上面写完了登录验证。那么接下来还有几个部分需要修改。
- 当用户登录成功之后从应用1跳转到应用2的时候也需要增加一个判断应用2是否授权的操作。具体是在GenerateServiceTicketAction.java类中。
- 当用户退出的时候(包括浏览器退出都要触发LogoutController.java类中的操作)因此退出的时候一定要更改用户的登录状态,负责下一次用户将无法登录。
- 其他的如果你有其他的地方需要改造,那么不管是login-webflow.xml,还是cas-servlet.xml.都可以相应的更改。
将核心代码展示如下:
GenerateServiceTicketAction.java
/*
* Copyright 2007 The JA-SIG Collaborative. All rights reserved. See license
* distributed with this file and available online at
* http://www.ja-sig.org/products/cas/overview/license/
*/
package org.jasig.cas.web.flow;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.CentralAuthenticationService;
import org.jasig.cas.authentication.principal.Credentials;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.authentication.principal.UsernamePasswordCredentials;
import org.jasig.cas.ticket.TicketException;
import org.jasig.cas.web.support.WebUtils;
import org.jasig.services.persondir.support.jdbc.ApplicationAuthoritiedAuthenticationDAO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.core.simple.SimpleJdbcTemplate;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;
import javax.servlet.http.HttpServletRequest;
import javax.sql.DataSource;
import javax.validation.constraints.NotNull;
/**
* Action to generate a service ticket for a given Ticket Granting Ticket and
* Service.
*
* @author Scott Battaglia
* @version $Revision$ $Date$
* @since 3.0.4
*/
public final class GenerateServiceTicketAction extends AbstractAction {
private final Logger log = LoggerFactory.getLogger(this.getClass());
/** Instance of CentralAuthenticationService. */
@NotNull
private CentralAuthenticationService centralAuthenticationService;
/** Instance of ApplicationAuthoritiedAuthenticationDAO. */
@NotNull
private ApplicationAuthoritiedAuthenticationDAO applicationAuthoritiedAuthenticationDAO;
/** check the url your are request is valid or not*/
protected boolean checkUrl(final RequestContext context){
UsernamePasswordCredentials userinfo = (UsernamePasswordCredentials)this.centralAuthenticationService.getCredentials();
HttpServletRequest request = WebUtils.getHttpServletRequest(context);
String url = request.getParameter("service").toString();
Assert.notNull(userinfo,"userinfo is null");
Assert.notNull(url,"url is null");
boolean result = this.applicationAuthoritiedAuthenticationDAO.CheckApplicationURLIsAuthority(url, userinfo.getUsername());
if(result){
log.error("Your have no authoriation to log this application");
return false;
}
log.info("the Url is valid\n");
return true;
}
protected Event doExecute(final RequestContext context) {
boolean result = checkUrl(context);
if(!result){
return error();
}
final Service service = WebUtils.getService(context);
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
try {
final String serviceTicketId = this.centralAuthenticationService
.grantServiceTicket(ticketGrantingTicket,
service);
WebUtils.putServiceTicketInRequestScope(context,
serviceTicketId);
return success();
} catch (final TicketException e) {
if (isGatewayPresent(context)) {
return result("gateway");
}
}
return error();
}
public void setCentralAuthenticationService(
final CentralAuthenticationService centralAuthenticationService) {
this.centralAuthenticationService = centralAuthenticationService;
}
protected boolean isGatewayPresent(final RequestContext context) {
return StringUtils.hasText(context.getExternalContext()
.getRequestParameterMap().get("gateway"));
}
public void setApplicationAuthoritiedAuthenticationDAO(
ApplicationAuthoritiedAuthenticationDAO applicationAuthoritiedAuthenticationDAO) {
this.applicationAuthoritiedAuthenticationDAO = ap