Add MFA Samples

servlet/spring-boot/java/authentication/mfa/formLogin+ott/.gitignore

@@ -0,0 +1,37 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+out/
+!**/src/main/**/out/
+!**/src/test/**/out/
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+### VS Code ###
+.vscode/

servlet/spring-boot/java/authentication/mfa/formLogin+ott/README.adoc

@@ -0,0 +1,61 @@
+= Form Login + One-Time-Token Login MFA Sample
+
+This sample demonstrates Spring Security's support for multifactor authentication, specifically when using username/password and one-time-token as the two factors.
+
+[[usage]]
+== Usage
+
+To use the application, please run:
+
+[source,bash]
+----
+./gradlew :bootRun
+----
+
+You can then navigate to http://localhost:8080 where you will be presented with the default page, showing both the login and ott forms.
+
+You can start with either; once authenticated, you'll be asked to give the other as well.
+
+=== Username/Password Login
+
+The username/password is `user/password`.
+
+=== One-Time-Token Login
+
+The username is `user`.
+
+After clicking the submission button, you will be redirected to a page where you can enter the code given.
+You can find the code in the logs like so:
+
+[source,bash]
+----
+********************************************************
+
+Use this one-time token: 1319c31d-c5e0-4123-9b1f-3ffc34aba673
+
+********************************************************
+----
+
+== Configuring
+
+There are three profiles in this sample; `default`, `custom-pages`, and `elevated-security`.
+
+`default` is the arrangement described in <<usage>>.
+
+`custom-pages` shows the same, but with a custom page for login and a custom page for one-time-token.
+
+This can be launched with:
+
+[source,bash]
+----
+./gradlew :bootRun --args='spring.profiles.active=custom-pages'
+----
+
+`elevated-security` allows login with either, and will ask for one-time-token login for only the `/profile` page.
+
+This can be launched with:
+
+[source,bash]
+----
+./gradlew :bootRun --args='spring.profiles.active=elevated-security'
+----

servlet/spring-boot/java/authentication/mfa/formLogin+ott/build.gradle

@@ -0,0 +1,31 @@
+plugins {
+	id 'java'
+	alias(libs.plugins.io.spring.dependency.management)
+	alias(libs.plugins.org.springframework.boot)
+}
+
+java {
+	toolchain {
+		languageVersion = JavaLanguageVersion.of(17)
+	}
+}
+
+repositories {
+	mavenCentral()
+	maven { url "https://repo.spring.io/milestone" }
+	maven { url "https://repo.spring.io/snapshot" }
+}
+
+dependencies {
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
+	implementation 'org.springframework.boot:spring-boot-starter-web'
+	implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'org.springframework.security:spring-security-test'
+	testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+}
+
+tasks.named('test') {
+	useJUnitPlatform()
+}

servlet/spring-boot/java/authentication/mfa/formLogin+ott/gradle.properties

@@ -0,0 +1,4 @@
+version=6.1.1
+spring-security.version=7.0.0-SNAPSHOT
+org.gradle.jvmargs=-Xmx6g -XX:+HeapDumpOnOutOfMemoryError
+org.gradle.caching=true

servlet/spring-boot/java/authentication/mfa/formLogin+ott/gradle/libs.versions.toml

@@ -0,0 +1 @@
+../../../../../../../gradle/libs.versions.toml

servlet/spring-boot/java/authentication/mfa/formLogin+ott/gradle/wrapper/gradle-wrapper.properties

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists