开源的CAS已经很多牛人分析过了,最近在看源码,也总结一下
AuthenticationFilter.java主要代码
/**
* 这里用到了责任链模式,filterChain里面包含了web.xml里面配置的所有Filter,每次执行filterChain的doFilter()时,会执行下一个Filter的doFilter方法
* 可以查看ApplicationFilterChain的源码http://javapolo.iteye.com/blog/1287747
*/
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final HttpSession session = request.getSession(false);
//assertion的值会一直为空,因为一直都执行不到this.gatewayStorage.storeGatewayInformation(request, serviceUrl)
//只有在web.xml里面配置了gateway属性为ture,才会执行到
//什么时候才要配置gateway为true?
final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
if (assertion != null) {
filterChain.doFilter(request, response);
return;
}
//从request中构造服务URL
final String serviceUrl = constructServiceUrl(request, response);
/**
* getArtifactParameterName()的值是在AbstractCasFilter初始化时执行setArtifactParameterName()时赋的值,我们在web.xml中没有配置,所以默认是“ticket”
* safeGetParameter(request,getArtifactParameterName())会从request的请求链接中返回参数“ticket”的值
*/
final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
//判断request的session里面是否有CONST_CAS_GATEWAY属性,如果有,则从session里面清除这个属性,并return true;
//这段代码的作用?
final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
filterChain.doFilter(request, response);
return;
}
final String modifiedServiceUrl;
log.debug("no ticket and no assertion found");
//这个值在web.xml中没有配置,所以为false
if (this.gateway) {
log.debug("setting gateway attribute in session");
modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
} else {
modifiedServiceUrl = serviceUrl;
}
if (log.isDebugEnabled()) {
log.debug("Constructed service url: " + modifiedServiceUrl);
}
//根据参数构造重定向URL,URL为登陆界面,并把当前访问的路径作为参数拼加到URL之后
final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);
if (log.isDebugEnabled()) {
log.debug("redirecting to \"" + urlToRedirectTo + "\"");
}
//重定向到服务器端
response.sendRedirect(urlToRedirectTo);
}