import org.jasig.cas.ticket.ServiceTicket; //导入方法依赖的package包/类
/**
* @throws IllegalArgumentException if the ServiceTicketId or the
* Credential are null.
*/
@Audit(
action="PROXY_GRANTING_TICKET",
actionResolverName="GRANT_PROXY_GRANTING_TICKET_RESOLVER",
resourceResolverName="GRANT_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER")
@Profiled(tag="GRANT_PROXY_GRANTING_TICKET", logFailuresSeparately = false)
@Transactional(readOnly = false)
public String delegateTicketGrantingTicket(final String serviceTicketId, final Credential... credentials)
throws AuthenticationException, TicketException {
Assert.notNull(serviceTicketId, "serviceTicketId cannot be null");
Assert.notNull(credentials, "credentials cannot be null");
final ServiceTicket serviceTicket = this.serviceTicketRegistry.getTicket(serviceTicketId, ServiceTicket.class);
if (serviceTicket == null || serviceTicket.isExpired()) {
logger.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
throw new InvalidTicketException(serviceTicketId);
}
final RegisteredService registeredService = this.servicesManager
.findServiceBy(serviceTicket.getService());
verifyRegisteredServiceProperties(registeredService, serviceTicket.getService());
if (!registeredService.isAllowedToProxy()) {
logger.warn("ServiceManagement: Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
throw new UnauthorizedProxyingException();
}
final Authentication authentication = this.authenticationManager.authenticate(credentials);
final TicketGrantingTicket ticketGrantingTicket = serviceTicket
.grantTicketGrantingTicket(
this.ticketGrantingTicketUniqueTicketIdGenerator
.getNewTicketId(TicketGrantingTicket.PREFIX),
authentication, this.ticketGrantingTicketExpirationPolicy);
this.ticketRegistry.addTicket(ticketGrantingTicket);
return ticketGrantingTicket.getId();
}