current CAS ProxyTicketValidator does not support the 'renew' property. "
                 + "The ticket cannot be validated as having been issued by a 'renew' authentication. "
                 + "It is expected this will be corrected in a future version of CAS' ProxyTicketValidator.");
         }
 
         if ((this.proxyCallbackUrl != null) && (!"".equals(this.proxyCallbackUrl))) {
             pv.setProxyCallbackUrl(proxyCallbackUrl);
         }
 
         return validateNow(pv);
     }
 
     /**
      * Optional callback URL to obtain a proxy-granting ticket from CAS.
      * <p>This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use
      * CAS' <code>ProxyTicketReceptor</code> servlet to receive this callback and manage the proxy-granting ticket list.
      * The callback URL is usually something like
      * <code>https://www.mycompany.com/application/casProxy/receptor</code>.
      * </p>
      * <p>If left <code>null</code>, the <code>CasAuthenticationToken</code> will not have a proxy granting
      * ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for
      * Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on
      * behalf of the user. This is not really an issue for most applications.</p>
      *
      * @return the proxy callback URL, or <code>null</code> if not used
      */
     public String getProxyCallbackUrl() {
         return proxyCallbackUrl;
     }
 
     public void setProxyCallbackUrl(String proxyCallbackUrl) {
         this.proxyCallbackUrl = proxyCallbackUrl;
     }
 
     /**
      * Perform the actual remote invocation. Protected to enable replacement during tests.
      *
      * @param pv the populated <code>ProxyTicketValidator</code>
      *
      * @return the <code>TicketResponse</code>
      *
      * @throws AuthenticationServiceException if<code>ProxyTicketValidator</code> internally fails
      * @throws BadCredentialsException DOCUMENT ME!
      */
     protected TicketResponse validateNow(ProxyTicketValidator pv)
         throws AuthenticationServiceException, BadCredentialsException {
         try {
             pv.validate();
         } catch (Exception internalProxyTicketValidatorProblem) {
             throw new AuthenticationServiceException(internalProxyTicketValidatorProblem.getMessage());
         }
 
         if (!pv.isAuthenticationSuccesful()) {
             throw new BadCredentialsException(pv.getErrorCode() + ": " + pv.getErrorMessage());
         }
 
         return new TicketResponse(pv.getUser(), pv.getProxyList(), pv.getPgtIou());
     }
 }

1		/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
2		*
3		* Licensed under the Apache License, Version 2.0 (the "License");
4		* you may not use this file except in compliance with the License.
5		* You may obtain a copy of the License at
6		*
7		* http://www.apache.org/licenses/LICENSE-2.0
8		*
9		* Unless required by applicable law or agreed to in writing, software
10		* distributed under the License is distributed on an "AS IS" BASIS,
11		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		* See the License for the specific language governing permissions and
13		* limitations under the License.
14		*/
15
16		package org.acegisecurity.providers.cas.ticketvalidator;
17
18		import edu.yale.its.tp.cas.client.ProxyTicketValidator;
19
20		import org.acegisecurity.AuthenticationException;
21		import org.acegisecurity.AuthenticationServiceException;
22		import org.acegisecurity.BadCredentialsException;
23
24		import org.acegisecurity.providers.cas.TicketResponse;
25
26		import org.apache.commons.logging.Log;
27		import org.apache.commons.logging.LogFactory;
28
29
30		/**
31		* Uses CAS' <code>ProxyTicketValidator</code> to validate a service ticket.
32		*
33		* @author Ben Alex
34		* @version $Id: CasProxyTicketValidator.java 1784 2007-02-24 21:00:24Z luke_t $
35		*/
36	4	public class CasProxyTicketValidator extends AbstractTicketValidator {
37		//~ Static fields/initializers =====================================================================================
38
39	2	private static final Log logger = LogFactory.getLog(CasProxyTicketValidator.class);
40
41		//~ Instance fields ================================================================================================
42
43		private String proxyCallbackUrl;
44
45		//~ Methods ========================================================================================================
46
47		public TicketResponse confirmTicketValid(String serviceTicket)
48		throws AuthenticationException {
49		// Attempt to validate presented ticket using CAS' ProxyTicketValidator class
50	3	ProxyTicketValidator pv = new ProxyTicketValidator();
51
52	3	pv.setCasValidateUrl(super.getCasValidate());
53	3	pv.setServiceTicket(serviceTicket);
54	3	pv.setService(super.getServiceProperties().getService());
55
56	3	if (super.getServiceProperties().isSendRenew()) {
57	1	logger.warn(
58		"The current CAS ProxyTicketValidator does not support the 'renew' property. "
59		+ "The ticket cannot be validated as having been issued by a 'renew' authentication. "
60		+ "It is expected this will be corrected in a future version of CAS' ProxyTicketValidator.");
61		}
62
63	3	if ((this.proxyCallbackUrl != null) && (!"".equals(this.proxyCallbackUrl))) {
64	2	pv.setProxyCallbackUrl(proxyCallbackUrl);
65		}
66
67	3	return validateNow(pv);
68		}
69
70		/**
71		* Optional callback URL to obtain a proxy-granting ticket from CAS.
72		* <p>This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use
73		* CAS' <code>ProxyTicketReceptor</code> servlet to receive this callback and manage the proxy-granting ticket list.
74		* The callback URL is usually something like
75		* <code>https://www.mycompany.com/application/casProxy/receptor</code>.
76		* </p>
77		* <p>If left <code>null</code>, the <code>CasAuthenticationToken</code> will not have a proxy granting
78		* ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for
79		* Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on
80		* behalf of the user. This is not really an issue for most applications.</p>
81		*
82		* @return the proxy callback URL, or <code>null</code> if not used
83		*/
84		public String getProxyCallbackUrl() {
85	1	return proxyCallbackUrl;
86		}
87
88		public void setProxyCallbackUrl(String proxyCallbackUrl) {
89	3	this.proxyCallbackUrl = proxyCallbackUrl;
90	3	}
91
92		/**
93		* Perform the actual remote invocation. Protected to enable replacement during tests.
94		*
95		* @param pv the populated <code>ProxyTicketValidator</code>
96		*
97		* @return the <code>TicketResponse</code>
98		*
99		* @throws AuthenticationServiceException if<code>ProxyTicketValidator</code> internally fails
100		* @throws BadCredentialsException DOCUMENT ME!
101		*/
102		protected TicketResponse validateNow(ProxyTicketValidator pv)
103		throws AuthenticationServiceException, BadCredentialsException {
104		try {
105	0	pv.validate();
106	0	} catch (Exception internalProxyTicketValidatorProblem) {
107	0	throw new AuthenticationServiceException(internalProxyTicketValidatorProblem.getMessage());
108	0	}
109
110	0	if (!pv.isAuthenticationSuccesful()) {
111	0	throw new BadCredentialsException(pv.getErrorCode() + ": " + pv.getErrorMessage());
112		}
113
114	0	return new TicketResponse(pv.getUser(), pv.getProxyList(), pv.getPgtIou());
115		}
116		}