【轉】cas註冊後自動登入

標籤：

　　本文轉自：http://denger.iteye.com/blog/805743

　　 1. 關於CAS的介紹不再累述，我想涉及過SSO同學應該都會對該架構所有瞭解，我們目前項目採用的CAS Server 版本為 3.4.2.1, 其 CAS Client 版本為 3.1.10。 
         CAS項目官方：http://www.jasig.org/cas 
         本文講述CAS登入處理未包括 CAS Client 與 Server 端的對 ST 採用SMAL驗證的流程。 

     2. 對於登入其主要處理流程： 
         註冊成功後 -> 調用CAS登入處理的相關模組 -> 驗證使用者名稱密碼 -> 產生TGT -> 產生TG -> Add ST&TGT至相關Register類 -> Add TGT至Cookie -> 重新導向至 cas/login URL -> 完成 

     3.  CAS 登入處理主要模組(類): 
              a. Credentials  用於儲存使用者登入認證資訊介面。 
                  其預設實作類別：org.jasig.cas.authentication.principal.UsernamePasswordCredentials 
              b. CentralAuthenticationService 用於產生 ST(Service Ticket) 和  TGT(TicketGrantingTicket)的認證服務類。 
                  其預設實作類別： org.jasig.cas.CentralAuthenticationServiceImpl 
              c. CookieRetrievingCookieGenerator 用於將TGT添加至Cookie及對Cookie進行管理。 

     4.  具體實現代碼: 

/**  * user register process and automatic login.  * @param userForm the user information object.  * @param request  the HttpServletRequest object  * @param response the HttpServletResponse object  * @return get result view  */  protected ModelAndView handleUserRegisterInternal(UserInfoVo userForm, HttpServletRequest request, HttpServletResponse response) {            ModelAndView signinView = new ModelAndView(REGISTER_VIEW);;      final boolean isUnique = userService.checkUserUnique(userForm.getLoginName());      final boolean isRegistered = isUnique ? registerUser(userForm, request, response) : false;        if (isRegistered) {          bindTicketGrantingTicket(userForm.getLoginName(), userForm.getLoginPassword(), request, response);          signinView.setViewName(getSignInView(request));      }      return signinView;  }  

/**  * Invoke generate validate Tickets and add the TGT to cookie.  * @param loginName     the user login name.  * @param loginPassword the user login password.  * @param request       the HttpServletRequest object.  * @param response      the HttpServletResponse object.  */  protected void bindTicketGrantingTicket(String loginName, String loginPassword, HttpServletRequest request, HttpServletResponse response){      try {          UsernamePasswordCredentials credentials = new UsernamePasswordCredentials();          credentials.setUsername(loginName);          credentials.setPassword(loginPassword);          String ticketGrantingTicket = centralAuthenticationService.createTicketGrantingTicket(credentials);          ticketGrantingTicketCookieGenerator.addCookie(request, response, ticketGrantingTicket);      } catch (TicketException te) {          logger.error("Validate the login name " + loginName + " failure, can‘t bind the TGT!", te);      } catch (Exception e){          logger.error("bindTicketGrantingTicket has exception.", e);      }  }  

/**  * Get the signIn view URL.  * @param request the HttpServletRequest object.  * @return redirect URL  */  protected String getSignInView(HttpServletRequest request) {      String service = ServletRequestUtils.getStringParameter(request, "service", "");      return ("redirect:login" + (service.length() > 0 ? "?service=" + service : ""));  }

 cas-servlet.xml 相關代碼： 

<bean id="registerController" class="com.xxxxx.sso.web.RegisterController"       p:userService-ref="userService"      p:validator-ref="registerValidator"      p:centralAuthenticationService-ref="centralAuthenticationService"      p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator"/>  

　　註： 關於centralAuthenticationService及ticketGrantingTicketCookieGenerator已聲明在 spring-configuration/applicationContext.xml 和 ticketGrantingTicketCookieGenerator.xml中 

【轉】cas註冊後自動登入