<?xml version="1.0" encoding="UTF-8"?>
|
<flow xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
xmlns="http://www.springframework.org/schema/webflow"
|
xsi:schemaLocation="http://www.springframework.org/schema/webflow
|
http://www.springframework.org/schema/webflow/spring-webflow.xsd">
|
<on-start>
|
<evaluate expression="initialFlowSetupAction"/>
|
</on-start>
|
|
|
<action-state id="initialAuthenticationRequestValidationCheck">
|
<evaluate expression="initialAuthenticationRequestValidationAction"/>
|
<transition on="authenticationFailure" to="handleAuthenticationFailure"/>
|
<transition on="error" to="initializeLoginForm"/>
|
<transition on="success" to="ticketGrantingTicketCheck"/>
|
</action-state>
|
|
<action-state id="ticketGrantingTicketCheck">
|
<evaluate expression="ticketGrantingTicketCheckAction"/>
|
<transition on="notExists" to="gatewayRequestCheck"/>
|
<transition on="invalid" to="terminateSession"/>
|
<transition on="valid" to="hasServiceCheck"/>
|
</action-state>
|
|
<!-- <action-state id="initializeLoginForm">
|
<evaluate expression="initializeLoginAction" />
|
<transition on="success" to="viewLoginForm"/>
|
<transition on="directsubmit" to="realSubmit"/>
|
</action-state>
|
-->
|
<action-state id="initializeLoginForm">
|
<evaluate expression="LoginAction" />
|
<transition on="success" to="viewLoginForm"/>
|
<transition on="directsubmit" to="validateoalogin"/>
|
</action-state>
|
<!-- oa登录-->
|
<action-state id="validateoalogin">
|
<evaluate expression="loginAction2" />
|
<transition on="success" to="sendTicketGrantingTicket"/>
|
</action-state>
|
|
<!-- cas登陆界面 -->
|
<view-state id="viewLoginForm" view="casLoginView" model="credential">
|
<binder>
|
<binding property="username" required="true"/>
|
<binding property="password" required="true"/>
|
<!-- <binding property="vcode" required="true"/> -->
|
</binder>
|
<!--
|
<on-entry>
|
<evaluate expression="samlMetadataUIParserAction" />
|
</on-entry>
|
-->
|
<transition on="submit" bind="true" validate="true" to="realSubmit"/>
|
</view-state>
|
|
<action-state id="initializeUpdatePassForm">
|
<evaluate expression="UpdatePassAction" />
|
<transition on="success" to="updatePassForm"/>
|
|
</action-state>
|
|
|
|
<!-- 第一次登录成功后修改密码界面 -->
|
<view-state id="updatePassForm" view="casMustChangePassView" model="checkpass">
|
|
<binder>
|
<binding property="password" required="true"/>
|
<binding property="confirmedPassword" required="true"/>
|
|
<!-- <binding property="vcode" required="true"/> -->
|
</binder>
|
|
<on-entry>
|
<set name="flowScope.checkpass" value="new org.apereo.cas.web.landtool.Checkpass()" />
|
</on-entry>
|
|
<transition on="submit" bind="true" validate="true" to="checkAndUpdatePass"/>
|
</view-state>
|
|
<!-- <action-state id="updatePass">
|
<evaluate expression="UpdatePassAction"/>
|
<transition on="warn" to="warn"/>
|
<transition on="updatePassAction" to="updatePassForm"/>
|
|
To enable AUP workflows, replace the 'success' transition with the following:
|
<transition on="success" to="acceptableUsagePolicyCheck" />
|
|
<transition on="success" to="sendTicketGrantingTicket"/>
|
<transition on="successWithWarnings" to="showMessages"/>
|
<transition on="authenticationFailure" to="handleAuthenticationFailure"/>
|
<transition on="error" to="initializeLoginForm"/>
|
</action-state> -->
|
|
|
<action-state id="checkAndUpdatePass">
|
<evaluate expression="CheckAndUpdateAction"/>
|
<transition on="warn" to="warn"/>
|
<!--
|
To enable AUP workflows, replace the 'success' transition with the following:
|
<transition on="success" to="acceptableUsagePolicyCheck" />
|
-->
|
<transition on="success" to="sendTicketGrantingTicket"/>
|
<transition on="successWithWarnings" to="showMessages"/>
|
<transition on="authenticationFailure" to="handleAuthenticationFailure"/>
|
<transition on="error" to="initializeLoginForm"/>
|
<transition on="formaterror" to="updatePassForm"/>
|
|
</action-state>
|
|
|
<!-- 验证码 add by Tanbin -->
|
<!-- <action-state id="loginVerifyCodeValidationCheck">
|
<evaluate expression="loginVerifyCodeValidationCheckAction" />
|
<transition on="error" to="initializeLoginForm" />
|
<transition on="success" to="userAlreadyLoginedCheck" />
|
</action-state> -->
|
<!-- 同一账号登录限制检查 add by Tanbin -->
|
<!-- <action-state id="userAlreadyLoginedCheck">
|
<evaluate expression="userAlreadyLoginedCheckAction" />
|
<transition on="error" to="initializeLoginForm" />
|
<transition on="success" to="realSubmit" />
|
</action-state> -->
|
|
<action-state id="realSubmit">
|
<evaluate expression="authenticationViaFormAction"/>
|
<transition on="warn" to="warn"/>
|
<!--
|
To enable AUP workflows, replace the 'success' transition with the following:
|
<transition on="success" to="acceptableUsagePolicyCheck" />
|
-->
|
<transition on="success" to="sendTicketGrantingTicket"/>
|
<transition on="successWithWarnings" to="showMessages"/>
|
<transition on="authenticationFailure" to="handleAuthenticationFailure"/>
|
<transition on="error" to="initializeLoginForm"/>
|
</action-state>
|
|
<view-state id="showMessages" view="casLoginMessageView">
|
<on-entry>
|
<evaluate expression="sendTicketGrantingTicketAction"/>
|
<set name="requestScope.messages" value="messageContext.allMessages"/>
|
</on-entry>
|
<transition on="proceed" to="serviceCheck"/>
|
</view-state>
|
|
<action-state id="handleAuthenticationFailure">
|
<evaluate expression="authenticationExceptionHandler.handle(currentEvent.attributes.error, messageContext)"/>
|
<transition on="AccountDisabledException" to="casAccountDisabledView"/>
|
<transition on="AccountLockedException" to="casAccountLockedView"/>
|
<!-- <transition on="AccountPasswordMustChangeException" to="casMustChangePassView"/> -->
|
<transition on="AccountPasswordMustChangeException" to="updatePassForm"/>
|
<transition on="CredentialExpiredException" to="casExpiredPassView"/>
|
<transition on="InvalidLoginLocationException" to="casBadWorkstationView"/>
|
<transition on="InvalidLoginTimeException" to="casBadHoursView"/>
|
<transition on="FailedLoginException" to="initializeLoginForm"/>
|
<transition on="AccountNotFoundException" to="initializeLoginForm"/>
|
<transition on="UnauthorizedServiceForPrincipalException" to="initializeLoginForm" />
|
<transition on="UnsatisfiedAuthenticationPolicyException" to="initializeLoginForm"/>
|
<transition on="UnauthorizedAuthenticationException" to="casAuthenticationBlockedView"/>
|
<transition to="initializeLoginForm"/>
|
</action-state>
|
|
<action-state id="sendTicketGrantingTicket">
|
<evaluate expression="sendTicketGrantingTicketAction"/>
|
<transition to="serviceCheck"/>
|
</action-state>
|
|
<action-state id="generateServiceTicket">
|
<evaluate expression="generateServiceTicketAction"/>
|
<transition on="success" to="redirect"/>
|
<transition on="warn" to="warn"/>
|
<transition on="authenticationFailure" to="handleAuthenticationFailure"/>
|
<transition on="error" to="initializeLoginForm"/>
|
<transition on="gateway" to="gatewayServicesManagementCheck"/>
|
</action-state>
|
|
<action-state id="redirect">
|
<evaluate expression="flowScope.service.getResponse(requestScope.serviceTicketId)"
|
result-type="org.apereo.cas.authentication.principal.Response" result="requestScope.response"/>
|
<transition to="postRedirectDecision"/>
|
</action-state>
|
|
|
<end-state id="postView" view="protocol/casPostResponseView">
|
<on-entry>
|
<set name="requestScope.parameters" value="requestScope.response.attributes"/>
|
<set name="requestScope.originalUrl" value="flowScope.service.id"/>
|
</on-entry>
|
</end-state>
|
</flow>
|
