Skip to content

MaxKey
MaxKey

yujianwangzivayy / MaxKey
与 Fork 源项目一致

Fork自 MaxKey单点登录官方(MaxKeyTop) / MaxKey

通知 1
Star 0
Fork 0
MaxKey
MaxKey

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
Cas10AuthorizeEndpoint.java 4.1 KB
Newer Older
MaxKey单点登录官方's avatar
init  
MaxKey单点登录官方 已提交
1 2 3 4 5 6 7 8 
/**
 * 
 */
package org.maxkey.authz.cas.endpoint;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
MaxKey单点登录官方's avatar
Maxkey v1.0 GA  
MaxKey单点登录官方 已提交
9 
import org.maxkey.authn.BasicAuthentication;
MaxKey单点登录官方's avatar
init  
MaxKey单点登录官方 已提交
10 11 12 13 14 
import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
MaxKey单点登录官方's avatar
Configuration  
MaxKey单点登录官方 已提交
15 
import org.maxkey.configuration.ApplicationConfig;
MaxKey单点登录官方's avatar
init  
MaxKey单点登录官方 已提交
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

/**
 * @author Crystal.Sea
 * https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html
 */
@Controller
public class Cas10AuthorizeEndpoint  extends AuthorizeBaseEndpoint{

	final static Logger _logger = LoggerFactory.getLogger(Cas10AuthorizeEndpoint.class);
	
	@Autowired
	ApplicationConfig applicationConfig;
	
	@Autowired
	@Qualifier("casTicketServices")
	TicketServices ticketServices;
	
	/**
	 * @param request
	 * @param response
	 * @param ticket
	 * @param service
	 * @param renew
	 * @return 
	 *    
2.4. /validate [CAS 1.0]
/validate checks the validity of a service ticket. /validate is part of the CAS 1.0 protocol and thus does not handle proxy authentication. CAS MUST respond with a ticket validation failure response when a proxy ticket is passed to /validate.


2.4.1. parameters
The following HTTP request parameters MAY be specified to /validate. They are case sensitive and MUST all be handled by /validate.

service [REQUIRED] - the identifier of the service for which the ticket was issued, as discussed in Section 2.2.1. As a HTTP request parameter, the service value MUST be URL-encoded as described in Section 2.2 of RFC 1738 [4].

Note: It is STRONGLY RECOMMENDED that all service urls be filtered via the service management tool, such that only authorized and known client applications would be able to use the CAS server. Leaving the service management tool open to allow lenient access to all applications will potentially increase the risk of service attacks and other security vulnerabilities. Furthermore, it is RECOMMENDED that only secure protocols such as https be allowed for client applications for further strengthen the authenticating client.

ticket [REQUIRED] - the service ticket issued by /login. Service tickets are described in Section 3.1.

renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed if the service ticket was issued from the presentation of the user��s primary credentials. It will fail if the ticket was issued from a single sign-on session.


2.4.2. response
/validate will return one of the following two responses:
			On ticket validation success:
			yes<LF>
			username<LF>
			
			On ticket validation failure:
			no<LF>
			<LF>
	 */
	@RequestMapping("/authz/cas/validate")
	@ResponseBody
	public String validate(
			HttpServletRequest request,
			HttpServletResponse response,
			@RequestParam(value = CasConstants.PARAMETER.TICKET) String ticket,
			@RequestParam(value = CasConstants.PARAMETER.SERVICE) String service,
			@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew
			 ){
MaxKey单点登录官方's avatar
spring boot init  
MaxKey单点登录官方 已提交
84 85 86 87 88 89 90 
		Ticket storedTicket=null;
		try {
			storedTicket = ticketServices.consumeTicket(ticket);
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
MaxKey单点登录官方's avatar
init  
MaxKey单点登录官方 已提交
91 92 
		
		if(storedTicket!=null){
MaxKey单点登录官方's avatar
v1.3 RC  
MaxKey单点登录官方 已提交
93 
			String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
MaxKey单点登录官方's avatar
Maxkey v1.0 GA  
MaxKey单点登录官方 已提交
94 
			_logger.debug("principal "+principal);
MaxKey单点登录官方's avatar
init  
MaxKey单点登录官方 已提交
95 
			return new Service10ResponseBuilder().success()
MaxKey单点登录官方's avatar
Maxkey v1.0 GA  
MaxKey单点登录官方 已提交
96 
					.setUser(principal)
MaxKey单点登录官方's avatar
init  
MaxKey单点登录官方 已提交
97 98 99 100 101 102 103 
					.serviceResponseBuilder();
		}else{
			return new Service10ResponseBuilder().failure()
					.serviceResponseBuilder();
		}
	}
}