开源的CAS已经很多牛人分析过了，最近在看源码，也总结一下

在login-webflow.xml中，初次访问应用的flow轨迹是：

1 <on-start>

<evaluate expression="initialFlowSetupAction" />

</on-start>

2 <decision-state id="ticketGrantingTicketExistsCheck">

<if test="flowScope.ticketGrantingTicketId != null" then="hasServiceCheck" else="gatewayRequestCheck" />

</decision-state>

3 <decision-state id="gatewayRequestCheck">

<if test="requestParameters.gateway != '' and requestParameters.gateway != null and flowScope.service != null" then="gatewayServicesManagementCheck" else="generateLoginTicket" />

</decision-state>

4 <action-state id="generateLoginTicket">

<evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" />

<transition on="generated" to="viewLoginForm" />

</action-state>

所以代码会执行到generateLoginTicketAction中

GenerateLoginTicketAction.java

public final String generate(final RequestContext context) {

//通过DefaultUniqueTicketIdGenerator生成loginTicket，可以通过实现接口UniqueTicketIdGenerator.java，来自己定义生成loginTicket的格式

final String loginTicket = this.ticketIdGenerator.getNewTicketId(PREFIX);

this.logger.debug("Generated login ticket " + loginTicket);

//把ticket放入FlowScope

WebUtils.putLoginTicket(context,loginTicket);

return "generated";

}

返回后，跳转到“viewLoginForm”

<view-state id="viewLoginForm" view="casLoginView" model="credentials">

<binder>

<binding property="username" />

<binding property="password" />

</binder>

<on-entry>

<set name="viewScope.commandName" value="'credentials'" />

</on-entry>

<transition on="submit" bind="true" validate="true" to="realSubmit">

<evaluate expression="authenticationViaFormAction.doBind(flowRequestContext,flowScope.credentials)" />

</transition>

</view-state>

default_view.properties已经定义好了：casLoginView.url=/WEB-INF/view/jsp/default/ui/casLoginView.jsp

浏览器会跳转到casLoginView.jsp让用户登陆，用户在casLoginView.jsp执行submit动作时，evaluate 元素中 expression 属性所指明的表达式会被执行，即标红的部分。表达式内容执行完成后，转向id为realSubmit的state

<action-state id="realSubmit">

<evaluate expression="authenticationViaFormAction.submit(flowRequestContext,flowScope.credentials,messageContext)" />

<transition on="warn" to="warn" />

<transition on="success" to="sendTicketGrantingTicket" />

<transition on="error" to="generateLoginTicket" />

<transition on="accountDisabled" to="casAccountDisabledView" />

<transition on="mustChangePassword" to="casMustChangePassView" />

<transition on="accountLocked" to="casAccountLockedView" />

<transition on="badHours" to="casBadHoursView" />

<transition on="badWorkstation" to="casBadWorkstationView" />

<transition on="passwordExpired" to="casExpiredPassView" />

</action-state>

在realSubmit中，根据表达式“authenticationViaFormAction.submit(flowRequestContext,messageContext)”的不同返回值跳转到不同的界面