2019独角兽企业重金招聘Python工程师标准>>> 
1. 客户端 web.xml 片段:
Xml代码
- ...
-
-
CAS Authentication Filter -
org.jasig.cas.client.authentication.AuthenticationFilter -
-
casServerLoginUrl -
https://www.colorcc.com:8443/cas/login -
-
serverName -
http://localhost:8080 -
-
CAS Validation Filter -
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter -
-
casServerUrlPrefix -
https://www.colorcc.com:8443/cas -
-
serverName -
http://localhost:8080 -
-
CAS Authentication Filter -
/* -
-
CAS Validation Filter -
/* - ...
2:AuthenticationFilter 代码:
-
- public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
- final HttpServletRequest request = (HttpServletRequest) servletRequest;
- final HttpServletResponse response = (HttpServletResponse) servletResponse;
- final HttpSession session = request.getSession(false);
- final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
- // 如果 session 中有 assertion,则结束 authentication 过滤器,直接跳到下一个过滤器
- if (assertion != null) {
- filterChain.doFilter(request, response);
- return;
- }
- // 2.1 如果 session 中无 assertion, 则构造 service, 如 http://www.web.com/a1
- final String serviceUrl = constructServiceUrl(request, response);
- final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
- final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
- // 如果 request 中有 ticke变量,则结束本过滤器,直接跳到下一个过滤器
- if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
- filterChain.doFilter(request, response);
- return;
- }
- final String modifiedServiceUrl;
- log.debug("no ticket and no assertion found");
- if (this.gateway) {
- log.debug("setting gateway attribute in session");
- modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
- } else {
- modifiedServiceUrl = serviceUrl;
- }
- if (log.isDebugEnabled()) {
- log.debug("Constructed service url: " + modifiedServiceUrl);
- }
- // 2.2 否 则构造重定向 URL, 其中 casServerLoginUrl 为 web.xml 中 filter 配 置,eg: https://www.cas-server.com/cas/login?service=http://www.web.com /a1
- final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);
- if (log.isDebugEnabled()) {
- log.debug("redirecting to \"" + urlToRedirectTo + "\"");
- }
- // 2.3 重定向到 CAS server
- response.sendRedirect(urlToRedirectTo);
- }
3:
. 重定向URL: https://www.cas-server.com/cas/login?service=http://www.web.com/a1, 其中 cas server的 web.xml:
Java代码
-
-
cas -
- org.jasig.cas.web.init.SafeDispatcherServlet
-
-
publishContext -
false -
1 -
-
cas -
/login
3.1 SafeDispatcherServlet 使用 Spring DispatcherServlet 作为 delegate
Java代码
- public final class SafeDispatcherServlet extends HttpServlet {
- // 定义 Spring DispatcherServlet 作为 delegate
- private DispatcherServlet delegate = new DispatcherServlet();
- // 使用 delegate 初始化 servlet
- public void init(final ServletConfig config) {
- try {
- this.delegate.init(config);
- } catch (final Throwable t) {
- ...
- // 使用 delegate 的 service 执行 web 操作
- public void service(final ServletRequest req, final ServletResponse resp)
- throws ServletException, IOException {
- if (this.initSuccess) {
- this.delegate.service(req, resp);
- } else {
- throw new ApplicationContextException(
- "Unable to initialize application context.");
- }
- }
3.2 cas-servlet.xml 配置文件如下, 可以看到 login 对应的 webflow 为: login-webflow.xml
Java代码
3.3 根据 login-webflow.xml 配置文件(结合 cas-servlet.xml):
Java代码
-
-
-
- p:argumentExtractors-ref="argumentExtractors"
- p:warnCookieGenerator-ref="warnCookieGenerator"
- p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"/>
3.4 InitialFlowSetupAction
Java代码
- protected Event doExecute(final RequestContext context) throws Exception {
- final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
- if (!this.pathPopulated) {
- final String contextPath = context.getExternalContext().getContextPath();
- final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + "/" : "/";
- logger.info("Setting path for cookies to: "
- + cookiePath);
- this.warnCookieGenerator.setCookiePath(cookiePath);
- this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);
- this.pathPopulated = true;
- }
- // 给 FlowScope 的设置 ticketGrantingTicketId, warnCookieValue 参数
- context.getFlowScope().put(
- "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
- context.getFlowScope().put("warnCookieValue",
- Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
- // 3.4.1 抽取 service 参数
- final Service service = WebUtils.getService(this.argumentExtractors, context);
- if (service != null && logger.isDebugEnabled()) {
- logger.debug("Placing service in FlowScope: " + service.getId());
- }
- // 给 FlowScope 的设置 service 参数
- context.getFlowScope().put("service", service);
- return result("success");
- }
3.4.1 WebApplicationService.getService
Java代码
- public static WebApplicationService getService(
- final List
argumentExtractors, - final HttpServletRequest request) {
- for (final ArgumentExtractor argumentExtractor : argumentExtractors) {
- // 3.4.1.1 通过配置的 argumentExtractor 抽取 service
- final WebApplicationService service = argumentExtractor.extractService(request);
- if (service != null) {
- return service;
- }
- }
- return null;
- }
3.4.1.1 CasArgumentExtractor 代码
Java代码
- public final class CasArgumentExtractor extends AbstractSingleSignOutEnabledArgumentExtractor {
- public final WebApplicationService extractServiceInternal(final HttpServletRequest request) {
- return SimpleWebApplicationServiceImpl.createServiceFrom(request, getHttpClientIfSingleSignOutEnabled());
- }
- }
- // SimpleWebApplicationServiceImpl
- private static final String CONST_PARAM_SERVICE = "service";
- private static final String CONST_PARAM_TARGET_SERVICE = "targetService";
- private static final String CONST_PARAM_TICKET = "ticket";
- private static final String CONST_PARAM_METHOD = "method";
- public static SimpleWebApplicationServiceImpl createServiceFrom(
- final HttpServletRequest request, final HttpClient httpClient) {
- final String targetService = request
- .getParameter(CONST_PARAM_TARGET_SERVICE);
- final String method = request.getParameter(CONST_PARAM_METHOD);
- final String serviceToUse = StringUtils.hasText(targetService)
- ? targetService : request.getParameter(CONST_PARAM_SERVICE);
- if (!StringUtils.hasText(serviceToUse)) {
- return null;
- }
- final String id = cleanupUrl(serviceToUse);
- final String artifactId = request.getParameter(CONST_PARAM_TICKET);
- return new SimpleWebApplicationServiceImpl(id, serviceToUse,
- artifactId, "POST".equals(method) ? ResponseType.POST
- : ResponseType.REDIRECT, httpClient);
- }
- private SimpleWebApplicationServiceImpl(final String id,
- final String originalUrl, final String artifactId,
- final ResponseType responseType, final HttpClient httpClient) {
- super(id, originalUrl, artifactId, httpClient);
- this.responseType = responseType;
- }
- protected AbstractWebApplicationService(final String id, final String originalUrl, final String artifactId, final HttpClient httpClient) {
- this.id = id;
- this.originalUrl = originalUrl;
- this.artifactId = artifactId;
- this.httpClient = httpClient;
- }
3. Cas20ProxyReceivingTicketValidationFilter 及 AbstractTicketValidationFilter代码:
Java代码
- public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
- if (!preFilter(servletRequest, servletResponse, filterChain)) {
- return;
- }
- final HttpServletRequest request = (HttpServletRequest) servletRequest;
- final HttpServletResponse response = (HttpServletResponse) servletResponse;
- final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
- // 如果 URL 中包含 ticket 参数,则执行 service 验证工作
- if (CommonUtils.isNotBlank(ticket)) {
- if (log.isDebugEnabled()) {
- log.debug("Attempting to validate ticket: " + ticket);
- }
- try {
- final Assertion assertion = this.ticketValidator.validate(ticket, constructServiceUrl(request, response));
- if (log.isDebugEnabled()) {
- log.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());
- }
- request.setAttribute(CONST_CAS_ASSERTION, assertion);
- if (this.useSession) {
- request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);
- }
- onSuccessfulValidation(request, response, assertion);
- if (this.redirectAfterValidation) {
- log. debug("Redirecting after successful ticket validation.");
- response.sendRedirect(constructServiceUrl(request, response));
- return;
- }
- } catch (final TicketValidationException e) {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- log.warn(e, e);
- onFailedValidation(request, response);
- if (this.exceptionOnValidationFailure) {
- throw new ServletException(e);
- }
- return;
- }
- }
- // 如果不包含 ticket, 直接跳过CAS Filter验证,继续其他 filter 或 web app 操作
- filterChain.doFilter(request, response);
- }