单点登录 - 关于CAS客户端的拦截请求和忽略/排除不需要拦截的请求URL的问题

最新推荐文章于 2022-06-17 11:10:21 发布

VIP文章 weixin_33860147

最新推荐文章于 2022-06-17 11:10:21 发布

阅读量1.5k

点赞数

文章标签： java c# 测试

原文链接：https://my.oschina.net/thinwonton/blog/1456732

版权

2019独角兽企业重金招聘Python工程师标准>>>

在《单点登录 - 自定义CAS客户端的过滤器AuthenticationFilter》https://my.oschina.net/thinwonton/blog/1439112 文章里，介绍了一种CAS客户端的拦截请求和忽略/排除不需要拦截的请求URL的方法，该方法需要改写原来的AuthenticationFilter类。

后来无意中在网上看到了另一种方法，这好像是cas clieng 3.3以后支持的方法，我们一起看一下AuthenticationFilter 源码。

CAS CLIENT 3.2.1的源码

    public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        final HttpServletRequest request = (HttpServletRequest) servletRequest;
        final HttpServletResponse response = (HttpServletResponse) servletResponse;
        final HttpSession session = request.getSession(false);
        final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;

        if (assertion != null) {
            filterChain.doFilter(request, response);
            return;
        }

        final String serviceUrl = constructServiceUrl(request, response);
        final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
        final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);

        if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
            filterChain.doFilter(request, response);
            return;
        }

        final String modifiedServiceUrl;

        log.debug("no ticket and no assertion found");
        if (this.gateway) {
            log.debug("setting gateway attribute in session"