开源的CAS已经很多牛人分析过了,最近在看源码,也总结一下
AuthenticationViaFormAction.java主要代码
//credentialsBinder这个属性在配置文件中没有注入,所以this.credentialsBinder会一直为null,无效代码
public final void doBind(final RequestContext context, final Credentials credentials) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if (this.credentialsBinder != null && this.credentialsBinder.supports(credentials.getClass())) {
this.credentialsBinder.bind(request, credentials);
}
}
public final String submit(final RequestContext context, final Credentials credentials, final MessageContext messageContext) throws Exception {
//从request的flowScope中获取loginTicket
final String authoritativeLoginTicket = WebUtils.getLoginTicketFromFlowScope(context);
//从request的参数中获取loginTicket
final String providedLoginTicket = WebUtils.getLoginTicketFromRequest(context);
//如果两者不一样,返回错误
if (!authoritativeLoginTicket.equals(providedLoginTicket)) {
this.logger.warn("Invalid login ticket " + providedLoginTicket);
final String code = "INVALID_TICKET";
messageContext.addMessage(
new MessageBuilder().error().code(code).arg(providedLoginTicket).defaultText(code).build());
return "error";
}
//从request参数中或者flowScope中获取TGTID
final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
//从request的flowScope中获取service
final Service service = WebUtils.getService(context);
//从request参数中获取renew的值,如果renew不为null,且ticketGrantingTicketId为null,且service为null
if (StringUtils.hasText(context.getRequestParameters().get("renew")) && ticketGrantingTicketId != null && service != null) {
try {
final String serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
putWarnCookieIfRequestParameterPresent(context);
return "warn";
} catch (final TicketException e) {
if (isCauseAuthenticationException(e)) {
populateErrorsInstance(e, messageContext);
return getAuthenticationExceptionEventId(e);
}
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
if (logger.isDebugEnabled()) {
logger.debug("Attempted to generate a ServiceTicket using renew=true with different credentials", e);
}
}
}
try {
//this.centralAuthenticationService.createTicketGrantingTicket(credentials)返回TGTID,把TGTID放入RequestScope中
WebUtils.putTicketGrantingTicketInRequestScope(context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));
putWarnCookieIfRequestParameterPresent(context);
return "success";
} catch (final TicketException e) {
populateErrorsInstance(e, messageContext);
if (isCauseAuthenticationException(e))
return getAuthenticationExceptionEventId(e);
return "error";
}
}