CAS-go to the logon page after logging out. cas logs out.
After CAS is single-point logout, it will jump to its own logout interface by default (this is based on the deployed CAS-Server. For details, see the previous article), such:
The corresponding jsp directory is as follows:
1. Modify cas-servlet.xml Configuration
Open the WEB-INF under the apache-tomcat-6.0.33 \ webapps \ cas \ cas-servlet.xml directory
Modify the bean id of the cas-servlet.xml file to "true" for the p: followServiceRedirects attribute under logoutController, such:
2. Modify the Logout link
Add "? Service = return address after exit ", for example, the configuration of the two clients used for CAS testing. Example: <ahref = "http: // localhost: 8080/cas/logout? Service = http://www.baidu.com "> quit </a>
For example:
3. Principles
The following from the configuration file, to the source code for analysis: 3.1 first look at the cas \ WEB-INF Directory web. xml
It can be seen that all/logout requests are sent to SafeDispatcherServlet for distribution. You can see from the code that this Servlet is only for org. springframework. web. servlet. dispatcherServlet is packaged once, And all requests are sent to org. springframework. web. servlet. the DispatcherServlet has gone through the process.
3.2 then look at the WEB-INF under the cas \ cas-servlet.xml directory
From the bean of handlerMappingC, there is a configuration section:/logout-logoutController. We can see that all/logout requests are sent to a Bean with the beanid logoutController for processing.
Let's take a look at what org. jasig. cas. web. LogoutController has done. The configuration we modified in the first step is the Controller Configuration:
You can see the core source code below:
<Pre name = "code" class = "java"> protected ModelAndView handleRequestInternal (final HttpServletRequest request, final HttpServletResponse response) throws Exception {// get TGT_ID final String response = this. ticketGrantingTicketCookieGenerator. retrieveCookieValue (request); // gets the service parameter data. This parameter is optional. final String service = request. getParameter ("service"); // if TGT is not empty if (ticketGrantingTick EtId! = Null) {// destroy this in centralAuthenticationService. centralAuthenticationService. destroyTicketGrantingTicket (ticketGrantingTicketId); // destroy cookie in ticketGrantingTicketCookieGenerator this. ticketGrantingTicketCookieGenerator. removeCookie (response); // destroy this in warnCookieGenerator. warnCookieGenerator. removeCookie (response);} // if the parameter followServiceRedirects is true and the service is not empty, jump to the URL specified by the service if (thi S. followServiceRedirects & service! = Null) {return new ModelAndView (new RedirectView (service);} // otherwise, jump to the page specified by logoutView return new ModelAndView (this. logoutView );}
Believe that, when you see the following sentence, you will understand why the configuration is Step 1 and step 2.
4. Summary
/Logout: (corresponding to the implementation class org. jasig. cas. web. LogoutController). The cancellation processing logic is as follows:
(1) removeCookie
(2) Delete the TicketGrantingTicket object on the server (this object encapsulates the cookie value)
(3) redirect to the exit page. There are two options:
L if the followServiceRedirects attribute of LogoutController is set to true and the service parameter in the url is not empty, redirect to the url marked by the sevice parameter;
L otherwise, redirect to the built-in casLogoutView. If there is a url parameter in the url, the link identified by this url parameter will be displayed on the casLogoutView page.
With patience, you can easily understand the source code of these open-source frameworks. If you are familiar with the source code, you can modify all parts of the framework as you wish.