标签:cas sso
开源的CAS已经很多牛人分析过了,最近在看源码,也总结一下
在login-webflow.xml中,初次访问应用的flow轨迹是:
1 <on-start>
<evaluate expression="initialFlowSetupAction" />
</on-start>
2 <decision-state id="ticketGrantingTicketExistsCheck">
<if test="flowScope.ticketGrantingTicketId != null" then="hasServiceCheck" else="gatewayRequestCheck" />
</decision-state>
3 <decision-state id="gatewayRequestCheck">
<if test="requestParameters.gateway != ‘‘ and requestParameters.gateway != null and flowScope.service != null" then="gatewayServicesManagementCheck" else="generateLoginTicket" />
</decision-state>
4 <action-state id="generateLoginTicket">
<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />
<transition on="generated" to="viewLoginForm" />
</action-state>
所以代码会执行到generateLoginTicketAction中
GenerateLoginTicketAction.java
public final String generate(final RequestContext context) {
//通过DefaultUniqueTicketIdGenerator生成loginTicket,可以通过实现接口UniqueTicketIdGenerator.java,来自己定义生成loginTicket的格式
final String loginTicket = this.ticketIdGenerator.getNewTicketId(PREFIX);
this.logger.debug("Generated login ticket " + loginTicket);
//把ticket放入FlowScope
WebUtils.putLoginTicket(context, loginTicket);
return "generated";
}
返回后,跳转到“viewLoginForm”
<view-state id="viewLoginForm" view="casLoginView" model="credentials">
<binder>
<binding property="username" />
<binding property="password" />
</binder>
<on-entry>
<set name="viewScope.commandName" value="‘credentials‘" />
</on-entry>
<transition on="submit" bind="true" validate="true" to="realSubmit">
<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" />
</transition>
</view-state>
default_view.properties已经定义好了:casLoginView.url=/WEB-INF/view/jsp/default/ui/casLoginView.jsp
浏览器会跳转到casLoginView.jsp让用户登陆,用户在casLoginView.jsp执行submit动作时,evaluate 元素中 expression 属性所指明的表达式会被执行,即标红的部分。表达式内容执行完成后,转向id为realSubmit的state
<action-state id="realSubmit">
<evaluate expression="authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)" />
<transition on="warn" to="warn" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="generateLoginTicket" />
<transition on="accountDisabled" to="casAccountDisabledView" />
<transition on="mustChangePassword" to="casMustChangePassView" />
<transition on="accountLocked" to="casAccountLockedView" />
<transition on="badHours" to="casBadHoursView" />
<transition on="badWorkstation" to="casBadWorkstationView" />
<transition on="passwordExpired" to="casExpiredPassView" />
</action-state>
在realSubmit中,根据表达式“authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)”的不同返回值跳转到不同的界面
本文出自 “ping blog” 博客,转载请与作者联系!
标签:cas sso
原文地址:http://liyanping.blog.51cto.com/6241230/1636282
