added duosecurity

cas-management-webapp-support/src/test/resources/cas-management-servlet.xml

@@ -8,7 +8,7 @@
        xmlns:c="http://www.springframework.org/schema/c"
        xmlns:util="http://www.springframework.org/schema/util"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-       http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.3.xsd
+       http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.4.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

cas-management-webapp/src/main/webapp/WEB-INF/cas-management-servlet.xml

@@ -8,7 +8,7 @@
        xmlns:c="http://www.springframework.org/schema/c"
        xmlns:util="http://www.springframework.org/schema/util"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
-       http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.3.xsd
+       http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.4.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/AuthenticationContext.java

@@ -1,7 +1,11 @@
 package org.jasig.cas.authentication;
 
+import org.jasig.cas.authentication.principal.Principal;
 import org.jasig.cas.authentication.principal.Service;
 
+import java.io.Serializable;
+
+
 /**
  * The {@link AuthenticationContext} is an abstraction on top of a given authentication request.
  * An authentication context carries the primary and composite authentication event, collected
@@ -11,18 +15,27 @@
  * @author Misagh Moayyed
  * @since 4.2
  */
-public interface AuthenticationContext {
+public interface AuthenticationContext extends Serializable {
 
     /**
      * Obtains the primary authentication event for this context.
+     *
      * @return the authentication
      */
     Authentication getAuthentication();
 
+    /**
+     * Gets principal.
+     *
+     * @return the principal
+     */
+    Principal getPrincipal();
+
     /**
      * Gets the service for which this authentication context is relevant.
      * The service MAY be null, as an authentication context in CAS
      * can be established without providing a service/destination.
+     *
      * @return the service
      */
     Service getService();

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/exceptions/UnacceptableMfaMethodException.java → cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/UnacceptableAuthenticationMethodException.java

@@ -1,4 +1,4 @@
-package org.jasig.cas.mfa.exceptions;
+package org.jasig.cas.authentication;
 
 /**
  * Multifactor authentication exception that is thrown
@@ -7,7 +7,7 @@
  * @author Misagh Moayyed
  * @since 4.2
  */
-public class UnacceptableMfaMethodException extends RuntimeException {
+public class UnacceptableAuthenticationMethodException extends RuntimeException {
     private static final long serialVersionUID = 7880539766094343828L;
 
     private final String authenticationMethod;
@@ -18,7 +18,7 @@ public class UnacceptableMfaMethodException extends RuntimeException {
      * @param msg the error message describing this exception
      * @param authnMethod the authentication method requested
      */
-    public UnacceptableMfaMethodException(final String msg, final String authnMethod) {
+    public UnacceptableAuthenticationMethodException(final String msg, final String authnMethod) {
         this.authenticationMethod = authnMethod;
     }
 

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/exceptions/UnrecognizedMfaMethodException.java → cas-server-core-api-authentication/src/main/java/org/jasig/cas/authentication/UnrecognizedAuthenticationMethodException.java

@@ -1,4 +1,4 @@
-package org.jasig.cas.mfa.exceptions;
+package org.jasig.cas.authentication;
 
 /**
  * Multifactor authentication exception that is thrown
@@ -8,7 +8,7 @@
  * @author Misagh Moayyed
  * @since 4.2
  */
-public class UnrecognizedMfaMethodException extends RuntimeException {
+public class UnrecognizedAuthenticationMethodException extends RuntimeException {
 
     private static final long serialVersionUID = 7880539766094343828L;
 
@@ -17,10 +17,9 @@ public class UnrecognizedMfaMethodException extends RuntimeException {
 
     /**
      * Initialize the exception object.
-     * @param msg the error message describing this exception
      * @param authnMethod the authentication method requested
      */
-    public UnrecognizedMfaMethodException(final String msg, final String authnMethod) {
+    public UnrecognizedAuthenticationMethodException(final String authnMethod) {
         this.authenticationMethod = authnMethod;
     }
 

cas-server-core-api-services/src/main/java/org/jasig/cas/services/RegisteredService.java

@@ -16,7 +16,9 @@
  */
 public interface RegisteredService extends Cloneable, Serializable {
 
-    /** Initial ID value of newly created (but not persisted) registered service. **/
+    /**
+     * Initial ID value of newly created (but not persisted) registered service.
+     */
     long INITIAL_IDENTIFIER_VALUE = -Long.MAX_VALUE;
 
     /**
@@ -36,6 +38,7 @@ public interface RegisteredService extends Cloneable, Serializable {
     /**
      * The numeric identifier for this service. Implementations
      * are expected to initialize the id with the value of {@link #INITIAL_IDENTIFIER_VALUE}.
+     *
      * @return the numeric identifier for this service.
      */
     long getId();
@@ -65,29 +68,38 @@ public interface RegisteredService extends Cloneable, Serializable {
     /**
      * Gets the relative evaluation order of this service when determining
      * matches.
-     * @return Evaluation order relative to other registered services.
-     * Services with lower values will be evaluated for a match before others.
+     *
+     * @return Evaluation order relative to other registered services. Services with lower values will be evaluated for a match before others.
      */
     int getEvaluationOrder();
 
     /**
      * Sets the relative evaluation order of this service when determining
      * matches.
+     *
      * @param evaluationOrder the service evaluation order
      */
     void setEvaluationOrder(int evaluationOrder);
 
     /**
      * Get the name of the attribute this service prefers to consume as username.
+     *
      * @return an instance of {@link RegisteredServiceUsernameAttributeProvider}
      */
     RegisteredServiceUsernameAttributeProvider getUsernameAttributeProvider();
 
+    /**
+     * Gets authentication policy.
+     *
+     * @return the authentication policy
+     */
+    RegisteredServiceAuthenticationPolicy getAuthenticationPolicy();
+
     /**
      * Gets the set of handler names that must successfully authenticate credentials in order to access the service.
      * An empty set indicates that there are no requirements on particular authentication handlers; any will suffice.
      *
-     * @return Non-null set of required handler names.
+     * @return Non -null set of required handler names.
      */
     Set<String> getRequiredHandlers();
 
@@ -136,6 +148,7 @@ public interface RegisteredService extends Cloneable, Serializable {
      * Gets the logo image associated with this service.
      * The image mostly is served on the user interface
      * to identify this requesting service during authentication.
+     *
      * @return URL of the image
      * @since 4.1
      */
@@ -147,6 +160,7 @@ public interface RegisteredService extends Cloneable, Serializable {
      * This is an optional setting. When undefined, the service
      * url as is defined by {@link #getServiceId()} will be used
      * to handle logout invocations.
+     *
      * @return the logout url for this service
      * @since 4.1
      */
@@ -158,6 +172,7 @@ public interface RegisteredService extends Cloneable, Serializable {
      * encrypting certain elements and attributes in
      * the CAS validation protocol response, such as
      * the PGT.
+     *
      * @return the public key instance used to authorize the request
      * @since 4.1
      */
@@ -167,6 +182,7 @@ public interface RegisteredService extends Cloneable, Serializable {
      * Describes extra metadata about the service; custom fields
      * that could be used by submodules implementing additional
      * behavior on a per-service basis.
+     *
      * @return map of custom metadata.
      * @since 4.2
      */

cas-server-core-api-services/src/main/java/org/jasig/cas/services/RegisteredServiceAuthenticationPolicy.java

@@ -0,0 +1,20 @@
+package org.jasig.cas.services;
+
+import java.io.Serializable;
+
+/**
+ * This is {@link RegisteredServiceAuthenticationPolicy} that describes how a service
+ * should handle authentication requests.
+ *
+ * @author Misagh Moayyed
+ * @since 4.3.0
+ */
+public interface RegisteredServiceAuthenticationPolicy extends Serializable {
+
+    /**
+     * Gets authentication method.
+     *
+     * @return the authentication method
+     */
+    String getAuthenticationMethod();
+}

cas-server-core-services/src/main/java/org/jasig/cas/services/UnauthorizedSsoServiceException.java → cas-server-core-api-services/src/main/java/org/jasig/cas/services/UnauthorizedSsoServiceException.java

@@ -5,11 +5,9 @@
  * allowed to.
  *
  * @author Scott Battaglia
-
  * @since 3.1
  */
-public class UnauthorizedSsoServiceException extends
-    UnauthorizedServiceException {
+public class UnauthorizedSsoServiceException extends UnauthorizedServiceException {
 
     /**
      * Comment for {@code serialVersionUID}.

cas-server-core-authentication/src/main/java/org/jasig/cas/authentication/DefaultAuthenticationContext.java

@@ -1,10 +1,12 @@
 package org.jasig.cas.authentication;
 
 import org.apache.commons.lang3.builder.ToStringBuilder;
+import org.jasig.cas.authentication.principal.Principal;
 import org.jasig.cas.authentication.principal.Service;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+
 /**
  * The {@link DefaultAuthenticationContext} represents a concrete
  * implementation of the authentication context. It acts as a carrier
@@ -18,6 +20,7 @@
 public final class DefaultAuthenticationContext implements AuthenticationContext {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(DefaultAuthenticationContext.class);
+    private static final long serialVersionUID = 8454900425245262824L;
 
     private final Authentication authentication;
 
@@ -48,6 +51,11 @@ public Authentication getAuthentication() {
         return authentication;
     }
 
+    @Override
+    public Principal getPrincipal() {
+        return getAuthentication().getPrincipal();
+    }
+
     @Override
     public Service getService() {
         return this.service;

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/AuthenticationMethod.java

@@ -13,7 +13,7 @@
  * and its relevant properties.
  *
  * @author Misagh Moayyed
- * @since 4.2
+ * @since 4.3
  */
 public final class AuthenticationMethod implements Comparable, Serializable {
     private static final long serialVersionUID = -8960685427442975943L;
@@ -43,7 +43,6 @@ public AuthenticationMethod(final String name, final Integer rank) {
         this.name = name;
     }
 
-
     @Override
     public boolean equals(final Object obj) {
         if (obj == null) {
@@ -61,7 +60,6 @@ public boolean equals(final Object obj) {
                 .isEquals();
     }
 
-
     @Override
     public int hashCode() {
         return new HashCodeBuilder()

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/AuthenticationMethodConfigurationProvider.java

@@ -4,7 +4,7 @@
  * Defines where authentication methods come from, which are
  * supported and how they are loaded into the application context.
  * @author Misagh Moayyed
- * @since 4.2
+ * @since 4.3
  */
 public interface AuthenticationMethodConfigurationProvider {
     /**

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/AuthenticationMethodTranslator.java

@@ -8,7 +8,7 @@
  * have defined arbitrary names for the MFA trigger, or that service providers are unable
  * to change submitted parameter names in the request to trigger MFA.
  * @author Misagh Moayyed
- * @since 4.2
+ * @since 4.3
  */
 public interface AuthenticationMethodTranslator {
     /**

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/DefaultAuthenticationMethodConfigurationProvider.java

@@ -12,7 +12,7 @@
  * Methods are mapped in memory via a static map.
  *
  * @author Misagh Moayyed
- * @since 4.2
+ * @since 4.3
  */
 @Component("defaultAuthenticationMethodProvider")
 public final class DefaultAuthenticationMethodConfigurationProvider implements AuthenticationMethodConfigurationProvider {

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/JsonAuthenticationMethodConfigurationProvider.java

@@ -31,7 +31,7 @@
  * </pre>
  *
  * @author Misagh Moayyed
- * @since 4.2
+ * @since 4.3
  */
 @Component("jsonAuthenticationMethodConfigurationProvider")
 public final class JsonAuthenticationMethodConfigurationProvider implements AuthenticationMethodConfigurationProvider {

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/RegexAuthenticationMethodTranslator.java

@@ -1,7 +1,7 @@
 package org.jasig.cas.mfa.authentication.method;
 
 import org.jasig.cas.authentication.principal.WebApplicationService;
-import org.jasig.cas.mfa.exceptions.UnrecognizedMfaMethodException;
+import org.jasig.cas.authentication.UnrecognizedAuthenticationMethodException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
@@ -15,7 +15,7 @@
  * A translator that will check a list of regex patterns and return an authentication method name.
  *
  * @author John Gasper
- * @since 4.2
+ * @since 4.3
  */
 @Component("regexAuthenticationMethodTranslator")
 public class RegexAuthenticationMethodTranslator implements AuthenticationMethodTranslator {
@@ -68,6 +68,6 @@ public String translate(final WebApplicationService targetService, final String
             return defaultMfaMethod;
         }
 
-        throw new UnrecognizedMfaMethodException(triggerValue, targetService.getId());
+        throw new UnrecognizedAuthenticationMethodException(triggerValue);
     }
 }

cas-server-core-mfa/src/main/java/org/jasig/cas/mfa/authentication/method/StubAuthenticationMethodTranslator.java

@@ -1,7 +1,7 @@
 package org.jasig.cas.mfa.authentication.method;
 
 import org.jasig.cas.authentication.principal.WebApplicationService;
-import org.jasig.cas.mfa.exceptions.UnrecognizedMfaMethodException;
+import org.jasig.cas.authentication.UnrecognizedAuthenticationMethodException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
@@ -16,7 +16,7 @@
  * should be the set of received authentication methods, and the value is a single
  * string to define the new authentication method name.
  * @author Misagh Moayyed
- * @since 4.2
+ * @since 4.3
  */
 @Component("stubAuthenticationMethodTranslator")
 public class StubAuthenticationMethodTranslator implements AuthenticationMethodTranslator {
@@ -59,6 +59,6 @@ public String translate(final WebApplicationService targetService, final String
         if (this.ignoreIfNoMatchIsFound) {
             return receivedAuthenticationMethod;
         }
-        throw new UnrecognizedMfaMethodException(receivedAuthenticationMethod, targetService.getId());
+        throw new UnrecognizedAuthenticationMethodException(receivedAuthenticationMethod);
     }
 }