AuthenticationViaFormAction源码分析

开源的CAS已经很多牛人分析过了，最近在看源码，也总结一下    

AuthenticationViaFormAction.java主要代码

//credentialsBinder这个属性在配置文件中没有注入，所以this.credentialsBinder会一直为null,无效代码

    public final void doBind(final RequestContext context, final Credentials credentials) throws Exception {

        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);

        if (this.credentialsBinder != null && this.credentialsBinder.supports(credentials.getClass())) {

            this.credentialsBinder.bind(request, credentials);

        }

    }

    public final String submit(final RequestContext context, final Credentials credentials, final MessageContext messageContext) throws Exception {

    //从request的flowScope中获取loginTicket

        final String authoritativeLoginTicket = WebUtils.getLoginTicketFromFlowScope(context);

        //从request的参数中获取loginTicket

        final String providedLoginTicket = WebUtils.getLoginTicketFromRequest(context);

        //如果两者不一样，返回错误

        if (!authoritativeLoginTicket.equals(providedLoginTicket)) {

            this.logger.warn("Invalid login ticket " + providedLoginTicket);

            final String code = "INVALID_TICKET";

            messageContext.addMessage(

                new MessageBuilder().error().code(code).arg(providedLoginTicket).defaultText(code).build());

            return "error";

        }

        //从request参数中或者flowScope中获取TGTID

        final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);

        //从request的flowScope中获取service

        final Service service = WebUtils.getService(context);

        //从request参数中获取renew的值，如果renew不为null，且ticketGrantingTicketId为null，且service为null

        if (StringUtils.hasText(context.getRequestParameters().get("renew")) && ticketGrantingTicketId != null && service != null) {

            try {

                final String serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);

                WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);

                putWarnCookieIfRequestParameterPresent(context);

                return "warn";

            } catch (final TicketException e) {

                if (isCauseAuthenticationException(e)) {

                    populateErrorsInstance(e, messageContext);

                    return getAuthenticationExceptionEventId(e);

                }

                this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);

                if (logger.isDebugEnabled()) {

                    logger.debug("Attempted to generate a ServiceTicket using renew=true with different credentials", e);

                }

            }

        }

        try {

        //this.centralAuthenticationService.createTicketGrantingTicket(credentials)返回TGTID，把TGTID放入RequestScope中

            WebUtils.putTicketGrantingTicketInRequestScope(context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));

            putWarnCookieIfRequestParameterPresent(context);

            return "success";

        } catch (final TicketException e) {

            populateErrorsInstance(e, messageContext);

            if (isCauseAuthenticationException(e))

                return getAuthenticationExceptionEventId(e);

            return "error";

        }

    }

本文出自 “ping blog” 博客，转载请与作者联系！