缺省流程
启动debug
进入目录执行gradle task
cd ~/Document/git/cas-gradle-overlay-template
sudo gradle jettyRunWar
eclipse下远程debug cas-overlay-template.
login-webflow
- webapp-actions/.../InitialFlowSetupAction
- 检查cookie, service参数, service访问策略
- webapp-actions/.../TicketGrantingTicketCheckAction
- 检查TGT,不存在进入gatewayRequestCheck
- gateWay不存在,进入serviceAuthorizationCheck,
- service不存在进入generateLoginTicket
- 新生成LT打头的ticket, 返回viewLoginForm也就是casLoginView
- casLoginview submit之后,进入AuthenticationViaFormAction.submit方法
- 返回success进入sendTicketGrantingTicketAction,添加TicketGrantingTicketId到cookie。
- 进入serviceCheck,service为空,进入endState: viewGenerateLoginSuccess,返回principle,显示casGenericSuccessView
CAS协议服务访问流程
- 浏览器跳转https:yourCompany.com/cas/login?service=http://client.com/login
- 接着跳转https://client.com/login?ticket=st-xxxxxx, st可以获取用户信息
- service发送验证到cas:https://yourcompany.com/cas/ServiceValidate?service=http://client.com/login?ticket=st-xxxxx
- cas返回
<cas:serviceResponse xmlns:cas='http:......'> <cas:authenticationSuccess> <cas:user>xxxx</cas> <cas:attributes> <cas:sn>xxxx</cas:sn> ......
OATH协议服务访问流程
- 浏览器跳转
https:yourCompany.com/cas/oath2.0/authorize?client_id=clientId&redirect_uri={redirectUri} - 验证通过,跳转
{redirectUri}?code={stCode} - service发送验证到
https:yourCompany.com/cas/oath2.0/accessToken?response_type=code&client_id={clientId}&redirect_uri={redirectUri}&client_secret={clientSecret}&code={stCode} - 返回 accessToken
{"access-token":"{TGT}","expires":"7200"} - `https:yourCompany.com/cas/oath2.0/profile?accessToken={TGT}&attributes=array
- 返回{"id":"uuidxxx","attributes":["sid":"xxx"...]}
不指定attributes=array返回{"id":"uuidxxx","attributes":{"sid":"xxx.....}}