I have built a nice Spring WebFlow. Then I added Spring Security into the app, which works fine in itself.
But if the security traps a requirement for the user to log in during the flow, then the details from the flow are lost. I want the user to be in the flow, to log in (either because they click login or Security traps a need to them to be authorised) and then continue with the flow after they have logged in. I also need the log in page to have access to the variables from the flow.
Can someone from the ranch community advise - what is a strategy?
Here is what I have tried
- putting the flows variables into applicationScope (but dont see these variables inside the login
jsp.)
- putting login onto a webflow transition (on the hope that the login form would then be perceived to be within the flow). but the "login" event does not trigger so they are not taken to the login page. The flows xml file looks like this
<view-state id="home">
<on-entry> ....</on-entry>
<transition on="login" to="home">
<secured attributes="ROLE_USER"/>
<evaluate expression="..."/>
</transition>
</view-state>
and anyway, this does not solve the Use Case where Security is triggered to ask for the login.