Thoughts about going from HttpServletRequest objects to something we can feed to an AuthenticationHandler:
enters the
Logon controller applies an
Once the Logon Controller has applied its AuthenticationRequestBinder, it has an AuthenticationRequest in hand (or the supports() method returned false and it knows that it has no way of getting an AuthenticationRequest or the other method threw an exception and getting an authentication request failed. These are failure instances in which Logon Controller which will have to "recover in a way that makes sense", which might mean re-painting the login screen.)
It then passes that AuthenticationRequest to an AuthenticationHandler (or it passes it more generally into the CAS engine, which will return a TicketGrantingTicket, a Cookie representation of which the Logon Controller will then store back into the user's browser. Down inside the CAS service implementation is where the AuthenticationHandler lives. The purpose of this page is to explore the path of the AuthenticationRequest more than to nail down exactly the Logon Controller implementation).
So the AuthenticationRequest is an argument to the AuthenticationHandler:
Our AuthenticationRequest has been transformed into an AuthenticationResult which CAS stores in the data associated with a GrantingTicket that it issues on the basis of this authentication. Out comes the GrantingTicket back to the LogonController, which attempts to store a String representation of it (really key to find it again server-side) into the end user's web browser. Also uses the GrantingTicket to get a ST for the desired Service, and then sends user along her way.