[cas-dev] CAS login-webflow execution cycle

Scott Battaglia scott.battaglia at gmail.com
Mon Aug 13 10:06:27 EDT 2007 

Lee,

I examined the requests from Firefox using "Tamper Data" and discovered that
the default skin is missing one image.  The default web.xml is set up such
that all 404s in /cas will redirect to the home page.  This will cause extra
requests to the web flow since a non-existent image will trigger the 404.

You can try disabling the 404 check in the web.xml and see if that
eliminates the extra requests.

-Scott

On 8/10/07, Lee Braddock <lee.braddock at ccci.org> wrote:
>
> Scott,
>
> We have indeed made some modifications to our login-webflow.xml (and I
> would like to disucss those with you, as we are employing two separate
> web flows, but that conversation will have to wait), but the results I
> am describing come from running an unmodified cas.war v3.0.7 on an
> Oracle Application Server in debug mode (setting log4j.rootLogger=DEBUG,
> stdout, logfile and log4j.logger.org.springframework=DEBUG in
> log4j.properties).
>
> I have extracted from the log file the sequence of events signaled by
> the spring web flow framework (see below) for a successful login (note
> that I also obtain the same results when running under Tomcat - also
> shown by the log results below).
>
> This web flow shows the initial state, namely
> 'automaticCookiePathSetter', being entered three times, along with the
> subsequently executed states, and I don't quite understand how that
> would be for a simple login.
>
> If you set your debug level accordingly, do you not get these results?
>
> If you do, can you please elaborate on the reasoning behind this
> seemingly repetetive flow?  (the answer to this question may help
> clarify behaviour our modified web flow seems to exhibit).
>
> Thanks very much.
>
> Lee
>
>
> Oracle Application Server cas log:
>
> These events follow display of the login page:
>
> 2007-08-10 13:25:24,816 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'automaticCookiePathSetter' of flow
> 'login-webflow'
> 2007-08-10 13:25:24,819 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'noTicketGrantingTicketExists' in state
> 'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
> 2007-08-10 13:25:24,821 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
> of flow 'login-webflow'
> 2007-08-10 13:25:25,013 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'automaticCookiePathSetter' of flow
> 'login-webflow'
> 2007-08-10 13:25:25,014 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'noTicketGrantingTicketExists' in state
> 'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
> 2007-08-10 13:25:25,015 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
> of flow 'login-webflow'
>
> These events follow user submission of credentials through browser
> displayed cas login page:
>
> 2007-08-10 13:28:19,513 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'submit' in state 'viewLoginForm' of flow
> 'login-webflow'
> 2007-08-10 13:28:19,558 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'bindAndValidate' of flow
> 'login-webflow'
> 2007-08-10 13:28:19,565 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'submit' of flow 'login-webflow'
> 2007-08-10 13:28:19,567 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'sendTicketGrantingTicket' of flow
> 'login-webflow'
> 2007-08-10 13:28:19,568 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticatedButNoService' in state 'serviceCheck' of
> flow 'login-webflow'
> 2007-08-10 13:28:19,616 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl]
>
> Signaling event 'success' in state 'automaticCookiePathSetter' of flow
> 'login-webflow'
> 2007-08-10 13:28:19,617 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'noTicketGrantingTicketExists' in state
> 'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
> 2007-08-10 13:28:19,618 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
> of flow 'login-webflow'
>
>
>
>
> Tomcat Application Server cas log:
>
> 2007-08-10 13:49:06,704 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'automaticCookiePathSetter' of flow
> 'login-webflow'
> 2007-08-10 13:49:06,704 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'noTicketGrantingTicketExists' in state
> 'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
> 2007-08-10 13:49:06,704 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
> of flow 'login-webflow'
> 2007-08-10 13:49:06,937 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'automaticCookiePathSetter' of flow
> 'login-webflow'
> 2007-08-10 13:49:06,937 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'noTicketGrantingTicketExists' in state
> 'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
> 2007-08-10 13:49:06,937 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
> of flow 'login-webflow'
>
>
> 2007-08-10 13:49:15,485 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'submit' in state 'viewLoginForm' of flow
> 'login-webflow'
> 2007-08-10 13:49:15,500 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'bindAndValidate' of flow
> 'login-webflow'
> 2007-08-10 13:49:15,516 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'submit' of flow 'login-webflow'
> 2007-08-10 13:49:15,516 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'success' in state 'sendTicketGrantingTicket' of flow
> 'login-webflow'
> 2007-08-10 13:49:15,516 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticatedButNoService' in state 'serviceCheck' of
> flow 'login-webflow'
> 2007-08-10 13:49:15,547 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
>
> Signaling event 'success' in state 'automaticCookiePathSetter' of flow
> 'login-webflow'
> 2007-08-10 13:49:15,563 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'noTicketGrantingTicketExists' in state
> 'ticketGrantingTicketExistsCheckAction' of flow 'login-webflow'
> 2007-08-10 13:49:15,563 DEBUG
> [org.springframework.webflow.engine.impl.RequestControlContextImpl] -
> Signaling event 'authenticationRequired' in state 'gatewayRequestCheck'
> of flow 'login-webflow'
>
>
> -----Original Message-----
>
> Message: 1
> Date: Thu, 9 Aug 2007 16:18:43 -0400
> From: "Lee Braddock" <lee.braddock at ccci.org>
> Subject: [cas-dev] CAS login-webflow execution cycle
> To: <cas-dev at tp.its.yale.edu>
> Message-ID:
>
> <AA31B48877B3D648B093F354F8901C050123E16B at HART-E005V.net.ccci.org>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello,
>
>
>
> When logging  into CAS, it appears (according to DEBUG level logs) that
> the login-webflow.xml is executed more than once, before the
> viewGenericLoginSuccessPage is eventually displayed.
>
>
>
> This behavior seems to adversely impact our modified version of the
> login-webflow.xml as follows:
>
>
>
> We have modified the login-webflow.xml such that we trust
> non-interactive credentials provided us implicitly and therefore our web
> flow does not require user input.  However, due to the fact that the web
> flow executes twice, we generate a second and unnecessary TGT on the
> second execution.
>
>
>
> Can you explain:
>
>
>
> 1)      Why login-webflow.xml web flow executes more than once (if,
> indeed, it does) per login?
>
> 2)      How it recognizes this and displays the login success page on a
> subsequent execution as opposed to repeating the same web flow cycle
> over and over again (the answer to this question may help us to
> understand how we can prevent it generating a second and unnecessary TGT
> on non-interactive credentials login)?
>
>
>
> Thanks.
>
>
>
> Lee
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070809/73303299/a
> ttachment-0001.html
>
> ------------------------------
>
> Message: 2
> Date: Fri, 10 Aug 2007 11:07:48 -0400
> From: "Scott Battaglia" <scott.battaglia at gmail.com>
> Subject: Re: [cas-dev] CAS login-webflow execution cycle
> To: "Mailing list for CAS developers" <cas-dev at tp.its.yale.edu>
> Message-ID:
>         <1bbd36a10708100807s61d40ddcr22fd902ee8846b38 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Lee,
>
> I've executed the default webflow on my machine and couldn't notice
> anything
> weird going on.  I tried a couple of different ways.  Any details on how
> you've customized it?
>
> -Scott
>
> On 8/9/07, Lee Braddock <lee.braddock at ccci.org> wrote:
> >
> >  Hello,
> >
> >
> >
> > When logging  into CAS, it appears (according to DEBUG level logs)
> that
> > the login-webflow.xml is executed more than once, before the
> > viewGenericLoginSuccessPage is eventually displayed.
> >
> >
> >
> > This behavior seems to adversely impact our modified version of the
> > login-webflow.xml as follows:
> >
> >
> >
> > We have modified the login-webflow.xml such that we trust
> non-interactive
> > credentials provided us implicitly and therefore our web flow does not
> > require user input.  However, due to the fact that the web flow
> executes
> > twice, we generate a second and unnecessary TGT on the second
> execution.
> >
> >
> >
> > Can you explain:
> >
> >
> >
> > 1)      Why login-webflow.xml web flow executes more than once (if,
> > indeed, it does) per login?
> >
> > 2)      How it recognizes this and displays the login success page on
> a
> > subsequent execution as opposed to repeating the same web flow cycle
> over
> > and over again (the answer to this question may help us to understand
> how we
> > can prevent it generating a second and unnecessary TGT on
> non-interactive
> > credentials login)?
> >
> >
> >
> > Thanks.
> >
> >
> >
> > Lee
> >
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
> >
>
>
> --
> -Scott Battaglia
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20070813/a4b0d345/attachment-0001.html

More information about the cas-dev mailing list