working on authentication context strategy

cas-server-core-authentication/src/main/java/org/jasig/cas/authentication/DefaultAuthenticationSupervisor.java

@@ -69,4 +69,12 @@ private static Set<Credential> sanitizeCredentials(final Credential[] credential
         }
         return Collections.emptySet();
     }
+
+    public void setAuthenticationManager(final AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    public void setAuthenticationContextBuilder(final AuthenticationContextBuilder authenticationContextBuilder) {
+        this.authenticationContextBuilder = authenticationContextBuilder;
+    }
 }

cas-server-core-web/src/main/java/org/jasig/cas/web/flow/AbstractNonInteractiveCredentialsAction.java

@@ -123,6 +123,10 @@ public final void setCentralAuthenticationService(
         this.centralAuthenticationService = centralAuthenticationService;
     }
 
+    public void setAuthenticationSupervisor(final AuthenticationSupervisor authenticationSupervisor) {
+        this.authenticationSupervisor = authenticationSupervisor;
+    }
+
     /**
      * Sets principal factory to create principal objects.
      *

cas-server-core/src/test/java/org/jasig/cas/CentralAuthenticationServiceImplWithMockitoTests.java

@@ -191,7 +191,8 @@ public void verifyNonExistentServiceWhenDelegatingTicketGrantingTicket() throws
 
     @Test(expected=UnauthorizedServiceException.class)
     public void verifyInvalidServiceWhenDelegatingTicketGrantingTicket() throws Exception {
-        final AuthenticationContext ctx = getAuthenticationContext(org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword());
+        this.authenticationSupervisor.authenticate(TestUtils.getCredentialsWithSameUsernameAndPassword());
+        final AuthenticationContext ctx = this.authenticationSupervisor.build();
         this.cas.createProxyGrantingTicket(ST_ID, ctx);
     }
 
@@ -218,9 +219,9 @@ public void getTicketsWithNoPredicate() {
     }
 
     @Test
-    public void verifyChainedAuthenticationsOnValidation() throws AbstractTicketException {
+    public void verifyChainedAuthenticationsOnValidation() throws Exception {
         final Service svc = org.jasig.cas.services.TestUtils.getService(SVC2_ID);
-        final ServiceTicket st = this.cas.grantServiceTicket(TGT2_ID, svc);
+        final ServiceTicket st = this.cas.grantServiceTicket(TGT2_ID, svc, this.authenticationSupervisor.build());
         assertNotNull(st);
 
         final Assertion assertion = this.cas.validateServiceTicket(st.getId(), svc);
@@ -242,7 +243,7 @@ private TicketGrantingTicket createRootTicketGrantingTicket() {
         return tgtRootMock;
     }
 
-    private static TicketGrantingTicket createMockTicketGrantingTicket(final String id,
+    private TicketGrantingTicket createMockTicketGrantingTicket(final String id,
             final ServiceTicket svcTicket, final boolean isExpired, 
             final TicketGrantingTicket root, final List<Authentication> chainedAuthnList) {
         final TicketGrantingTicket tgtMock = mock(TicketGrantingTicket.class);
@@ -254,6 +255,7 @@ private static TicketGrantingTicket createMockTicketGrantingTicket(final String
                 any(ExpirationPolicy.class), anyBoolean(), anyBoolean())).thenReturn(svcTicket);
         when(tgtMock.getRoot()).thenReturn(root);
         when(tgtMock.getChainedAuthentications()).thenReturn(chainedAuthnList);
+        when(tgtMock.getAuthentication()).thenReturn(this.authentication);
         when(svcTicket.getGrantingTicket()).thenReturn(tgtMock);   
 
         return tgtMock;

cas-server-support-openid/src/test/java/org/jasig/cas/support/openid/AbstractOpenIdTests.java

@@ -1,6 +1,7 @@
 package org.jasig.cas.support.openid;
 
 import org.jasig.cas.CentralAuthenticationService;
+import org.jasig.cas.authentication.AuthenticationSupervisor;
 import org.jasig.cas.support.openid.authentication.principal.OpenIdServiceFactory;
 import org.junit.runner.RunWith;
 import org.openid4java.server.ServerAssociationStore;
@@ -30,6 +31,10 @@ public class AbstractOpenIdTests {
     @Qualifier("centralAuthenticationService")
     protected CentralAuthenticationService centralAuthenticationService;
 
+    @Autowired
+    @Qualifier("authenticationSupervisor")
+    protected AuthenticationSupervisor authenticationSupervisor;
+
     @Autowired
     @Qualifier("serverAssociations")
     protected ServerAssociationStore sharedAssociations;

cas-server-support-openid/src/test/java/org/jasig/cas/support/openid/authentication/principal/OpenIdServiceTests.java

@@ -1,5 +1,6 @@
 package org.jasig.cas.support.openid.authentication.principal;
 
+import org.jasig.cas.authentication.AuthenticationContext;
 import org.jasig.cas.authentication.principal.Response;
 import org.jasig.cas.support.openid.AbstractOpenIdTests;
 import org.jasig.cas.support.openid.OpenIdProtocolConstants;
@@ -38,10 +39,13 @@ public void verifyGetResponse() {
             request.addParameter(OpenIdProtocolConstants.OPENID_ASSOCHANDLE, association.getHandle());
 
             openIdService = openIdServiceFactory.createService(request);
+            this.authenticationSupervisor.authenticate(
+                    org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword());
 
-            final String tgt = centralAuthenticationService.createTicketGrantingTicket(
-                    org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword()).getId();
-            final String st = centralAuthenticationService.grantServiceTicket(tgt, openIdService).getId();
+            final AuthenticationContext ctx = this.authenticationSupervisor.build();
+
+            final String tgt = centralAuthenticationService.createTicketGrantingTicket(ctx).getId();
+            final String st = centralAuthenticationService.grantServiceTicket(tgt, openIdService, ctx).getId();
             centralAuthenticationService.validateServiceTicket(st, openIdService);
 
             final Response response = this.openIdService.getResponse(st);
@@ -68,10 +72,12 @@ public void verifyExpiredAssociationGetResponse() {
             request.addParameter(OpenIdProtocolConstants.OPENID_ASSOCHANDLE, association.getHandle());
 
             openIdService = openIdServiceFactory.createService(request);
+            this.authenticationSupervisor.authenticate(
+                    org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword());
 
-            final String tgt = centralAuthenticationService.createTicketGrantingTicket(
-                    org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword()).getId();
-            final String st = centralAuthenticationService.grantServiceTicket(tgt, openIdService).getId();
+            final AuthenticationContext ctx = this.authenticationSupervisor.build();
+            final String tgt = centralAuthenticationService.createTicketGrantingTicket(ctx).getId();
+            final String st = centralAuthenticationService.grantServiceTicket(tgt, openIdService, ctx).getId();
             centralAuthenticationService.validateServiceTicket(st, openIdService);
 
             synchronized (this) {

cas-server-support-trusted/src/test/java/org/jasig/cas/adaptors/trusted/web/flow/PrincipalFromRequestUserPrincipalNonInteractiveCredentialsActionTests.java

@@ -6,6 +6,7 @@
 import org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingPrincipalResolver;
 import org.jasig.cas.authentication.AuthenticationHandler;
 import org.jasig.cas.authentication.AuthenticationManager;
+import org.jasig.cas.authentication.DefaultAuthenticationSupervisor;
 import org.jasig.cas.authentication.PolicyBasedAuthenticationManager;
 import org.jasig.cas.authentication.principal.DefaultPrincipalFactory;
 import org.jasig.cas.authentication.principal.PrincipalResolver;
@@ -43,8 +44,11 @@ public void setUp() throws Exception {
 
         final AbstractCentralAuthenticationService centralAuthenticationService = (AbstractCentralAuthenticationService)
                 getCentralAuthenticationService();
-        centralAuthenticationService.setAuthenticationManager(authenticationManager);
         this.action.setCentralAuthenticationService(centralAuthenticationService);
+
+        final DefaultAuthenticationSupervisor supervisor = (DefaultAuthenticationSupervisor) getAuthenticationSupervisor();
+        supervisor.setAuthenticationManager(authenticationManager);
+        this.action.setAuthenticationSupervisor(supervisor);
     }
 
     @Test

cas-server-support-x509/src/test/java/org/jasig/cas/adaptors/x509/web/flow/X509CertificateCredentialsNonInteractiveActionTests.java

@@ -6,6 +6,7 @@
 import org.jasig.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver;
 import org.jasig.cas.authentication.AuthenticationHandler;
 import org.jasig.cas.authentication.AuthenticationManager;
+import org.jasig.cas.authentication.DefaultAuthenticationSupervisor;
 import org.jasig.cas.authentication.PolicyBasedAuthenticationManager;
 import org.jasig.cas.authentication.principal.PrincipalResolver;
 import org.junit.Before;
@@ -42,8 +43,12 @@ public void setUp() throws Exception {
 
         final AbstractCentralAuthenticationService centralAuthenticationService = (AbstractCentralAuthenticationService)
                 getCentralAuthenticationService();
-        centralAuthenticationService.setAuthenticationManager(authenticationManager);
+
         this.action.setCentralAuthenticationService(centralAuthenticationService);
+        final DefaultAuthenticationSupervisor supervisor = (DefaultAuthenticationSupervisor) getAuthenticationSupervisor();
+        supervisor.setAuthenticationManager(authenticationManager);
+        this.action.setAuthenticationSupervisor(supervisor);
+
     }
 
     @Test

cas-server-webapp-actions/src/main/java/org/jasig/cas/web/flow/AuthenticationViaFormAction.java

@@ -300,4 +300,16 @@ private static void addWarningToContext(final MessageContext context, final Mess
                 .args(warning.getParams());
         context.addMessage(builder.build());
     }
+
+    public void setCentralAuthenticationService(final CentralAuthenticationService centralAuthenticationService) {
+        this.centralAuthenticationService = centralAuthenticationService;
+    }
+
+    public void setWarnCookieGenerator(final CookieGenerator warnCookieGenerator) {
+        this.warnCookieGenerator = warnCookieGenerator;
+    }
+
+    public void setAuthenticationSupervisor(final AuthenticationSupervisor authenticationSupervisor) {
+        this.authenticationSupervisor = authenticationSupervisor;
+    }
 }

cas-server-webapp-actions/src/main/java/org/jasig/cas/web/flow/GenerateServiceTicketAction.java

@@ -71,6 +71,14 @@ protected Event doExecute(final RequestContext context) {
         return error();
     }
 
+    public void setCentralAuthenticationService(final CentralAuthenticationService centralAuthenticationService) {
+        this.centralAuthenticationService = centralAuthenticationService;
+    }
+
+    public void setAuthenticationSupervisor(final AuthenticationSupervisor authenticationSupervisor) {
+        this.authenticationSupervisor = authenticationSupervisor;
+    }
+
     /**
      * Checks if {@code gateway} is present in the request params.
      *

cas-server-webapp-actions/src/test/java/org/jasig/cas/web/flow/GenerateServiceTicketActionTests.java

@@ -1,6 +1,7 @@
 package org.jasig.cas.web.flow;
 
 import org.jasig.cas.AbstractCentralAuthenticationServiceTests;
+import org.jasig.cas.authentication.AuthenticationContext;
 import org.jasig.cas.ticket.TicketGrantingTicket;
 import org.jasig.cas.web.support.WebUtils;
 import org.junit.Before;
@@ -32,8 +33,11 @@ public void onSetUp() throws Exception {
         this.action.setCentralAuthenticationService(getCentralAuthenticationService());
         this.action.afterPropertiesSet();
 
-        this.ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(
+        getAuthenticationSupervisor().authenticate(
                 org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword());
+
+        final AuthenticationContext ctx = getAuthenticationSupervisor().build();
+        this.ticketGrantingTicket = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
     }
 
     @Test

cas-server-webapp-actions/src/test/java/org/jasig/cas/web/flow/TicketGrantingTicketCheckActionTests.java

@@ -1,6 +1,7 @@
 package org.jasig.cas.web.flow;
 
 import org.jasig.cas.AbstractCentralAuthenticationServiceTests;
+import org.jasig.cas.authentication.AuthenticationContext;
 import org.jasig.cas.mock.MockTicketGrantingTicket;
 import org.jasig.cas.ticket.TicketGrantingTicket;
 import org.jasig.cas.web.support.WebUtils;
@@ -45,9 +46,14 @@ public void verifyInvalidTicket() throws Exception {
     public void verifyValidTicket() throws Exception {
 
         final MockRequestContext ctx = new MockRequestContext();
+
+        getAuthenticationSupervisor().authenticate(
+                org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword());
+
+        final AuthenticationContext ctxAuthN = getAuthenticationSupervisor().build();
+
         final TicketGrantingTicket tgt = this.getCentralAuthenticationService()
-                .createTicketGrantingTicket(
-                        org.jasig.cas.authentication.TestUtils.getCredentialsWithSameUsernameAndPassword());
+                .createTicketGrantingTicket(ctxAuthN);
 
         WebUtils.putTicketGrantingTicketInScopes(ctx, tgt);
         final TicketGrantingTicketCheckAction action = new