AuthenticationViaFormAction源码分析

开源的CAS已经很多牛人分析过了,最近在看源码,也总结一下    

AuthenticationViaFormAction.java主要代码


//credentialsBinder这个属性在配置文件中没有注入,所以this.credentialsBinder会一直为null,无效代码

    public final void doBind(final RequestContext context, final Credentials credentials) throws Exception {

        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);


        if (this.credentialsBinder != null && this.credentialsBinder.supports(credentials.getClass())) {

            this.credentialsBinder.bind(request, credentials);

        }

    }


    public final String submit(final RequestContext context, final Credentials credentials, final MessageContext messageContext) throws Exception {

    //从request的flowScope中获取loginTicket

        final String authoritativeLoginTicket = WebUtils.getLoginTicketFromFlowScope(context);

        //从request的参数中获取loginTicket

        final String providedLoginTicket = WebUtils.getLoginTicketFromRequest(context);

        //如果两者不一样,返回错误

        if (!authoritativeLoginTicket.equals(providedLoginTicket)) {

            this.logger.warn("Invalid login ticket " + providedLoginTicket);

            final String code = "INVALID_TICKET";

            messageContext.addMessage(

                new MessageBuilder().error().code(code).arg(providedLoginTicket).defaultText(code).build());

            return "error";

        }

        

        //从request参数中或者flowScope中获取TGTID

        final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);

        //从request的flowScope中获取service

        final Service service = WebUtils.getService(context);

        //从request参数中获取renew的值,如果renew不为null,且ticketGrantingTicketId为null,且service为null

        if (StringUtils.hasText(context.getRequestParameters().get("renew")) && ticketGrantingTicketId != null && service != null) {


            try {

                final String serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);

                WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);

                putWarnCookieIfRequestParameterPresent(context);

                return "warn";

            } catch (final TicketException e) {

                if (isCauseAuthenticationException(e)) {

                    populateErrorsInstance(e, messageContext);

                    return getAuthenticationExceptionEventId(e);

                }

                

                this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);

                if (logger.isDebugEnabled()) {

                    logger.debug("Attempted to generate a ServiceTicket using renew=true with different credentials", e);

                }

            }

        }


        try {

        //this.centralAuthenticationService.createTicketGrantingTicket(credentials)返回TGTID,把TGTID放入RequestScope中

            WebUtils.putTicketGrantingTicketInRequestScope(context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));

            putWarnCookieIfRequestParameterPresent(context);

            return "success";

        } catch (final TicketException e) {

            populateErrorsInstance(e, messageContext);

            if (isCauseAuthenticationException(e))

                return getAuthenticationExceptionEventId(e);

            return "error";

        }

    }


本文出自 “ping blog” 博客,转载请与作者联系!

郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。