Eric, the TGT ID should be available in the request scope, so you could pass it to your action state impl using SWF expression lang. provided that you model your action method to take the TGT ID e.g.
… <evaluate expression="lookupAccountStatusAction.myLookupMethod(requestScope.ticketGrantingTicketId)" /> … BTW, instead of doing the "dance" yourself, you could opt to let the convenience API in cas-addons do it for you :-) https://github.com/Unicon/cas-addons/blob/master/src/main/java/net/unicon/cas/addons/authentication/AuthenticationSupport.java Example of configuring and using that API in SWF to retrieve an Authenticated principal: https://github.com/Unicon/cas-addons/wiki/Authenticated-Principal-in-Generic-Success-Login-View Cheers, Dmitriy. On Jan 25, 2013, at 3:29 PM, "Stein, Eric" <[email protected]> wrote: > Dmitriy, > Thank you for the dance! I have it coded and I'm trying to test it. I'm not > sure how to get the original ticket into my action, though. > > login-webflow.xml calls to a bean defined in cas-servlet as: > <bean id="lookupAccountStatusAction" > class="com.locustec.authentication.LookupAccountStatusAction"> > <constructor-arg index="0" ref="jndiDataSource"/> > <constructor-arg index="1" ref="ticketRegistry"/> > </bean> > > Presumably the ticket would be passed in as a parameter, something like this: > <bean id="lookupAccountStatusAction" > class="com.locustec.authentication.LookupAccountStatusAction"> > p:ticket="????????" > <constructor-arg index="0" ref="jndiDataSource"/> > <constructor-arg index="1" ref="ticketRegistry"/> > </bean> > > but I'm not sure how to get a handle to the ticket. > > Thanks for any ideas, > Eric > > > -----Original Message----- > From: Dmitriy Kopylenko [mailto:[email protected]] > Sent: Wednesday, January 23, 2013 4:12 PM > To: [email protected] > Subject: Re: [cas-user] login-webflow.xml confusion > > Eric, > > the authenticated principal is not available in the flow scope after a > successful authentication and SSO session establishment. TGT id String is. So > to get to the authenticated principal id, you'd need to do this dance: > > * TickerRegistry#getTicket(String) > > * TicketGrantingTicket#getAuthentication > > * Authentication#getPrincipal > > * Principal#getId > > On the other hand, flowScope.credentials object contains an id that was > presented by a user when challenged for authentication by CAS, but id does > not represent a successfully authenticated principal. > > Dmitriy. > > On Jan 23, 2013, at 3:16 PM, "Stein, Eric" <[email protected]> wrote: > > > Jérôme, > > After a successful authentication, I want to route the user one of > > serveral ways based on a flag in the database. Making them confirm the EULA > > is one option. I may also want to force them to change a password, or > > otherwise push them around before they get to the application they > > originally requested. Is your suggestion viable given that there are > > probably 5 or 6 paths they could go down? I'd like to avoid a chain of > > tests, where checkEULA passes them to changePassword which passes them to > > doOtherThing etc. > > > > I guess I could have an action between realSubmit and > > sentTicketGrantingTicket which looks up that flag and returns some value > > which then points you to the right view. Is there a way to figure out the > > user's login ID? Is it in flowScope.credentials, maybe? > > > > Thanks, > > Eric > > > > -----Original Message----- > > From: jleleu [mailto:[email protected]] > > Sent: Wednesday, January 23, 2013 2:35 PM > > To: [email protected] > > Subject: RE:[cas-user] login-webflow.xml confusion > > > > Hi, > > > > You're right, throwing an exception during authentication prevents the > > granting ticket to be saved in your registry and triggers a > > TicketException. This causes your problem. > > > > Just to be sure that I clearly understand you need : after a successfull > > authentication, you want to display a confirmation page for some (all ?) > > users. Am I right ? > > > > A solution could be to add an intermediate action "checkEULA" : > > <action-state id="realSubmit"> > > <evaluate > > expression="authenticationViaFormAction.submit(flowRequestContext, > > flowScope.credentials, messageContext)" /> > > <transition on="success" to="checkEULA" /> ... > > > > <action-state id="checkEULA"> > > <evaluate expression="checkEULAAction" /> <transition on="success" > > to="sendTicketGrantingTicket" /> <transition on="error" > > to="confirmEULAView" /> </action-state> > > > > This "chekEULA" would transition to "sendTicketGrantingTicket" if no > > confirmation page should be displayed or to the confirmation view if it's > > necessary... > > > > Best regards, > > Jérôme > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
