1. login-webflow.xml
2. initialFlowSetupAction
获取TicketGrantingTicketCookie TGT
1. this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)
2.Cookie cookie = org.springframework.web.util.WebUtils.getCookie(request, getCookieName())
3. ticketGrantingTicketExistsCheck
flowScope.ticketGrantingTicketId != null ? hasServiceCheck : gatewayRequestCheck
第一次登录为null
1 gatewayRequestCheck
requestParameters.gateway != '' and requestParameters.gateway != null and flowScope.service != null ? gatewayServicesManagementCheck : serviceAuthorizationCheck
第一次都不存在gateway service
2 serviceAuthorizationCheck --> generateLoginTicket --> generateLoginTicketAction.generate(flowRequestContext)
<bean id="generateLoginTicketAction" class="org.jasig.cas.web.flow.GenerateLoginTicketAction"
p:ticketIdGenerator-ref="loginTicketUniqueIdGenerator"/>
centralAuthenticationService.grantServiceTicket(ticketGrantingTicket,service);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
grantServiceTicket(ticketGrantingTicketId, service, null)
ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class)
ticketGrantingTicket.getChainedAuthentications()
if(authns.size() > 1) if (!registeredService.isAllowedToProxy())
//此时credentials==null
if (credentials != null)
uniqueTicketIdGeneratorsForService.get(service.getClass().getName())
ServiceTicket serviceTicket = ticketGrantingTicket.grantServiceTicket(serviceTicketUniqueTicketIdGenerator.getNewTicketId(ServiceTicket.PREFIX), service, this.serviceTicketExpirationPolicy, credentials != null)
//添加Ticket
serviceTicketRegistry.addTicket(serviceTicket)
return serviceTicket.getId()
3. viewLoginForm
//此时输入账号/密码
authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)
authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)
centralAuthenticationService.createTicketGrantingTicket(credentials)
final Authentication authentication = this.authenticationManager.authenticate(credentials);
authenticateAndObtainPrincipal(credentials)<span style="font-family: Arial, Helvetica, sans-serif; background-color: rgb(255, 255, 255);"> </span>
<span style="font-family: Arial, Helvetica, sans-serif;"> for (final AuthenticationHandler authenticationHandler : this.authenticationHandlers) {</span>
if (authenticationHandler.supports(credentials)) {
foundSupported = true;
handlerName = authenticationHandler.getClass().getName();
try {
if (!authenticationHandler.authenticate(credentials)) {
log.info("{} failed to authenticate {}", handlerName, credentials);
} else {
log.info("{} successfully authenticated {}", handlerName, credentials);
authenticatedClass = authenticationHandler;
authenticated = true;
break;
}
} catch (final Exception e) {
handleError(handlerName, credentials, e);
}
}
}
if (!authenticated) {
if (foundSupported) {
throw BadCredentialsAuthenticationException.ERROR;
}
throw UnsupportedCredentialsException.ERROR;
}
验证用户名/密码
public boolean authenticate(final Credentials credentials) {
final LegacyCasCredentials casCredentials = (LegacyCasCredentials) credentials;
return this.passwordHandler.authenticate(casCredentials
.getServletRequest(), casCredentials.getUsername(), casCredentials
.getPassword());
}
<span style="font-family: Arial, Helvetica, sans-serif;"> 失败authenticated=flase foundSupported=true</span>
<span style="font-family: Arial, Helvetica, sans-serif;"> 抛出异常 </span><span style="font-family: Arial, Helvetica, sans-serif;">BadCredentialsAuthenticationException.ERROR;</span>
在createTicketGrantingTicket(final Credentials credentials) throws TicketCreationException获得
} catch (final AuthenticationException e) {
throw new TicketCreationException(e);
}
public final String submit(final RequestContext context, final Credentials credentials, final MessageContext messageContext)
返回到初始的submit
<pre name="code" class="java"> } catch (final TicketException e) {
populateErrorsInstance(e, messageContext);
if (isCauseAuthenticationException(e))
return getAuthenticationExceptionEventId(e);
return "error";
}
返回登陆页面
Spring是如何将异常写到页面<form:form errors>