package org.apereo.cas.web.flow;
|
|
import org.apereo.cas.CentralAuthenticationService;
|
import org.apereo.cas.authentication.AuthenticationSystemSupport;
|
import org.apereo.cas.authentication.principal.WebApplicationService;
|
import org.apereo.cas.services.RegisteredService;
|
import org.apereo.cas.services.ServicesManager;
|
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
|
import org.apereo.cas.web.support.WebUtils;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.webflow.action.AbstractAction;
|
import org.springframework.webflow.execution.Event;
|
import org.springframework.webflow.execution.RequestContext;
|
|
/**
|
* @author Tanbin
|
* @date 2018-12-12
|
*/
|
public class SendTicketGrantingTicketAction extends AbstractAction {
|
private static final Logger LOGGER = LoggerFactory.getLogger(SendTicketGrantingTicketAction.class);
|
|
private boolean createSsoSessionCookieOnRenewAuthentications = true;
|
|
private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
|
|
private CentralAuthenticationService centralAuthenticationService;
|
|
private ServicesManager servicesManager;
|
|
private AuthenticationSystemSupport authenticationSystemSupport;
|
|
private static String mRenew = "renew";
|
|
@Override
|
protected Event doExecute(RequestContext context) {
|
String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
|
String ticketGrantingTicketValueFromCookie = (String)context.getFlowScope().get("ticketGrantingTicketId");
|
if (ticketGrantingTicketId == null) {
|
return success();
|
}
|
if (WebUtils.isAuthenticatingAtPublicWorkstation(context)) {
|
LOGGER.info("Authentication is at a public workstation. SSO cookie will not be generated. Subsequent requests will be challenged for authentication.");
|
} else if (!this.createSsoSessionCookieOnRenewAuthentications && isAuthenticationRenewed(context)) {
|
LOGGER.info("Authentication session is renewed but CAS is not configured to create the SSO session. SSO cookie will not be generated. Subsequent requests will be challenged for credentials.");
|
} else {
|
LOGGER.debug("Setting TGC for current session.");
|
this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context),
|
WebUtils.getHttpServletResponse(context), ticketGrantingTicketId);
|
}
|
if (ticketGrantingTicketValueFromCookie != null && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
|
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
|
}
|
return success();
|
}
|
|
public void setCreateSsoSessionCookieOnRenewAuthentications(boolean createSsoSessionCookieOnRenewAuthentications) { this.createSsoSessionCookieOnRenewAuthentications = createSsoSessionCookieOnRenewAuthentications; }
|
|
private boolean isAuthenticationRenewed(RequestContext ctx) {
|
if (ctx.getRequestParameters().contains(mRenew)) {
|
LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", "renew");
|
return true;
|
}
|
WebApplicationService webApplicationService = WebUtils.getService(ctx);
|
if (webApplicationService != null) {
|
RegisteredService registeredService = this.servicesManager.findServiceBy(webApplicationService);
|
if (registeredService != null) {
|
boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
|
LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService
|
.getServiceId(), Boolean.valueOf(isAllowedForSso));
|
return !isAllowedForSso;
|
}
|
}
|
return false;
|
}
|
|
public void setAuthenticationSystemSupport(AuthenticationSystemSupport authenticationSystemSupport) { this.authenticationSystemSupport = authenticationSystemSupport; }
|
|
public void setTicketGrantingTicketCookieGenerator(CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator) { this.ticketGrantingTicketCookieGenerator = ticketGrantingTicketCookieGenerator; }
|
|
public void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) { this.centralAuthenticationService = centralAuthenticationService; }
|
|
public void setServicesManager(ServicesManager servicesManager) { this.servicesManager = servicesManager; }
|
}
|
|
|
/* Location: E:\wuhao\work\cas5.0.3\WebContent\WEB-INF\lib\cas-server-support-actions-5.0.3.jar!/org/apereo/cas/web/flow/SendTicketGrantingTicketAction.class
|
* Java compiler version: 8 (52.0)
|
* JD-Core Version: 1.0.7
|
*/
|
