CASは/v 1/tickets/{TGT id}と/serviceValidateを統合し、STを生成する際にその正当性を直接検証する.

5481 ワード

CASは/v 1/tickets/{TGT id}と/serviceValidateを統合し、STを生成する際にその正当性を直接検証する.
クライアント(C/S構造)呼び出しサーバをシミュレートしてTGTの正当性を検証し,呼び出し/serviceValidateを省略することを目的とする.
次のように変更します.
TicketGrantingTicketResource.java
成功したら直接戻る(true/false)
/*
 * Licensed to Jasig under one or more contributor license
 * agreements. See the NOTICE file distributed with this work
 * for additional information regarding copyright ownership.
 * Jasig licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License.  You may obtain a
 * copy of the License at the following location:
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.jasig.cas.integration.restlet;

import javax.validation.constraints.NotNull;

import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.principal.SimpleWebApplicationServiceImpl;
import org.jasig.cas.ticket.InvalidTicketException;
import org.jasig.cas.validation.Assertion;
import org.jasig.cas.validation.Cas20ProtocolValidationSpecification;
import org.jasig.cas.validation.ValidationSpecification;
import org.jasig.cas.web.support.ArgumentExtractor;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.Form;
import org.restlet.data.MediaType;
import org.restlet.data.Status;
import org.restlet.representation.Representation;
import org.restlet.representation.Variant;
import org.restlet.resource.Delete;
import org.restlet.resource.Post;
import org.restlet.resource.ServerResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/**
 * Implementation of a Restlet resource for creating Service Tickets from a
 * TicketGrantingTicket, as well as deleting a TicketGrantingTicket.
 *
 * @author Scott Battaglia
 * @since 3.3
 *
 */
public final class TicketGrantingTicketResource extends ServerResource {
    private static final Logger LOGGER = LoggerFactory.getLogger(TicketGrantingTicketResource.class);

    @Autowired
    private CentralAuthenticationService centralAuthenticationService;

    /** Extracts parameters from Request object. */
    @NotNull
    private ArgumentExtractor argumentExtractor;

    @NotNull
    private Class> validationSpecificationClass = Cas20ProtocolValidationSpecification.class;

    private String ticketGrantingTicketId;

    public void init(final Context context, final Request request, final Response response) {
        super.init(context, request, response);
        this.ticketGrantingTicketId = (String) request.getAttributes().get("ticketGrantingTicketId");
        this.setNegotiated(false);
        this.getVariants().add(new Variant(MediaType.APPLICATION_WWW_FORM));

    }

    @Delete
    public void removeRepresentations() {
        this.centralAuthenticationService.destroyTicketGrantingTicket(this.ticketGrantingTicketId);
        getResponse().setStatus(Status.SUCCESS_OK);
    }

	@Post
    public void acceptRepresentation(final Representation entity) {
        final Form form = new Form(entity);
        final String serviceUrl = form.getFirstValue("service");
        try {
            final String serviceTicketId = this.centralAuthenticationService.grantServiceTicket(
                    this.ticketGrantingTicketId,
                    new SimpleWebApplicationServiceImpl(serviceUrl));
            //Modify by lumz for validate Service Tickets 2016 4 6 15:09:41
            String resultReturn = "false";

            if (new SimpleWebApplicationServiceImpl(serviceUrl) == null || serviceTicketId == null) {
            	LOGGER.debug("Could not identify service and/or service ticket. Service: {}, Service ticket id: {}", new SimpleWebApplicationServiceImpl(serviceUrl), serviceTicketId);
                return;
            }
            final Assertion assertion = centralAuthenticationService.validateServiceTicket(serviceTicketId, new SimpleWebApplicationServiceImpl(serviceUrl));
            final ValidationSpecification validationSpecification = this.getCommandClass();
            if (validationSpecification.isSatisfiedBy(assertion)) {
            	resultReturn = "ture";
            }else{
            	resultReturn = "false";
            }

            getResponse().setEntity(resultReturn, MediaType.TEXT_PLAIN);

//            getResponse().setEntity(serviceTicketId, MediaType.TEXT_PLAIN);

        } catch (final InvalidTicketException e) {
            getResponse().setStatus(Status.CLIENT_ERROR_NOT_FOUND, "TicketGrantingTicket could not be found.");
        } catch (final Exception e) {
            LOGGER.error(e.getMessage(), e);
            getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage());
        }
    }
    private ValidationSpecification getCommandClass() {
        try {
            return (ValidationSpecification) this.validationSpecificationClass.newInstance();
        } catch (final Exception e) {
            throw new RuntimeException(e);
        }
    }
}