/sign/authz/cas/v1/tickets这个接口只要用户名正确，密码随便填都能通过 #I7LC07

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java

@@ -43,6 +43,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -81,10 +82,14 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
                 throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
             }
     	    
-    	    LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
+    	    LoginCredential loginCredential =new LoginCredential(username,password,"normal");
+    	    
+    	    Authentication  authentication  = authenticationProvider.authenticate(loginCredential);
+    	    if(authentication == null) {
+	    	    _logger.debug("Bad Credentials Exception");
+	            return new ResponseEntity<>("Bad Credentials", HttpStatus.BAD_REQUEST);
+    	    }
     	    
-    	    authenticationProvider.authenticate(loginCredential,false);
-            
             TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",AuthorizationUtils.getAuthentication(),null);
             
             String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket);