客户端调用验证票根:
// 票根验证
TicketValidator ticketValidator = ensureTicketValidator();
Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
读源码:
public Assertion validate(final String ticket, final String service) throws TicketValidationException {
final String validationUrl = constructValidationUrl(ticket, service);
if (log.isDebugEnabled()) {
log.debug("Constructing validation url: " + validationUrl);
}
try {
log.debug("Retrieving response from server.");
final String serverResponse = retrieveResponseFromServer(new URL(validationUrl), ticket);
if (serverResponse == null) {
throw new TicketValidationException("The CAS server returned no response.");
}
if (log.isDebugEnabled()) {
log.debug("Server response: " + serverResponse);
}
return parseResponseFromServer(serverResponse);
} catch (final MalformedURLException e) {
throw new TicketValidationException(e);
}
}
protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException {
final String error = XmlUtils.getTextForElement(response,
"authenticationFailure");
if (CommonUtils.isNotBlank(error)) {
throw new TicketValidationException(error);
}
final String principal = XmlUtils.getTextForElement(response, "user");
final String proxyGrantingTicketIou = XmlUtils.getTextForElement(response, "proxyGrantingTicket");
final String proxyGrantingTicket = this.proxyGrantingTicketStorage != null ? this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou) : null;
if (CommonUtils.isEmpty(principal)) {
throw new TicketValidationException("No principal was found in the response from the CAS server.");
}
final Assertion assertion;
final Map<String,Object> attributes = extractCustomAttributes(response);
if (CommonUtils.isNotBlank(proxyGrantingTicket)) {
final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes, proxyGrantingTicket, this.proxyRetriever);
assertion = new AssertionImpl(attributePrincipal);
} else {
assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes));
}
customParseResponse(response, assertion);
return assertion;
}
protected Map<String,Object> extractCustomAttributes(final String xml) {
final int pos1 = xml.indexOf("<cas:attributes>");
final int pos2 = xml.indexOf("</cas:attributes>");
if (pos1 == -1) {
return Collections.emptyMap();
}
final String attributesText = xml.substring(pos1+16, pos2);
final Map<String,Object> attributes = new HashMap<String,Object>();
final BufferedReader br = new BufferedReader(new StringReader(attributesText));
String line;
final List<String> attributeNames = new ArrayList<String>();
try {
while ((line = br.readLine()) != null) {
final String trimmedLine = line.trim();
if (trimmedLine.length() > 0) {
final int leftPos = trimmedLine.indexOf(":");
final int rightPos = trimmedLine.indexOf(">");
attributeNames.add(trimmedLine.substring(leftPos+1, rightPos));
}
}
br.close();
} catch (final IOException e) {
//ignore
}
for (final String name : attributeNames) {
final List<String> values = XmlUtils.getTextForElements(xml, name);
if (values.size() == 1) {
attributes.put(name, values.get(0));
} else {
attributes.put(name, values);
}
}
return attributes;
}
extractCustomAttributes 方法中按行读取ticket信息attributeNames.add(trimmedLine.substring(leftPos+1, rightPos));
<cas:userId>
userId
</cas:userId>该格式报:java.lang.StringIndex0utOfBoundsException: String index out of range: -1异常
原因:cas服务端编写cas:attributes报文格式问题解决方案
WebContent/WEB-INF/view/jsp/protocol/2.0/casServiceValidationSuccess.jsp
修改报文格式:
<%--fn:escapeXml设置xml文件标签结束前不换行,cas客户validate校验票根xml标签换行报索引越界--%>
<cas:${fn:escapeXml(attr.key)}>${fn:escapeXml(attr.value)}</cas:${fn:escapeXml(attr.key)}>