feat: allow java SPIs to load principal name transformers

NOTICE

@@ -1,4 +1,4 @@
-Copyright 2024, The Apereo Foundation
+Copyright 2025, The Apereo Foundation
 This project includes software developed by The Apereo Foundation.
 https://www.apereo.org/
 

core/cas-server-core-authentication-api/src/main/java/org/apereo/cas/authentication/principal/PrincipalNameTransformerUtils.java

@@ -10,10 +10,10 @@
 import org.apereo.cas.util.transforms.GroovyPrincipalNameTransformer;
 import org.apereo.cas.util.transforms.PrefixSuffixPrincipalNameTransformer;
 import org.apereo.cas.util.transforms.RegexPrincipalNameTransformer;
-
 import lombok.experimental.UtilityClass;
 import lombok.val;
 import org.apache.commons.lang3.StringUtils;
+import java.util.ServiceLoader;
 
 /**
  * This is {@link PrincipalNameTransformerUtils}.
@@ -67,6 +67,11 @@ public static PrincipalNameTransformer newPrincipalNameTransformer(final Princip
             chain.addTransformer(t);
         }
 
+        val transformers = ServiceLoader.load(PrincipalNameTransformer.class)
+            .stream()
+            .map(ServiceLoader.Provider::get)
+            .toList();
+        chain.addTransformers(transformers);
         return chain;
     }
 }

core/cas-server-core-authentication-api/src/test/java/org/apereo/cas/authentication/principal/PrincipalNameTransformerUtilsTests.java

@@ -22,8 +22,8 @@ class PrincipalNameTransformerUtilsTests {
     void verifyBlockingAction() {
         val properties = new PrincipalTransformationProperties();
         properties.setBlockingPattern(".+@.+\\.com");
-        val t = PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties);
-        assertThrows(PreventedException.class, () -> t.transform("[email protected]"));
+        val transformer = PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties);
+        assertThrows(PreventedException.class, () -> transformer.transform("[email protected]"));
     }
 
     @Test
@@ -32,8 +32,8 @@ void verifyAction() throws Throwable {
         properties.setPrefix("prefix-");
         properties.setSuffix("-suffix");
         properties.setCaseConversion(PrincipalTransformationProperties.CaseConversion.UPPERCASE);
-        val t = PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties);
-        val result = t.transform("userid");
+        val transformer = PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties);
+        val result = transformer.transform("userid");
         assertEquals("PREFIX-USERID-SUFFIX", result);
     }
 
@@ -42,8 +42,8 @@ void verifyGroovyAction() {
         val properties = new PrincipalTransformationProperties();
         properties.getGroovy().setLocation(new ClassPathResource("SomeGroovyScript.groovy"));
         properties.setCaseConversion(PrincipalTransformationProperties.CaseConversion.LOWERCASE);
-        val t = PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties);
-        assertNotNull(t);
+        val transformer = PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties);
+        assertNotNull(transformer);
     }
 
     @Test

core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/transforms/ChainingPrincipalNameTransformer.java

@@ -2,13 +2,15 @@
 
 import org.apereo.cas.authentication.handler.PrincipalNameTransformer;
 
+import com.google.errorprone.annotations.CanIgnoreReturnValue;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.ToString;
 import lombok.val;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -38,8 +40,23 @@ public String transform(final String formUserId) throws Throwable{
      * Add transformer.
      *
      * @param transformer the transformer
+     * @return the chaining principal name transformer
      */
-    public void addTransformer(final PrincipalNameTransformer transformer) {
-        this.transformers.add(transformer);
+    @CanIgnoreReturnValue
+    public ChainingPrincipalNameTransformer addTransformer(final PrincipalNameTransformer transformer) {
+        return addTransformers(List.of(transformer));
     }
+
+    /**
+     * Add transformers chaining principal name transformer.
+     *
+     * @param input the input
+     * @return the chaining principal name transformer
+     */
+    @CanIgnoreReturnValue
+    public ChainingPrincipalNameTransformer addTransformers(final List<PrincipalNameTransformer> input) {
+        transformers.addAll(input);
+        return this;
+    }
+
 }

core/cas-server-core-util-api/src/main/java/org/apereo/cas/util/transforms/RegexPrincipalNameTransformer.java

@@ -25,7 +25,7 @@ public RegexPrincipalNameTransformer(final String pattern) {
 
     @Override
     public String transform(final String username) {
-        val matcher = this.pattern.matcher(username);
+        val matcher = pattern.matcher(username);
         if (matcher.find()) {
             return matcher.group(1);
         }

docs/cas-server-documentation/developer/Maintenance-Policy.md

@@ -67,7 +67,7 @@ The following CAS releases will transition into a security-patch mode (SPM) only
 | Release | SPM Starting Date  |             Full EOL |
 |---------|:------------------:|---------------------:|
 | `7.1.x` |  March 31st, 2025  | September 30th, 2025 |
-| `7.0.x` | October 31st, 2024 |  April 30th, 2025 |
+| `7.0.x` | October 31st, 2024 |     April 30th, 2025 |
 
 All previous releases absent in the above table are considered EOLed.
 

docs/cas-server-documentation/protocol/CAS-Protocol-Specification.md

@@ -29,7 +29,7 @@ Release Date: 2017-12-01
 
 Copyright © 2005, Yale University
 
-Copyright © 2024, Apereo, Inc.
+Copyright © 2025, Apereo, Inc.
 
 <a name="head1"/>
 

gradle.properties

@@ -59,7 +59,7 @@ javersVersion=7.7.0
 ###############################
 junitVersion=5.11.4
 junitPlatformVersion=1.11.4
-mockitoVersion=5.14.2
+mockitoVersion=5.15.2
 mockitoInlineVersion=5.2.0
 junitPioneerVersion=2.3.0
 awaitilityVersion=4.2.2
@@ -110,7 +110,7 @@ logbackVersion=1.5.15
 logbackAccessVersion=1.5.15
 fluentdVersion=0.3.4
 fluentdLog4jVersion=1.0.0
-sentryVersion=7.19.1
+sentryVersion=7.20.0
 elasticApmVersion=1.52.1
 ###############################
 # Spring versions
@@ -302,7 +302,7 @@ azureIdentityVersion=1.14.2
 ###############################
 # JSON versions
 ###############################
-jsonVersion=20240303
+jsonVersion=20241224
 hjsonVersion=3.1.0
 jsoupVersion=1.18.3
 jsonSmartVersion=2.5.1
@@ -389,7 +389,7 @@ textMagicVersion=2.0.2456
 ###############################
 # JWT versions
 ###############################
-nimbusJoseVersion=9.48
+nimbusJoseVersion=10.0.1
 nimbusOidcVersion=11.20.1
 jose4jVersion=0.9.6
 ###############################
@@ -454,7 +454,7 @@ fontAwesomeVersion=6.7.1
 chartJsVersion=4.4.7
 animateCssVersion=4.1.1
 aceEditorVersion=1.37.1
-sweetAlertVersion=11.15.3
+sweetAlertVersion=11.15.5
 datatablesVersion=2.1.8
 bootstrapSelectVersion=1.13.18
 mdiFontVersion=7.4.47

support/cas-server-support-thymeleaf/src/main/resources/messages.properties

@@ -191,7 +191,7 @@ screen.defaultauthn.title=Static Authentication
 screen.defaultauthn.heading=CAS is configured to accept a static list of users for primary authentication. This is <strong>ONLY</strong> useful for \
   demo purposes. It is recommended that you connect CAS to LDAP, JDBC, etc. instead.
 logo.title=go to Apereo home page
-copyright=Copyright &copy; 2005&ndash;2024 Apereo, Inc.
+copyright=Copyright &copy; 2005&ndash;2025 Apereo, Inc.
 poweredBy=Powered by 
 screen.capslock.on = CAPSLOCK key is turned on!
 screen.button.continue=Continue

support/cas-server-support-thymeleaf/src/main/resources/messages_fr.properties

@@ -178,7 +178,7 @@ screen.defaultauthn.title=Authentification statique
 screen.defaultauthn.heading=CAS est configuré pour accepter une liste statique d’utilisateurs pour l’authentification principale. \
   Veuillez noter que ceci est UNIQUEMENT utile à des fins de démonstration. Il est recommandé d’utiliser CAS avec un serveur LDAP, JDBC, etc. à la place.
 logo.title=Aller à la page d’accueil Apereo
-copyright=Copyright © 2005–2024 Apereo, Inc.
+copyright=Copyright © 2005–2025 Apereo, Inc.
 screen.capslock.on=La touche Verr. Maj. est activée !
 screen.button.continue=Continuer
 screen.post.response.message=Vous allez être redirigé vers {0}.

support/cas-server-support-thymeleaf/src/main/resources/messages_zh_CN.properties

@@ -119,7 +119,7 @@ screen.account.unlock.success=您的账户现已解锁，请注意此更改可
 screen.defaultauthn.title=静态认证
 screen.defaultauthn.heading=CAS配置为接受静态用户列表以进行主要身份验证，<strong>这仅用于演示目的</strong>， 建议您将CAS连接到LDAP、JDBC等进行认证。
 logo.title=转到Apereo网站首页
-copyright=版权所有 &copy; 2005&ndash;2024 Apereo, Inc.
+copyright=版权所有 &copy; 2005&ndash;2025 Apereo, Inc.
 screen.capslock.on=CAPSLOCK 键已打开！
 screen.button.continue=继续
 screen.post.response.message=您正在被重定向到{0}。