or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

authentication-components.mdevent-resolution.mdindex.mdprovider-selection.mdwebflow-actions.mdwebflow-configuration.mdwebflow-utilities.md

event-resolution.mddocs/

0
# Event Resolution
1


2
Components responsible for determining when MFA should be triggered and which providers should be used based on authentication context, policies, and service requirements. Event resolvers analyze the current authentication state and produce webflow events that drive MFA provider selection and activation.
3


4
## Capabilities
5


6
### AbstractCasMultifactorAuthenticationWebflowEventResolver
7


8
Base class for all MFA webflow event resolvers providing common operations and configuration context.
9


10
```java { .api }
11
/**
12
 * Abstract base class for MFA webflow event resolvers
13
 */
14
public abstract class AbstractCasMultifactorAuthenticationWebflowEventResolver 
15
    extends AbstractCasWebflowEventResolver {
16
    
17
    /**
18
     * Constructor accepting webflow event resolution configuration context
19
     * @param webflowEventResolutionConfigurationContext Configuration context for event resolution
20
     */
21
    protected AbstractCasMultifactorAuthenticationWebflowEventResolver(
22
        CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
23
}
24
```
25


26
### BaseMultifactorAuthenticationProviderEventResolver
27


28
Base class for MFA provider event resolvers with service resolution capabilities.
29


30
```java { .api }
31
/**
32
 * Base class for MFA provider event resolvers with service resolution
33
 */
34
public abstract class BaseMultifactorAuthenticationProviderEventResolver 
35
    extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
36
    
37
    /**
38
     * Constructor
39
     * @param webflowEventResolutionConfigurationContext Configuration context
40
     */
41
    protected BaseMultifactorAuthenticationProviderEventResolver(
42
        CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
43
    
44
    /**
45
     * Resolve registered service in request context
46
     * @param requestContext The webflow request context
47
     * @return Resolved RegisteredService or null if not found
48
     * @throws Throwable If service resolution fails
49
     */
50
    protected RegisteredService resolveRegisteredServiceInRequestContext(RequestContext requestContext) throws Throwable;
51
}
52
```
53


54
### SelectiveMultifactorAuthenticationProviderWebflowEventResolver
55


56
Extensible resolver designed for custom MFA provider selection logic extensions.
57


58
```java { .api }
59
/**
60
 * Stub resolver designed for extensions to perform additional MFA provider selection processes
61
 */
62
public class SelectiveMultifactorAuthenticationProviderWebflowEventResolver 
63
    extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
64
    
65
    /**
66
     * Constructor
67
     * @param webflowEventResolutionConfigurationContext Configuration context
68
     */
69
    public SelectiveMultifactorAuthenticationProviderWebflowEventResolver(
70
        CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
71
    
72
    /**
73
     * Resolve events for the given request context
74
     * @param context The webflow request context
75
     * @return Set of resolved events
76
     */
77
    @Override
78
    public Set<Event> resolveInternal(RequestContext context);
79
    
80
    /**
81
     * Resolve events based on authentication context
82
     * @param resolveEvents Collection of events to process
83
     * @param authentication Current authentication
84
     * @param registeredService Service being accessed
85
     * @param request HTTP servlet request
86
     * @param context Webflow request context
87
     * @param service Service object
88
     * @return Set of filtered events
89
     */
90
    protected Set<Event> resolveEventsInternal(
91
        Collection<Event> resolveEvents,
92
        Authentication authentication,
93
        RegisteredService registeredService,
94
        HttpServletRequest request,
95
        RequestContext context,
96
        Service service);
97
    
98
    /**
99
     * Filter events by multifactor authentication provider
100
     * @param events Collection of events to filter
101
     * @param authentication Current authentication
102
     * @param registeredService Service being accessed
103
     * @param request HTTP servlet request
104
     * @param context Webflow request context
105
     * @param providers Available MFA providers
106
     * @return Set of filtered events
107
     */
108
    protected Set<Event> filterEventsByMultifactorAuthenticationProvider(
109
        Collection<Event> events,
110
        Authentication authentication,
111
        RegisteredService registeredService,
112
        HttpServletRequest request,
113
        RequestContext context,
114
        Collection<MultifactorAuthenticationProvider> providers);
115
}
116
```
117


118
### RankedMultifactorAuthenticationProviderWebflowEventResolver
119


120
Handles MFA provider selection based on ranking and authentication context validation.
121


122
```java { .api }
123
/**
124
 * Event resolver that handles MFA provider selection based on ranking
125
 */
126
public class RankedMultifactorAuthenticationProviderWebflowEventResolver 
127
    extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
128
    
129
    /**
130
     * Constructor
131
     * @param configurationContext Configuration context
132
     * @param casDelegatingWebflowEventResolver Delegating event resolver
133
     * @param authenticationContextValidator MFA context validator
134
     * @param singleSignOnParticipationStrategy SSO participation strategy
135
     */
136
    public RankedMultifactorAuthenticationProviderWebflowEventResolver(
137
        CasWebflowEventResolutionConfigurationContext configurationContext,
138
        CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver,
139
        MultifactorAuthenticationContextValidator authenticationContextValidator,
140
        SingleSignOnParticipationStrategy singleSignOnParticipationStrategy);
141
    
142
    /**
143
     * Resolve events for the request context
144
     * @param context The webflow request context
145
     * @return Set of resolved events
146
     */
147
    @Override
148
    public Set<Event> resolveInternal(RequestContext context);
149
    
150
    /**
151
     * Resolve single event for the request context (audited method)
152
     * @param context The webflow request context
153
     * @return Single resolved event
154
     */
155
    @Audit(action = AuditableActions.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED,
156
           actionResolverName = AuditActionResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_ACTION_RESOLVER,
157
           resourceResolverName = AuditResourceResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_RESOURCE_RESOLVER)
158
    public Event resolveSingle(RequestContext context);
159
    
160
    /**
161
     * Add delegate resolver
162
     * @param resolver The resolver to add as delegate
163
     */
164
    public void addDelegate(CasWebflowEventResolver resolver);
165
    
166
    /**
167
     * Add delegate resolver at specific index
168
     * @param resolver The resolver to add as delegate
169
     * @param index The index position to insert at
170
     */
171
    public void addDelegate(CasWebflowEventResolver resolver, int index);
172
}
173
```
174


175
### CompositeProviderSelectionMultifactorWebflowEventResolver
176


177
Handles event resolution for composite/chaining MFA providers with cookie-based provider selection.
178


179
```java { .api }
180
/**
181
 * Event resolver for composite MFA providers with cookie-based selection
182
 */
183
public class CompositeProviderSelectionMultifactorWebflowEventResolver 
184
    extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
185
    
186
    /**
187
     * Constructor
188
     * @param webflowEventResolutionConfigurationContext Configuration context
189
     * @param compositeProviderSelectionCookieGenerator Cookie generator for provider selection
190
     */
191
    public CompositeProviderSelectionMultifactorWebflowEventResolver(
192
        CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext,
193
        CasCookieBuilder compositeProviderSelectionCookieGenerator);
194
    
195
    /**
196
     * Filter events by multifactor authentication provider (overridden for composite logic)
197
     * @param events Collection of events to filter
198
     * @param authentication Current authentication
199
     * @param registeredService Service being accessed
200
     * @param request HTTP servlet request
201
     * @param context Webflow request context
202
     * @param providers Available MFA providers
203
     * @return Set of filtered events
204
     */
205
    @Override
206
    protected Set<Event> filterEventsByMultifactorAuthenticationProvider(
207
        Collection<Event> events,
208
        Authentication authentication,
209
        RegisteredService registeredService,
210
        HttpServletRequest request,
211
        RequestContext context,
212
        Collection<MultifactorAuthenticationProvider> providers);
213
}
214
```
215


216
### DefaultMultifactorAuthenticationProviderWebflowEventResolver
217


218
Default implementation for resolving MFA providers based on configured triggers and policies.
219


220
```java { .api }
221
/**
222
 * Default implementation for resolving MFA providers based on triggers
223
 */
224
public class DefaultMultifactorAuthenticationProviderWebflowEventResolver 
225
    extends BaseMultifactorAuthenticationProviderEventResolver {
226
    
227
    /**
228
     * Constructor
229
     * @param webflowEventResolutionConfigurationContext Configuration context
230
     */
231
    public DefaultMultifactorAuthenticationProviderWebflowEventResolver(
232
        CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
233
    
234
    /**
235
     * Resolve events for the request context
236
     * @param context The webflow request context
237
     * @return Set of resolved events
238
     */
239
    @Override
240
    public Set<Event> resolveInternal(RequestContext context);
241
    
242
    /**
243
     * Resolve single event for the request context (audited method)
244
     * @param context The webflow request context
245
     * @return Single resolved event
246
     */
247
    @Audit(action = AuditableActions.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED,
248
           actionResolverName = AuditActionResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_ACTION_RESOLVER,
249
           resourceResolverName = AuditResourceResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_RESOURCE_RESOLVER)
250
    public Event resolveSingle(RequestContext context);
251
    
252
    /**
253
     * Determine multifactor authentication provider based on context
254
     * @param authentication Current authentication
255
     * @param registeredService Service being accessed
256
     * @param context Webflow request context
257
     * @return Optional containing determined MFA provider
258
     */
259
    protected Optional<MultifactorAuthenticationProvider> determineMultifactorAuthenticationProvider(
260
        Authentication authentication,
261
        RegisteredService registeredService,
262
        RequestContext context);
263
}
264
```
265


266
### FinalMultifactorAuthenticationTransactionWebflowEventResolver
267


268
Final resolver that handles authentication transaction completion and ticket granting.
269


270
```java { .api }
271
/**
272
 * Final resolver handling authentication transaction completion
273
 */
274
public class FinalMultifactorAuthenticationTransactionWebflowEventResolver 
275
    extends BaseMultifactorAuthenticationProviderEventResolver {
276
    
277
    /**
278
     * Constructor
279
     * @param webflowEventResolutionConfigurationContext Configuration context
280
     */
281
    public FinalMultifactorAuthenticationTransactionWebflowEventResolver(
282
        CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
283
    
284
    /**
285
     * Resolve events for transaction completion
286
     * @param context The webflow request context
287
     * @return Set of resolved events
288
     */
289
    @Override
290
    public Set<Event> resolveInternal(RequestContext context);
291
    
292
    /**
293
     * Resolve single event for transaction completion (audited method)
294
     * @param context The webflow request context
295
     * @return Single resolved event
296
     */
297
    @Audit(action = AuditableActions.AUTHENTICATION_EVENT_RESOLVED,
298
           actionResolverName = AuditActionResolvers.AUTHENTICATION_EVENT_RESOLVED_ACTION_RESOLVER,
299
           resourceResolverName = AuditResourceResolvers.AUTHENTICATION_EVENT_RESOLVED_RESOURCE_RESOLVER)
300
    public Event resolveSingle(RequestContext context);
301
}
302
```
303


304
**Usage Example:**
305


306
```java
307
@Configuration
308
public class MyMfaEventResolverConfiguration {
309
    
310
    @Bean
311
    public CasWebflowEventResolver myCustomEventResolver(
312
        @Qualifier("casWebflowConfigurationContext") 
313
        CasWebflowEventResolutionConfigurationContext context) {
314
        
315
        return new MyCustomEventResolver(context);
316
    }
317
    
318
    private static class MyCustomEventResolver extends SelectiveMultifactorAuthenticationProviderWebflowEventResolver {
319
        
320
        public MyCustomEventResolver(CasWebflowEventResolutionConfigurationContext context) {
321
            super(context);
322
        }
323
        
324
        @Override
325
        protected Set<Event> resolveEventsInternal(
326
            Collection<Event> resolveEvents,
327
            Authentication authentication,
328
            RegisteredService registeredService,
329
            HttpServletRequest request,
330
            RequestContext context,
331
            Service service) {
332
            
333
            // Custom logic to determine which MFA events should be triggered
334
            if (shouldTriggerMfa(authentication, registeredService)) {
335
                return filterEventsByMultifactorAuthenticationProvider(
336
                    resolveEvents, authentication, registeredService, 
337
                    request, context, getAvailableProviders());
338
            }
339
            return Set.of();
340
        }
341
        
342
        private boolean shouldTriggerMfa(Authentication auth, RegisteredService service) {
343
            // Custom MFA triggering logic
344
            return true;
345
        }
346
    }
347
}
348
```