CAS Ticket

1. Ticket==null 

   //验证账号/密码

   1. final Authentication authentication = this.authenticationManager.authenticate(credentials)

   //生成Ticket

   2. final TicketGrantingTicket ticketGrantingTicket = new TicketGrantingTicketImpl(

                    this.ticketGrantingTicketUniqueTicketIdGenerator.getNewTicketId(TicketGrantingTicket.PREFIX),

                    authentication, this.ticketGrantingTicketExpirationPolicy)

       String PREFIX = "TGT";

       //首先获取Ticket ID    

public String getNewTicketId(final String prefix) {
final String number = this.numericGenerator.getNextNumberAsString();
final StringBuilder buffer = new StringBuilder(prefix.length() + 2
+ (this.suffix != null ? this.suffix.length() : 0) + this.randomStringGenerator.getMaxLength()
+ number.length());

buffer.append(prefix);
buffer.append("-");
buffer.append(number);
buffer.append("-");
buffer.append(this.randomStringGenerator.getNewString());

if (this.suffix != null) {
buffer.append(this.suffix);
}

return buffer.toString();
} //授权Ticket
public TicketGrantingTicket grantTicketGrantingTicket(
final String id, final Authentication authentication,
final ExpirationPolicy expirationPolicy) {
synchronized (this) {
if(this.grantedTicketAlready) {
throw new IllegalStateException(
"TicketGrantingTicket already generated for this ServiceTicket. Cannot grant more than one TGT for ServiceTicket");
}
this.grantedTicketAlready = true;
}

return new TicketGrantingTicketImpl(id, (TicketGrantingTicketImpl) this.getGrantingTicket(),
authentication, expirationPolicy);
}       //添加this.ticketRegistry.addTicket(ticketGrantingTicket);
public void addTicket(final Ticket ticket) {
Assert.notNull(ticket, "ticket cannot be null");

if (log.isDebugEnabled()) {
log.debug("Added ticket [" + ticket.getId() + "] to registry.");
}
this.cache.put(ticket.getId(), ticket);
}2. Ticket!=null
public String grantServiceTicket(final String ticketGrantingTicketId,final Service service, final Credentials credentials) throws TicketException

final TicketGrantingTicket ticketGrantingTicket;

ticketGrantingTicket = (TicketGrantingTicket) this.ticketRegistry.getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);

3. ServiceTicket

if (StringUtils.hasText(context.getRequestParameters().get("renew")) && ticketGrantingTicketId != null && service != null) {

try {
final String serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, credentials);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
putWarnCookieIfRequestParameterPresent(context);
return "warn";
} catch (final TicketException e) {
if (e.getCause() != null && AuthenticationException.class.isAssignableFrom(e.getCause().getClass())) {
populateErrorsInstance(e, messageContext);
return "error";
}
this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketId);
if (logger.isDebugEnabled()) {
logger.debug("Attempted to generate a ServiceTicket using renew=true with different credentials", e);
}
}
}