Eric, the authenticated principal is not available in the flow scope after a successful authentication and SSO session establishment. TGT id String is. So to get to the authenticated principal id, you'd need to do this dance:
* TickerRegistry#getTicket(String) * TicketGrantingTicket#getAuthentication * Authentication#getPrincipal * Principal#getId On the other hand, flowScope.credentials object contains an id that was presented by a user when challenged for authentication by CAS, but id does not represent a successfully authenticated principal. Dmitriy. On Jan 23, 2013, at 3:16 PM, "Stein, Eric" <[email protected]> wrote: > Jérôme, > After a successful authentication, I want to route the user one of serveral > ways based on a flag in the database. Making them confirm the EULA is one > option. I may also want to force them to change a password, or otherwise push > them around before they get to the application they originally requested. Is > your suggestion viable given that there are probably 5 or 6 paths they could > go down? I'd like to avoid a chain of tests, where checkEULA passes them to > changePassword which passes them to doOtherThing etc. > > I guess I could have an action between realSubmit and > sentTicketGrantingTicket which looks up that flag and returns some value > which then points you to the right view. Is there a way to figure out the > user's login ID? Is it in flowScope.credentials, maybe? > > Thanks, > Eric > > -----Original Message----- > From: jleleu [mailto:[email protected]] > Sent: Wednesday, January 23, 2013 2:35 PM > To: [email protected] > Subject: RE:[cas-user] login-webflow.xml confusion > > Hi, > > You're right, throwing an exception during authentication prevents the > granting ticket to be saved in your registry and triggers a TicketException. > This causes your problem. > > Just to be sure that I clearly understand you need : after a successfull > authentication, you want to display a confirmation page for some (all ?) > users. Am I right ? > > A solution could be to add an intermediate action "checkEULA" : > <action-state id="realSubmit"> > <evaluate > expression="authenticationViaFormAction.submit(flowRequestContext, > flowScope.credentials, messageContext)" /> > <transition on="success" to="checkEULA" /> ... > > <action-state id="checkEULA"> > <evaluate expression="checkEULAAction" /> > <transition on="success" to="sendTicketGrantingTicket" /> > <transition on="error" to="confirmEULAView" /> </action-state> > > This "chekEULA" would transition to "sendTicketGrantingTicket" if no > confirmation page should be displayed or to the confirmation view if it's > necessary... > > Best regards, > Jérôme > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
