tessl/maven-org-apereo-cas--cas-server-core-webflow-mfa-api
Core API for multifactor authentication webflow configuration in Apereo CAS providing interfaces and base classes for MFA provider integration
—
Pending
event-resolution.mddocs/
Event Resolution
Components responsible for determining when MFA should be triggered and which providers should be used based on authentication context, policies, and service requirements. Event resolvers analyze the current authentication state and produce webflow events that drive MFA provider selection and activation.
Capabilities
AbstractCasMultifactorAuthenticationWebflowEventResolver
Base class for all MFA webflow event resolvers providing common operations and configuration context.
/**
* Abstract base class for MFA webflow event resolvers
*/
public abstract class AbstractCasMultifactorAuthenticationWebflowEventResolver
extends AbstractCasWebflowEventResolver {
/**
* Constructor accepting webflow event resolution configuration context
* @param webflowEventResolutionConfigurationContext Configuration context for event resolution
*/
protected AbstractCasMultifactorAuthenticationWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
}BaseMultifactorAuthenticationProviderEventResolver
Base class for MFA provider event resolvers with service resolution capabilities.
/**
* Base class for MFA provider event resolvers with service resolution
*/
public abstract class BaseMultifactorAuthenticationProviderEventResolver
extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
/**
* Constructor
* @param webflowEventResolutionConfigurationContext Configuration context
*/
protected BaseMultifactorAuthenticationProviderEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
/**
* Resolve registered service in request context
* @param requestContext The webflow request context
* @return Resolved RegisteredService or null if not found
* @throws Throwable If service resolution fails
*/
protected RegisteredService resolveRegisteredServiceInRequestContext(RequestContext requestContext) throws Throwable;
}SelectiveMultifactorAuthenticationProviderWebflowEventResolver
Extensible resolver designed for custom MFA provider selection logic extensions.
/**
* Stub resolver designed for extensions to perform additional MFA provider selection processes
*/
public class SelectiveMultifactorAuthenticationProviderWebflowEventResolver
extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
/**
* Constructor
* @param webflowEventResolutionConfigurationContext Configuration context
*/
public SelectiveMultifactorAuthenticationProviderWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
/**
* Resolve events for the given request context
* @param context The webflow request context
* @return Set of resolved events
*/
@Override
public Set<Event> resolveInternal(RequestContext context);
/**
* Resolve events based on authentication context
* @param resolveEvents Collection of events to process
* @param authentication Current authentication
* @param registeredService Service being accessed
* @param request HTTP servlet request
* @param context Webflow request context
* @param service Service object
* @return Set of filtered events
*/
protected Set<Event> resolveEventsInternal(
Collection<Event> resolveEvents,
Authentication authentication,
RegisteredService registeredService,
HttpServletRequest request,
RequestContext context,
Service service);
/**
* Filter events by multifactor authentication provider
* @param events Collection of events to filter
* @param authentication Current authentication
* @param registeredService Service being accessed
* @param request HTTP servlet request
* @param context Webflow request context
* @param providers Available MFA providers
* @return Set of filtered events
*/
protected Set<Event> filterEventsByMultifactorAuthenticationProvider(
Collection<Event> events,
Authentication authentication,
RegisteredService registeredService,
HttpServletRequest request,
RequestContext context,
Collection<MultifactorAuthenticationProvider> providers);
}RankedMultifactorAuthenticationProviderWebflowEventResolver
Handles MFA provider selection based on ranking and authentication context validation.
/**
* Event resolver that handles MFA provider selection based on ranking
*/
public class RankedMultifactorAuthenticationProviderWebflowEventResolver
extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
/**
* Constructor
* @param configurationContext Configuration context
* @param casDelegatingWebflowEventResolver Delegating event resolver
* @param authenticationContextValidator MFA context validator
* @param singleSignOnParticipationStrategy SSO participation strategy
*/
public RankedMultifactorAuthenticationProviderWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext configurationContext,
CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver,
MultifactorAuthenticationContextValidator authenticationContextValidator,
SingleSignOnParticipationStrategy singleSignOnParticipationStrategy);
/**
* Resolve events for the request context
* @param context The webflow request context
* @return Set of resolved events
*/
@Override
public Set<Event> resolveInternal(RequestContext context);
/**
* Resolve single event for the request context (audited method)
* @param context The webflow request context
* @return Single resolved event
*/
@Audit(action = AuditableActions.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED,
actionResolverName = AuditActionResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_ACTION_RESOLVER,
resourceResolverName = AuditResourceResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_RESOURCE_RESOLVER)
public Event resolveSingle(RequestContext context);
/**
* Add delegate resolver
* @param resolver The resolver to add as delegate
*/
public void addDelegate(CasWebflowEventResolver resolver);
/**
* Add delegate resolver at specific index
* @param resolver The resolver to add as delegate
* @param index The index position to insert at
*/
public void addDelegate(CasWebflowEventResolver resolver, int index);
}CompositeProviderSelectionMultifactorWebflowEventResolver
Handles event resolution for composite/chaining MFA providers with cookie-based provider selection.
/**
* Event resolver for composite MFA providers with cookie-based selection
*/
public class CompositeProviderSelectionMultifactorWebflowEventResolver
extends AbstractCasMultifactorAuthenticationWebflowEventResolver {
/**
* Constructor
* @param webflowEventResolutionConfigurationContext Configuration context
* @param compositeProviderSelectionCookieGenerator Cookie generator for provider selection
*/
public CompositeProviderSelectionMultifactorWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext,
CasCookieBuilder compositeProviderSelectionCookieGenerator);
/**
* Filter events by multifactor authentication provider (overridden for composite logic)
* @param events Collection of events to filter
* @param authentication Current authentication
* @param registeredService Service being accessed
* @param request HTTP servlet request
* @param context Webflow request context
* @param providers Available MFA providers
* @return Set of filtered events
*/
@Override
protected Set<Event> filterEventsByMultifactorAuthenticationProvider(
Collection<Event> events,
Authentication authentication,
RegisteredService registeredService,
HttpServletRequest request,
RequestContext context,
Collection<MultifactorAuthenticationProvider> providers);
}DefaultMultifactorAuthenticationProviderWebflowEventResolver
Default implementation for resolving MFA providers based on configured triggers and policies.
/**
* Default implementation for resolving MFA providers based on triggers
*/
public class DefaultMultifactorAuthenticationProviderWebflowEventResolver
extends BaseMultifactorAuthenticationProviderEventResolver {
/**
* Constructor
* @param webflowEventResolutionConfigurationContext Configuration context
*/
public DefaultMultifactorAuthenticationProviderWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
/**
* Resolve events for the request context
* @param context The webflow request context
* @return Set of resolved events
*/
@Override
public Set<Event> resolveInternal(RequestContext context);
/**
* Resolve single event for the request context (audited method)
* @param context The webflow request context
* @return Single resolved event
*/
@Audit(action = AuditableActions.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED,
actionResolverName = AuditActionResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_ACTION_RESOLVER,
resourceResolverName = AuditResourceResolvers.MULTIFACTOR_AUTHENTICATION_EVENT_RESOLVED_RESOURCE_RESOLVER)
public Event resolveSingle(RequestContext context);
/**
* Determine multifactor authentication provider based on context
* @param authentication Current authentication
* @param registeredService Service being accessed
* @param context Webflow request context
* @return Optional containing determined MFA provider
*/
protected Optional<MultifactorAuthenticationProvider> determineMultifactorAuthenticationProvider(
Authentication authentication,
RegisteredService registeredService,
RequestContext context);
}FinalMultifactorAuthenticationTransactionWebflowEventResolver
Final resolver that handles authentication transaction completion and ticket granting.
/**
* Final resolver handling authentication transaction completion
*/
public class FinalMultifactorAuthenticationTransactionWebflowEventResolver
extends BaseMultifactorAuthenticationProviderEventResolver {
/**
* Constructor
* @param webflowEventResolutionConfigurationContext Configuration context
*/
public FinalMultifactorAuthenticationTransactionWebflowEventResolver(
CasWebflowEventResolutionConfigurationContext webflowEventResolutionConfigurationContext);
/**
* Resolve events for transaction completion
* @param context The webflow request context
* @return Set of resolved events
*/
@Override
public Set<Event> resolveInternal(RequestContext context);
/**
* Resolve single event for transaction completion (audited method)
* @param context The webflow request context
* @return Single resolved event
*/
@Audit(action = AuditableActions.AUTHENTICATION_EVENT_RESOLVED,
actionResolverName = AuditActionResolvers.AUTHENTICATION_EVENT_RESOLVED_ACTION_RESOLVER,
resourceResolverName = AuditResourceResolvers.AUTHENTICATION_EVENT_RESOLVED_RESOURCE_RESOLVER)
public Event resolveSingle(RequestContext context);
}Usage Example:
@Configuration
public class MyMfaEventResolverConfiguration {
@Bean
public CasWebflowEventResolver myCustomEventResolver(
@Qualifier("casWebflowConfigurationContext")
CasWebflowEventResolutionConfigurationContext context) {
return new MyCustomEventResolver(context);
}
private static class MyCustomEventResolver extends SelectiveMultifactorAuthenticationProviderWebflowEventResolver {
public MyCustomEventResolver(CasWebflowEventResolutionConfigurationContext context) {
super(context);
}
@Override
protected Set<Event> resolveEventsInternal(
Collection<Event> resolveEvents,
Authentication authentication,
RegisteredService registeredService,
HttpServletRequest request,
RequestContext context,
Service service) {
// Custom logic to determine which MFA events should be triggered
if (shouldTriggerMfa(authentication, registeredService)) {
return filterEventsByMultifactorAuthenticationProvider(
resolveEvents, authentication, registeredService,
request, context, getAvailableProviders());
}
return Set.of();
}
private boolean shouldTriggerMfa(Authentication auth, RegisteredService service) {
// Custom MFA triggering logic
return true;
}
}
}Install with Tessl CLI
npx tessl i tessl/maven-org-apereo-cas--cas-server-core-webflow-mfa-api