本文探讨了如何在CAS客户端中处理请求URL的拦截与忽略问题。介绍了在CAS客户端3.3.x版本之后,通过修改AuthenticationFilter源码实现URL排除策略的方式,详细解析了`isRequestUrlExcluded`方法,以及`ignoreUrlPatternMatcherStrategyClass`参数的使用,为读者提供了一个实际配置示例。
在《单点登录 - 自定义CAS客户端的过滤器AuthenticationFilter》https://my.oschina.net/thinwonton/blog/1439112 文章里,介绍了一种CAS客户端的拦截请求和忽略/排除不需要拦截的请求URL的方法,该方法需要改写原来的AuthenticationFilter类。
后来无意中在网上看到了另一种方法,这好像是cas clieng 3.3以后支持的方法,我们一起看一下AuthenticationFilter 源码。
CAS CLIENT 3.2.1的源码
public final void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final HttpSession session = request.getSession(false);
final Assertion assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
if (assertion != null) {
filterChain.doFilter(request, response);
return;
}
final String serviceUrl = constructServiceUrl(request, response);
final String ticket = CommonUtils.safeGetParameter(request,getArtifactParameterName());
final boolean wasGatewayed = this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
if (CommonUtils.isNotBlank(ticket) || wasGatewayed) {
filterChain.doFilter(request, response);
return;
}
final String modifiedServiceUrl;
log.debug("no ticket and no assertion found");
if (this.gateway) {
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
