org.jasig.cas.web.flow.SendTicketGrantingTicketAction Maven / Gradle / Ivy
package org.jasig.cas.web.flow;
import org.jasig.cas.CasProtocolConstants;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.AuthenticationSystemSupport;
import org.jasig.cas.authentication.DefaultAuthenticationSystemSupport;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.web.support.CookieRetrievingCookieGenerator;
import org.jasig.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import javax.validation.constraints.NotNull;
/**
* Action that handles the TicketGrantingTicket creation and destruction. If the
* action is given a TicketGrantingTicket and one also already exists, the old
* one is destroyed and replaced with the new one. This action always returns
* "success".
*
* @author Scott Battaglia
* @since 3.0.0
*/
@Component("sendTicketGrantingTicketAction")
public final class SendTicketGrantingTicketAction extends AbstractAction {
private static final Logger LOGGER = LoggerFactory.getLogger(SendTicketGrantingTicketAction.class);
@Value("${create.sso.renewed.authn:true}")
private boolean createSsoSessionCookieOnRenewAuthentications = true;
@NotNull
@Autowired
@Qualifier("ticketGrantingTicketCookieGenerator")
private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
/** Instance of CentralAuthenticationService. */
@NotNull
@Autowired
@Qualifier("centralAuthenticationService")
private CentralAuthenticationService centralAuthenticationService;
@NotNull
@Autowired
@Qualifier("servicesManager")
private ServicesManager servicesManager;
@NotNull
@Autowired(required=false)
@Qualifier("defaultAuthenticationSystemSupport")
private AuthenticationSystemSupport authenticationSystemSupport = new DefaultAuthenticationSystemSupport();
/**
* Instantiates a new Send ticket granting ticket action.
*/
public SendTicketGrantingTicketAction() {
super();
}
@Override
protected Event doExecute(final RequestContext context) {
final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
final String ticketGrantingTicketValueFromCookie = (String) context.getFlowScope().get("ticketGrantingTicketId");
if (ticketGrantingTicketId == null) {
return success();
}
if (isAuthenticatingAtPublicWorkstation(context)) {
LOGGER.info("Authentication is at a public workstation. "
+ "SSO cookie will not be generated. Subsequent requests will be challenged for authentication.");
} else if (!this.createSsoSessionCookieOnRenewAuthentications && isAuthenticationRenewed(context)) {
LOGGER.info("Authentication session is renewed but CAS is not configured to create the SSO session. "
+ "SSO cookie will not be generated. Subsequent requests will be challenged for authentication.");
} else {
LOGGER.debug("Setting TGC for current session.");
this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context), WebUtils
.getHttpServletResponse(context), ticketGrantingTicketId);
}
if (ticketGrantingTicketValueFromCookie != null && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
}
return success();
}
public void setCreateSsoSessionCookieOnRenewAuthentications(final boolean createSsoSessionCookieOnRenewAuthentications) {
this.createSsoSessionCookieOnRenewAuthentications = createSsoSessionCookieOnRenewAuthentications;
}
/**
* Tries to determine if authentication was created as part of a "renew" event.
* Renewed authentications can occur if the service is not allowed to participate
* in SSO or if a "renew" request parameter is specified.
*
* @param ctx the request context
* @return true if renewed
*/
private boolean isAuthenticationRenewed(final RequestContext ctx) {
if (ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.",
CasProtocolConstants.PARAMETER_RENEW);
return true;
}
final Service service = WebUtils.getService(ctx);
if (service != null) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService != null) {
final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]",
registeredService.getServiceId(), isAllowedForSso);
return !isAllowedForSso;
}
}
return false;
}
/**
* Is authenticating at a public workstation?
*
* @param ctx the ctx
* @return true if the cookie value is present
*/
private boolean isAuthenticatingAtPublicWorkstation(final RequestContext ctx) {
if (ctx.getFlowScope().contains(AuthenticationViaFormAction.PUBLIC_WORKSTATION_ATTRIBUTE)) {
LOGGER.debug("Public workstation flag detected. SSO session will be considered renewed.");
return true;
}
return false;
}
public void setTicketGrantingTicketCookieGenerator(final CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator) {
this.ticketGrantingTicketCookieGenerator = ticketGrantingTicketCookieGenerator;
}
public void setCentralAuthenticationService(final CentralAuthenticationService centralAuthenticationService) {
this.centralAuthenticationService = centralAuthenticationService;
}
public void setServicesManager(final ServicesManager servicesManager) {
this.servicesManager = servicesManager;
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy