working on authentication context strategy

cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/AuthenticationBuilder.java

@@ -4,6 +4,7 @@
 import org.joda.time.DateTime;
 
 import java.io.Serializable;
+import java.util.List;
 import java.util.Map;
 
 /**
@@ -21,6 +22,15 @@ public interface AuthenticationBuilder extends Serializable {
      */
     Principal getPrincipal();
 
+    /**
+     * Add credentials authentication builder.
+     *
+     * @param credentials the credentials
+     * @return the authentication builder
+     * @since 4.2.0
+     */
+    AuthenticationBuilder addCredentials(List<CredentialMetaData> credentials);
+
     /**
      * Sets the principal returns this instance.
      *
@@ -58,9 +68,19 @@ public interface AuthenticationBuilder extends Serializable {
      *
      * @param successes the successes
      * @return the authentication builder
+     * @since 4.2.0
      */
     AuthenticationBuilder setSuccesses(Map<String, HandlerResult> successes);
 
+    /**
+     * Adds successes authentication builder.
+     *
+     * @param successes the successes
+     * @return the authentication builder
+     * @since 4.2.0
+     */
+    AuthenticationBuilder addSuccesses(Map<String, HandlerResult> successes);
+
     /**
      * Sets failures.
      *
@@ -69,6 +89,15 @@ public interface AuthenticationBuilder extends Serializable {
      */
     AuthenticationBuilder setFailures(Map<String, Class<? extends Exception>> failures);
 
+    /**
+     * Adds failures.
+     *
+     * @param failures the failures
+     * @return the failures
+     * @since 4.2.0
+     */
+    AuthenticationBuilder addFailures(Map<String, Class<? extends Exception>> failures);
+
     /**
      * Adds an authentication success to the map of handler names to successful authentication handler results.
      *

cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/AuthenticationContext.java

@@ -1,17 +1,18 @@
 package org.jasig.cas.authentication;
 
-import org.jasig.cas.authentication.principal.Principal;
-
 /**
  * The {@link AuthenticationContext} is an abstraction on top of a given authentication request.
+ * An authentication context carries the primary and composite authentication event, collected
+ * from all authentication attempts. The principal and attributes associated with this authentication
+ * are collected out of all events.
  *
  * @author Misagh Moayyed
  * @since 4.2
  */
 public interface AuthenticationContext {
 
     /**
-     * Obtains the primary authentication event for this context
+     * Obtains the primary authentication event for this context.
      * @return the authentication
      */
     Authentication getAuthentication();

cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/AuthenticationContextBuilder.java

@@ -1,14 +1,16 @@
 package org.jasig.cas.authentication;
 
 /**
- * This is {@link AuthenticationContextBuilder}.
+ * This is {@link AuthenticationContextBuilder}. Builds an authentication context,
+ * and collects authentication events to form a line of history from which the primary
+ * composed context can be gleaned.
  *
  * @author Misagh Moayyed
  * @since 4.2.0
  */
 public interface AuthenticationContextBuilder {
     /**
-     * Total number of active authentications in this context
+     * Total number of active authentications in this context.
      *
      * @return total count of authentications
      */
@@ -27,8 +29,9 @@ public interface AuthenticationContextBuilder {
      *
      * @param authentication the new authentication event
      * @return the boolean
+     * @throws AuthenticationException the authentication exception
      */
-    boolean collect(Authentication authentication);
+    boolean collect(Authentication authentication) throws AuthenticationException;
 
     /**
      * Build authentication context.

cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/PrincipalElectionStrategy.java

@@ -0,0 +1,25 @@
+package org.jasig.cas.authentication;
+
+import org.jasig.cas.authentication.principal.Principal;
+
+import java.util.Collection;
+import java.util.Map;
+
+/**
+ * This is {@link PrincipalElectionStrategy} that attempts to nominate a given principal
+ * as the primary principal object amongst many authentication events.
+ *
+ * @author Misagh Moayyed
+ * @since 4.2.0
+ */
+public interface PrincipalElectionStrategy {
+
+    /**
+     * Elect the principal.
+     *
+     * @param authentications     the authentications
+     * @param principalAttributes the principal attributes
+     * @return the principal
+     */
+    Principal nominate(Collection<Authentication> authentications, Map<String, Object> principalAttributes);
+}

cas-server-core-api/src/main/java/org/jasig/cas/CentralAuthenticationService.java

@@ -3,16 +3,15 @@
 import com.google.common.base.Predicate;
 import org.jasig.cas.authentication.AuthenticationContext;
 import org.jasig.cas.authentication.AuthenticationException;
-import org.jasig.cas.authentication.Credential;
 import org.jasig.cas.authentication.principal.Service;
 import org.jasig.cas.logout.LogoutRequest;
 import org.jasig.cas.ticket.AbstractTicketException;
 import org.jasig.cas.ticket.InvalidTicketException;
-import org.jasig.cas.ticket.proxy.ProxyGrantingTicket;
-import org.jasig.cas.ticket.proxy.ProxyTicket;
 import org.jasig.cas.ticket.ServiceTicket;
 import org.jasig.cas.ticket.Ticket;
 import org.jasig.cas.ticket.TicketGrantingTicket;
+import org.jasig.cas.ticket.proxy.ProxyGrantingTicket;
+import org.jasig.cas.ticket.proxy.ProxyTicket;
 import org.jasig.cas.validation.Assertion;
 
 import javax.validation.constraints.NotNull;
@@ -105,7 +104,7 @@ <T extends Ticket> T getTicket(@NotNull String ticketId, @NotNull Class<? extend
      * @throws AbstractTicketException if the ticket could not be created.
      */
     ServiceTicket grantServiceTicket(
-        @NotNull String ticketGrantingTicketId, @NotNull Service service, @NotNull AuthenticationContext context)
+        @NotNull String ticketGrantingTicketId, @NotNull Service service, AuthenticationContext context)
             throws AuthenticationException, AbstractTicketException;
 
     /**

cas-server-core-audit/src/test/java/org/jasig/cas/audit/spi/TicketOrCredentialPrincipalResolverTests.java

@@ -2,6 +2,7 @@
 
 import org.aspectj.lang.JoinPoint;
 import org.jasig.cas.AbstractCentralAuthenticationServiceTests;
+import org.jasig.cas.authentication.AuthenticationContext;
 import org.jasig.cas.authentication.Credential;
 import org.jasig.cas.authentication.TestUtils;
 import org.jasig.cas.ticket.ServiceTicket;
@@ -47,10 +48,14 @@ public void verifyResolverCredential() {
     @Test
     public void verifyResolverServiceTicket() throws Exception {
         final Credential c = TestUtils.getCredentialsWithSameUsernameAndPassword();
+
+        getAuthenticationSupervisor().authenticate(c);
+        final AuthenticationContext ctx = this.getAuthenticationSupervisor().build();
+
         final TicketGrantingTicket ticketId = getCentralAuthenticationService()
-                .createTicketGrantingTicket(c);
+                .createTicketGrantingTicket(ctx);
         final ServiceTicket st = getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
-                TestUtils.getService());
+                TestUtils.getService(), ctx);
 
         final TicketOrCredentialPrincipalResolver res =
                 new TicketOrCredentialPrincipalResolver(getCentralAuthenticationService());
@@ -66,8 +71,13 @@ public void verifyResolverServiceTicket() throws Exception {
     @Test
     public void verifyResolverTicketGrantingTicket() throws Exception {
         final Credential c = TestUtils.getCredentialsWithSameUsernameAndPassword();
+        getAuthenticationSupervisor().authenticate(c);
+        final AuthenticationContext ctx = this.getAuthenticationSupervisor().build();
+
         final TicketGrantingTicket ticketId = getCentralAuthenticationService()
-                .createTicketGrantingTicket(c);
+                .createTicketGrantingTicket(ctx);
+        final ServiceTicket st = getCentralAuthenticationService().grantServiceTicket(ticketId.getId(),
+                TestUtils.getService(), ctx);
 
         final TicketOrCredentialPrincipalResolver res =
                 new TicketOrCredentialPrincipalResolver(getCentralAuthenticationService());

cas-server-core-authentication/src/main/java/org/jasig/cas/authentication/DefaultAuthenticationBuilder.java

@@ -85,6 +85,12 @@ public Principal getPrincipal() {
         return this.principal;
     }
 
+    @Override
+    public AuthenticationBuilder addCredentials(final List<CredentialMetaData> credentials) {
+        this.credentials.addAll(credentials);
+        return this;
+    }
+
     /**
      * Sets the principal returns this instance.
      *
@@ -195,8 +201,13 @@ public Map<String, HandlerResult> getSuccesses() {
     public AuthenticationBuilder setSuccesses(final Map<String, HandlerResult> successes) {
         Assert.notNull(successes, "Successes cannot be null");
         this.successes.clear();
+        return addSuccesses(successes);
+    }
+
+    @Override
+    public AuthenticationBuilder addSuccesses(final Map<String, HandlerResult> successes) {
         for (final Map.Entry<String, HandlerResult> entry : successes.entrySet()) {
-            this.successes.put(entry.getKey(), entry.getValue());
+            addSuccess(entry.getKey(), entry.getValue());
         }
         return this;
     }
@@ -236,8 +247,13 @@ public Map<String, Class<? extends Exception>> getFailures() {
     public AuthenticationBuilder setFailures(final Map<String, Class<? extends Exception>> failures) {
         Assert.notNull(failures, "Failures cannot be null");
         this.failures.clear();
+        return addFailures(failures);
+    }
+
+    @Override
+    public AuthenticationBuilder addFailures(final Map<String, Class<? extends Exception>> failures) {
         for (final Map.Entry<String, Class<? extends Exception>> entry : failures.entrySet()) {
-            this.failures.put(entry.getKey(), entry.getValue());
+            addFailure(entry.getKey(), entry.getValue());
         }
         return this;
     }