AbstractMultiFactorAuthenticationViaFormAction (CAS MFA Java 1.0.0-RC5 API)

java.lang.Object
- org.springframework.webflow.action.AbstractAction
- - net.unicon.cas.mfa.web.flow.AbstractMultiFactorAuthenticationViaFormAction

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, org.springframework.webflow.execution.Action

Direct Known Subclasses:

InitiatingMultiFactorAuthenticationViaFormAction, TerminatingMultiFactorAuthenticationViaFormAction
```
public abstract class AbstractMultiFactorAuthenticationViaFormAction
extends org.springframework.webflow.action.AbstractAction
```
An abstraction that specifies how the authentication flow should behave. It primarily acts as a wrapper recipient of authentication requests via form, which is loosely mimics the behavior of AuthenticationViaFormAction.
Implementations are notified of the authentication type (MFA, non-MFA) and are responsible to act accordingly.

Author:

Misagh Moayyed

Field Summary

Fields
Modifier and Type	Field and Description
`protected org.jasig.cas.authentication.AuthenticationManager`	`authenticationManager` The authentication manager.
`protected AuthenticationMethodVerifier`	`authenticationMethodVerifier` The authenticationMethodVerifier.
`protected net.unicon.cas.addons.authentication.AuthenticationSupport`	`authenticationSupport` The authentication support.
`protected org.jasig.cas.CentralAuthenticationService`	`cas` The central authentication service.
`protected org.jasig.cas.web.bind.CredentialsBinder`	`credentialsBinder` The credentials binder.
`protected org.slf4j.Logger`	`logger` The logger.
`protected MultiFactorAuthenticationRequestResolver`	`multiFactorAuthenticationRequestResolver` MultiFactorAuthenticationRequestResolver.

Constructor Summary

Constructors
Modifier	Constructor and Description
`protected`	`AbstractMultiFactorAuthenticationViaFormAction(MultiFactorAuthenticationRequestResolver multiFactorAuthenticationRequestResolver, net.unicon.cas.addons.authentication.AuthenticationSupport authenticationSupport, AuthenticationMethodVerifier authenticationMethodVerifier, RequestedAuthenticationMethodRankingStrategy authenticationMethodRankingStrategy, String hostname)` Ctor.

Method Summary

Methods
Modifier and Type	Method and Description
`protected MultiFactorAuthenticationSupportingWebApplicationService`	`addToMfaTransactionAndGetHighestRankedMfaRequest(List<MultiFactorAuthenticationRequestContext> mfaRequests, org.springframework.webflow.execution.RequestContext context)` Add the request to mfa transaction, re-rank and return the newly ranked one.
`void`	`afterPropertiesSet()`
`protected abstract org.springframework.webflow.execution.Event`	`doAuthentication(org.springframework.webflow.execution.RequestContext context, org.jasig.cas.authentication.principal.Credentials credentials, org.springframework.binding.message.MessageContext messageContext, String id)` In the event of a non-MFA request, return the result of `getErrorEvent(RequestContext)` by default.
`void`	`doBind(org.springframework.webflow.execution.RequestContext context, org.jasig.cas.authentication.principal.Credentials credentials)` Bind the request to the credentials.
`protected org.springframework.webflow.execution.Event`	`doExecute(org.springframework.webflow.execution.RequestContext ctx)`
`protected org.springframework.webflow.execution.Event`	`doMultiFactorAuthentication(org.springframework.webflow.execution.RequestContext context, org.jasig.cas.authentication.principal.Credentials credentials, org.springframework.binding.message.MessageContext messageContext, String id)` In the event of an MFA request, authenticate the credentials by default, and place the authentication context back into the flow.
`protected org.springframework.webflow.execution.Event`	`getErrorEvent(org.springframework.webflow.execution.RequestContext context)` The webflow error event id.
`protected List<MultiFactorAuthenticationRequestContext>`	`getMfaRequestOrNull(org.jasig.cas.authentication.Authentication authentication, org.jasig.cas.authentication.principal.WebApplicationService service, org.springframework.webflow.execution.RequestContext context)` Get MFA request or null.
`protected org.springframework.webflow.execution.Event`	`getSuccessEvent(org.springframework.webflow.execution.RequestContext context)` Return the mfa webflow id.
`protected boolean`	`isValidLoginTicket(org.springframework.webflow.execution.RequestContext context, org.springframework.binding.message.MessageContext messageContext)` Checks if is valid login ticket.
`protected abstract org.springframework.webflow.execution.Event`	`multiFactorAuthenticationSuccessful(org.jasig.cas.authentication.Authentication authentication, org.springframework.webflow.execution.RequestContext context, org.jasig.cas.authentication.principal.Credentials credentials, org.springframework.binding.message.MessageContext messageContext, String id)` Multifactor authentication successful.
`protected void`	`populateErrorsInstance(String code, org.springframework.binding.message.MessageContext messageContext)` Populate errors instance.
`void`	`setCentralAuthenticationService(org.jasig.cas.CentralAuthenticationService centralAuthenticationService)` CAS instance used to handle authentications.
`void`	`setCredentialsBinder(org.jasig.cas.web.bind.CredentialsBinder credentialsBinder)` Set the binder instance.
`void`	`setErrorEventBuilder(MultiFactorAuthenticationSpringWebflowEventBuilder errorEventBuilder)`
`void`	`setMultiFactorAuthenticationManager(org.jasig.cas.authentication.AuthenticationManager manager)` Authentication manager instance to authenticate the user by its configured handlers as the first leg of an multifactor authentication sequence.
`void`	`setSuccessfulEventBuilder(MultiFactorAuthenticationSpringWebflowEventBuilder successfulEventBuilder)`

Methods inherited from class org.springframework.webflow.action.AbstractAction
doPostExecute, doPreExecute, error, error, execute, getActionNameForLogging, getEventFactorySupport, initAction, no, result, result, result, result, success, success, yes

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

protected final org.slf4j.Logger logger

The logger.

authenticationManager

@NotNull
protected org.jasig.cas.authentication.AuthenticationManager authenticationManager

The authentication manager.

cas

@NotNull
protected org.jasig.cas.CentralAuthenticationService cas

The central authentication service.

credentialsBinder

@NotNull
protected org.jasig.cas.web.bind.CredentialsBinder credentialsBinder

The credentials binder.

multiFactorAuthenticationRequestResolver

protected final MultiFactorAuthenticationRequestResolver multiFactorAuthenticationRequestResolver

MultiFactorAuthenticationRequestResolver.

authenticationSupport

protected final net.unicon.cas.addons.authentication.AuthenticationSupport authenticationSupport

The authentication support.

authenticationMethodVerifier

protected final AuthenticationMethodVerifier authenticationMethodVerifier

The authenticationMethodVerifier.

Constructor Detail

AbstractMultiFactorAuthenticationViaFormAction

protected AbstractMultiFactorAuthenticationViaFormAction(MultiFactorAuthenticationRequestResolver multiFactorAuthenticationRequestResolver,
                                              net.unicon.cas.addons.authentication.AuthenticationSupport authenticationSupport,
                                              AuthenticationMethodVerifier authenticationMethodVerifier,
                                              RequestedAuthenticationMethodRankingStrategy authenticationMethodRankingStrategy,
                                              String hostname)

Ctor.

Parameters:: multiFactorAuthenticationRequestResolver - multiFactorAuthenticationRequestResolver; authenticationSupport - authenticationSupport; authenticationMethodVerifier - authenticationMethodVerifier; authenticationMethodRankingStrategy - authenticationMethodRankingStrategy; hostname - the CAS server hostname

Method Detail

doBind

public final void doBind(org.springframework.webflow.execution.RequestContext context,
          org.jasig.cas.authentication.principal.Credentials credentials)
                  throws Exception

Bind the request to the credentials.

Parameters:: context - the context; credentials - credentials
Throws:: Exception - if the binding operation fails, or if the request cant be obtained

doMultiFactorAuthentication
```
protected final org.springframework.webflow.execution.Event doMultiFactorAuthentication(org.springframework.webflow.execution.RequestContext context,
                                                                      org.jasig.cas.authentication.principal.Credentials credentials,
                                                                      org.springframework.binding.message.MessageContext messageContext,
                                                                      String id)
                                                                                 throws Exception
```
In the event of an MFA request, authenticate the credentials by default, and place the authentication context back into the flow.
Coming from the 'doAuthentication' and checking if the principal mfa source has been ranked or not Or if coming straight from initial transition. In either case, if there is no mfa service already in the flow scope try to get the principal attribute sourced mfa request and re-rank the existing mfa tx, so the mfa service is always available in the flow scope for downstream subflows.
If we get to this method, the mfa transaction is guaranteed to be in the flow scope.

Parameters:
context - request context
credentials - the requesting credentials
messageContext - the message bundle manager
id - the identifier of the credential, based on implementation provided in the flow setup.

Returns:
the resulting event

Throws:

Exception - the exception

doAuthentication

protected abstract org.springframework.webflow.execution.Event doAuthentication(org.springframework.webflow.execution.RequestContext context,
                                                           org.jasig.cas.authentication.principal.Credentials credentials,
                                                           org.springframework.binding.message.MessageContext messageContext,
                                                           String id)
                                                                         throws Exception

In the event of a non-MFA request, return the result of getErrorEvent(RequestContext) by default. Implementations are expected to override this method if they wish to respond to authentication requests.

Parameters:: context - request context; credentials - the requesting credentials; messageContext - the message bundle manager; id - the identifier of the credential, based on implementation provided in the flow setup
Returns:: the resulting event
Throws:: Exception - the exception

isValidLoginTicket

protected final boolean isValidLoginTicket(org.springframework.webflow.execution.RequestContext context,
                         org.springframework.binding.message.MessageContext messageContext)

Checks if is valid login ticket.

Parameters:: context - the context; messageContext - the message context
Returns:: true, if is valid login ticket

multiFactorAuthenticationSuccessful

protected abstract org.springframework.webflow.execution.Event multiFactorAuthenticationSuccessful(org.jasig.cas.authentication.Authentication authentication,
                                                                              org.springframework.webflow.execution.RequestContext context,
                                                                              org.jasig.cas.authentication.principal.Credentials credentials,
                                                                              org.springframework.binding.message.MessageContext messageContext,
                                                                              String id)
                                                                                            throws org.jasig.cas.ticket.TicketException

Multifactor authentication successful.

Parameters:: authentication - the authentication; context - the context; credentials - the credentials; messageContext - the message context; id - the id
Returns:: the event
Throws:: org.jasig.cas.ticket.TicketException - in the event that granting the TGT fails.

setCredentialsBinder

public final void setCredentialsBinder(org.jasig.cas.web.bind.CredentialsBinder credentialsBinder)

Set the binder instance.

Parameters:: credentialsBinder - the binder instance

setCentralAuthenticationService
```
public final void setCentralAuthenticationService(org.jasig.cas.CentralAuthenticationService centralAuthenticationService)
```
CAS instance used to handle authentications. This CAS instance is only effective when the incoming service does not specify a valid loa.

Parameters:
centralAuthenticationService - the cas instance.

setSuccessfulEventBuilder

public void setSuccessfulEventBuilder(MultiFactorAuthenticationSpringWebflowEventBuilder successfulEventBuilder)

setErrorEventBuilder

public void setErrorEventBuilder(MultiFactorAuthenticationSpringWebflowEventBuilder errorEventBuilder)

setMultiFactorAuthenticationManager
```
public final void setMultiFactorAuthenticationManager(org.jasig.cas.authentication.AuthenticationManager manager)
```
Authentication manager instance to authenticate the user by its configured handlers as the first leg of an multifactor authentication sequence.

Parameters:
manager - the new multifactor authentication manager

getErrorEvent

protected final org.springframework.webflow.execution.Event getErrorEvent(org.springframework.webflow.execution.RequestContext context)

The webflow error event id.

Parameters:: context - the context
Returns:: error event id

getSuccessEvent

protected final org.springframework.webflow.execution.Event getSuccessEvent(org.springframework.webflow.execution.RequestContext context)

Return the mfa webflow id.

Parameters:: context - the request context
Returns:: the webflow id

afterPropertiesSet
```
public void afterPropertiesSet()
                        throws Exception
```
Specified by:

afterPropertiesSet in interface org.springframework.beans.factory.InitializingBean

Overrides:

afterPropertiesSet in class org.springframework.webflow.action.AbstractAction

Throws:

Exception

populateErrorsInstance

protected final void populateErrorsInstance(String code,
                          org.springframework.binding.message.MessageContext messageContext)

Populate errors instance.

Parameters:: code - the error code; messageContext - the message context

doExecute

protected final org.springframework.webflow.execution.Event doExecute(org.springframework.webflow.execution.RequestContext ctx)
                                                               throws Exception

Specified by:: doExecute in class org.springframework.webflow.action.AbstractAction
Throws:: Exception

getMfaRequestOrNull
```
protected List<MultiFactorAuthenticationRequestContext> getMfaRequestOrNull(org.jasig.cas.authentication.Authentication authentication,
                                                                org.jasig.cas.authentication.principal.WebApplicationService service,
                                                                org.springframework.webflow.execution.RequestContext context)
```
Get MFA request or null.
The service may be null and not available in the context, in cases where one is simply logging into CAS without noting the service application. In those cases, we need to mock up a service instance in order for authentication request resolver (i.e. based on principal attributes) to be able to establish the mfa context and walk the user through the mfa sequence if need be. This dummy service is based on the hostname provided to CAS via configuration, and is CAS itself.

Parameters:
authentication - the authentication
service - the service
context - the context

Returns:
mfa request or null

addToMfaTransactionAndGetHighestRankedMfaRequest

protected MultiFactorAuthenticationSupportingWebApplicationService addToMfaTransactionAndGetHighestRankedMfaRequest(List<MultiFactorAuthenticationRequestContext> mfaRequests,
                                                                                                        org.springframework.webflow.execution.RequestContext context)

Add the request to mfa transaction, re-rank and return the newly ranked one.

Parameters:: mfaRequests - the mfaRequest; context - the context
Returns:: newly ranked mfa request in the current mfa transaction

Class AbstractMultiFactorAuthenticationViaFormAction