CAS 客戶端以及服務端的基本配置

1. 客戶端 web.xml  片斷：

Xml代碼  

1. ...  
2.   
3. <filter>  
4.           <filter-name>CAS Authentication Filter</filter-name>  
5.           <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>  
6.           <init-param>  
7.                 <param-name>casServerLoginUrl</param-name>  
8.                 <param-value>https://www.colorcc.com:8443/cas/login</param-value>  
9.           </init-param>  
10.           <init-param>  
11.                 <param-name>serverName</param-name>  
12.                 <param-value>http://localhost:8080</param-value>  
13.           </init-param>  
14.     </filter>  
15.     <filter>  
16.           <filter-name>CAS Validation Filter</filter-name>  
17.           <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>  
18.           <init-param>  
19.                 <param-name>casServerUrlPrefix</param-name>  
20.                 <param-value>https://www.colorcc.com:8443/cas</param-value>  
21.           </init-param>  
22.           <init-param>  
23.                 <param-name>serverName</param-name>  
24.                 <param-value>http://localhost:8080</param-value>  
25.           </init-param>  
26.     <!--   <init-param>  
27.                 <param-name>redirectAfterValidation</param-name>  
28.                 <param-value>false</param-value>  
29.           </init-param> -->  
30.     </filter>  
31.   
32.     <filter-mapping>  
33.         <filter-name>CAS Authentication Filter</filter-name>  
34.         <url-pattern>/*</url-pattern>  
35.     </filter-mapping>  
36.     <filter-mapping>  
37.         <filter-name>CAS Validation Filter</filter-name>  
38.         <url-pattern>/*</url-pattern>  
39.     </filter-mapping>  
40. ... 
    

2：AuthenticationFilter 代碼:

1. 1. public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {  
   2.         final HttpServletRequest request = (HttpServletRequest) servletRequest;  
   3.         final HttpServletResponse response = (HttpServletResponse) servletResponse;  
   4.         final HttpSession session = request.getSession(false);  
   5.         final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;  
   6.         // 若是 session 中有 assertion，則結束 authentication 過濾器，直接跳到下一個過濾器  
   7.         if (assertion != null) {  
   8.             filterChain.doFilter(request, response);  
   9.             return;  
   10.         }  
   11.   
   12.         //  2.1 若是 session 中無 assertion, 則構造 service,  如 http://www.web.com/a1  
   13.        <strong> final String serviceUrl = constructServiceUrl(request, response);</strong>  
   14.   
   15.   
   16.   
   17.   
   18.   
   19.         final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());  
   20.         final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);  
   21.   
   22.         // 若是 request 中有 ticke變量，則結束本過濾器，直接跳到下一個過濾器  
   23.         if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {  
   24.             filterChain.doFilter(request, response);  
   25.             return;  
   26.         }  
   27.   
   28.         final String modifiedServiceUrl;  
   29.   
   30.         log.debug("no ticket and no assertion found");  
   31.         if (this.gateway) {  
   32.             log.debug("setting gateway attribute in session");  
   33.             modifiedServiceUrl = this.gatewayStorage.storeGatewayInformation(request, serviceUrl);  
   34.         } else {  
   35.             modifiedServiceUrl = serviceUrl;  
   36.   
   37.         }  
   38.   
   39.         if (log.isDebugEnabled()) {  
   40.             log.debug("Constructed service url: " + modifiedServiceUrl);  
   41.         }  
   42.   
   43.         // 2.2 否 則構造重定向 URL， 其中 casServerLoginUrl 爲 web.xml 中 filter 配 置，eg: https://www.cas-server.com/cas/login?service=http://www.web.com /a1  
   44.        final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);  
   45.   
   46.   
   47.         if (log.isDebugEnabled()) {  
   48.             log.debug("redirecting to \"" + urlToRedirectTo + "\"");  
   49.         }  
   50.   
   51.         //  2.3 重定向到 CAS server   
   52.         response.sendRedirect(urlToRedirectTo);<em>  
   53. </em>  
   54.   
   55.   
   56.   
   57.   
   58.   
   59.     } 
       

3：

. 重定向URL：  https://www.cas-server.com/cas/login?service=http://www.web.com/a1, 其中 cas server的 web.xml：

Java代碼  

1. <servlet>  
2.     <servlet-name>cas</servlet-name>  
3.     <servlet-class>  
4.       org.jasig.cas.web.init.SafeDispatcherServlet  
5.     </servlet-class>  
6.     <init-param>  
7.       <param-name>publishContext</param-name>  
8.       <param-value>false</param-value>  
9.     </init-param>  
10.     <load-on-startup>1</load-on-startup>  
11.   </servlet>  
12.       
13.   <servlet-mapping>  
14.     <servlet-name>cas</servlet-name>  
15.     <url-pattern>/login</url-pattern>  
16.   </servlet-mapping>  

 

     3.1  SafeDispatcherServlet 使用 Spring DispatcherServlet 做爲 delegate

 

Java代碼  

1. public final class SafeDispatcherServlet extends HttpServlet {  
2.   
3.     // 定義 Spring DispatcherServlet 做爲 delegate  
4.     private DispatcherServlet delegate = new DispatcherServlet();  
5.   
6.     // 使用 delegate 初始化 servlet   
7.     public void init(final ServletConfig config) {  
8.         try {  
9.             this.delegate.init(config);  
10.   
11.         } catch (final Throwable t) {  
12.          ...  
13.   
14.      // 使用 delegate 的 service 執行 web 操做  
15.      public void service(final ServletRequest req, final ServletResponse resp)  
16.         throws ServletException, IOException {  
17.         if (this.initSuccess) {  
18.             this.delegate.service(req, resp);  
19.         } else {  
20.             throw new ApplicationContextException(  
21.                 "Unable to initialize application context.");  
22.         }  
23.     }  

 

    3.2 cas-servlet.xml 配置文件以下, 能夠看到 login 對應的 webflow 爲： login-webflow.xml

 

Java代碼  

1. <webflow:flow-registry id="flowRegistry" flow-builder-services="builder">  
2.   <webflow:flow-location path="/WEB-INF/login-webflow.xml" id="login"/>  
3. </webflow:flow-registry>  

    3.3  根據 login-webflow.xml 配置文件(結合 cas-servlet.xml)：

 

Java代碼  

1. <on-start>  
2.         <evaluate ="initialFlowSetupAction" />  
3.     </on-start>  
4.   
5. <bean id="initialFlowSetupAction" class="org.jasig.cas.web.flow.InitialFlowSetupAction"  
6.         p:argumentExtractors-ref="argumentExtractors"  
7.         p:warnCookieGenerator-ref="warnCookieGenerator"  
8.         p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"/>  

     3.4 InitialFlowSetupAction

 

Java代碼  

1. protected Event doExecute(final RequestContext context) throws Exception {  
2.         final HttpServletRequest request = WebUtils.getHttpServletRequest(context);  
3.         if (!this.pathPopulated) {  
4.             final String contextPath = context.getExternalContext().getContextPath();  
5.             final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + "/" : "/";  
6.             logger.info("Setting path for cookies to: "  
7.                 + cookiePath);  
8.             this.warnCookieGenerator.setCookiePath(cookiePath);  
9.             this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);  
10.             this.pathPopulated = true;  
11.         }  
12.           
13.         // 給 FlowScope 的設置 ticketGrantingTicketId, warnCookieValue 參數  
14.         context.getFlowScope().put(  
15.             "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));  
16.         context.getFlowScope().put("warnCookieValue",  
17.             Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));  
18.          
19.          // 3.4.1 抽取 service 參數  
20.         final Service service = WebUtils.getService(this.argumentExtractors, context);  
21.   
22.         if (service != null && logger.isDebugEnabled()) {  
23.             logger.debug("Placing service in FlowScope: " + service.getId());  
24.         }  
25.   
26.         // 給 FlowScope 的設置 service 參數  
27.         context.getFlowScope().put("service", service);  
28.   
29.         return result("success");  
30.     }  

     3.4.1  WebApplicationService.getService

Java代碼  

1. public static WebApplicationService getService(  
2.         final List<ArgumentExtractor> argumentExtractors,  
3.         final HttpServletRequest request) {  
4.         for (final ArgumentExtractor argumentExtractor : argumentExtractors) {  
5.               
6.             // 3.4.1.1 經過配置的 argumentExtractor 抽取 service  
7.             final WebApplicationService service = argumentExtractor.extractService(request);  
8.   
9.             if (service != null) {  
10.                 return service;  
11.             }  
12.         }  
13.   
14.         return null;  
15.     }  

 

     3.4.1.1  CasArgumentExtractor 代碼

Java代碼  

1. public final class CasArgumentExtractor extends AbstractSingleSignOutEnabledArgumentExtractor {  
2.   
3.     public final WebApplicationService extractServiceInternal(final HttpServletRequest request) {  
4.         return SimpleWebApplicationServiceImpl.createServiceFrom(request, getHttpClientIfSingleSignOutEnabled());  
5.     }  
6. }  
7.   
8. // SimpleWebApplicationServiceImpl  
9.     private static final String CONST_PARAM_SERVICE = "service";  
10.     private static final String CONST_PARAM_TARGET_SERVICE = "targetService";  
11.     private static final String CONST_PARAM_TICKET = "ticket";  
12.     private static final String CONST_PARAM_METHOD = "method";  
13.   
14. public static SimpleWebApplicationServiceImpl createServiceFrom(  
15.         final HttpServletRequest request, final HttpClient httpClient) {  
16.         final String targetService = request  
17.             .getParameter(CONST_PARAM_TARGET_SERVICE);  
18.         final String method = request.getParameter(CONST_PARAM_METHOD);  
19.         final String serviceToUse = StringUtils.hasText(targetService)  
20.             ? targetService : request.getParameter(CONST_PARAM_SERVICE);  
21.   
22.         if (!StringUtils.hasText(serviceToUse)) {  
23.             return null;  
24.         }  
25.   
26.         final String id = cleanupUrl(serviceToUse);  
27.         final String artifactId = request.getParameter(CONST_PARAM_TICKET);  
28.   
29.         return new SimpleWebApplicationServiceImpl(id, serviceToUse,  
30.             artifactId, "POST".equals(method) ? ResponseType.POST  
31.                 : ResponseType.REDIRECT, httpClient);  
32.     }  
33.   
34. private SimpleWebApplicationServiceImpl(final String id,  
35.         final String originalUrl, final String artifactId,  
36.         final ResponseType responseType, final HttpClient httpClient) {  
37.         super(id, originalUrl, artifactId, httpClient);  
38.         this.responseType = responseType;  
39.     }  
40.   
41. protected AbstractWebApplicationService(final String id, final String originalUrl, final String artifactId, final HttpClient httpClient) {  
42.         this.id = id;  
43.         this.originalUrl = originalUrl;  
44.         this.artifactId = artifactId;  
45.         this.httpClient = httpClient;  
46.     }  

 

 

3. Cas20ProxyReceivingTicketValidationFilter 及 AbstractTicketValidationFilter代碼：

Java代碼  

1. public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {  
2.   
3.         if (!preFilter(servletRequest, servletResponse, filterChain)) {  
4.             return;  
5.         }  
6.   
7.         final HttpServletRequest request = (HttpServletRequest) servletRequest;  
8.         final HttpServletResponse response = (HttpServletResponse) servletResponse;  
9.         final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());  
10.   
11.         // 若是 URL 中包含 ticket 參數，則執行 service 驗證工做  
12.         if (CommonUtils.isNotBlank(ticket)) {  
13.             if (log.isDebugEnabled()) {  
14.                 log.debug("Attempting to validate ticket: " + ticket);  
15.             }  
16.   
17.             try {  
18.                  
19.                 final Assertion assertion = this.ticketValidator.validate(ticket, constructServiceUrl(request, response));  
20.   
21.                 if (log.isDebugEnabled()) {  
22.                     log.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());  
23.                 }  
24.   
25.                 request.setAttribute(CONST_CAS_ASSERTION, assertion);  
26.   
27.                 if (this.useSession) {  
28.                     request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);  
29.                 }  
30.                 onSuccessfulValidation(request, response, assertion);  
31.   
32.                 if (this.redirectAfterValidation) {  
33.                     log. debug("Redirecting after successful ticket validation.");  
34.                     response.sendRedirect(constructServiceUrl(request, response));  
35.                     return;  
36.                 }  
37.             } catch (final TicketValidationException e) {  
38.                 response.setStatus(HttpServletResponse.SC_FORBIDDEN);  
39.                 log.warn(e, e);  
40.   
41.                 onFailedValidation(request, response);  
42.   
43.                 if (this.exceptionOnValidationFailure) {  
44.                     throw new ServletException(e);  
45.                 }  
46.   
47.                 return;  
48.             }  
49.         }  
50.   
51.         // 若是不包含 ticket， 直接跳過CAS Filter驗證，繼續其餘 filter 或 web app 操做  
52.         filterChain.doFilter(request, response);  
53.   
54.     }