【转】cas注册后自动登录

本文转自：/blog/805743

1.关于CAS的介绍不再累述，我想涉及过SSO同学应该都会对该框架所有了解，我们目前项目采用的CAS Server 版本为 3.4.2.1, 其 CAS Client 版本为 3.1.10。

CAS项目官方：/cas

本文讲述CAS登录处理未包括 CAS Client 与 Server 端的对 ST 采用SMAL验证的流程。

2.对于登录其主要处理流程：

注册成功后 -> 调用CAS登录处理的相关模块 -> 验证用户名密码 -> 生成TGT -> 生成TG -> Add ST&TGT至相关Register类 -> Add TGT至Cookie -> 重定向至 cas/login URL -> 完成

3.CAS 登录处理主要模块(类):

a. Credentials 用于存储用户登录认证信息接口。

其默认实现类：org.jasig.cas.authentication.principal.UsernamePasswordCredentials

b. CentralAuthenticationService 用于生成 ST(Service Ticket) 和 TGT(TicketGrantingTicket)的认证服务类。

其默认实现类： org.jasig.cas.CentralAuthenticationServiceImpl

c. CookieRetrievingCookieGenerator 用于将TGT添加至Cookie及对Cookie进行管理。

4.具体实现代码:

/** * user register process and automatic login. * @param userForm the user information object. * @param request the HttpServletRequest object * @param response the HttpServletResponse object * @return get result view */ protected ModelAndView handleUserRegisterInternal(UserInfoVo userForm, HttpServletRequest request, HttpServletResponse response) { ModelAndView signinView = new ModelAndView(REGISTER_VIEW);; final boolean isUnique = userService.checkUserUnique(userForm.getLoginName()); final boolean isRegistered = isUnique ? registerUser(userForm, request, response) : false; if (isRegistered) { bindTicketGrantingTicket(userForm.getLoginName(), userForm.getLoginPassword(), request, response); signinView.setViewName(getSignInView(request)); } return signinView; }

/** * Invoke generate validate Tickets and add the TGT to cookie. * @param loginNamethe user login name. * @param loginPassword the user login password. * @param request the HttpServletRequest object. * @param responsethe HttpServletResponse object. */ protected void bindTicketGrantingTicket(String loginName, String loginPassword, HttpServletRequest request, HttpServletResponse response){ try { UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(); credentials.setUsername(loginName); credentials.setPassword(loginPassword); String ticketGrantingTicket = centralAuthenticationService.createTicketGrantingTicket(credentials); ticketGrantingTicketCookieGenerator.addCookie(request, response, ticketGrantingTicket); } catch (TicketException te) { logger.error("Validate the login name " + loginName + " failure, can't bind the TGT!", te); } catch (Exception e){ logger.error("bindTicketGrantingTicket has exception.", e); } }

/** * Get the signIn view URL. * @param request the HttpServletRequest object. * @return redirect URL */ protected String getSignInView(HttpServletRequest request) { String service = ServletRequestUtils.getStringParameter(request, "service", ""); return ("redirect:login" + (service.length() > 0 ? "?service=" + service : "")); }

cas-servlet.xml 相关代码：

注：关于centralAuthenticationService及ticketGrantingTicketCookieGenerator已声明在 spring-configuration/applicationContext.xml 和 ticketGrantingTicketCookieGenerator.xml中