diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImpl.java b/cas-client-core/src/main/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImpl.java index a1d1394..b62592b 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImpl.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImpl.java @@ -25,6 +25,7 @@ import java.util.concurrent.ConcurrentMap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.jasig.cas.client.util.CommonUtils; /** * Implementation of {@link ProxyGrantingTicketStorage} that is backed by a @@ -82,6 +83,10 @@ public final class ProxyGrantingTicketStorageImpl implements ProxyGrantingTicket * Its removed after retrieval. */ public String retrieve(final String proxyGrantingTicketIou) { + if (CommonUtils.isBlank(proxyGrantingTicketIou)) { + return null; + } + final ProxyGrantingTicketHolder holder = this.cache.get(proxyGrantingTicketIou); if (holder == null) { diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java index 1e835ee..1f51869 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Assertion.java @@ -69,4 +69,12 @@ public interface Assertion extends Serializable { * @return the principal. */ AttributePrincipal getPrincipal(); + + /** + * Determines whether an Assertion is considered usable or not. A naive implementation may just check the date validity. + * + * @return true if its valid, false otherwise. + * @since 3.3.0 (though in 3.3.0, no one actually calls this) + */ + boolean isValid(); } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java index c15a6e3..d2612e7 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/AssertionImpl.java @@ -121,4 +121,13 @@ public final class AssertionImpl implements Assertion { public AttributePrincipal getPrincipal() { return this.principal; } + + public boolean isValid() { + if (this.validFromDate == null) { + return true; + } + + final Date now = new Date(); + return this.validFromDate.before(now) && (this.validUntilDate == null || this.validUntilDate.after(now)); + } } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.java index fb97ac3..894bfef 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.java @@ -49,7 +49,7 @@ import org.jasig.cas.client.util.ReflectUtils; */ public class Cas20ProxyReceivingTicketValidationFilter extends AbstractTicketValidationFilter { - private static final String[] RESERVED_INIT_PARAMS = new String[] {"proxyGrantingTicketStorageClass", "proxyReceptorUrl", "acceptAnyProxy", "allowedProxyChains", "casServerUrlPrefix", "proxyCallbackUrl", "renew", "exceptionOnValidationFailure", "redirectAfterValidation", "useSession", "serverName", "service", "artifactParameterName", "serviceParameterName", "encodeServiceUrl", "millisBetweenCleanUps", "hostnameVerifier", "encoding", "config"}; + private static final String[] RESERVED_INIT_PARAMS = new String[] {"proxyGrantingTicketStorageClass", "proxyReceptorUrl", "acceptAnyProxy", "allowedProxyChains", "casServerUrlPrefix", "proxyCallbackUrl", "renew", "exceptionOnValidationFailure", "redirectAfterValidation", "useSession", "serverName", "service", "artifactParameterName", "serviceParameterName", "encodeServiceUrl", "millisBetweenCleanUps", "hostnameVerifier", "encoding", "config", "ticketValidatorClass"}; private static final int DEFAULT_MILLIS_BETWEEN_CLEANUPS = 60 * 1000; @@ -113,6 +113,14 @@ public class Cas20ProxyReceivingTicketValidationFilter extends AbstractTicketVal this.timer.schedule(this.timerTask, this.millisBetweenCleanUps, this.millisBetweenCleanUps); } + private T createNewTicketValidator(final String ticketValidatorClass, final String casServerUrlPrefix, final Class clazz) { + if (CommonUtils.isBlank(ticketValidatorClass)) { + return ReflectUtils.newInstance(clazz, casServerUrlPrefix); + } + + return ReflectUtils.newInstance(ticketValidatorClass, casServerUrlPrefix); + } + /** * Constructs a Cas20ServiceTicketValidator or a Cas20ProxyTicketValidator based on supplied parameters. * @@ -123,15 +131,16 @@ public class Cas20ProxyReceivingTicketValidationFilter extends AbstractTicketVal final String allowAnyProxy = getPropertyFromInitParams(filterConfig, "acceptAnyProxy", null); final String allowedProxyChains = getPropertyFromInitParams(filterConfig, "allowedProxyChains", null); final String casServerUrlPrefix = getPropertyFromInitParams(filterConfig, "casServerUrlPrefix", null); + final String ticketValidatorClass = getPropertyFromInitParams(filterConfig, "ticketValidatorClass", null); final Cas20ServiceTicketValidator validator; if (CommonUtils.isNotBlank(allowAnyProxy) || CommonUtils.isNotBlank(allowedProxyChains)) { - final Cas20ProxyTicketValidator v = new Cas20ProxyTicketValidator(casServerUrlPrefix); + final Cas20ProxyTicketValidator v = createNewTicketValidator(ticketValidatorClass, casServerUrlPrefix, Cas20ProxyTicketValidator.class); v.setAcceptAnyProxy(parseBoolean(allowAnyProxy)); v.setAllowedProxyChains(CommonUtils.createProxyList(allowedProxyChains)); validator = v; } else { - validator = new Cas20ServiceTicketValidator(casServerUrlPrefix); + validator = createNewTicketValidator(ticketValidatorClass, casServerUrlPrefix, Cas20ServiceTicketValidator.class); } validator.setProxyCallbackUrl(getPropertyFromInitParams(filterConfig, "proxyCallbackUrl", null)); validator.setProxyGrantingTicketStorage(this.proxyGrantingTicketStorage); diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidator.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidator.java index e7cde21..c2768ac 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidator.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidator.java @@ -75,20 +75,20 @@ public class Cas20ProxyTicketValidator extends Cas20ServiceTicketValidator { this.allowedProxyChains = allowedProxyChains; } - protected boolean isAcceptAnyProxy() { + protected final boolean isAcceptAnyProxy() { return this.acceptAnyProxy; } - protected boolean isAllowEmptyProxyChain() { + protected final boolean isAllowEmptyProxyChain() { return this.allowEmptyProxyChain; } /** * Set to determine whether empty proxy chains are allowed. * @see #customParseResponse(String, Assertion) - * @param allowEmptyProxyChain + * @param allowEmptyProxyChain whether to allow empty proxy chains or not. True if so, false otherwise. */ - public void setAllowEmptyProxyChain(final boolean allowEmptyProxyChain) { + public final void setAllowEmptyProxyChain(final boolean allowEmptyProxyChain) { this.allowEmptyProxyChain = allowEmptyProxyChain; } } diff --git a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java index cbbc4fb..624aea5 100644 --- a/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java +++ b/cas-client-core/src/main/java/org/jasig/cas/client/validation/Saml11TicketValidator.java @@ -36,6 +36,7 @@ import org.opensaml.xml.io.UnmarshallerFactory; import org.opensaml.xml.io.UnmarshallingException; import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.parse.XMLParserException; +import org.opensaml.xml.schema.XSAny; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -220,7 +221,11 @@ public final class Saml11TicketValidator extends AbstractUrlBasedTicketValidator private List getValuesFrom(final Attribute attribute) { final List list = new ArrayList(); for (final Object o : attribute.getAttributeValues()) { - list.add(o.toString()); + if (o instanceof XSAny) { + list.add(((XSAny) o).getTextContent()); + } else { + list.add(o.toString()); + } } return list; } diff --git a/cas-client-core/src/test/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImplTest.java b/cas-client-core/src/test/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImplTest.java index 21b31d5..746ada9 100644 --- a/cas-client-core/src/test/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImplTest.java +++ b/cas-client-core/src/test/java/org/jasig/cas/client/proxy/ProxyGrantingTicketStorageImplTest.java @@ -20,25 +20,37 @@ package org.jasig.cas.client.proxy; import junit.framework.TestCase; +import org.junit.Assert; +import org.junit.Test; /** * Unit test for {@link ProxyGrantingTicketStorageImpl} * * @author Brad Cupit (brad [at] lsu {dot} edu) */ -public class ProxyGrantingTicketStorageImplTest extends TestCase { - public void testCleanUp() throws Exception { +public class ProxyGrantingTicketStorageImplTest { + + private static final int TIME_OUT = 250; + + private ProxyGrantingTicketStorage storage = new ProxyGrantingTicketStorageImpl(TIME_OUT); + + @Test + public void cleanUp() throws Exception { String proxyGrantingTicketIou = "proxyGrantingTicketIou"; int timeout = 250; - ProxyGrantingTicketStorageImpl storage = new ProxyGrantingTicketStorageImpl(timeout); - storage.save(proxyGrantingTicketIou, "proxyGrantingTicket"); + this.storage.save(proxyGrantingTicketIou, "proxyGrantingTicket"); // sleep long enough for the ticket to timeout Thread.sleep(timeout * 2); - storage.cleanUp(); + this.storage.cleanUp(); - assertNull(storage.retrieve(proxyGrantingTicketIou)); + Assert.assertNull(this.storage.retrieve(proxyGrantingTicketIou)); + } + + @Test + public void nullPGTIOU() { + Assert.assertNull(this.storage.retrieve(null)); } }