去什么网站做推广,电脑做服务器上传网站,福州公司建站模板,网站开发图主要思路#xff1a;浏览器访问CAS服务器登录#xff0c;拿到凭证给后端#xff0c;后端用此凭证到CAS服务器验证登录并拿到用户信息#xff0c;之后基于该凭证维持用户的登录状态。
主要流程#xff1a;
1.浏览器访问后端需认证登录地址#xff08;不带ticket#xf…主要思路浏览器访问CAS服务器登录拿到凭证给后端后端用此凭证到CAS服务器验证登录并拿到用户信息之后基于该凭证维持用户的登录状态。
主要流程
1.浏览器访问后端需认证登录地址不带ticket
2.后端向浏览器发送重定向信息到cas服务端参数带跳转CAS服务器的地址
3.浏览器访问CAS服务端验证登录参数带跳转后端的地址
4.CAS服务器向浏览器发送重定向信息到后端的地址带ticket
5.后端用此ticket访问CAS服务端验证用户是否登录。 步骤2后端源码片段
org.jasig.cas.client.authentication.AuthenticationFilter#doFilter
这个AuthenticationFilter过滤器专门用户浏览器第一次访问时的跳转专门检测ticket是否存在。不存在就重定向到cas服务器存在就不处理
第一次访问后端认证地址没有ticket,重定地址到登录cas服务器
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,final FilterChain filterChain) throws IOException, ServletException {final HttpServletRequest request (HttpServletRequest) servletRequest;final HttpServletResponse response (HttpServletResponse) servletResponse;if (isRequestUrlExcluded(request)) {logger.debug(Request is ignored.);filterChain.doFilter(request, response);return;}final HttpSession session request.getSession(false);final Assertion assertion session ! null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;if (assertion ! null) {filterChain.doFilter(request, response);return;}final String serviceUrl constructServiceUrl(request, response);final String ticket retrieveTicketFromRequest(request);final boolean wasGatewayed this.gateway this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {filterChain.doFilter(request, response);return;}final String modifiedServiceUrl;logger.debug(no ticket and no assertion found);if (this.gateway) {logger.debug(setting gateway attribute in session);modifiedServiceUrl this.gatewayStorage.storeGatewayInformation(request, serviceUrl);} else {modifiedServiceUrl serviceUrl;}logger.debug(Constructed service url: {}, modifiedServiceUrl);final String urlToRedirectTo CommonUtils.constructRedirectUrl(this.casServerLoginUrl,getProtocol().getServiceParameterName(), modifiedServiceUrl, this.renew, this.gateway);logger.debug(redirecting to \{}\, urlToRedirectTo);this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);}
步骤5后端源码片段
org.jasig.cas.client.validation.AbstractTicketValidationFilter#doFilter
validation.AbstractTicket类是后端 通过前端带过来的ticket请求cas服务器认证有效性。
底层调用HttlsURLConnectionFactory。需要实现AbstractTicket自定义认证方式
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse,final FilterChain filterChain) throws IOException, ServletException {if (!preFilter(servletRequest, servletResponse, filterChain)) {return;}final HttpServletRequest request (HttpServletRequest) servletRequest;final HttpServletResponse response (HttpServletResponse) servletResponse;final String ticket retrieveTicketFromRequest(request);if (CommonUtils.isNotBlank(ticket)) {logger.debug(Attempting to validate ticket: {}, ticket);try {final Assertion assertion this.ticketValidator.validate(ticket,constructServiceUrl(request, response));logger.debug(Successfully authenticated user: {}, assertion.getPrincipal().getName());request.setAttribute(CONST_CAS_ASSERTION, assertion);if (this.useSession) {request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);}onSuccessfulValidation(request, response, assertion);if (this.redirectAfterValidation) {logger.debug(Redirecting after successful ticket validation.);response.sendRedirect(constructServiceUrl(request, response));return;}} catch (final TicketValidationException e) {logger.debug(e.getMessage(), e);onFailedValidation(request, response);if (this.exceptionOnValidationFailure) {throw new ServletException(e);}response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());return;}}filterChain.doFilter(request, response);}
后端需要配置cas服务器跳转地址,后端地址
