<filter> <filter-name>CAS Filter</filter-name> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>casServerLoginUrl</param-name> <param-value>https://cas.server.name:8443/cas/login</param-value> <!-- 使用的CAS-Server的登录地址,一定是到登录的action --> </init-param> <init-param> <param-name>serverName</param-name> <param-value>http://app1.cas.com:8081</param-value> <!-- 当前Client系统的地址 --> </init-param> </filter>
org.jasig.cas.client.authentication.AuthenticationFilter流程分析
public class AuthenticationFilter extends AbstractCasFilter { private String casServerLoginUrl;//登陆的路径 private boolean renew; private boolean gateway;//网关 private GatewayResolver gatewayStorage;//网管解析器 private AuthenticationRedirectStrategy authenticationRedirectStrategy;//身份验证重定向策略
private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass;//网管模式匹配策略 private static final Map<String, Class<? extends UrlPatternMatcherStrategy>> PATTERN_MATCHER_TYPES = new HashMap(); public AuthenticationFilter() { this(Protocol.CAS2); } protected AuthenticationFilter(Protocol protocol) { super(protocol); this.renew = false; this.gateway = false; this.gatewayStorage = new DefaultGatewayResolverImpl(); this.authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); this.ignoreUrlPatternMatcherStrategyClass = null; } protected void initInternal(FilterConfig filterConfig) throws ServletException { if (!this.isIgnoreInitConfiguration()) { super.initInternal(filterConfig); this.setCasServerLoginUrl(this.getString(ConfigurationKeys.CAS_SERVER_LOGIN_URL)); this.setRenew(this.getBoolean(ConfigurationKeys.RENEW)); this.setGateway(this.getBoolean(ConfigurationKeys.GATEWAY)); String ignorePattern = this.getString(ConfigurationKeys.IGNORE_PATTERN); String ignoreUrlPatternType = this.getString(ConfigurationKeys.IGNORE_URL_PATTERN_TYPE); Class gatewayStorageClass; if (ignorePattern != null) { gatewayStorageClass = (Class)PATTERN_MATCHER_TYPES.get(ignoreUrlPatternType); if (gatewayStorageClass != null) { this.ignoreUrlPatternMatcherStrategyClass = (UrlPatternMatcherStrategy)ReflectUtils.newInstance(gatewayStorageClass.getName(), new Object[0]); } else { try { this.logger.trace("Assuming {} is a qualified class name...", ignoreUrlPatternType); this.ignoreUrlPatternMatcherStrategyClass = (UrlPatternMatcherStrategy)ReflectUtils.newInstance(ignoreUrlPatternType, new Object[0]); } catch (IllegalArgumentException var6) { this.logger.error("Could not instantiate class [{}]", ignoreUrlPatternType, var6); } } if (this.ignoreUrlPatternMatcherStrategyClass != null) { this.ignoreUrlPatternMatcherStrategyClass.setPattern(ignorePattern); } } gatewayStorageClass = this.getClass(ConfigurationKeys.GATEWAY_STORAGE_CLASS); if (gatewayStorageClass != null) { this.setGatewayStorage((GatewayResolver)ReflectUtils.newInstance(gatewayStorageClass, new Object[0])); } Class<? extends AuthenticationRedirectStrategy> authenticationRedirectStrategyClass = this.getClass(ConfigurationKeys.AUTHENTICATION_REDIRECT_STRATEGY_CLASS); if (authenticationRedirectStrategyClass != null) { this.authenticationRedirectStrategy = (AuthenticationRedirectStrategy)ReflectUtils.newInstance(authenticationRedirectStrategyClass, new Object[0]); } } } public void init() { super.init(); CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null."); } public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)servletRequest; HttpServletResponse response = (HttpServletResponse)servletResponse; if (this.isRequestUrlExcluded(request)) { this.logger.debug("Request is ignored."); filterChain.doFilter(request, response); } else { HttpSession session = request.getSession(false); Assertion assertion = session != null ? (Assertion)session.getAttribute("_const_cas_assertion_") : null; if (assertion != null) { filterChain.doFilter(request, response); } else { String serviceUrl = this.constructServiceUrl(request, response); String ticket = this.retrieveTicketFromRequest(request); boolean wasGatewayed = this.gateway && this.gatewayStorage.hasGatewayedAlready(request, serviceUrl); if (!CommonUtils.isNotBlank(ticket) && !wasGatewayed) { this.logger.debug("no ticket and no assertion found"); String modifiedServiceUrl; if (this.gateway) { this.logger.debug("setting gateway attribute in session"); modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl); } else { modifiedServiceUrl = serviceUrl; } this.logger.debug("Constructed service url: {}", modifiedServiceUrl); String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, this.getProtocol().getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway); this.logger.debug("redirecting to \"{}\"", urlToRedirectTo); this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo); } else { filterChain.doFilter(request, response); } } } } public final void setRenew(boolean renew) { this.renew = renew; } public final void setGateway(boolean gateway) { this.gateway = gateway; } public final void setCasServerLoginUrl(String casServerLoginUrl) { this.casServerLoginUrl = casServerLoginUrl; } public final void setGatewayStorage(GatewayResolver gatewayStorage) { this.gatewayStorage = gatewayStorage; } private boolean isRequestUrlExcluded(HttpServletRequest request) { if (this.ignoreUrlPatternMatcherStrategyClass == null) { return false; } else { StringBuffer urlBuffer = request.getRequestURL(); if (request.getQueryString() != null) { urlBuffer.append("?").append(request.getQueryString()); } String requestUri = urlBuffer.toString(); return this.ignoreUrlPatternMatcherStrategyClass.matches(requestUri); } } static { PATTERN_MATCHER_TYPES.put("CONTAINS", ContainsPatternUrlPatternMatcherStrategy.class); PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class); PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class); } }