開源的CAS已經很多牛人分析過了,最近在看源碼,也總結一下
AuthenticationFilter.java主要代碼
/**
* 這裏用到了責任鏈模式,filterChain裏面包含了web.xml裏面配置的所有Filter,每次執行filterChain的doFilter()時,會執行下一個Filter的doFilter方法
* 可以查看ApplicationFilterChain的源碼http://javapolo.iteye.com/blog/1287747
*/
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final HttpSession session = request.getSession(false);
//assertion的值會一直爲空,因爲一直都執行不到this.gatewayStorage.storeGatewayInformation(request, serviceUrl)
//只有在web.xml裏面配置了gateway屬性爲ture,纔會執行到
//什麼時候纔要配置gateway爲true?
final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
if (assertion != null) {
filterChain.doFilter(request, response);
return;
}
//從request中構造服務URL
final String serviceUrl = constructServiceUrl(request, response);
/**
* getArtifactParameterName()的值是在AbstractCasFilter初始化時執行setArtifactParameterName()時賦的值,我們在web.xml中沒有配置,所以默認是“ticket”
* safeGetParameter(request,getArtifactParameterName())會從request的請求鏈接中返回參數“ticket”的值
*/
final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
//判斷request的session裏面是否有CONST_CAS_GATEWAY屬性,如果有,則從session裏面清除這個屬性,並return true;
//這段代碼的作用?
final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
filterChain.doFilter(request, response);
return;
}
final String modifiedServiceUrl;
log.debug("no ticket and no assertion found");
//這個值在web.xml中沒有配置,所以爲false
if (this.gateway) {
log.debug("setting gateway attribute in session");
modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
} else {
modifiedServiceUrl = serviceUrl;
}
if (log.isDebugEnabled()) {
log.debug("Constructed service url: " + modifiedServiceUrl);
}
//根據參數構造重定向URL,URL爲登陸界面,並把當前訪問的路徑作爲參數拼加到URL之後
final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);
if (log.isDebugEnabled()) {
log.debug("redirecting to \"" + urlToRedirectTo + "\"");
}
//重定向到服務器端
response.sendRedirect(urlToRedirectTo);
}