added trusted authn web flow

cas-server-documentation/installation/Trusted-Authentication.md

@@ -24,22 +24,10 @@ Update `deployerConfigContext.xml` according to the following template:
 
 {% highlight xml %}
 ...
-<entry key-ref="trustedHandler" value-ref="trustedPrincipalResolver" />
+<entry key-ref="principalBearingCredentialsAuthenticationHandler"
+       value-ref="trustedPrincipalResolver" />
 <util:list id="authenticationMetadataPopulators">
   <ref bean="successfulHandlerMetaDataPopulator" />
 </util:list>
 ...
 {% endhighlight %}
-
-## Configure Webflow Components
-Add an additional state to `login-webflow.xml`:
-
-{% highlight xml %}
-<action-state id="remoteAuthenticate">
-  <evaluate expression="principalFromRemoteAction" />
-  <transition on="success" to="sendTicketGrantingTicket" />
-  <transition on="error" to="viewLoginForm" />
-</action-state>
-{% endhighlight %}
-
-Replace references to `viewLoginForm` in existing states with `remoteAuthenticate`.

cas-server-support-trusted-webflow/build.gradle

@@ -0,0 +1,6 @@
+
+description = 'Apereo CAS WS-Federation Webflow Support'
+dependencies {
+    compile project(':cas-server-core-webflow')
+    compile project(':cas-server-support-trusted')
+}

cas-server-support-trusted-webflow/src/main/java/org/jasig/cas/web/flow/TrustedAuthenticationWebflowConfigurer.java

@@ -0,0 +1,30 @@
+package org.jasig.cas.web.flow;
+
+import org.springframework.stereotype.Component;
+import org.springframework.webflow.engine.ActionState;
+import org.springframework.webflow.engine.Flow;
+import org.springframework.webflow.engine.TargetStateResolver;
+import org.springframework.webflow.engine.Transition;
+import org.springframework.webflow.engine.TransitionableState;
+
+import java.util.Iterator;
+
+/**
+ * The {@link TrustedAuthenticationWebflowConfigurer} is responsible for
+ * adjusting the CAS webflow context for trusted authn integration.
+ *
+ * @author Misagh Moayyed
+ * @since 4.2
+ */
+@Component("trustedWebflowConfigurer")
+public class TrustedAuthenticationWebflowConfigurer extends AbstractCasWebflowConfigurer {
+
+    @Override
+    protected void doInitialize() throws Exception {
+        final Flow flow = getLoginFlow();
+        final ActionState actionState = createActionState(flow, "remoteAuthenticate", createEvaluateAction("principalFromRemoteUserAction"));
+        actionState.getTransitionSet().add(createTransition(TRANSITION_ID_SUCCESS, TRANSITION_ID_SEND_TICKET_GRANTING_TICKET));
+        actionState.getTransitionSet().add(createTransition(TRANSITION_ID_ERROR, getStartState(flow).getId()));
+        setStartState(flow, actionState);
+    }
+}

cas-server-support-trusted/src/main/java/org/jasig/cas/adaptors/trusted/authentication/principal/PrincipalBearingPrincipalResolver.java

@@ -2,6 +2,7 @@
 
 import org.jasig.cas.authentication.principal.PersonDirectoryPrincipalResolver;
 import org.jasig.cas.authentication.Credential;
+import org.springframework.stereotype.Component;
 
 /**
  * Extracts the Principal out of PrincipalBearingCredential. It is very simple
@@ -11,6 +12,7 @@
  * @author Andrew Petro
  * @since 3.0.0.5
  */
+@Component("trustedPrincipalResolver")
 public final class PrincipalBearingPrincipalResolver extends PersonDirectoryPrincipalResolver {
 
     @Override

cas-server-support-trusted/src/main/java/org/jasig/cas/adaptors/trusted/web/flow/PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction.java

@@ -6,6 +6,7 @@
 import org.jasig.cas.web.support.WebUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import org.springframework.webflow.execution.RequestContext;
 
@@ -21,6 +22,7 @@
  * @author Scott Battaglia
  * @since 3.0.0.5
  */
+@Component("principalFromRemoteUserAction")
 public final class PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction
             extends AbstractNonInteractiveCredentialsAction {
 

cas-server-support-trusted/src/main/java/org/jasig/cas/adaptors/trusted/web/flow/PrincipalFromRequestUserPrincipalNonInteractiveCredentialsAction.java

@@ -6,6 +6,7 @@
 import org.jasig.cas.web.support.WebUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
 import org.springframework.webflow.execution.RequestContext;
 
 import javax.servlet.http.HttpServletRequest;
@@ -19,8 +20,9 @@
  * it could not find any credentials.
  *
  * @author Scott Battaglia
- * @since 3.0.0.5
+ * @since 3.0.5
  */
+@Component("principalFromRemoteUserPrincipalAction")
 public final class PrincipalFromRequestUserPrincipalNonInteractiveCredentialsAction
             extends AbstractNonInteractiveCredentialsAction {
 

cas-server-support-trusted/src/main/resources/META-INF/spring/trusted-authn-config.xml

@@ -13,14 +13,4 @@
        http://www.springframework.org/schema/webflow-config http://www.springframework.org/schema/webflow-config/spring-webflow-config-2.3.xsd">
 
 
-    <bean id="principalFromRemoteAction"
-          class="org.jasig.cas.adaptors.trusted.web.flow.PrincipalFromRequestRemoteUserNonInteractiveCredentialsAction"
-          p:centralAuthenticationService-ref="centralAuthenticationService" />
-
-    <bean id="trustedHandler"
-          class="org.jasig.cas.adaptors.trusted.authentication.handler.support.PrincipalBearingCredentialsAuthenticationHandler" />
-
-    <bean id="trustedPrincipalResolver"
-          class="org.jasig.cas.adaptors.trusted.authentication.principal.PrincipalBearingPrincipalResolver" />
-
 </beans>

settings.gradle

@@ -38,6 +38,7 @@ include ':cas-server-support-wsfederation-webflow'
 include ':cas-server-support-radius'
 include ':cas-server-support-spnego'
 include ':cas-server-support-trusted'
+include ':cas-server-support-trusted-webflow'
 include ':cas-server-support-x509'
 include ':cas-server-support-oauth'
 include ':cas-server-support-pac4j'