Alternate question: Is there an alternate way to force the server to send a different HTTP status code when a NoMatchingTransitionException is thrown?
I have tried to implement a ControllerAdvice without success. I'm assuming it's because the exception is from WebFlow and not a controller? Should this be possible? On Tuesday, August 24, 2021 at 5:48:10 PM UTC-7 Joseph Cauthen wrote: > > OK, so I'm tearing my hair out a little bit. I have been stuck on this > problem for about two months. > > CAS is not configured out of the box to handle invalid eventIds. When it > receives an invalid eventId, it throws a NoMatchingTransitionException. > This then returns a 500 HTTP status code. This is picked up by > vulnerability scanners. I need it to return a 400 instead. > > I've used CAS for years. In CAS 3, I could set up a global transition at > the end of the login-flow.xml and logout-flow.xml. An example is in the > link below. > > > https://stackoverflow.com/questions/18432059/invalid-eventid-in-spring-webflow > > We've recently switched to CAS 6. The webflows have been implemented in > Java instead of XML. I have been unable to find how to achieve the same > result in the Java configuration. The closest I have found is this link. > > https://fawnoos.com/2018/06/19/cas53webflow-extensions/ > > However, I need a global transition and can't find how to create one. I > also have no idea how this all fits into the larger webflow or where to > properly configure the classes that I create or how to set the precedence. > > In the XML implementation, this all obvious but I have never been so > confused in my life. > > Does anyone have any ideas on how to create a global transition that > handles NoMatchingTransitionExceptions? Does anyone have some solid > documentation on this? > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/e052f880-3bd3-4850-be75-fe0efe9c42ddn%40apereo.org.
