This is my login-webflow.xml:
<?xml version="1.0" encoding="UTF-8"?>
<flow xmlns="http://www.springframework.org/schema/webflow";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="
http://www.springframework.org/schema/webflow
http://www.springframework.org/schema/webflow/spring-webflow-1.0.xsd";>
<start-state idref="initialFlowSetup"/>
<action-state id="initialFlowSetup">
<action bean="initialFlowSetupAction" />
<transition on="success" to="ticketGrantingTicketExistsCheck" />
</action-state>
<decision-state id="ticketGrantingTicketExistsCheck">
<if test="${flowScope.ticketGrantingTicketId != null}"
then="hasServiceCheck" else="gatewayRequestCheck" />
</decision-state>
<decision-state id="gatewayRequestCheck">
<if test="${externalContext.requestParameterMap['gateway'] !=
'' && externalContext.requestParameterMap['gateway'] != null &&
flowScope.service != null}" then="redirect" else="startAuthenticate" />
</decision-state>
<decision-state id="hasServiceCheck">
<if test="${flowScope.service != null}"
then="renewRequestCheck" else="viewGenericLoginSuccess" />
</decision-state>
<decision-state id="renewRequestCheck">
<if test="${externalContext.requestParameterMap['renew'] != ''
&& externalContext.requestParameterMap['renew'] != null}"
then="startAuthenticate" else="generateServiceTicket" />
</decision-state>
<!--
The "warn" action makes the determination of whether to
redirect directly to the requested
service or display the "confirmation" page to go back to the
server.
-->
<decision-state id="warn">
<if test="${flowScope.warnCookieValue}" then="showWarningView"
else="redirect" />
</decision-state>
<!--
<action-state id="startAuthenticate">
<action bean="x509Check" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
-->
<action-state id="startAuthenticate">
<!-- <evaluate-action expression="negociateSpnego" /> -->
<evaluate expression="negociateSpnego" />
<transition on="success" to="spnego" />
</action-state>
<action-state id="spnego">
<!-- <evaluate expression="spnego" /> -->
<evaluate-action expression="spnego" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
<view-state id="viewLoginForm" view="casLoginView">
<render-actions>
<action bean="authenticationViaFormAction"
method="setupForm"/>
<action bean="authenticationViaFormAction"
method="referenceData"/>
</render-actions>
<transition on="submit" to="bindAndValidate" />
</view-state>
<action-state id="bindAndValidate">
<action bean="authenticationViaFormAction" />
<transition on="success" to="submit" />
<transition on="error" to="viewLoginForm" />
</action-state>
<action-state id="submit">
<action bean="authenticationViaFormAction" method="submit" />
<transition on="warn" to="warn" />
<transition on="success" to="sendTicketGrantingTicket" />
<transition on="error" to="viewLoginForm" />
</action-state>
<action-state id="sendTicketGrantingTicket">
<action bean="sendTicketGrantingTicketAction" />
<transition on="success" to="serviceCheck" />
</action-state>
<decision-state id="serviceCheck">
<if test="${flowScope.service != null}"
then="generateServiceTicket" else="viewGenericLoginSuccess" />
</decision-state>
<action-state id="generateServiceTicket">
<action bean="generateServiceTicketAction" />
<transition on="success" to ="warn" />
<transition on="error" to="viewLoginForm" />
<transition on="gateway" to="redirect" />
</action-state>
<!--
the "viewGenericLogin" is the end state for when a user
attempts to login without coming directly from a service.
They have only initialized their single-sign on session.
-->
<end-state id="viewGenericLoginSuccess"
view="casLoginGenericSuccessView" />
<!--
The "showWarningView" end state is the end state for when the
user has requested privacy settings (to be "warned") to be turned on. It
delegates to a
view defines in default_views.properties that display the
"Please click here to go to the service." message.
-->
<end-state id="showWarningView" view="casLoginConfirmView" />
<!--
The "redirect" end state allows CAS to properly end the
workflow while still redirecting
the user back to the service required.
-->
<end-state id="redirect" view="bean:dynamicRedirectViewSelector" />
<end-state id="viewServiceErrorView" view="viewServiceErrorView" />
<end-state id="viewServiceSsoErrorView" view="viewServiceSsoErrorView" />
<global-transitions>
<transition to="viewServiceErrorView"
on-exception="org.springframework.webflow.execution.repository.NoSuchFlowExecutionException"
/>
<transition to="viewServiceSsoErrorView"
on-exception="org.jasig.cas.services.UnauthorizedSsoServiceException" />
<transition to="viewServiceErrorView"
on-exception="org.jasig.cas.services.UnauthorizedServiceException" />
</global-transitions>
</flow>
Thank you for the help!
-----Ursprüngliche Nachricht-----
Von: Pavel Tavoda [mailto:[email protected]]
Gesendet: Donnerstag, 27. Januar 2011 13:58
An: [email protected]
Betreff: Re: [cas-user] SPNEGO
It looks like you make an mistake in login-webflow.xml. Can you post it here?
Pavel
On Fri, Jan 21, 2011 at 12:53 PM, Alexander Pfeifer
<[email protected]> wrote:
> Hello everyone!
>
> I try to get a transparent login to a web application, for example
> confluence. I followed this page from the wiki:
> https://wiki.jasig.org/display/CASUM/SPNEGO
>
> But I have some trouble.
>
> If I configure everything like told on the page, I get the following
> error:
> org.springframework.webflow.engine.builder.FlowBuilderException: Could not
> parse the XML flow definition document at ServletContext resource
> [/WEB-INF/login-webflow.xml]; nested exception
> is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content
> was found starting with element 'evaluate'. One of
> '{"http://www.springframework.org/schema/webflow":attribute,
> "http://www.springframework.org/schema/webflow":entry-actions,
> "http://www.springframework.org/schema/webflow":action,
> "http://www.springframework.org/schema/webflow":bean-action, "http:/
> /www.springframework.org/schema/webflow":evaluate-action,
> "http://www.springframework.org/schema/webflow":set}' is expected.
>
> If I change the definition from "evaluate" to "evaluate-action", I get
> the following error message: 2011-01-12 15:52:20,801 DEBUG
> [org.springframework.web.servlet.DispatcherServlet] - <Could not complete
> request>
> org.springframework.webflow.engine.ActionExecutionException: Exception thrown
> executing [AnnotatedAction@1875da7 targetAction =
> org.springframework.webflow.action.EvaluateAction@15
> a3a1, attributes = map[[empty]]] in state 'startAuthenticate' of flow
> 'login-webflow' -- action execution attributes were 'map[[empty]]'; nested
> exception is org.springframework.bi
> nding.expression.EvaluationException: Expression [EvaluationAttempt@a9a32c
> expression = negociateSpnego, target = [RequestControlContextImpl@117c0eb
> externalContext = [ServletExter
> nalContext@952905 requestParameterMap = map[[empty]]], requestScope =
> map[[empty]], attributes = map[[empty]], flowExecution =
> [FlowExecutionImpl@7ab40c flow = 'login-webflow', flo
> wSessions = list[[FlowSessionImpl@ad483 flow = 'login-webflow', state =
> 'startAuthenticate', scope = map['service' -> [null], 'warnCookieValue' ->
> false, 'ticketGrantingTicketId' -
>> [null]], flashMap = map[[empty]], status = Active]]]], context =
>> [null]] failed - make sure the expression is evaluatable on the target
>> object; nested exception is ognl.NoSuchPro
> pertyException:
> org.springframework.webflow.engine.impl.RequestControlContextImpl.nego
> ciateSpnego
>
> I did a build with the added dependency for spnego.
>
> Kerberos do work. If I use kinit for the user I get a ticket. I added
> the kerberos configuration to the JAVA_OPTS:
> -Djava.security.krb5.realm=[OUR REALM] -Djava.security.krb5.kdc=[KDC]
> -Djava.security.krb5.conf=/etc/krb5.conf
> -Djava.security.auth.login.config=jaas.conf
>
> I do really stuck. Please help me!
> If more informationen are needed, let it know me.
>
> Best regards
> Alexander Pfeifer
> --
> You are currently subscribed to [email protected] as:
> [email protected] To unsubscribe, change settings or access
> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected] To unsubscribe, change settings or access
archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
