RE: [cas-user] login-webflow.xml confusion

[Stein, Eric]

Dmitriy,

  Thank you for the dance! I have it coded and I'm trying to test it. I'm not 
sure how to get the original ticket into my action, though.

 

login-webflow.xml calls to a bean defined in cas-servlet as:

  <bean id="lookupAccountStatusAction" 
class="com.locustec.authentication.LookupAccountStatusAction">

    <constructor-arg index="0" ref="jndiDataSource"/>

    <constructor-arg index="1" ref="ticketRegistry"/>

  </bean>

 

Presumably the ticket would be passed in as a parameter, something like this:

  <bean id="lookupAccountStatusAction" 
class="com.locustec.authentication.LookupAccountStatusAction">

        p:ticket="????????"

    <constructor-arg index="0" ref="jndiDataSource"/>

    <constructor-arg index="1" ref="ticketRegistry"/>

  </bean>

 

but I'm not sure how to get a handle to the ticket.

 

Thanks for any ideas,

Eric

 

 

-----Original Message-----
From: Dmitriy Kopylenko [mailto:dkopyle...@unicon.net] 
Sent: Wednesday, January 23, 2013 4:12 PM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] login-webflow.xml confusion

 

Eric,

 

the authenticated principal is not available in the flow scope after a 
successful authentication and SSO session establishment. TGT id String is. So 
to get to the authenticated principal id, you'd need to do this dance: 

 

* TickerRegistry#getTicket(String)

 

* TicketGrantingTicket#getAuthentication

 

* Authentication#getPrincipal

 

* Principal#getId

 

On the other hand, flowScope.credentials object contains an id that was 
presented by a user when challenged for authentication by CAS, but id does not 
represent a successfully authenticated principal.

 

Dmitriy.

 

On Jan 23, 2013, at 3:16 PM, "Stein, Eric" <ste...@locustec.com 
<mailto:ste...@locustec.com> > wrote:

 

> Jérôme,

>  After a successful authentication, I want to route the user one of serveral 
> ways based on a flag in the database. Making them confirm the EULA is one 
> option. I may also want to force them to change a password, or otherwise push 
> them around before they get to the application they originally requested. Is 
> your suggestion viable given that there are probably 5 or 6 paths they could 
> go down? I'd like to avoid a chain of tests, where checkEULA passes them to 
> changePassword which passes them to doOtherThing etc.

> 

>  I guess I could have an action between realSubmit and 
> sentTicketGrantingTicket which looks up that flag and returns some value 
> which then points you to the right view. Is there a way to figure out the 
> user's login ID? Is it in flowScope.credentials, maybe?

> 

> Thanks,

> Eric

> 

> -----Original Message-----

> From: jleleu [mailto:lel...@gmail.com] <mailto:[mailto:lel...@gmail.com]> 

> Sent: Wednesday, January 23, 2013 2:35 PM

> To: cas-user@lists.jasig.org <mailto:cas-user@lists.jasig.org> 

> Subject: RE:[cas-user] login-webflow.xml confusion

> 

> Hi,

> 

> You're right, throwing an exception during authentication prevents the 
> granting ticket to be saved in your registry and triggers a TicketException. 
> This causes your problem.

> 

> Just to be sure that I clearly understand you need : after a successfull 
> authentication, you want to display a confirmation page for some (all ?) 
> users. Am I right ?

> 

> A solution could be to add an intermediate action "checkEULA" :

> <action-state id="realSubmit">

>    <evaluate 
> expression="authenticationViaFormAction.submit(flowRequestContext, 
> flowScope.credentials, messageContext)" />            

>    <transition on="success" to="checkEULA" /> ...

> 

> <action-state id="checkEULA">

>  <evaluate expression="checkEULAAction" />  <transition on="success" 

> to="sendTicketGrantingTicket" />  <transition on="error" 

> to="confirmEULAView" /> </action-state>

> 

> This "chekEULA" would transition to "sendTicketGrantingTicket" if no 
> confirmation page should be displayed or to the confirmation view if it's 
> necessary...

> 

> Best regards,

> Jérôme

> 

> --

> You are currently subscribed to cas-user@lists.jasig.org 
> <mailto:cas-user@lists.jasig.org>  as: 

> ste...@locustec.com <mailto:ste...@locustec.com>  To unsubscribe, change 
> settings or access 

> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user 
> <http://www.ja-sig.org/wiki/display/JSG/cas-user> 

> 

> --

> You are currently subscribed to cas-user@lists.jasig.org 
> <mailto:cas-user@lists.jasig.org>  as: 

> dkopyle...@unicon.net <mailto:dkopyle...@unicon.net>  To unsubscribe, change 
> settings or access 

> archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user 
> <http://www.ja-sig.org/wiki/display/JSG/cas-user> 

 

 

--

You are currently subscribed to cas-user@lists.jasig.org 
<mailto:cas-user@lists.jasig.org>  as: ste...@locustec.com 
<mailto:ste...@locustec.com>  To unsubscribe, change settings or access 
archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user 
<http://www.ja-sig.org/wiki/display/JSG/cas-user> 

 


-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user