- This topic has 3 replies, 2 voices, and was last updated 12 years, 9 months ago by
.
-
Posts
-
I have built a nice web flow. Then I scaffolded Security into the app, which works fine in itself.
But if the security traps a requirement for the user to log in during the flow, then the details from the flow are lost. I want the user to be in the flow, to log in (either because they click login or Security traps a need to them to be authorised) and then continue with the flow after they have logged in. I also need the log in page to have access to the variables from the flow.
Can someone advise – what is a strategy?
Here is what I have tried
– putting the flows variables into applicationScope (but dont see these variables inside the login jsp.)
– putting login onto a webflow transition (on the hope that the login form would then be perceived to be within the flow). but the “login” event does not trigger so they are not taken to the login page. The flows xml file looks like this<view-state id=”home”>
<on-entry> ….</on-entry>
<transition on=”login” to=”home”>
<secured attributes=”ROLE_USER”/>
<evaluate expression=”…”/>
</transition>
</view-state>There is a section in this reference guide that goes over securing a flow. It should contain the pieces you need to integrate the scaffolded security components with the webflow.
http://static.springsource.org/spring-webflow/docs/2.0.x/reference/html/index.html
HTH,
Thanks Cindy,
when I follow that process there is a step at add a listener into the webflow xml
<webflow:flow-executor id=”flowExecutor” flow-registry=”flowRegistry”>
<webflow:flow-execution-listeners>
<webflow:listener ref=”securityFlowExecutionListener” />
</webflow:flow-execution-listeners>
</webflow:flow-executor>But I got a class not found error. Searching google on this it seemed my code was somewhere (ie. MyEclipse was somewhere) referring to the previous version of Security. From memory voter was now in org.springframework.security.access, not in org.springframework.security
When I downloaded the previous version of security and linked it in then the problem went away.
Can you confirm this was the right thing to do? Or did I have a problem with my java class path in the first place?
greg
That seems odd. If it were my project, I would try to figure out what was referencing the old version of security and try to replace/rework that with the newer version if possible.
When we added Spring 3.0 support to ME4S, we also changed to use Spring Security 3.0.5, so that is the combination of Spring and Spring Security we tested with. WebFlow is still at version 2 (which appears to be the newest), but the tutorial may be old so maybe it is assuming you have an older version of security?
Your options are to track down the ClassNotFoundException and figure out why it’s assuming an older version of security. Or, you can just test with the older version of security and if it all works, make the decision to go that way.
Unfortunately, I can’t confirm that the older version of security will work within your project.
