CAS-Client客户端研究(四)-HttpServletRequestWrapperFilter

最近研究CAS，先从客户开始来说明CAS的逻辑，可能会结合源代码。

必要说明：http://blog.csdn.net/yuwenruli/article/details/6602180

HttpServletRequestWrapperFilter其实作用很简单，就是在HttpServletRequest对象再包装一次，让其支持getUserPrincipal，getRemoteUser方法来取得登录的用户信息。

实现起来比较简单，这个里面使用到一个类CasHttpServletRequestWrapper，其继承HttpServletRequestWrapper，通过给定Assertion对象中取得AttributePrincipal对象来组装CasHttpServletRequestWrapper，看看源代码

public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
//从Session或者request中取得AttributePrincipal，其实Assertion的一个principal属性
final AttributePrincipal principal = retrievePrincipalFromSessionOrRequest(servletRequest);
//对request进行包装，并处理后面的过滤器，使其后面的过滤器或者servlet能够在request.getRemoteUser()或者request.getUserPrincipal()取得用户信息
filterChain.doFilter(new CasHttpServletRequestWrapper((HttpServletRequest) servletRequest, principal), servletResponse);
}

protected AttributePrincipal retrievePrincipalFromSessionOrRequest(final ServletRequest servletRequest) {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpSession session = request.getSession(false);
final Assertion assertion = (Assertion) (session == null ? request.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION) : session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION));

return assertion == null ? null : assertion.getPrincipal();
}

我们再来看看CasHttpServletRequestWrapper的源代码

final class CasHttpServletRequestWrapper extends HttpServletRequestWrapper {

private final AttributePrincipal principal;

CasHttpServletRequestWrapper(final HttpServletRequest request, final AttributePrincipal principal) {
super(request);
this.principal = principal;
}

public Principal getUserPrincipal() {
return this.principal;
}

public String getRemoteUser() {
return principal != null ? this.principal.getName() : null;
}

public boolean isUserInRole(final String role) {
if (CommonUtils.isBlank(role)) {
log.debug("No valid role provided.  Returning false.");
return false;
}

if (this.principal == null) {
log.debug("No Principal in Request.  Returning false.");
return false;
}

if (CommonUtils.isBlank(roleAttribute)) {
log.debug("No Role Attribute Configured. Returning false.");
return false;
}

final Object value = this.principal.getAttributes().get(roleAttribute);

if (value instanceof Collection<?>) {
for (final Object o : (Collection<?>) value) {
if (rolesEqual(role, o)) {
log.debug("User [" + getRemoteUser() + "] is in role [" + role + "]: " + true);
return true;
}
}
}

final boolean isMember = rolesEqual(role, value);
log.debug("User [" + getRemoteUser() + "] is in role [" + role + "]: " + isMember);
return isMember;
}

/**
* Determines whether the given role is equal to the candidate
* role attribute taking into account case sensitivity.
*
* @param given  Role under consideration.
* @param candidate Role that the current user possesses.
*
* @return True if roles are equal, false otherwise.
*/
private boolean rolesEqual(final String given, final Object candidate) {
return ignoreCase ? given.equalsIgnoreCase(candidate.toString()) : given.equals(candidate);
}
}