I've been playing around more with FlowExecutionListeners lately, but the problem I keep running into is the lack of the ability to make execution decisions within the listener methods.

For example, I'm trying to use the transitionExecuting() method to implement a request token check for CSRF protection. However, I can't seem to find a way to cancel the transition should the token fail.

I'll keep tinkering, but I'd like to see if anyone else has found ways to manipulate flow execution from a listener.