The CAS Server is a Spring Web Application, but it is designed according to standard layers or functional components that can be plugged into a standard J2EE diagram. There are three main components, each of which can be subdivided into subcomponents.
- The front end is a "Presentation Layer" that handles arriving HTTP requests. In addition to presenting and processing the Login form (containing userid and password), this layer also handles non-interactive forms of login (X.509 Certificates), and the Service Ticket validation and Proxy ticket calls.
- The Business Layer (where J2EE would have EJBs) validates the login (by verifying the userid/password against a backend system such as Kerberos or LDAP), and it creates Tickets including the Login TGT and Service Tickets.
- Tickets are stored in a Ticket Cache. Normally this is just an in-memory collection, although it can be replicated (for clustered failover) or stored in a shared database. Since Tickets can be persisted (even though they frequently aren't) they become Entities in a logical Persistence Layer.
Presentation Layer
Spring provides its version of a standard MVC (Model, View, Controller) framework where a Spring Servlet receives the raw request, "binds" request parameters by setting bean properties, and then maps the end of the request URL to a specific Action Bean. Since Action Beans expose methods called with the HTTPRequest and HTTPResponse objects, they are really Servlets under a different name, but because the Action Beans are configured within the Spring ApplicationContext they get Spring dependency injection.