SEC-2824: One-time Password Feature

[spring-projects-issues]

Rob (Migrated from SEC-2824) said:

I've started putting together a plugin to add one-time password functionality (for 2-factor authentication) to Spring Security projects, and thought that this might be something others would want to use as well. Is there any interest in integrating this into the main Spring Security project?

https://github.com/upcrob/spring-security-otp

[spring-projects-issues]

Rob Winch said:

upcrob Thank you for your your offer for adding support. Adding support for multi-factor authentication is something we are looking to address in Spring Security 4.1 (see SEC-2390). We would love to get a PR for One Time Password features!

Can you put together a sample application (or perhaps there already is one) that uses your One Time Password features? This will be the easiest way for me to review what you have so far.

[spring-projects-issues]

Rob said:

Hi Rob. I've cobbled together a quick and dirty test app and placed it here: https://github.com/upcrob/spring-security-otp-test

It doesn't demonstrate every aspect of the plugin, but it's a good skeleton/starting point. Since the code is still somewhere in the apha/beta stage, I haven't setup a binary repository for the JAR file and I've added it as a flat file dependency in the test app.

Also, if you happen to have suggestions for mocking out the LDAP functionality for unit tests, I'd love to hear them. That's one area of the code that's lacking at present.