Reprinted from: http://blog.yoodb.com/yoodb/article/detail/1225
Ticket Chinese core is called CAS bills, and a series of logic operations on the Ticket. CAS mainly includes bills have TGT, ST, PGT, PGTIOU, PT, which TGT, ST is the bill CAS1.0 agreement, there's, PGT, PGTIOU, PT is CAS2.0 agreement in the new bill, the current CAS the latest version has come to CAS4.0. cas divided into server and client of two parts, a simple talk about the CAS authentication process:
1) users to access cas-client, intercepted jump to cas-server login, enter the correct user information
2) After a successful login, cas-server TGC issued a ticket, write Browser also generates a TGT object into its own cache, ID is the value of the cookie TGT object, and jump again to cas-client, while carrying the ST bills
cas-client notes found ST ST is holding a ticket to cas-server authentication, if validated, the user name information is returned
3) cas-client login is successful, when the user visits another cas-client2, will be blocked again jump to the cas-server ID value found TGC TGT ticket generated object directly verified, issuing a ticket to the ST cas -client2.
TGT and ST on Terminology
• TGT(Ticket Grangting Ticket)
TGT is issued by the CAS as user login bills, with a TGT, the user can prove that they successfully logged in CAS. TGT encapsulates user information Cookie Cookie value and the value corresponding to this. After user authentication is successful CAS, CAS generated cookie (called TGC), written in the browser, while generating a TGT object into its own cache, cookie ID is the value of TGT object. When the HTTP request comes again, if there are pass over the CAS cookie generated, the CAS cookie is key in order to query whether the cache TGT, logged before and if so, then the user, if not, then the user needs re-register.
• ST(Service Ticket)
ST is the access to a service ticket issued by the CAS users. When a user accesses service, service users do not find ST, the user is required to acquire CAS ST. ST user makes a request to acquire CAS, if the request contains the user's cookie, the CAS will take this cookie is key whether the query cache TGT, if TGT is present, use this TGT issued a ST, returned to the user. ST user with access to the service, service to take ST CAS verification, after the verification, allows users to access resources.
Here, we will talk about TGT ST bills and notes expiration policy, meaning the above has been a brief introduction TGT ST bills and notes here do not explain, and open the project to find ticketExpirationPolicies.xml cas-server configuration files, configuration details are as follows :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
<?xml version=
"1.0"
encoding=
"UTF-8"
?>
<!--
Licensed to Jasig under one or
more
contributor license
agreements. See the NOTICE
file
distributed with this work
for
additional information regarding copyright ownership.
Jasig licenses this
file
to you under the Apache License,
Version 2.0 (the
"License"
); you may not use this
file
except
in
compliance with the License. You may obtain a
copy of the License at the following location:
http:
//www
.apache.org
/licenses/LICENSE-2
.0
Unless required by applicable law or agreed to
in
writing,
software distributed under the License is distributed on an
"AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License
for
the
specific language governing permissions and limitations
under the License.
-->
<beans xmlns=
"http://www.springframework.org/schema/beans"
xmlns:xsi=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:p=
"http://www.springframework.org/schema/p"
xmlns:c=
"http://www.springframework.org/schema/c"
xmlns:util=
"http://www.springframework.org/schema/util"
xsi:schemaLocation="http:
//www
.springframework.org
/schema/beans
http:
//www
.springframework.org
/schema/beans/spring-beans
.xsd
http:
//www
.springframework.org
/schema/util
http:
//www
.springframework.org
/schema/util/spring-util
.xsd">
<description>
Assignment of expiration policies
for
the different tickets generated by CAS including ticket granting ticket
(TGT), service ticket (ST), proxy granting ticket (PGT), and proxy ticket (PT).
These expiration policies determine how long the ticket they are assigned to can be used and even how often they
can be used before becoming expired / invalid.
<
/description
>
<!-- Expiration policies -->
<util:constant
id
=
"SECONDS"
static-field=
"java.util.concurrent.TimeUnit.SECONDS"
/>
<bean
id
=
"serviceTicketExpirationPolicy"
class=
"org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"
c:numberOfUses=
"1"
c:timeToKill=
"${st.timeToKillInSeconds:10}"
c:timeUnit-ref=
"SECONDS"
/>
<!-- TicketGrantingTicketExpirationPolicy: Default as of 3.5 -->
<!-- Provides both idle and hard timeouts,
for
instance 2 hour sliding window with an 8 hour max lifetime -->
<bean
id
=
"grantingTicketExpirationPolicy"
class=
"org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
p:maxTimeToLiveInSeconds=
"${tgt.maxTimeToLiveInSeconds:28800}"
p:timeToKillInSeconds=
"${tgt.timeToKillInSeconds:7200}"
/>
<
/beans
>
|
TGT ticket expires configuration, the default time is two hours, when the user is within two hours (7200 seconds) of fixed or moving the mouse system over 8 hours (28,800 seconds), the tgt expired, the specific configuration is as follows:
1
2
3
4
|
<bean
id
=
"grantingTicketExpirationPolicy"
class=
"org.jasig.cas.ticket.support.TicketGrantingTicketExpirationPolicy"
p:maxTimeToLiveInSeconds=
"${tgt.maxTimeToLiveInSeconds:28800}"
p:timeToKillInSeconds=
"${tgt.timeToKillInSeconds:7200}"
/>
<
/beans
>
|
ST configuration ticket expires, the default time is 10 seconds, using the number of times an application or no more than 10 seconds will cause st expire, specific configuration is as follows:
1
2
|
<bean
id
=
"serviceTicketExpirationPolicy"
class=
"org.jasig.cas.ticket.support.MultiTimeUseOrTimeoutExpirationPolicy"
c:numberOfUses=
"1"
c:timeToKill=
"${st.timeToKillInSeconds:10}"
c:timeUnit-ref=
"SECONDS"
/>
|
Recommended ↓↓↓↓↓↓
更多推荐:微信公众号《优哉游哉》
关注微信公众号“优哉游哉”(w_z90110),回复关键字领取资料:如Hadoop,Dubbo,CAS源码等等,免费领取资料视频和项目等。
微信公众号涵盖:程序人生、搞笑视频、算法与数据结构、黑客技术与网络安全、前端开发、Java、Python、Redis缓存、spring源码、各大主流框架、Web开发、大数据技术、Storm、Hadoop、MapReduce、Spark、elasticsearch、单点登录统一认证、分布式框架、集群、安卓开发、iOS开发、C/C++、.NET、Linux、MySQL、Oracle、NoSQL非关系型数据库、运维等。