开源的CAS已经很多牛人分析过了,最近在看源码,也总结一下

AuthenticationFilter.java主要代码

    /**

     * 这里用到了责任链模式,filterChain里面包含了web.xml里面配置的所有Filter,每次执行filterChain的doFilter()时,会执行下一个Filter的doFilter方法

     * 可以查看ApplicationFilterChain的源码http://javapolo.iteye.com/blog/1287747

     */

    public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {

        final HttpServletRequest request = (HttpServletRequest) servletRequest;

        final HttpServletResponse response = (HttpServletResponse) servletResponse;

        final HttpSession session = request.getSession(false);

        

        //assertion的值会一直为空,因为一直都执行不到this.gatewayStorage.storeGatewayInformation(request, serviceUrl)

        //只有在web.xml里面配置了gateway属性为ture,才会执行到

        //什么时候才要配置gateway为true?

        final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;

        

        if (assertion != null) {

            filterChain.doFilter(request, response);

            return;

        }

        //从request中构造服务URL

        final String serviceUrl = constructServiceUrl(request, response);

        /**

         * getArtifactParameterName()的值是在AbstractCasFilter初始化时执行setArtifactParameterName()时赋的值,我们在web.xml中没有配置,所以默认是“ticket”

         * safeGetParameter(request,getArtifactParameterName())会从request的请求链接中返回参数“ticket”的值

         */

        final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());

        

        //判断request的session里面是否有CONST_CAS_GATEWAY属性,如果有,则从session里面清除这个属性,并return true;

        //这段代码的作用?

        final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);


        if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {

            filterChain.doFilter(request, response);

            return;

        }


        final String modifiedServiceUrl;


        log.debug("no ticket and no assertion found");

        //这个值在web.xml中没有配置,所以为false

        if (this.gateway) {

            log.debug("setting gateway attribute in session");

            modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);

        } else {

            modifiedServiceUrl = serviceUrl;

        }


        if (log.isDebugEnabled()) {

            log.debug("Constructed service url: " + modifiedServiceUrl);

        }

        //根据参数构造重定向URL,URL为登陆界面,并把当前访问的路径作为参数拼加到URL之后

        final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);


        if (log.isDebugEnabled()) {

            log.debug("redirecting to \"" + urlToRedirectTo + "\"");

        }

        //重定向到服务器端

        response.sendRedirect(urlToRedirectTo);

    }