package org.apereo.cas.web.flow;

import org.apereo.cas.CentralAuthenticationService;
import org.apereo.cas.authentication.AuthenticationSystemSupport;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/**
 * @author Tanbin
 * @date   2018-12-12
 */
public class SendTicketGrantingTicketAction extends AbstractAction {
  private static final Logger LOGGER = LoggerFactory.getLogger(SendTicketGrantingTicketAction.class);
  
  private boolean createSsoSessionCookieOnRenewAuthentications = true;
  
  private CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator;
  
  private CentralAuthenticationService centralAuthenticationService;
  
  private ServicesManager servicesManager;
  
  private AuthenticationSystemSupport authenticationSystemSupport;

  private  static String mRenew = "renew";

  @Override
  protected Event doExecute(RequestContext context) {
    String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    String ticketGrantingTicketValueFromCookie = (String)context.getFlowScope().get("ticketGrantingTicketId");
    if (ticketGrantingTicketId == null) {
      return success();
    }
    if (WebUtils.isAuthenticatingAtPublicWorkstation(context)) {
      LOGGER.info("Authentication is at a public workstation. SSO cookie will not be generated. Subsequent requests will be challenged for authentication.");
    } else if (!this.createSsoSessionCookieOnRenewAuthentications && isAuthenticationRenewed(context)) {
      LOGGER.info("Authentication session is renewed but CAS is not configured to create the SSO session. SSO cookie will not be generated. Subsequent requests will be challenged for credentials.");
    } else {
      LOGGER.debug("Setting TGC for current session.");
      this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context), 
          WebUtils.getHttpServletResponse(context), ticketGrantingTicketId);
    } 
    if (ticketGrantingTicketValueFromCookie != null && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
      this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
    }
    return success();
  }
  
  public void setCreateSsoSessionCookieOnRenewAuthentications(boolean createSsoSessionCookieOnRenewAuthentications) { this.createSsoSessionCookieOnRenewAuthentications = createSsoSessionCookieOnRenewAuthentications; }
  
  private boolean isAuthenticationRenewed(RequestContext ctx) {
    if (ctx.getRequestParameters().contains(mRenew)) {
      LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", "renew");
      return true;
    } 
    WebApplicationService webApplicationService = WebUtils.getService(ctx);
    if (webApplicationService != null) {
      RegisteredService registeredService = this.servicesManager.findServiceBy(webApplicationService);
      if (registeredService != null) {
        boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
        LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService
            .getServiceId(), Boolean.valueOf(isAllowedForSso));
        return !isAllowedForSso;
      } 
    } 
    return false;
  }
  
  public void setAuthenticationSystemSupport(AuthenticationSystemSupport authenticationSystemSupport) { this.authenticationSystemSupport = authenticationSystemSupport; }
  
  public void setTicketGrantingTicketCookieGenerator(CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator) { this.ticketGrantingTicketCookieGenerator = ticketGrantingTicketCookieGenerator; }
  
  public void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) { this.centralAuthenticationService = centralAuthenticationService; }
  
  public void setServicesManager(ServicesManager servicesManager) { this.servicesManager = servicesManager; }
}


/* Location:              E:\wuhao\work\cas5.0.3\WebContent\WEB-INF\lib\cas-server-support-actions-5.0.3.jar!/org/apereo/cas/web/flow/SendTicketGrantingTicketAction.class
 * Java compiler version: 8 (52.0)
 * JD-Core Version:       1.0.7
 */