CAS-SSO 整合 记住密码、验证码 、qq、微博等第三方登录

/* * Licensed to Apereo under one or more contributor license * agreements. See the NOTICE file distributed with this work * for additional information regarding copyright ownership. * Apereo licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file * except in compliance with the License. You may obtain a * copy of the License at the following location: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.jasig.cas; import com.codahale.metrics.annotation.Counted; import com.codahale.metrics.annotation.Metered; import com.codahale.metrics.annotation.Timed; import org.jasig.cas.authentication.AuthenticationBuilder; import org.jasig.cas.logout.LogoutRequest; import org.jasig.inspektr.audit.annotation.Audit; import org.apache.commons.collections4.Predicate; import org.jasig.cas.authentication.AcceptAnyAuthenticationPolicyFactory; import org.jasig.cas.authentication.Authentication; import org.jasig.cas.authentication.DefaultAuthenticationBuilder; import org.jasig.cas.authentication.AuthenticationException; import org.jasig.cas.authentication.AuthenticationManager; import org.jasig.cas.authentication.ContextualAuthenticationPolicy; import org.jasig.cas.authentication.ContextualAuthenticationPolicyFactory; import org.jasig.cas.authentication.Credential; import org.jasig.cas.authentication.MixedPrincipalException; import org.jasig.cas.authentication.principal.DefaultPrincipalFactory; import org.jasig.cas.authentication.principal.PersistentIdGenerator; import org.jasig.cas.authentication.principal.Principal; import org.jasig.cas.authentication.principal.PrincipalFactory; import org.jasig.cas.authentication.principal.Service; import org.jasig.cas.logout.LogoutManager; import org.jasig.cas.services.AttributeReleasePolicy; import org.jasig.cas.services.RegisteredService; import org.jasig.cas.services.ServiceContext; import org.jasig.cas.services.ServicesManager; import org.jasig.cas.services.UnauthorizedProxyingException; import org.jasig.cas.services.UnauthorizedServiceException; import org.jasig.cas.services.UnauthorizedServiceForPrincipalException; import org.jasig.cas.services.UnauthorizedSsoServiceException; import org.jasig.cas.ticket.ExpirationPolicy; import org.jasig.cas.ticket.InvalidTicketException; import org.jasig.cas.ticket.ServiceTicket; import org.jasig.cas.ticket.Ticket; import org.jasig.cas.ticket.TicketCreationException; import org.jasig.cas.ticket.TicketException; import org.jasig.cas.ticket.TicketGrantingTicket; import org.jasig.cas.ticket.TicketGrantingTicketImpl; import org.jasig.cas.ticket.UnrecognizableServiceForServiceTicketValidationException; import org.jasig.cas.ticket.UnsatisfiedAuthenticationPolicyException; import org.jasig.cas.ticket.registry.TicketRegistry; import org.jasig.cas.util.DefaultUniqueTicketIdGenerator; import org.jasig.cas.util.UniqueTicketIdGenerator; import org.jasig.cas.validation.Assertion; import org.jasig.cas.validation.ImmutableAssertion; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.Assert; import javax.validation.constraints.NotNull; import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Set; /** * Concrete implementation of a CentralAuthenticationService, and also the * central, organizing component of CAS's internal implementation. * <p> * This class is threadsafe. * </p> * This class has the following properties that must be set: * <ul> * <li> <code>ticketRegistry</code> - The Ticket Registry to maintain the list * of available tickets.</li> * <li> <code>authenticationManager</code> - The service that will handle * authentication.</li> * <li> <code>ticketGrantingTicketUniqueTicketIdGenerator</code> - Plug in to * generate unique secure ids for TicketGrantingTickets.</li> * <li> <code>serviceTicketUniqueTicketIdGenerator</code> - Plug in to * generate unique secure ids for ServiceTickets.</li> * <li> <code>ticketGrantingTicketExpirationPolicy</code> - The expiration * policy for TicketGrantingTickets.</li> * <li> <code>serviceTicketExpirationPolicy</code> - The expiration policy for * ServiceTickets.</li> * </ul> * * @author William G. Thompson, Jr. * @author Scott Battaglia * @author Dmitry Kopylenko * @since 3.0.0 */ public final class CentralAuthenticationServiceImpl implements CentralAuthenticationService { /** Log instance for logging events, info, warnings, errors, etc. */ private final Logger logger = LoggerFactory.getLogger(this.getClass()); /** TicketRegistry for storing and retrieving tickets as needed. */ @NotNull private final TicketRegistry ticketRegistry; /** * AuthenticationManager for authenticating credentials for purposes of * obtaining tickets. */ @NotNull private final AuthenticationManager authenticationManager; /** * UniqueTicketIdGenerator to generate ids for TicketGrantingTickets * created. */ @NotNull private final UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator; /** Map to contain the mappings of service->UniqueTicketIdGenerators. */ @NotNull private final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService; /** Implementation of Service Manager. */ @NotNull private final ServicesManager servicesManager; /** The logout manager. **/ @NotNull private final LogoutManager logoutManager; /** Expiration policy for ticket granting tickets. */ @NotNull private ExpirationPolicy ticketGrantingTicketExpirationPolicy; /** ExpirationPolicy for Service Tickets. */ @NotNull private ExpirationPolicy serviceTicketExpirationPolicy; /** * Authentication policy that uses a service context to produce stateful security policies to apply when * authenticating credentials. */ @NotNull private ContextualAuthenticationPolicyFactory<ServiceContext> serviceContextAuthenticationPolicyFactory = new AcceptAnyAuthenticationPolicyFactory(); /** Factory to create the principal type. **/ @NotNull private PrincipalFactory principalFactory = new DefaultPrincipalFactory(); /** Default instance for the ticket id generator. */ @NotNull private final UniqueTicketIdGenerator defaultServiceTicketIdGenerator = new DefaultUniqueTicketIdGenerator(); /** * Build the central authentication service implementation. * * @param ticketRegistry the tickets registry. * @param authenticationManager the authentication manager. * @param ticketGrantingTicketUniqueTicketIdGenerator the TGT id generator. * @param uniqueTicketIdGeneratorsForService the map with service and ticket id generators. * @param ticketGrantingTicketExpirationPolicy the TGT expiration policy. * @param serviceTicketExpirationPolicy the service ticket expiration policy. * @param servicesManager the services manager. * @param logoutManager the logout manager. */ public CentralAuthenticationServiceImpl(final TicketRegistry ticketRegistry, final AuthenticationManager authenticationManager, final UniqueTicketIdGenerator ticketGrantingTicketUniqueTicketIdGenerator, final Map<String, UniqueTicketIdGenerator> uniqueTicketIdGeneratorsForService, final ExpirationPolicy ticketGrantin