解决jasig CAS server端 ticketGrantingTicket超时后的一个bug

最近研究cas，发现在设置ticketGrantingTicket超时后，打开https://tski.com:8443/cas 仍然显示成功


ticketExpirationPolicies.xml

	<!-- This argument is the time a ticket can exist before its considered expired. 设置为5秒超时-->
	<bean id="grantingTicketExpirationPolicy" class="org.jasig.cas.ticket.support.TimeoutExpirationPolicy">
		
		<constructor-arg
			index="0"
			value="5000" />
	</bean> 

ticketRegistry.xml

<!-- 10秒检查一次是否有ticket需要clean  -->
	<bean id="triggerJobDetailTicketRegistryCleaner" class="org.springframework.scheduling.quartz.SimpleTriggerBean"
		p:jobDetail-ref="jobDetailTicketRegistryCleaner"
		p:startDelay="2000"
		p:repeatInterval="10000" />

仍然显示成功



所以猜测，TGT超时与使用https://tski.com:8443/cas/logout 不同地方在于，后者清除了cookie中的TGT

于是找到logout的处理代码
org.jasig.cas.web.LogoutController

    protected ModelAndView handleRequestInternal(
        final HttpServletRequest request, final HttpServletResponse response)
        throws Exception {
        final String ticketGrantingTicketId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
        final String service = request.getParameter("service");

        if (ticketGrantingTicketId != null) {
            this.centralAuthenticationService
                .destroyTicketGrantingTicket(ticketGrantingTicketId);
            //清除cookie
            this.ticketGrantingTicketCookieGenerator.removeCookie(response);
            this.warnCookieGenerator.removeCookie(response);
        }

        if (this.followServiceRedirects && service != null) {
            return new ModelAndView(new RedirectView(service));
        }

        return new ModelAndView(this.logoutView);
    }

而TGT超时时，cas server 不能获取cookie

继续猜测，打开https://tski.com:8443/cas时，cas server只判断了cookie中是否有TGT，但是没判断org.jasig.cas.ticket.registry.TicketRegistry中是否还存在TGT。

找到login-webflow.xml

    

<!-- 在flowScope.ticketGrantingTicketId && flowScope.service 为null的情况下，页面会跳转到viewGenericLoginSuccess -->
<on-start>
        <evaluate expression="initialFlowSetupAction" />
    </on-start>

	<decision-state id="ticketGrantingTicketExistsCheck">
		<if test="flowScope.ticketGrantingTicketId neq null" then="hasServiceCheck" else="gatewayRequestCheck" />
	</decision-state>
    
	...	
	<decision-state id="hasServiceCheck">
		<if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" />
	</decision-state>

所以现在要确认flowScope.ticketGrantingTicketId ， flowScope.service 是什么东西
找到org.jasig.cas.web.flow.InitialFlowSetupAction

	protected Event doExecute(final RequestContext context) throws Exception {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        if (!this.pathPopulated) {
            ...        }

//ticketGrantingTicketId是从cookie里取的，问题很清楚了
        context.getFlowScope().put(
            "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
        context.getFlowScope().put(
            "warnCookieValue",
            Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));
//service 只有在从其他系统跳转到cas server时才可能不是null
        final Service service = WebUtils.getService(this.argumentExtractors,
            context);

        if (service != null && logger.isDebugEnabled()) {
            logger.debug("Placing service in FlowScope: " + service.getId());
        }

        context.getFlowScope().put("service", service);

        return result("success");
    }

最后，修改代码
org.jasig.cas.web.flow.InitialFlowSetupAction

//注入 ticketRegistry
 @NotNull
    private TicketRegistry ticketRegistry;

    public TicketRegistry getTicketRegistry() {
		return ticketRegistry;
	}

	public void setTicketRegistry(TicketRegistry ticketRegistry) {
		this.ticketRegistry = ticketRegistry;
	}



	protected Event doExecute(final RequestContext context) throws Exception {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        if (!this.pathPopulated) {
            ...        }
//从ticketRegistry中获取TGT
        context.getFlowScope().put(
            "ticketGrantingTicketId", ticketRegistry.getTicket(this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request)));
        context.getFlowScope().put(
            "warnCookieValue",
            Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));

        final Service service = WebUtils.getService(this.argumentExtractors,
            context);

        if (service != null && logger.isDebugEnabled()) {
            logger.debug("Placing service in FlowScope: " + service.getId());
        }

        context.getFlowScope().put("service", service);

        return result("success");
    }

修改cas-servlet.xml

<!-- 最后一行 p:ticketRegistry-ref="ticketRegistry"  ，注入ticketRegistry -->
	<bean id="initialFlowSetupAction" class="org.jasig.cas.web.flow.InitialFlowSetupAction"
		p:argumentExtractors-ref="argumentExtractors"
		p:warnCookieGenerator-ref="warnCookieGenerator"
		p:ticketGrantingTicketCookieGenerator-ref="ticketGrantingTicketCookieGenerator" 
		p:ticketRegistry-ref="ticketRegistry"/>

评论

3 楼 yesorno828 2015-02-05  

冬天秋天 写道

我现在有一个比较诡异的问题，在cas超时以后，用户需要做两次登录操作才能成功跳转到主页(在第一次输入用户名和密码之后点击登录，页面又定位到了登录页面没有定位到主页)。

我也遇到这个问题过。。。不知道你解决了吗？

2 楼 冬天秋天 2014-04-10  

我现在有一个比较诡异的问题，在cas超时以后，用户需要做两次登录操作才能成功跳转到主页(在第一次输入用户名和密码之后点击登录，页面又定位到了登录页面没有定位到主页)。

1 楼 rongsheng730 2014-01-24  

你这玩法好像有点误导人啊，ticket生成与授权还没看到，看完再来回复。。。看这文章的慎用哦