try { String confRedirectURI = confService.getRedirectURI(); Assertion a = validator.validate(ticket, confRedirectURI); AttributePrincipal principal = a.getPrincipal();
protected Assertion getCASAssertion(HttpServletRequest request) { String ticket = request.getParameter(GeoServerCasConstants.ARTIFACT_PARAMETER); if (ticket == null) return null; if ((ticket.startsWith(GeoServerCasConstants.PROXY_TICKET_PREFIX) || ticket.startsWith(GeoServerCasConstants.SERVICE_TICKET_PREFIX)) == false) return null; try { String service = retrieveService(request); return validator.validate(ticket, service); } catch (TicketValidationException e) { LOGGER.warning(e.getMessage()); } return null; }
@Test public void testProxyChainWithInvalidProxy() throws TicketValidationException, UnsupportedEncodingException { final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy7</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>"; server.content = RESPONSE.getBytes(server.encoding); try { this.ticketValidator.validate("test", "test"); fail("Invalid proxy chain"); } catch (InvalidProxyChainTicketValidationException e) { // expected } }
@Test public void testConstructionFromSpringBean() throws TicketValidationException, UnsupportedEncodingException { final ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext( "classpath:cas20ProxyTicketValidator.xml"); final Cas20ProxyTicketValidator v = (Cas20ProxyTicketValidator) context.getBean("proxyTicketValidator"); final String USERNAME = "username"; final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>"; server.content = RESPONSE.getBytes(server.encoding); final Assertion assertion = v.validate("test", "test"); assertEquals(USERNAME, assertion.getPrincipal().getName()); } }
@Test public void testRegexProxyChainWithInvalidProxy() throws TicketValidationException, UnsupportedEncodingException { final List<String[]> list = new ArrayList<String[]>(); list.add(new String[] { "proxy1", "proxy2", "^proxy3/[a-z]*/" }); this.ticketValidator.setAllowedProxyChains(new ProxyList(list)); final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3/ABC/</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>"; server.content = RESPONSE.getBytes(server.encoding); try { this.ticketValidator.validate("test", "test"); fail("Invalid proxy chain"); } catch (InvalidProxyChainTicketValidationException e) { // expected } }
@Test public void testProxyChainWithValidProxy() throws TicketValidationException, UnsupportedEncodingException { final String USERNAME = "username"; final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>"; server.content = RESPONSE.getBytes(server.encoding); final Assertion assertion = this.ticketValidator.validate("test", "test"); assertEquals(USERNAME, assertion.getPrincipal().getName()); }
@Test public void testRegexProxyChainWithValidProxy() throws TicketValidationException, UnsupportedEncodingException { final List<String[]> list = new ArrayList<String[]>(); list.add(new String[] { "proxy1", "proxy2", "^proxy3/[a-z]*/" }); this.ticketValidator.setAllowedProxyChains(new ProxyList(list)); final String USERNAME = "username"; final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3/abc/</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>"; server.content = RESPONSE.getBytes(server.encoding); final Assertion assertion = this.ticketValidator.validate("test", "test"); assertEquals(USERNAME, assertion.getPrincipal().getName()); }
Assertion a = sv.validate(ticket, clientURL); AttributePrincipal principal = a.getPrincipal();
protected Assertion authenticateWithPGT(CasFormAuthenticationHelper helper) throws Exception { helper.ssoLogin(); String ticket = helper.getServiceTicket(serviceUrl); Cas20ProxyTicketValidator validator = new Cas20ProxyTicketValidator( casServerURLPrefix.toString()); validator.setAcceptAnyProxy(true); validator.setProxyCallbackUrl(GeoServerCasConstants .createProxyCallBackURl(proxyCallbackUrlPrefix.toExternalForm())); validator.setProxyGrantingTicketStorage(GeoServerExtensions .bean(ProxyGrantingTicketStorage.class)); Assertion result = validator.validate(ticket, serviceUrl.toExternalForm()); assertNotNull(result); return result; }
public void validateTicket(HttpServletRequest httpRequest, String ticket) throws Exception { Cas20ProxyTicketValidator ticketValidator = new Cas20ProxyTicketValidator(casServerUrl); ticketValidator.setRenew(this.renewTicket); //String serviceUrl = "http://"+ httpRequest.getServerName() +":" + httpRequest.getServerPort() + //httpRequest.getContextPath() +"/private/classic"; Assertion assertion = ticketValidator.validate(ticket, this.casServiceUrl); log.debug("------------------------------------------------------------------------------------"); log.debug("Service: "+this.casServiceUrl); log.debug("Principal: "+assertion.getPrincipal().getName()); log.debug("------------------------------------------------------------------------------------"); String principal = assertion.getPrincipal().getName(); this.saveSSOCredentials(principal, httpRequest); } }