cas-shiro-demo

<?xml version="1.0" encoding="UTF-8"?> <!-- ~ Licensed to Jasig under one or more contributor license ~ agreements. See the NOTICE file distributed with this work ~ for additional information regarding copyright ownership. ~ Jasig licenses this file to you under the Apache License, ~ Version 2.0 (the "License"); you may not use this file ~ except in compliance with the License. You may obtain a ~ copy of the License at the following location: ~ ~ http://www.apache.org/licenses/LICENSE-2.0 ~ ~ Unless required by applicable law or agreed to in writing, ~ software distributed under the License is distributed on an ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ~ KIND, either express or implied. See the License for the ~ specific language governing permissions and limitations ~ under the License. --> <flow xmlns="http://www.springframework.org/schema/webflow" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd"> <var name="credentials" class="org.jasig.cas.authentication.principal.RememberMeUsernamePasswordCredentials" /> <on-start> <evaluate expression="initialFlowSetupAction" /> </on-start> <decision-state id="ticketGrantingTicketExistsCheck"> <if test="flowScope.ticketGrantingTicketId != null" then="hasServiceCheck" else="gatewayRequestCheck" /> </decision-state> <decision-state id="gatewayRequestCheck"> <if test="requestParameters.gateway != '' and requestParameters.gateway != null and flowScope.service != null" then="gatewayServicesManagementCheck" else="generateLoginTicket" /> </decision-state> <decision-state id="hasServiceCheck"> <if test="flowScope.service != null" then="renewRequestCheck" else="viewGenericLoginSuccess" /> </decision-state> <decision-state id="renewRequestCheck"> <if test="requestParameters.renew != '' and requestParameters.renew != null" then="generateLoginTicket" else="generateServiceTicket" /> </decision-state> <!-- The "warn" action makes the determination of whether to redirect directly to the requested service or display the "confirmation" page to go back to the server. --> <decision-state id="warn"> <if test="flowScope.warnCookieValue" then="showWarningView" else="redirect" /> </decision-state> <!-- <action-state id="startAuthenticate"> <action bean="x509Check" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="warn" to="warn" /> <transition on="error" to="generateLoginTicket" /> </action-state> --> <!-- LPPE transitions begin here: You will also need to move over the 'lppe-configuration.xml' file from the 'unused-spring-configuration' folder to the 'spring-configuration' folder so CAS can pick up the definition for the bean 'passwordPolicyAction'. --> <action-state id="passwordPolicyCheck"> <evaluate expression="passwordPolicyAction" /> <transition on="showWarning" to="passwordServiceCheck" /> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to="viewLoginForm" /> </action-state> <action-state id="passwordServiceCheck"> <evaluate expression="sendTicketGrantingTicketAction" /> <transition to="passwordPostCheck" /> </action-state> <decision-state id="passwordPostCheck"> <if test="flowScope.service != null" then="warnPassRedirect" else="pwdWarningPostView" /> </decision-state> <action-state id="warnPassRedirect"> <evaluate expression="generateServiceTicketAction" /> <transition on="success" to="pwdWarningPostView" /> <transition on="error" to="generateLoginTicket" /> <transition on="gateway" to="gatewayServicesManagementCheck" /> </action-state> <end-state id="pwdWarningAbstractView"> <on-entry> <set name="flowScope.passwordPolicyUrl" value="passwordPolicyAction.getPasswordPolicyUrl()" /> </on-entry> </end-state> <end-state id="pwdWarningPostView" view="casWarnPassView" parent="#pwdWarningAbstractView" /> <end-state id="casExpiredPassView" view="casExpiredPassView" parent="#pwdWarningAbstractView" /> <end-state id="casMustChangePassView" view="casMustChangePassView" parent="#pwdWarningAbstractView" /> <end-state id="casAccountDisabledView" view="casAccountDisabledView" /> <end-state id="casAccountLockedView" view="casAccountLockedView" /> <end-state id="casBadHoursView" view="casBadHoursView" /> <end-state id="casBadWorkstationView" view="casBadWorkstationView" /> <!-- LPPE transitions end here... --> <action-state id="generateLoginTicket"> <evaluate expression="generateLoginTicketAction.generate(flowRequestContext)" /> <transition on="generated" to="viewLoginForm" /> </action-state> <view-state id="viewLoginForm" view="casLoginView" model="credentials"> <binder> <binding property="username" /> <binding property="password" /> <binding property="rememberMe" /> </binder> <on-entry> <set name="viewScope.commandName" value="'credentials'" /> </on-entry> <transition on="submit" bind="true" validate="true" to="realSubmit"> <evaluate expression="authenticationViaFormAction.doBind(flowRequestContext, flowScope.credentials)" /> </transition> </view-state> <action-state id="realSubmit"> <evaluate expression="authenticationViaFormAction.submit(flowRequestContext, flowScope.credentials, messageContext)" /> <!-- To enable LPPE on the 'warn' replace the below transition with: <transition on="warn" to="passwordPolicyCheck" /> CAS will attempt to transition to the 'warn' when there's a 'renew' parameter and there exists a ticketGrantingId and a service for the incoming request. --> <transition on="warn" to="warn" /> <!-- To enable LPPE on the 'success' replace the below transition with: <transition on="success" to="passwordPolicyCheck" /> --> <transition on="success" to="sendTicketGrantingTicket" /> <transition on="error" to="generateLoginTicket" /> <transition on="accountDisabled" to="casAccountDisabledView" /> <transition on="mustChangePassword" to="casMustChangePassView" /> <transition on="accountLocked" to="casAccountLockedView" /> <transition on="badHours" to="casBadHoursView" /> <transition on="badWorkstation" to="casBadWorkstationView" /> <transition on="passwordExpired" to="casExpiredPassView" /> </action-state> <action-state id="sendTicketGrantingTicket"> <evaluate expression="sendTicketGrantingTicketAction" /> <transition to="serviceCheck" /> </action-state> <decision-state id="serviceCheck"> <if test="flowScope.service != null" then="generateServiceTicket" else="viewGenericLoginSuccess" /> </decision-state> <action-state id="generateServiceTicket"> <evaluate expression="generateServiceTicketAction" /> <transition on="success" to ="warn" /> <transition on="error" to="generateLoginTicket" /> <transition on="gateway" to="gatewayServicesManagementCheck" /> </action-state> <action-state id="gatewayServicesManagementCheck"> <evaluate expression="gatewayServicesManagementCheck" /> <transition on="success" to="redirect" /> </action-state> <action-state id="redirect"> <evaluate expression="flowScope.service.getResponse(requestScope.serviceTicketId)" result-type="org.jasig.cas.authentication.principal.Response" result="requestScope.response" /> <transition to="postRedirectDecision" /> </action-state> <decision-state id="postRedirectDecision"> <if test="requestScope.response.responseType.name() == 'POST'" then="postView" else="redirectView" /> </decision-state> <!-- the "viewGenericLogin" is the end state for when a user attempts to login without coming directly from