<on-start> <evaluate expression="initialFlowSetupAction"/> </on-start>
WebUtils.putTicketGrantingTicketInScopes(context,this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
try { final Cookie cookie = org.springframework.web.util.WebUtils.getCookie( request, getCookieName()); return cookie == null ? null : this.casCookieValueManager.obtainCookieValue(cookie, request); } catch (final Exception e) { logger.debug(e.getMessage(), e); } return null;
代碼說明:邏輯比較簡單,直接從cookie中獲取TGC(getCookieName()方法有興趣能夠追蹤下看看),若是TGC不爲空,調用this.casCookieValueManager.obtainCookieValue(cookie, request)方法解析TGC獲得TGT,問題逐漸明朗了,TGT是根據TGC獲取到的。html
final String cookieValue = this.cipherExecutor.decode(cookie.getValue()); LOGGER.debug("Decoded cookie value is [{}]", cookieValue); if (StringUtils.isBlank(cookieValue)) { LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName()); return null; } final String[] cookieParts = cookieValue.split(String.valueOf(COOKIE_FIELD_SEPARATOR)); if (cookieParts.length != COOKIE_FIELDS_LENGTH) { throw new IllegalStateException("Invalid cookie. Required fields are missing"); } final String value = cookieParts[0]; final String remoteAddr = cookieParts[1]; final String userAgent = cookieParts[2]; if (StringUtils.isBlank(value) || StringUtils.isBlank(remoteAddr) || StringUtils.isBlank(userAgent)) { throw new IllegalStateException("Invalid cookie. Required fields are empty"); } if (!remoteAddr.equals(request.getRemoteAddr())) { throw new IllegalStateException("Invalid cookie. Required remote address does not match " + request.getRemoteAddr()); } if (!userAgent.equals(request.getHeader("user-agent"))) { throw new IllegalStateException("Invalid cookie. Required user-agent does not match " + request.getHeader("user-agent")); } return value;
代碼說明:首先解密TGC後獲得一個由@符號分隔的字符串,分隔後獲取到TGT、客戶端IP、客戶端代理信息。並將從TGC中解密的客戶端IP信息和客戶端代理信息與當前請求的客戶端IP信息和客戶端代理信息進行比較,若不相等就拋出異常(Cas的安全策略)。web
WebUtils.putTicketGrantingTicketInScopes(context, this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
String cookie = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request); //增長從request中獲取tgt if (cookie == null && request.getRequestURI().contains("/login")) { String tgt = request.getParameter("tgt"); if (StringUtils.isNotBlank(tgt)) { HttpServletResponse response = WebUtils.getHttpServletResponse(context); //TGT生成爲TGC並添加客戶端cookie中 this.ticketGrantingTicketCookieGenerator.addCookie(request, response, tgt); //tgt直接付值給cookie cookie = tgt; } } WebUtils.putTicketGrantingTicketInScopes(context,cookie);
<on-start> <evaluate expression="initialFlowSetupExAction"/> </on-start>