<on-start> <evaluate expression="initialFlowSetupAction" /> </on-start>
首先他的on-start表示流程开始,开始的时候它会到你的cookie中取Ticket信息。当然,如果你没有登录过Ticket信息当然没有。
cas-servlet.xml里面有initialFlowSetupAction的配置。
<bean id="initialFlowSetupAction" class="org.jasig.cas.web.flow.InitialFlowSetupAction" p:argumentExtractors-ref="argumentExtractors" p:warnCookieGenerator-ref="warnCookieGenerator" p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator" />
其中主要的Code如下:
protected Event doExecute(final RequestContext context) throws Exception { final HttpServletRequest request = WebUtils.getHttpServletRequest(context); if (!this.pathPopulated) { final String contextPath = context.getExternalContext().getContextPath(); final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + "/" : "/"; logger.info("Setting path for cookies to: " + cookiePath); this.warnCookieGenerator.setCookiePath(cookiePath); this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath); this.pathPopulated = true; } context.getFlowScope().put( "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)); context.getFlowScope().put( "warnCookieValue", Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request))); final Service service = WebUtils.getService(this.argumentExtractors, context); context.getFlowScope().put("service", service); return result("success"); }
接下是判断用户是否已经登录过(也就是否存在Ticket信息):
<decision-state id="ticketGrantingTicketExistsCheck"> <if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" /> </decision-state> <decision-state id="gatewayRequestCheck"> <if test="externalContext.requestParameterMap['gateway'] neq '' && externalContext.requestParameterMap['gateway'] neq null && flowScope.service neq null" then="gatewayServicesManagementCheck" else="generateLoginTicket" /> </decision-state> <decision-state id="hasServiceCheck"> <if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" /> </decision-state> <decision-state id="renewRequestCheck"> <if test="externalContext.requestParameterMap['renew'] neq '' && externalContext.requestParameterMap['renew'] neq null" then="generateLoginTicket" else="generateServiceTicket" /> </decision-state>
如果存在Ticket则表示已经登录过。
1. 如果已经登录,就进行Ticket验证.
(1)如果Ticket验证成功就跳转到成功页面.
(2)如果Ticket验证失败,则重新生成Ticket.
2. 如果未登录,就进行网关验证.
(1)如果网关验证通过就进生成登录的Ticket.
(2)如果网关验证失败,则返回异常。
以上有两个分支都会汇到了重新生成Ticket.其它的分支则已经完成。
以下讲解重新生成Ticket之后的流程:
<action-state id="generateLoginTicket"> <evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" /> <transition on="generated" to="viewLoginForm" /> </action-state> <view-state id="viewLoginForm" view="casLoginView" model="credentials"> <binder> <binding property="username" /> <binding property="password" /> </binder> <on-entry> <set name="viewScope.commandName" value="'credentials'" /> </on-entry> <transition on="submit" bind="true" validate="true" to="realSubmit"> <evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" /> </transition> </view-state> <action-state id="realSubmit"> <evaluate expression="authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)" /> <transition on="warn" to="warn" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to="generateLoginTicket" /> </action-state> <action-state id="sendTicketGrantingTicket"> <evaluate expression="sendTicketGrantingTicketAction" /> <transition to="serviceCheck" /> </action-state> <decision-state id="serviceCheck"> <if test="flowScope.service neq null" then="generateServiceTicket" else="viewGenericLoginSuccess" /> </decision-state>
重新生成新的Ticket之后,就会跳转到登录页面。
输入登录信息之后进行登录验证,验证通过,则回填Ticket,跳转到成功页面。
验证失败则会重新生成新的Ticket.