1. 系统启动
启动的配置类:
CasSupportActionsConfiguration
启动的时候会初始化系列action,比较典型的action如下:action名称-实际类型
authenticationViaFormAction-InitialAuthenticationAction
serviceAuthorizationCheck-ServiceAuthorizationCheck
sendTicketGrantingTicketAction-SendTicketGrantingTicketAction
createTicketGrantingTicketAction-CreateTicketGrantingTicketAction
DefaultLoginWebflowConfigurer
此类做了一些初始化操作:初始化流,异常,视图状态等
protected void doInitialize() {
final Flow flow = getLoginFlow();
if (flow != null) {
createInitialFlowActions(flow);
createDefaultGlobalExceptionHandlers(flow);
createDefaultEndStates(flow);
createDefaultDecisionStates(flow);
createDefaultActionStates(flow);
createDefaultViewStates(flow);
createRememberMeAuthnWebflowConfig(flow);
setStartState(flow, CasWebflowConstants.STATE_ID_INITIAL_AUTHN_REQUEST_VALIDATION_CHECK);
}
2. 访问应用
初始化访问
InitialFlowSetupAction
InitialFlowSetupAction的doExecute要做的就是把ticketGrantingTicketId,warnCookieValue和service放到FlowScope的作用域中,以便在登录流程中的state中进行判断。
public Event doExecute(final RequestContext context) {
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
if (request.getMethod().equalsIgnoreCase(HttpMethod.POST.name())) {
WebUtils.putInitialHttpRequestPostParameters(context);
}
//设置 TGC cookie路径 /cas 或者/
configureCookieGenerators(context);
//cookie,静态认证,密码策略等放入flowScop,TGT放入FlowScope/RequestScope
configureWebflowContext(context);
//将service进行注册并且放入RequestScope
configureWebflowContextForService(context);
return success();
}
InitialAuthenticationRequestValidationAction
初始化认证请求校验
啥没干,就返回一个success的事件
protected Event doExecute(final RequestContext requestContext) {
return this.rankedAuthenticationProviderWebflowEventResolver.resolveSingle(requestContext);
}
TicketGrantingTicketCheckAction
校验request 上下文的TGT是否合法。
当我们第一次访问集成了CAS单点登录的应用系统,此时应用系统会跳转到CAS单点登录的服务器端。此时,request的cookies中不存在CASTGC(TGT),因此FlowScope作用域中的ticketGrantingTicketId为null
public Event doExecute(final RequestContext requestContext) {
// tgt为null 返回tgt不存在的事件
final String tgtId = WebUtils.getTicketGrantingTicketId(requestContext);
if (StringUtils.isBlank(tgtId)) {
return new Event(this, CasWebflowConstants.TRANSITION_ID_TGT_NOT_EXISTS);
}
final Ticket ticket = this.centralAuthenticationService.getTicket(tgtId, Ticket.class);
if (ticket != null && !ticket.isExpired()) {
return new Event(this, CasWebflowConstants.TRANSITION_ID_TGT_VALID);
}
return new Event(this, CasWebflowConstants.TRANSITION_ID_TGT_INVALID);
}
ServiceAuthorizationCheck
判断FlowScope作用域中是否存在service,不存在返回成功事件,如果service存在,查找service的注册信息,判断service是否符合注册服务访问要求,不合法则将未授权的serice放入FlowScope
protected Event doExecute(final RequestContext context) {
final Service service = authenticationRequestServiceSelectionStrategies.resolveService(serviceInContext);
if (service == null) {
return success();
}
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
return success();
}
InitializeLoginAction
初始化登录行为,直接返回成功事件,进入登录页面
protected Event doExecute(final RequestContext requestContext) throws Exception {
LOGGER.debug("Initialized login sequence");
return success();
}
2. 表单提交
InitialAuthenticationAction-AbstractAuthenticationAction
[Transition@1950dc92 on = submit, to = realSubmit]
protected Event doExecute(final RequestContext requestContext) {
// ticket请求事件处理, 为null
final Event serviceTicketEvent = this.serviceTicketRequestWebflowEventResolver.resolveSin