CAS-Client客户端研究--Cas20ProxyReceivingTicketValidationFilter
2013-05-17 11:47
435 查看
renew - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
gateway - specifies whether gateway=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
artifactParameterName - specifies the name of the request parameter on where to find the artifact (i.e. "ticket").
serviceParameterName - specifies the name of the request parameter on where to find the service (i.e. "service").
renew - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
gateway - specifies whether gateway=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
artifactParameterName - specifies the name of the request parameter on where to find the artifact (i.e. "ticket").
serviceParameterName - specifies the name of the request parameter on where to find the service (i.e. "service").
在验证前需要:如果请求参数中带有pgtid和pgtiou只需要缓存pgtio与pgtid映射关系
验证类:
验证过程:
gateway - specifies whether gateway=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
artifactParameterName - specifies the name of the request parameter on where to find the artifact (i.e. "ticket").
serviceParameterName - specifies the name of the request parameter on where to find the service (i.e. "service").
renew - specifies whether renew=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
gateway - specifies whether gateway=true should be sent to the CAS server. Valid values are either "true" or "false" (or no value at all).
artifactParameterName - specifies the name of the request parameter on where to find the artifact (i.e. "ticket").
serviceParameterName - specifies the name of the request parameter on where to find the service (i.e. "service").
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
if (!preFilter(servletRequest, servletResponse, filterChain)) {
return;
}
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
if (CommonUtils.isNotBlank(ticket)) {
if (log.isDebugEnabled()) {
log.debug("Attempting to validate ticket: " + ticket);
}
try {
final Assertion assertion = this.ticketValidator.validate(ticket, constructServiceUrl(request, response));
if (log.isDebugEnabled()) {
log.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());
}
request.setAttribute(CONST_CAS_ASSERTION, assertion);
if (this.useSession) {
request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);
}
onSuccessfulValidation(request, response, assertion);
if (this.redirectAfterValidation) {
log. debug("Redirecting after successful ticket validation.");
response.sendRedirect(constructServiceUrl(request, response));
return;
}
} catch (final TicketValidationException e) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
log.warn(e, e);
onFailedValidation(request, response);
if (this.exceptionOnValidationFailure) {
throw new ServletException(e);
}
return;
}
}
filterChain.doFilter(request, response);
}在验证前需要:如果请求参数中带有pgtid和pgtiou只需要缓存pgtio与pgtid映射关系
protected final boolean preFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final String requestUri = request.getRequestURI();
if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestUri.endsWith(this.proxyReceptorUrl)) {
return true;
}
try {
CommonUtils.readAndRespondToProxyReceptorRequest(request, response, this.proxyGrantingTicketStorage);
} catch (final RuntimeException e) {
log.error(e.getMessage(), e);
throw e;
}
return false;
}public static void readAndRespondToProxyReceptorRequest(final HttpServletRequest request, final HttpServletResponse response, final ProxyGrantingTicketStorage proxyGrantingTicketStorage) throws IOException {
final String proxyGrantingTicketIou = request.getParameter(PARAM_PROXY_GRANTING_TICKET_IOU);
final String proxyGrantingTicket = request.getParameter(PARAM_PROXY_GRANTING_TICKET);
if (CommonUtils.isBlank(proxyGrantingTicket) || CommonUtils.isBlank(proxyGrantingTicketIou)) {
response.getWriter().write("");
return;
}
proxyGrantingTicketStorage.save(proxyGrantingTicketIou, proxyGrantingTicket);
response.getWriter().write("<?xml version=\"1.0\"?>");
response.getWriter().write("<casClient:proxySuccess xmlns:casClient=\"http://www.yale.edu/tp/casClient\" />");
}验证类:
protected final TicketValidator getTicketValidator(final FilterConfig filterConfig) {
final String allowAnyProxy = getPropertyFromInitParams(filterConfig, "acceptAnyProxy", null);
final String allowedProxyChains = getPropertyFromInitParams(filterConfig, "allowedProxyChains", null);
final String casServerUrlPrefix = getPropertyFromInitParams(filterConfig, "casServerUrlPrefix", null);
final Cas20ServiceTicketValidator validator;
if (CommonUtils.isNotBlank(allowAnyProxy) || CommonUtils.isNotBlank(allowedProxyChains)) {//被代理的
final Cas20ProxyTicketValidator v = new Cas20ProxyTicketValidator(casServerUrlPrefix);
v.setAcceptAnyProxy(parseBoolean(allowAnyProxy));
v.setAllowedProxyChains(CommonUtils.createProxyList(allowedProxyChains));
validator = v;
} else {//代理的,即中间人
validator = new Cas20ServiceTicketValidator(casServerUrlPrefix);
}
validator.setProxyCallbackUrl(getPropertyFromInitParams(filterConfig, "proxyCallbackUrl", null));
validator.setProxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
validator.setProxyRetriever(new Cas20ProxyRetriever(casServerUrlPrefix, getPropertyFromInitParams(filterConfig, "encoding", null)));
validator.setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
validator.setEncoding(getPropertyFromInitParams(filterConfig, "encoding", null));
final Map<String,String> additionalParameters = new HashMap<String,String>();
final List<String> params = Arrays.asList(RESERVED_INIT_PARAMS);
for (final Enumeration<?> e = filterConfig.getInitParameterNames(); e.hasMoreElements();) {
final String s = (String) e.nextElement();
if (!params.contains(s)) {
additionalParameters.put(s, filterConfig.getInitParameter(s));
}
}
validator.setCustomParameters(additionalParameters);
validator.setHostnameVerifier(getHostnameVerifier(filterConfig));
return validator;
}验证过程:
public Assertion validate(final String ticket, final String service) throws TicketValidationException {
final String validationUrl = constructValidationUrl(ticket, service);
try {
final String serverResponse = retrieveResponseFromServer(new URL(validationUrl), ticket);
if (serverResponse == null) {
throw new TicketValidationException("The CAS server returned no response.");
}
return parseResponseFromServer(serverResponse);
} catch (final MalformedURLException e) {
throw new TicketValidationException(e);
}
}
protected final String constructValidationUrl(final String ticket, final String serviceUrl) {
final Map<String,String> urlParameters = new HashMap<String,String>();
urlParameters.put("ticket", ticket);
urlParameters.put("service", encodeUrl(serviceUrl));
if (this.renew) {
urlParameters.put("renew", "true");
}
populateUrlAttributeMap(urlParameters);
if (this.customParameters != null) {
urlParameters.putAll(this.customParameters);
}
urlParameters.put("pgtUrl", encodeUrl(this.proxyCallbackUrl));
final String suffix = getUrlSuffix();
final StringBuilder buffer = new StringBuilder(urlParameters.size()*10 + this.casServerUrlPrefix.length() + suffix.length() +1);
int i = 0;
buffer.append(this.casServerUrlPrefix);
if (!this.casServerUrlPrefix.endsWith("/")) {
buffer.append("/");
}
buffer.append(suffix);
for (Map.Entry<String,String> entry : urlParameters.entrySet()) {
final String key = entry.getKey();
final String value = entry.getValue();
if (value != null) {
buffer.append(i++ == 0 ? "?" : "&");
buffer.append(key);
buffer.append("=");
buffer.append(value);
}
}
return buffer.toString();
}
protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException {
final String error = XmlUtils.getTextForElement(response,
"authenticationFailure");
if (CommonUtils.isNotBlank(error)) {
throw new TicketValidationException(error);
}
final String principal = XmlUtils.getTextForElement(response, "user");
final String proxyGrantingTicketIou = XmlUtils.getTextForElement(response, "proxyGrantingTicket");
final String proxyGrantingTicket = this.proxyGrantingTicketStorage != null ? this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou) : null;
if (CommonUtils.isEmpty(principal)) {
throw new TicketValidationException("No principal was found in the response from the CAS server.");
}
final Assertion assertion;
final Map<String,Object> attributes = extractCustomAttributes(response);
if (CommonUtils.isNotBlank(proxyGrantingTicket)) {
final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes, proxyGrantingTicket, this.proxyRetriever);
assertion = new AssertionImpl(attributePrincipal);
} else {
assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes));
}
customParseResponse(response, assertion);
return assertion;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- CAS-Client客户端研究(五)-SingleSignOutFilter
- CAS-Client客户端研究--AssertionThreadLocalFilter
- CAS-Client客户端研究(六)-各种过滤器参数说明
- CAS-Client客户端研究(一)-AuthenticationFilter
- CAS-Client客户端研究(三)-AssertionThreadLocalFilter
- CAS-Client客户端研究--SingleSignOutFilter
- CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter
- CAS-Client客户端研究(六)-各种过滤器参数说明
- CAS-Client客户端研究(五)-SingleSignOutFilter
- CAS-Client客户端研究(一)-AuthenticationFilter
- CAS-Client客户端研究--HttpServletRequestWrapperFilter
- CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter
- CAS-Client客户端研究(三)-AssertionThreadLocalFilter
- CAS-Client客户端研究--AuthenticationFilter
- CAS-Client客户端研究(二)-Cas20ProxyReceivingTicketValidationFilter
- CAS-Client客户端研究(五)-SingleSignOutFilter
- CAS-Client客户端研究(六)-各种过滤器参数说明
- CAS-Client客户端研究(一)-AuthenticationFilter
- CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter
- CAS-Client客户端研究(一)-AuthenticationFilter