原文:http://castte.iteye.com/blog/1255308
最近研究cas,发现在设置ticketGrantingTicket超时后,打开https://tski.com:8443/cas 仍然显示成功
ticketExpirationPolicies.xml
ticketRegistry.xml
仍然显示成功
所以猜测,TGT超时与使用https://tski.com:8443/cas/logout 不同地方在于,后者清除了cookie中的TGT
于是找到logout的处理代码
org.jasig.cas.web.LogoutController
而TGT超时时,cas server 不能获取cookie
继续猜测,打开https://tski.com:8443/cas时,cas server只判断了cookie中是否有TGT,但是没判断org.jasig.cas.ticket.registry.TicketRegistry中是否还存在TGT。
找到login-webflow.xml
所以现在要确认flowScope.ticketGrantingTicketId , flowScope.service 是什么东西
找到org.jasig.cas.web.flow.InitialFlowSetupAction
最后,修改代码
org.jasig.cas.web.flow.InitialFlowSetupAction
修改cas-servlet.xml
ticketExpirationPolicies.xml
- <!-- This argument is the time a ticket can exist before its considered expired. 设置为5秒超时-->
- <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
- <constructor-arg
- index="0"
- value="5000" />
- </bean>
<!-- This argument is the time a ticket can exist before its considered expired. 设置为5秒超时--> <bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy"> <constructor-arg index="0" value="5000" /> </bean>
ticketRegistry.xml
- <!-- 10秒检查一次是否有ticket需要clean -->
- <bean id="triggerJobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.SimpleTriggerBean"
- p:jobDetail-ref="jobDetailTicketRegistryCleaner"
- p:startDelay="2000"
- p:repeatInterval="10000" />
<!-- 10秒检查一次是否有ticket需要clean --> <bean id="triggerJobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.SimpleTriggerBean" p:jobDetail-ref="jobDetailTicketRegistryCleaner" p:startDelay="2000" p:repeatInterval="10000" />
仍然显示成功
![点击查看原始大小图片](http://dl.iteye.com/upload/attachment/587461/3bab4db5-aff0-3e9f-af56-5082d88b86b5.png)
所以猜测,TGT超时与使用https://tski.com:8443/cas/logout 不同地方在于,后者清除了cookie中的TGT
于是找到logout的处理代码
org.jasig.cas.web.LogoutController
- protected ModelAndView handleRequestInternal(
- final HttpServletRequest request, final HttpServletResponse response)
- throws Exception {
- final String ticketGrantingTicketId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
- final String service = request.getParameter("service");
- if (ticketGrantingTicketId != null) {
- this.centralAuthenticationService
- .destroyTicketGrantingTicket(ticketGrantingTicketId);
- //清除cookie
- this.ticketGrantingTicketCookieGenerator.removeCookie(response);
- this.warnCookieGenerator.removeCookie(response);
- }
- if (this.followServiceRedirects && service != null) {
- return new ModelAndView(new RedirectView(service));
- }
- return new ModelAndView(this.logoutView);
- }
protected ModelAndView handleRequestInternal(
final HttpServletRequest request, final HttpServletResponse response)
throws Exception {
final String ticketGrantingTicketId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
final String service = request.getParameter("service");
if (ticketGrantingTicketId != null) {
this.centralAuthenticationService
.destroyTicketGrantingTicket(ticketGrantingTicketId);
//清除cookie
this.ticketGrantingTicketCookieGenerator.removeCookie(response);
this.warnCookieGenerator.removeCookie(response);
}
if (this.followServiceRedirects && service != null) {
return new ModelAndView(new RedirectView(service));
}
return new ModelAndView(this.logoutView);
}
而TGT超时时,cas server 不能获取cookie
继续猜测,打开https://tski.com:8443/cas时,cas server只判断了cookie中是否有TGT,但是没判断org.jasig.cas.ticket.registry.TicketRegistry中是否还存在TGT。
找到login-webflow.xml
- <!-- 在flowScope.ticketGrantingTicketId && flowScope.service 为null的情况下,页面会跳转到viewGenericLoginSuccess -->
- <on-start>
- <evaluate expression="initialFlowSetupAction" />
- </on-start>
- <decision-state id="ticketGrantingTicketExistsCheck">
- <if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" />
- </decision-state>
- ...
- <decision-state id="hasServiceCheck">
- <if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" />
- </decision-state>
<!-- 在flowScope.ticketGrantingTicketId && flowScope.service 为null的情况下,页面会跳转到viewGenericLoginSuccess --> <on-start> <evaluate expression="initialFlowSetupAction" /> </on-start> <decision-state id="ticketGrantingTicketExistsCheck"> <if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" /> </decision-state> ... <decision-state id="hasServiceCheck"> <if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" /> </decision-state>
所以现在要确认flowScope.ticketGrantingTicketId , flowScope.service 是什么东西
找到org.jasig.cas.web.flow.InitialFlowSetupAction
- protected Event doExecute(final RequestContext context) throws Exception {
- final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
- if (!this.pathPopulated) {
- ... }
- //ticketGrantingTicketId是从cookie里取的,问题很清楚了
- context.getFlowScope().put(
- "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
- context.getFlowScope().put(
- "warnCookieValue",
- Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
- //service 只有在从其他系统跳转到cas server时才可能不是null
- final Service service = WebUtils.getService(this.argumentExtractors,
- context);
- if (service != null && logger.isDebugEnabled()) {
- logger.debug("Placing service in FlowScope: " + service.getId());
- }
- context.getFlowScope().put("service", service);
- return result("success");
- }
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if (!this.pathPopulated) {
... }
//ticketGrantingTicketId是从cookie里取的,问题很清楚了
context.getFlowScope().put(
"ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
context.getFlowScope().put(
"warnCookieValue",
Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
//service 只有在从其他系统跳转到cas server时才可能不是null
final Service service = WebUtils.getService(this.argumentExtractors,
context);
if (service != null && logger.isDebugEnabled()) {
logger.debug("Placing service in FlowScope: " + service.getId());
}
context.getFlowScope().put("service", service);
return result("success");
}
最后,修改代码
org.jasig.cas.web.flow.InitialFlowSetupAction
- //注入 ticketRegistry
- @NotNull
- private TicketRegistry ticketRegistry;
- public TicketRegistry getTicketRegistry() {
- return ticketRegistry;
- }
- public void setTicketRegistry(TicketRegistry ticketRegistry) {
- this.ticketRegistry = ticketRegistry;
- }
- protected Event doExecute(final RequestContext context) throws Exception {
- final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
- if (!this.pathPopulated) {
- ... }
- //从ticketRegistry中获取TGT
- context.getFlowScope().put(
- "ticketGrantingTicketId", ticketRegistry.getTicket(this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)));
- context.getFlowScope().put(
- "warnCookieValue",
- Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
- final Service service = WebUtils.getService(this.argumentExtractors,
- context);
- if (service != null && logger.isDebugEnabled()) {
- logger.debug("Placing service in FlowScope: " + service.getId());
- }
- context.getFlowScope().put("service", service);
- return result("success");
- }
//注入 ticketRegistry
@NotNull
private TicketRegistry ticketRegistry;
public TicketRegistry getTicketRegistry() {
return ticketRegistry;
}
public void setTicketRegistry(TicketRegistry ticketRegistry) {
this.ticketRegistry = ticketRegistry;
}
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if (!this.pathPopulated) {
... }
//从ticketRegistry中获取TGT
context.getFlowScope().put(
"ticketGrantingTicketId", ticketRegistry.getTicket(this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)));
context.getFlowScope().put(
"warnCookieValue",
Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
final Service service = WebUtils.getService(this.argumentExtractors,
context);
if (service != null && logger.isDebugEnabled()) {
logger.debug("Placing service in FlowScope: " + service.getId());
}
context.getFlowScope().put("service", service);
return result("success");
}
修改cas-servlet.xml
- <!-- 最后一行 p:ticketRegistry-ref="ticketRegistry" ,注入ticketRegistry -->
- <bean id="initialFlowSetupAction" class="org.jasig.cas.web.flow.InitialFlowSetupAction"
- p:argumentExtractors-ref="argumentExtractors"
- p:warnCookieGenerator-ref="warnCookieGenerator"
- p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"
- p:ticketRegistry-ref="ticketRegistry"/>