Authenticationviaformaction Source Code Analysis

Open-source CAs has been a lot of cattle analysis, and recently in the source, also summed up

Authenticationviaformaction.java Main code

Credentialsbinder This property is not injected in the configuration file, so This.credentialsbinder will always be null, invalid code

Public final void Dobind (final requestcontext context, final Credentials Credentials) throws Exception {

Final HttpServletRequest request = webutils.gethttpservletrequest (context);

if (This.credentialsbinder! = null && this.credentialsBinder.supports (Credentials.getclass ())) {

This.credentialsBinder.bind (request, credentials);

}

}

Public final String Submit (final RequestContext context, final Credentials Credentials, final Messagecontext Messageconte XT) throws Exception {

Get Loginticket from the flowscope of request

Final String Authoritativeloginticket = webutils.getloginticketfromflowscope (context);

Get Loginticket from the parameters of request

Final String Providedloginticket = webutils.getloginticketfromrequest (context);

If the two are different, return an error

if (!authoritativeloginticket.equals (Providedloginticket)) {

This.logger.warn ("Invalid login Ticket" + providedloginticket);

Final String code = "Invalid_ticket";

Messagecontext.addmessage (

New Messagebuilder (). Error (). Code (Code). ARG (Providedloginticket). DefaultText (Code). build ());

return "error";

}

Get Tgtid from the request parameter or Flowscope

Final String Ticketgrantingticketid = Webutils.getticketgrantingticketid (context);

Get the service from the Flowscope of request

Final Service service = Webutils.getservice (context);

Gets the value of renew from the request parameter if renew is not NULL, and Ticketgrantingticketid is null and service is NULL

if (Stringutils.hastext (Context.getrequestparameters (). Get ("Renew")) && Ticketgrantingticketid! = null & & service! = null) {

try {

Final String Serviceticketid = This.centralAuthenticationService.grantServiceTicket (Ticketgrantingticketid, service , credentials);

Webutils.putserviceticketinrequestscope (context, Serviceticketid);

Putwarncookieifrequestparameterpresent (context);

return "Warn";

} catch (Final Ticketexception e) {

if (Iscauseauthenticationexception (e)) {

Populateerrorsinstance (E, messagecontext);

Return Getauthenticationexceptioneventid (e);

}

This.centralAuthenticationService.destroyTicketGrantingTicket (Ticketgrantingticketid);

if (logger.isdebugenabled ()) {

Logger.debug ("Attempted to generate a serviceticket using Renew=true with different credentials", e);

}

}

}

try {

This.centralAuthenticationService.createTicketGrantingTicket (credentials) return to Tgtid, put Tgtid into Requestscope

Webutils.putticketgrantingticketinrequestscope (Context, This.centralAuthenticationService.createTicketGrantingTicket (credentials));

Putwarncookieifrequestparameterpresent (context);

Return "Success";

} catch (Final Ticketexception e) {

Populateerrorsinstance (E, messagecontext);

if (Iscauseauthenticationexception (e))

Return Getauthenticationexceptioneventid (e);

return "error";

}

}

This article from "Ping Blog" blog, reproduced please contact the author!

Authenticationviaformaction Source Code Analysis