開源的CAS已經很多牛人分析過了,最近在看源碼,也總結一下
InitialFlowSetupAction.java主要代碼
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if (!this.pathPopulated) {
final String contextPath = context.getExternalContext().getContextPath();
final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + "/" : "/";
logger.info("Setting path for cookies to: "
+ cookiePath);
/** 給兩個CookieGenerator設置CookiePath,通過cas-servlet.xml配置可以看出兩個CookieGenerator分別對應了
* warnCookieGenerator.xml和ticketGrantingTicketCookieGenerator.xml的注入bean
* 所以CookiePath都爲/cas*/
this.warnCookieGenerator.setCookiePath(cookiePath);
this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);
this.pathPopulated = true;
}
/** 從request中取回cookie的值存在FlowScope中
* 從哪個cookie取取決於warnCookieGenerator.xml或ticketGrantingTicketCookieGenerator.xml
*/
context.getFlowScope().put(
"ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
context.getFlowScope().put(
"warnCookieValue",
Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
/** 在初始化的時候給this.argumentExtractors注入了兩個ArgumentExtractor,配置在argumentExtractorsConfiguration.xml中
* 分別是CasArgumentExtractor和SamlArgumentExtractor
*/
final Service service = WebUtils.getService(this.argumentExtractors,
context);
if (service != null && logger.isDebugEnabled()) {
logger.debug("Placing service in FlowScope: " + service.getId());
}
//把service放入FlowScope
context.getFlowScope().put("service", service);
return result("success");
}
CookieRetrievingCookieGenerator.java
/**
* 從request裏面取出name爲cookieName的cookie
* cookieName定義在warnCookieGenerator.xml或ticketGrantingTicketCookieGenerator.xml中
* @param request
* @return
*/
public String retrieveCookieValue(final HttpServletRequest request) {
final Cookie cookie = org.springframework.web.util.WebUtils.getCookie(
request, getCookieName());
return cookie == null ? null : cookie.getValue();
}
CasArgumentExtractor.java
/**
* getHttpClientIfSingleSignOutEnabled()方法,返回值取決於argumentExtractorsConfiguration.xml的disableSingleSignOut和httpClient屬性
* 其中httpClient配置在applicationContext.xml中,disableSingleSignOut則配置在cas.properties中
* 如果需要禁用Cas Server的logout功能,就可以在cas.properties文件中指定“slo.callbacks.disabled=true”
*/
public final WebApplicationService extractServiceInternal(final HttpServletRequest request) {
return SimpleWebApplicationServiceImpl.createServiceFrom(request, getHttpClientIfSingleSignOutEnabled());
}