[cas-dev] CAS login-webflow execution cycle

Lee Braddock lee.braddock at ccci.org
Fri Aug 10 13:56:43 EDT 2007 

Scott,

We have indeed made some modifications to our login-webflow.xml (and I
would like to disucss those with you, as we are employing two separate
web flows, but that conversation will have to wait), but the results I
am describing come from running an unmodified cas.war v3.0.7 on an
Oracle Application Server in debug mode (setting log4j.rootLogger=DEBUG,
stdout, logfile and log4j.logger.org.springframework=DEBUG in
log4j.properties).

I have extracted from the log file the sequence of events signaled by
the spring web flow framework (see below) for a successful login (note
that I also obtain the same results when running under Tomcat - also
shown by the log results below).

This web flow shows the initial state, namely
'automaticCookiePathSetter', being entered three times, along with the
subsequently executed states, and I don't quite understand how that
would be for a simple login.

If you set your debug level accordingly, do you not get these results?

If you do, can you please elaborate on the reasoning behind this
seemingly repetetive flow?  (the answer to this question may help
clarify behaviour our modified web flow seems to exhibit).

Thanks very much.

Lee


Oracle Application Server cas log:

These events follow display of the login page:

2007-08-10 13:25:24,816 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'automaticCookiePathSetter' of flow
'login-webflow'
2007-08-10 13:25:24,819 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'noTicketGrantingTicketExists' in state
'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
2007-08-10 13:25:24,821 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
of flow 'login-webflow'
2007-08-10 13:25:25,013 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'automaticCookiePathSetter' of flow
'login-webflow'
2007-08-10 13:25:25,014 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'noTicketGrantingTicketExists' in state
'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
2007-08-10 13:25:25,015 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
of flow 'login-webflow' 

These events follow user submission of credentials through browser
displayed cas login page:

2007-08-10 13:28:19,513 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'submit' in state 'viewLoginForm' of flow
'login-webflow'
2007-08-10 13:28:19,558 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'bindAndValidate' of flow
'login-webflow'
2007-08-10 13:28:19,565 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'submit' of flow 'login-webflow'
2007-08-10 13:28:19,567 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'sendTicketGrantingTicket' of flow
'login-webflow'
2007-08-10 13:28:19,568 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticatedButNoService' in state 'serviceCheck' of
flow 'login-webflow'
2007-08-10 13:28:19,616 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl]

Signaling event 'success' in state 'automaticCookiePathSetter' of flow
'login-webflow'
2007-08-10 13:28:19,617 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'noTicketGrantingTicketExists' in state
'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
2007-08-10 13:28:19,618 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
of flow 'login-webflow'




Tomcat Application Server cas log:

2007-08-10 13:49:06,704 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'automaticCookiePathSetter' of flow
'login-webflow'
2007-08-10 13:49:06,704 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'noTicketGrantingTicketExists' in state
'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
2007-08-10 13:49:06,704 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
of flow 'login-webflow'
2007-08-10 13:49:06,937 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'automaticCookiePathSetter' of flow
'login-webflow'
2007-08-10 13:49:06,937 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'noTicketGrantingTicketExists' in state
'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
2007-08-10 13:49:06,937 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
of flow 'login-webflow'


2007-08-10 13:49:15,485 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'submit' in state 'viewLoginForm' of flow
'login-webflow'
2007-08-10 13:49:15,500 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'bindAndValidate' of flow
'login-webflow'
2007-08-10 13:49:15,516 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'submit' of flow 'login-webflow'
2007-08-10 13:49:15,516 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'success' in state 'sendTicketGrantingTicket' of flow
'login-webflow'
2007-08-10 13:49:15,516 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticatedButNoService' in state 'serviceCheck' of
flow 'login-webflow'
2007-08-10 13:49:15,547 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] - 

Signaling event 'success' in state 'automaticCookiePathSetter' of flow
'login-webflow'
2007-08-10 13:49:15,563 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'noTicketGrantingTicketExists' in state
'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
2007-08-10 13:49:15,563 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
of flow 'login-webflow'


-----Original Message-----

Message: 1
Date: Thu, 9 Aug 2007 16:18:43 -0400
From: "Lee Braddock" <lee.braddock at ccci.org>
Subject: [cas-dev] CAS login-webflow execution cycle
To: <cas-dev at tp.its.yale.edu>
Message-ID:
	
<AA31B48877B3D648B093F354F8901C050123E16B at HART-E005V.net.ccci.org>
Content-Type: text/plain; charset="us-ascii"

Hello,

 

When logging  into CAS, it appears (according to DEBUG level logs) that
the login-webflow.xml is executed more than once, before the
viewGenericLoginSuccessPage is eventually displayed.

 

This behavior seems to adversely impact our modified version of the
login-webflow.xml as follows:

 

We have modified the login-webflow.xml such that we trust
non-interactive credentials provided us implicitly and therefore our web
flow does not require user input.  However, due to the fact that the web
flow executes twice, we generate a second and unnecessary TGT on the
second execution.

 

Can you explain:

 

1)      Why login-webflow.xml web flow executes more than once (if,
indeed, it does) per login?

2)      How it recognizes this and displays the login success page on a
subsequent execution as opposed to repeating the same web flow cycle
over and over again (the answer to this question may help us to
understand how we can prevent it generating a second and unnecessary TGT
on non-interactive credentials login)?

 

Thanks.

 

Lee

-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070809/73303299/a
ttachment-0001.html 

------------------------------

Message: 2
Date: Fri, 10 Aug 2007 11:07:48 -0400
From: "Scott Battaglia" <scott.battaglia at gmail.com>
Subject: Re: [cas-dev] CAS login-webflow execution cycle
To: "Mailing list for CAS developers" <cas-dev at tp.its.yale.edu>
Message-ID:
	<1bbd36a10708100807s61d40ddcr22fd902ee8846b38 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Lee,

I've executed the default webflow on my machine and couldn't notice
anything
weird going on.  I tried a couple of different ways.  Any details on how
you've customized it?

-Scott

On 8/9/07, Lee Braddock <lee.braddock at ccci.org> wrote:
>
>  Hello,
>
>
>
> When logging  into CAS, it appears (according to DEBUG level logs)
that
> the login-webflow.xml is executed more than once, before the
> viewGenericLoginSuccessPage is eventually displayed.
>
>
>
> This behavior seems to adversely impact our modified version of the
> login-webflow.xml as follows:
>
>
>
> We have modified the login-webflow.xml such that we trust
non-interactive
> credentials provided us implicitly and therefore our web flow does not
> require user input.  However, due to the fact that the web flow
executes
> twice, we generate a second and unnecessary TGT on the second
execution.
>
>
>
> Can you explain:
>
>
>
> 1)      Why login-webflow.xml web flow executes more than once (if,
> indeed, it does) per login?
>
> 2)      How it recognizes this and displays the login success page on
a
> subsequent execution as opposed to repeating the same web flow cycle
over
> and over again (the answer to this question may help us to understand
how we
> can prevent it generating a second and unnecessary TGT on
non-interactive
> credentials login)?
>
>
>
> Thanks.
>
>
>
> Lee
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>


-- 
-Scott Battaglia

More information about the cas-dev mailing list