CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter

最近研究CAS,先从客户开始来说明CAS的逻辑,可能会结合源代码。

必要说明:http://blog.csdn.net/yuwenruli/article/details/6602180

HttpServletRequestWrapperFilter其实作用很简单,就是在HttpServletRequest对象再包装一次,让其支持getUserPrincipal,getRemoteUser方法来取得登录的用户信息。

实现起来比较简单,这个里面使用到一个类CasHttpServletRequestWrapper,其继承HttpServletRequestWrapper,通过给定Assertion对象中取得AttributePrincipal对象来组装CasHttpServletRequestWrapper,看看源代码

 public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        //从Session或者request中取得AttributePrincipal,其实Assertion的一个principal属性
    	final AttributePrincipal principal = retrievePrincipalFromSessionOrRequest(servletRequest);
    	//对request进行包装,并处理后面的过滤器,使其后面的过滤器或者servlet能够在request.getRemoteUser()或者request.getUserPrincipal()取得用户信息
        filterChain.doFilter(new CasHttpServletRequestWrapper((HttpServletRequest) servletRequest, principal), servletResponse);
    }

    protected AttributePrincipal retrievePrincipalFromSessionOrRequest(final ServletRequest servletRequest) {
        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        final HttpSession session = request.getSession(false);
        final Assertion assertion = (Assertion) (session == null ? request.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION) : session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION));

        return assertion == null ? null : assertion.getPrincipal();
    }

我们再来看看CasHttpServletRequestWrapper的源代码

 final class CasHttpServletRequestWrapper extends HttpServletRequestWrapper {

        private final AttributePrincipal principal;

        CasHttpServletRequestWrapper(final HttpServletRequest request, final AttributePrincipal principal) {
            super(request);
            this.principal = principal;
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public String getRemoteUser() {
            return principal != null ? this.principal.getName() : null;
        }

        public boolean isUserInRole(final String role) {
            if (CommonUtils.isBlank(role)) {
                log.debug("No valid role provided.  Returning false.");
                return false;
            }

            if (this.principal == null) {
                log.debug("No Principal in Request.  Returning false.");
                return false;
            }

            if (CommonUtils.isBlank(roleAttribute)) {
                log.debug("No Role Attribute Configured. Returning false.");
                return false;
            }

            final Object value = this.principal.getAttributes().get(roleAttribute);
            
            if (value instanceof Collection<?>) {
                for (final Object o : (Collection<?>) value) {
                    if (rolesEqual(role, o)) {
                        log.debug("User [" + getRemoteUser() + "] is in role [" + role + "]: " + true);
                        return true;
                    }
                }
            }

            final boolean isMember = rolesEqual(role, value);
            log.debug("User [" + getRemoteUser() + "] is in role [" + role + "]: " + isMember);
            return isMember;
        }
        
        /**
         * Determines whether the given role is equal to the candidate
         * role attribute taking into account case sensitivity.
         *
         * @param given  Role under consideration.
         * @param candidate Role that the current user possesses.
         *
         * @return True if roles are equal, false otherwise.
         */
        private boolean rolesEqual(final String given, final Object candidate) {
            return ignoreCase ? given.equalsIgnoreCase(candidate.toString()) : given.equals(candidate);
        }
    }



你可能感兴趣的:(session,String,servlet,object,null,returning)