InitialFlowSetupAction 說明

開源的CAS已經很多牛人分析過了，最近在看源碼，也總結一下

InitialFlowSetupAction.java主要代碼

 

   protected Event doExecute(final RequestContext context) throws Exception {

        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);

        if (!this.pathPopulated) {

            final String contextPath = context.getExternalContext().getContextPath();

            final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + "/" : "/";

            logger.info("Setting path for cookies to: "

                + cookiePath);

            

            /** 給兩個CookieGenerator設置CookiePath，通過cas-servlet.xml配置可以看出兩個CookieGenerator分別對應了

             * warnCookieGenerator.xml和ticketGrantingTicketCookieGenerator.xml的注入bean

             * 所以CookiePath都爲/cas*/

            this.warnCookieGenerator.setCookiePath(cookiePath);

            this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);

            this.pathPopulated = true;

        }

        

        /** 從request中取回cookie的值存在FlowScope中

         * 從哪個cookie取取決於warnCookieGenerator.xml或ticketGrantingTicketCookieGenerator.xml

         */

        context.getFlowScope().put(

            "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));

        context.getFlowScope().put(

            "warnCookieValue",

            Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));

        /** 在初始化的時候給this.argumentExtractors注入了兩個ArgumentExtractor，配置在argumentExtractorsConfiguration.xml中

         * 分別是CasArgumentExtractor和SamlArgumentExtractor

         */

        final Service service = WebUtils.getService(this.argumentExtractors,

            context);

        if (service != null && logger.isDebugEnabled()) {

            logger.debug("Placing service in FlowScope: " + service.getId());

        }

        //把service放入FlowScope

        context.getFlowScope().put("service", service);

        return result("success");

    }

CookieRetrievingCookieGenerator.java

    /**

     * 從request裏面取出name爲cookieName的cookie

     * cookieName定義在warnCookieGenerator.xml或ticketGrantingTicketCookieGenerator.xml中

     * @param request

     * @return

     */

    public String retrieveCookieValue(final HttpServletRequest request) {

        final Cookie cookie = org.springframework.web.util.WebUtils.getCookie(

            request, getCookieName());

        return cookie == null ? null : cookie.getValue();

    }

CasArgumentExtractor.java

/**

* getHttpClientIfSingleSignOutEnabled()方法，返回值取決於argumentExtractorsConfiguration.xml的disableSingleSignOut和httpClient屬性

* 其中httpClient配置在applicationContext.xml中，disableSingleSignOut則配置在cas.properties中

* 如果需要禁用Cas Server的logout功能，就可以在cas.properties文件中指定“slo.callbacks.disabled=true”

*/

    public final WebApplicationService extractServiceInternal(final HttpServletRequest request) {

        return SimpleWebApplicationServiceImpl.createServiceFrom(request, getHttpClientIfSingleSignOutEnabled());

    }