001: /* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
002: *
003: * Licensed under the Apache License, Version 2.0 (the "License");
004: * you may not use this file except in compliance with the License.
005: * You may obtain a copy of the License at
006: *
007: * http://www.apache.org/licenses/LICENSE-2.0
008: *
009: * Unless required by applicable law or agreed to in writing, software
010: * distributed under the License is distributed on an "AS IS" BASIS,
011: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: * See the License for the specific language governing permissions and
013: * limitations under the License.
014: */
015:
016: package org.acegisecurity.providers.cas.ticketvalidator;
017:
018: import edu.yale.its.tp.cas.client.ProxyTicketValidator;
019:
020: import org.acegisecurity.AuthenticationException;
021: import org.acegisecurity.AuthenticationServiceException;
022: import org.acegisecurity.BadCredentialsException;
023:
024: import org.acegisecurity.providers.cas.TicketResponse;
025:
026: import org.apache.commons.logging.Log;
027: import org.apache.commons.logging.LogFactory;
028:
029: /**
030: * Uses CAS' <code>ProxyTicketValidator</code> to validate a service ticket.
031: *
032: * @author Ben Alex
033: * @version $Id: CasProxyTicketValidator.java 1784 2007-02-24 21:00:24Z luke_t $
034: */
035: public class CasProxyTicketValidator extends AbstractTicketValidator {
036: //~ Static fields/initializers =====================================================================================
037:
038: private static final Log logger = LogFactory
039: .getLog(CasProxyTicketValidator.class);
040:
041: //~ Instance fields ================================================================================================
042:
043: private String proxyCallbackUrl;
044:
045: //~ Methods ========================================================================================================
046:
047: public TicketResponse confirmTicketValid(String serviceTicket)
048: throws AuthenticationException {
049: // Attempt to validate presented ticket using CAS' ProxyTicketValidator class
050: ProxyTicketValidator pv = new ProxyTicketValidator();
051:
052: pv.setCasValidateUrl(super .getCasValidate());
053: pv.setServiceTicket(serviceTicket);
054: pv.setService(super .getServiceProperties().getService());
055:
056: if (super .getServiceProperties().isSendRenew()) {
057: logger
058: .warn("The current CAS ProxyTicketValidator does not support the 'renew' property. "
059: + "The ticket cannot be validated as having been issued by a 'renew' authentication. "
060: + "It is expected this will be corrected in a future version of CAS' ProxyTicketValidator.");
061: }
062:
063: if ((this .proxyCallbackUrl != null)
064: && (!"".equals(this .proxyCallbackUrl))) {
065: pv.setProxyCallbackUrl(proxyCallbackUrl);
066: }
067:
068: return validateNow(pv);
069: }
070:
071: /**
072: * Optional callback URL to obtain a proxy-granting ticket from CAS.
073: * <p>This callback URL belongs to the Acegi Security System for Spring secured application. We suggest you use
074: * CAS' <code>ProxyTicketReceptor</code> servlet to receive this callback and manage the proxy-granting ticket list.
075: * The callback URL is usually something like
076: * <code>https://www.mycompany.com/application/casProxy/receptor</code>.
077: * </p>
078: * <p>If left <code>null</code>, the <code>CasAuthenticationToken</code> will not have a proxy granting
079: * ticket IOU and there will be no proxy-granting ticket callback. Accordingly, the Acegi Securty System for
080: * Spring secured application will be unable to obtain a proxy ticket to call another CAS-secured service on
081: * behalf of the user. This is not really an issue for most applications.</p>
082: *
083: * @return the proxy callback URL, or <code>null</code> if not used
084: */
085: public String getProxyCallbackUrl() {
086: return proxyCallbackUrl;
087: }
088:
089: public void setProxyCallbackUrl(String proxyCallbackUrl) {
090: this .proxyCallbackUrl = proxyCallbackUrl;
091: }
092:
093: /**
094: * Perform the actual remote invocation. Protected to enable replacement during tests.
095: *
096: * @param pv the populated <code>ProxyTicketValidator</code>
097: *
098: * @return the <code>TicketResponse</code>
099: *
100: * @throws AuthenticationServiceException if<code>ProxyTicketValidator</code> internally fails
101: * @throws BadCredentialsException DOCUMENT ME!
102: */
103: protected TicketResponse validateNow(ProxyTicketValidator pv)
104: throws AuthenticationServiceException,
105: BadCredentialsException {
106: try {
107: pv.validate();
108: } catch (Exception internalProxyTicketValidatorProblem) {
109: throw new AuthenticationServiceException(
110: internalProxyTicketValidatorProblem.getMessage());
111: }
112:
113: if (!pv.isAuthenticationSuccesful()) {
114: throw new BadCredentialsException(pv.getErrorCode() + ": "
115: + pv.getErrorMessage());
116: }
117:
118: return new TicketResponse(pv.getUser(), pv.getProxyList(), pv
119: .getPgtIou());
120: }
121: }
|