Research on cas-Client client-authenticationfilter

Required Parameters:

Casserverloginurl: defines the logon URL of the CAS server, for example, https: // localhost: 8443/CAS/login.

Service or servername:

Service: the URL of the Service sent to the CAS server, for example, https: // localhost: 8443/yourwebapp/index.html

Servername: the server name of the CAS client. The service URL is dynamically assembled using this name, for example, http: // localhost: 8080 (the Protocol must be included. If the port is a standard port, you can leave it empty, for example, port 80)

Optional parameters:

• Renew: Specify whether renew is true. Valid values are true and false. If it is true, a new session is generated for each request. The default value is false.
• Gateway-Specifies whether to use the firewall. Valid values are true and false. The default value is false.
• Artifactparametername-specify the parameter name of the ticket to be saved in the request. The default value is ticket.
• Serviceparametername-specify the parameter name of the request to save the service. The default value is service.

Now, starting from the first filter, the logical process of the filter is shown below.

We found that the function of this filter is to determine whether the filter has been logged on. If the filter is not logged on, it is determined based on the configuration (GATEWAY.

Public final void dofilter (final servletrequest, final registration failed, final filterchain) throws ioexception, servletexception {// conversion parameter final httpservletrequest request = (httpservletrequest) servletrequest; final httpservletresponse response = (httpservletresponse) servletresponse; // obtain assertion final httpsession session = request from the session. getsession (Fa LSE); final assertion = session! = NULL? (Assertion) Session. getattribute (const_cas_assertion): NULL; // If yes, it indicates that you have logged on. This filter is processed completely and the next filter if (assertion! = NULL) {filterchain. dofilter (request, response); return;} // if there is no assertion object in the session, assemble serviceurl and try to get the ticket attribute from the parameter. Final string serviceurl = constructserviceurl (request, response); final string ticket = commonutils. safegetparameter (request, getartifactparametername (); Final Boolean wasgatewayed = This. gatewaystorage. hasgatewayedalready (request, serviceurl); // if ticket is not empty or wasgatewayed is true, this filter is processed completely and the next filter if (commonutils. isnotblank (ticket) | wasgatewayed) {filterchain. dofilter (request, response); return;} // Define the URL address final string modifiedserviceurl; log. debug ("no ticket and no assertion found"); // if ticket is empty and wasgatewayed is false, the jump URL is assembled Based on the gateway value of the initialization parameter. If (this. gateway) {log. debug ("setting gateway attribute in session"); modifiedserviceurl = This. gatewaystorage. storegatewayinformation (request, serviceurl);} else {modifiedserviceurl = serviceurl;} If (log. isdebugenabled () {log. debug ("constructed service URL:" + modifiedserviceurl);} // assemble the jump URL final string urltoredirectto = commonutils. constructredirecturl (this. casserverloginurl, getservic Eparametername (), modifiedserviceurl, this. RENEW, this. gateway, this. aspid); If (log. isdebugenabled () {log. debug ("redirecting to \" "+ urltoredirectto +" \ "");} // jump to the URL specified by urltoredirectto. If no gateway is configured, jump to the URL specified by the casserverloginurl parameter. Response. sendredirect (urltoredirectto );}

Gatewaystorage:

public final class DefaultGatewayResolverImpl implements GatewayResolver {    public static final String CONST_CAS_GATEWAY = "_const_cas_gateway_";public boolean hasGatewayedAlready(final HttpServletRequest request,final String serviceUrl) {final HttpSession session = request.getSession(false);if (session == null) {return false;}final boolean result = session.getAttribute(CONST_CAS_GATEWAY) != null;session.removeAttribute(CONST_CAS_GATEWAY);return result;}public String storeGatewayInformation(final HttpServletRequest request,final String serviceUrl) {request.getSession(true).setAttribute(CONST_CAS_GATEWAY, "yes");return serviceUrl;}}