解决jasig CAS server端 ticketGrantingTicket超时后的一个bug

最新推荐文章于 2021-01-27 19:51:53 发布

iteye_13390

最新推荐文章于 2021-01-27 19:51:53 发布

阅读量299

点赞数

文章标签：企业应用

本文链接：https://blog.csdn.net/iteye_13390/article/details/82203935

版权

最近研究cas，发现在设置ticketGrantingTicket超时后，打开https://tski.com:8443/cas 仍然显示成功

ticketExpirationPolicies.xml


	<!-- This argument is the time a ticket can exist before its considered expired. 设置为5秒超时-->
	<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">

		<constructor-arg
			index="0"
			value="5000" />
	</bean>

ticketRegistry.xml


<!-- 10秒检查一次是否有ticket需要clean  -->
	<bean id="triggerJobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.SimpleTriggerBean"
		p:jobDetail-ref="jobDetailTicketRegistryCleaner"
		p:startDelay="2000"
		p:repeatInterval="10000" />

仍然显示成功
[img]http://dl.iteye.com/upload/attachment/587461/3bab4db5-aff0-3e9f-af56-5082d88b86b5.png[/img]

所以猜测，TGT超时与使用https://tski.com:8443/cas/logout 不同地方在于，后者清除了cookie中的TGT

于是找到logout的处理代码
org.jasig.cas.web.LogoutController


    protected ModelAndView handleRequestInternal(
        final HttpServletRequest request, final HttpServletResponse response)
        throws Exception {
        final String ticketGrantingTicketId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
        final String service = request.getParameter("service");

        if (ticketGrantingTicketId != null) {
            this.centralAuthenticationService
                .destroyTicketGrantingTicket(ticketGrantingTicketId);
            //清除cookie
            this.ticketGrantingTicketCookieGenerator.removeCookie(response);
            this.warnCookieGenerator.removeCookie(response);
        }

        if (this.followServiceRedirects && service != null) {
            return new ModelAndView(new RedirectView(service));
        }

        return new ModelAndView(this.logoutView);
    }

而TGT超时时，cas server 不能获取cookie

继续猜测，打开https://tski.com:8443/cas时，cas server只判断了cookie中是否有TGT，但是没判断org.jasig.cas.ticket.registry.TicketRegistry中是否还存在TGT。

找到login-webflow.xml

    

<!-- 在flowScope.ticketGrantingTicketId && flowScope.service 为null的情况下，页面会跳转到viewGenericLoginSuccess -->
<on-start>
        <evaluate expression="initialFlowSetupAction" />
    </on-start>

	<decision-state id="ticketGrantingTicketExistsCheck">
		<if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" />
	</decision-state>

	...	
	<decision-state id="hasServiceCheck">
		<if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" />
	</decision-state>

所以现在要确认flowScope.ticketGrantingTicketId ， flowScope.service 是什么东西
找到org.jasig.cas.web.flow.InitialFlowSetupAction


	protected Event doExecute(final RequestContext context) throws Exception {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        if (!this.pathPopulated) {
            ...        }

//ticketGrantingTicketId是从cookie里取的，问题很清楚了
        context.getFlowScope().put(
            "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
        context.getFlowScope().put(
            "warnCookieValue",
            Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
//service 只有在从其他系统跳转到cas server时才可能不是null
        final Service service = WebUtils.getService(this.argumentExtractors,
            context);

        if (service != null && logger.isDebugEnabled()) {
            logger.debug("Placing service in FlowScope: " + service.getId());
        }

        context.getFlowScope().put("service", service);

        return result("success");
    }

最后，修改代码
org.jasig.cas.web.flow.InitialFlowSetupAction


//注入 ticketRegistry
 @NotNull
    private TicketRegistry ticketRegistry;

    public TicketRegistry getTicketRegistry() {
		return ticketRegistry;
	}

	public void setTicketRegistry(TicketRegistry ticketRegistry) {
		this.ticketRegistry = ticketRegistry;
	}


	protected Event doExecute(final RequestContext context) throws Exception {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        if (!this.pathPopulated) {
            ...        }
//从ticketRegistry中获取TGT
        context.getFlowScope().put(
            "ticketGrantingTicketId", ticketRegistry.getTicket(this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)));
        context.getFlowScope().put(
            "warnCookieValue",
            Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));

        final Service service = WebUtils.getService(this.argumentExtractors,
            context);

        if (service != null && logger.isDebugEnabled()) {
            logger.debug("Placing service in FlowScope: " + service.getId());
        }

        context.getFlowScope().put("service", service);

        return result("success");
    }

修改cas-servlet.xml

<!-- 最后一行 p:ticketRegistry-ref="ticketRegistry"  ，注入ticketRegistry -->
	<bean id="initialFlowSetupAction" class="org.jasig.cas.web.flow.InitialFlowSetupAction"
		p:argumentExtractors-ref="argumentExtractors"
		p:warnCookieGenerator-ref="warnCookieGenerator"
		p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator" 
		p:ticketRegistry-ref="ticketRegistry"/>

iteye_13390

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
解决jasig CAS server端 ticketGrantingTicket超时后的一个bug

最近研究cas，发现在设置ticketGrantingTicket超时后，打开https://tski.com:8443/cas 仍然显示成功ticketExpirationPolicies.xml[code="xml"] [/code]ticketRegistry.xml[code="xml"] [/code]...
复制链接

扫一扫