cas退出流程设置解析之spring webflow的应用

• 执行组件

扩展阅读:https://www.cnblogs.com/shuyuq/p/9729791.html

2、登出重定向关键定位

子涵先生顺便和大家扯一点源码阅读中的一些心得~

一般情况下我们有时候无法一下子找到相关业务的源码入口位置，我们可以

1、我们可以先定位到关键代码后使用倒序方式阅读。

2、然后通过正序配置的方式通读源码原理和并深入理解其执行流程。

这里分析源码的时候，我们是按照倒序阅读法来看的。

• 找到源码重定向到外部url的位置

• 找到上一步

gatewayServicesManagementCheck

是负责服务检测的一个bean，由Spring负责管理。

<bean id=“gatewayServicesManagementCheck” class=“org.jasig.cas.web.flow.GatewayServicesManagementCheck”

c:servicesManager-ref=“servicesManager”/>

查看源码：

org.jasig.cas.web.flow.GatewayServicesManagementCheck

public class GatewayServicesManagementCheck extends AbstractAction {

private final Logger logger = LoggerFactory.getLogger(this.getClass());

@NotNull

private final ServicesManager servicesManager;

/**

• Initialize the component with an instance of the services manager.
• @param servicesManager the service registry instance.

*/

public GatewayServicesManagementCheck(final ServicesManager servicesManager) {

this.servicesManager = servicesManager;

}

@Override

protected Event doExecute(final RequestContext context) throws Exception {

final Service service = WebUtils.getService(context);

final boolean match = this.servicesManager.matchesExistingService(service);

if (match) {

return success();

}

final String msg = String.format("ServiceManagement: Unauthorized Service Access. "

• “Service [%s] does not match entries in service registry.”, service.getId());

logger.warn(msg);

throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);

}

}

3、再看cas的退出流程

3-1 流程入口

logout-webflow.xml中定义了基于url的退出方式：

3-2 退出执行

cas将退出动作交给了

logoutAction

Bean，该Bean中的

followServiceRedirects

参数设置了重定向登出url地址范围：

<bean id=“logoutAction” class=“org.jasig.cas.web.flow.LogoutAction”

p:servicesManager-ref=“servicesManager”

p:followServiceRedirects=“${cas.logout.followServiceRedirects:false}”/>

上

logoutAction

的源码：

/**

• Action to delete the TGT and the appropriate cookies.
• It also performs the back-channel SLO on the services accessed by the user during its browsing.
• After this back-channel SLO, a front-channel SLO can be started if some services require it.
• The final logout page or a redirection url is also computed in this action.
• @author Scott Battaglia
• @author Jerome Leleu
• @since 3.0

*/

public final class LogoutAction extends AbstractLogoutAction {

/** The services manager. */

@NotNull

private ServicesManager servicesManager;

/**

• Boolean to determine if we will redirect to any url provided in the
• service request parameter.

*/

private boolean followServiceRedirects;

@Override

protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,

final RequestContext context) throws Exception {

boolean needFrontSlo = false;

putLogoutIndex(context, 0);

final List logoutRequests = WebUtils.getLogoutRequests(context);

if (logoutRequests != null) {

for (LogoutRequest logoutRequest : logoutRequests) {

// if some logout request must still be attempted

if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {

needFrontSlo = true;

break;

}

}

}

//小哥哥、小姐姐们，看这里~ start=====

final String service = request.getParameter(“service”);

if (this.followServiceRedirects && service != null) {

final RegisteredService rService = this.servicesManager.findServiceBy(new SimpleWebApplicationServiceImpl(service));

if (rService != null && rService.isEnabled()) {

context.getFlowScope().put(“logoutRedirectUrl”, service);

}

}

//小哥哥、小姐姐们，看这里~ end=====

// there are some front services to logout, perform front SLO

//匹配到cas管理的service范围，退出后跳转到对应的service地址。

if (needFrontSlo) {

return new Event(this, FRONT_EVENT);

} else {

// otherwise, finish the logout process

//否则，退出到cas默认的退出地址

return new Event(this, FINISH_EVENT);

}

}

public void setFollowServiceRedirects(final boolean followServiceRedirects) {

this.followServiceRedirects = followServiceRedirects;

}

public void setServicesManager(final ServicesManager servicesManager) {

this.servicesManager = servicesManager;

}

}

3-3 服务重定向

• 找到了匹配的服务返回：

context.getFlowScope().put("logoutRedirectUrl", service);

，交给

finishLogout