CAS source code tracing Series 2: processing requests by authenticationfilter

In the previous article, we talked about how to initialize the corresponding filter after integrating with spring in the web project. If you haven't seen it yet, please click CAS source code tracing Series 1: filter initialization. This document describes how cas-Client Processes requests after Initialization is complete.

Source Code address: https://github.com/apereo/java-cas-client

You are not quite clear about the SSO principle. You can refer to this Article "Single Sign-On principle and simple implementation".
When you access protected resources of the system, the CAS filter authenticationfilter intercepts the resource and finds that the user has not logged on (the system does not have the corresponding session information). Then, the unified logon page is displayed. Otherwise, the next filter in filterchain is called.

Let's look at the authenticationfilter's

Dofilter (final servletrequest, final servletresponse, final filterchain)
If (isrequesturlexcluded (request )){
Logger. debug ("request is ignored .");
Filterchain. dofilter (request, response );
Return;
}
Determine whether the request is not blocked. If yes, directly call the next filter in filterchain; otherwise, execute
Let's take a look at the isrequesturlexcluded method.

Private Boolean isrequesturlexcluded (final httpservletrequest request ){
/
Whether there are ignore URL matching classes,
Initinternal (final filterconfigFilterconfig ).
*/
If (this. ignoreurlpatternmatcherstrategyclass = NULL ){
Return false;
}

Final stringbuffer urlbuffer = request. getrequesturl (); If (request. getquerystring ()! = NULL) {urlbuffer. append ("? "). Append (request. getquerystring (); // assembled URL} final string requesturi = urlbuffer. tostring ();/** Do you not need to intercept the matching URL? The interception rule must be configured in the configuration file, * in the initinternal (final filterconfig * filterconfig) of authenticationfilter) load to ignoreurlpatternmatcherstrategyclass */return this. ignoreurlpatternmatcherstrategyclass. matches (requesturi );}

Final httpsession session = request. getsession (false); // obtain the user session. Note that the parameter is false, indicating that no session is created if the session does not exist.
Final assertion = session! = NULL? (Assertion) Session. getattribute (const_cas_assertion): NULL; // If a session exists, the assertion is obtained from the const_cas_assertion attribute value.
If the session does not exist or the const_cas_assertion in the session is empty, it indicates that the user has not logged on, and you need to continue to execute the next filter.
Final string serviceurl = constructserviceurl (request, response); // parse the request address
The method is finally called.

Commonutils. constructserviceurl (final httpservletrequest request, final httpservletresponse response,
Final string service, final string servernames, final string serviceparametername,
Final string artifactparametername, final Boolean encode );
@ Param service: the service address or the address you want to request. This method is more happy to provide this parameter (which can be configured in the configuration file)
@ Param servername: Service name, for example, http: // localhost: 8080

If (commonutils. isnotblank (Service )){
Return encode? Response. encodeurl (Service): service;
}
At the beginning of the Code, the server parameter is verified first. How can this problem be solved without being empty. That's why we expect you to configure this parameter. The logic is simple. If not empty, the request URL must be parsed.

Final string servername = findmatchingservername (request, servernames );
Final uribuilder originalrequesturl = new uribuilder (request. getrequesturl (). tostring (), encode );
Originalrequesturl. setparameters (request. getquerystring ());

    final URIBuilder builder;    if (!serverName.startsWith("https://") && !serverName.startsWith("http://")) {        String scheme = request.isSecure() ? "https://" : "http://";        builder = new URIBuilder(scheme + serverName, encode);    } else {        builder = new URIBuilder(serverName, encode);    }    if (builder.getPort() == -1 && !requestIsOnStandardPort(request)) {        builder.setPort(request.getServerPort());    }    builder.setEncodedPath(builder.getEncodedPath() + request.getRequestURI());

Obtain Request Parameters Based on the URL (request. when getquerystring () is used, the system checks whether the ticket parameter is included and must be in the first position (location = 0). If yes, the system returns the previously assembled URL directly. Otherwise, the system continues to assemble the parameters.

Final list

Final string ticket = retrieveticketfromrequest (request); // obtain the ticket in the request
Then, if ticket is configured and the gateway is configured, the next filter is called directly. Otherwise, the next filter is executed.

Final string urltoredirectto = commonutils. constructredirecturl (this. casserverloginurl,
Getprotocol (). getserviceparametername (), modifiedserviceurl, this. RENEW, this. Gateway );
Construct a Redirection URL based on the existing data, that is, the address to jump to when the authentication request fails, similar to https: // localhost: 8443/CAS/login? Service = HTTPS % 3A % 2f % 2 flocalhost % 3a8443% 2 ftest % 3 ftest % 3d12456% 26sss % 3d111. "?" The first part is the authentication center logon page, followed by the address to be redirected after successful logon.

The last step is to execute redirection.

Summary

This section briefly analyzes how the CAS-client processes the request. If the authentication succeeds, the next filter is executed. If the authentication fails, the logon page is displayed. Next we will talk about how cas-server processes logon.

The usual learning process is not so advanced. I hope it can help you and make progress together with you. I'm a code-based expert from ruoban. If you like it, I 'd like to recommend it. I like it and pay attention to it.

CAS source code tracing Series 2: processing requests by authenticationfilter