Add preauth mapper for UW System authenticated user. Bump to version 1.3.0

Creates an alternative  to the default Preauth attributes mapper (which is UW-Madison focused) that is specific to the common attributes for an authenticated UW System user.  

Note that in the System context eppn replaces uid as the response for usernameHeader, because uid is no longer a meaningful identifier in a federated context where the bare uid might not be unique unless it's scoped to an individual campus. 

The more the merrier: @paul.erickson @ahoffmann 

See merge request !14

Add support for deprecated mapping

To add backwards compatibility, additional mappings were added in the Attribute mapping.  Unit tests confirmed successful mapping.

Please review: @npblair @paul.erickson @ahoffmann 

See merge request !13

feat: Add optional REST Controller to simulate Shibboleth's session handler

This pull requests adds an optional REST Controller to simulate a response that matches the exact JSON format of Shibboleth's session handler.

Example: log in to https://test.my.wisc.edu. After completing login, visit https://test.my.wisc.edu/Shibboleth.sso/Session.json.

This controller is not active by default; in order to add it, activate the Spring Profile named `edu.wisc.uwss.simulated-shibboleth`.

Sample response for Amy Administrator:

```
{
  expiration: 480,
  client_address: "0:0:0:0:0:0:0:1",
  protocol: "urn:oasis:names:tc:SAML:2.0:protocol",
  identity_provider: "https://logintest.wisc.edu/idp/shibboleth",
  authn_instant: "2016-05-16T17:40:37.762",
  authncontext_class: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
  attributes: [
    {
      name: "persistent-id",
      values: [ "https://logintest.wisc.edu/idp/shibboleth!https://fake.wisc.edu/shibboleth!thisis/fake/PE="
]
    },
    {
      name: "uid",
      values: [ "admin" ]
    },
    {
      name: "pubcookie-user",
      values: [ "admin" ]
    },
    {
    name: "wiscEduPVI",
    values: [ "UW000A000" ]
    }
  ]
}
```

The idea for this came from a discussion with @levett.
Also notify @timothy-vertein @andrew-petro 

See merge request !11

feature: a callback interface allowing customization of UserDetailsService#loadUserByUsername

This pull request adds a callback interface that allows downstream projects to participate in one of the core Spring Security components of the `local-users` profile: the UserDetailsService.

During an authentication attempt, `UserDetailsService#loadUserByUsername` is used by Spring Security to first check if a User object exists for the username in the credentials. If no User object is found, no further credential check takes place; if a User object is found, other Spring Security components go about comparing the provided credentials in the authentication attempt to that object.

We have a use case in DoIT Number that is driving the need for this. DoIT Number has a custom `UWUserDetails` class that has some additional fields stored behind a DAO. If we didn't have this customization, DoIT Number would need to sub-class `LocalUserDetailsManagerImpl`, then somehow exclude that bean from the UWSpringSecurityConfiguration - not trivially possible.

The existing `LocalUserDetailsAttributesMapper` interface has a lifecycle that's not conducive to this type of request. Implementations of that interface are executed during application startup - and it is possible that the DAO may not be fully constructed at the time it's queried. We need a callback that fires at time of authentication attempt - not startup.
 
With this pull request, DoIT Number will simply have to register a Spring Bean as follows to query that DAO and attach the necessary data to their custom `UWUserDetails` class as part of `UserDetailsService#loadUserByUsername`:

```
@Component
class DNumberLocalUWUserDetailsCallback implements LocalUWUserDetailsCallback<DNumberUserDetailsImpl> {

  @Autowired
  private ControlDao controlDao;

  public void success(DNumberUserDetailsImpl userDetails) {
    userDetails.setControls(controlDao.getControls(userDetails.getUsername()));
  }
}
```

This type of feature is only needed for `local-users` and not for `preauth`. The `PreauthenticatedUserDetailsAttributeMapper` interface has a lifecycle already similar to LocalUWUserDetailsCallback (firing on authentication attempt, not startup). 

Notify @alundholm 

See merge request !12

Allows downstream projects to mutate the UWUserDetails instance returned by that core method.

New feature: simulated shibboleth session handler.

New feature: simulated shibboleth session handler.

Backed with current authenticated UWUserDetails.

Incorrectly had 1.0.3-SNAPSHOT hardcoded, should just match project.version

feature: Add uw-frame compatible REST API for /profile

This pull request adds a REST resource under `/profile` that transforms the current `UWUserDetails` into a format matching [uw-frame's session.json feed](https://github.com/UW-Madison-DoIT/uw-frame/blob/master/uw-frame-components/staticFeeds/session.json).

With this feature in place, uw-frame apps will be able to have the user attributes from the UW Spring Security principal display in the frame header.

Here's the familiar Amy Administrator, as output from `GET /profile/uw-frame`:

```
{
  username: "admin",
  displayName: "Amy Administrator",
  firstName: "Amy",
  lastName: "Administrator",
  serverName: "",
  version: "",
  sessionKey: ""
}
```

To configure this feature in a uw-frame app, one needs to create a file named `src/main/webapp/js/override.js` (if not already present) with the following contents:

```
define(['angular'], function(angular) {
    var config = angular.module('override', []);
    config
        .constant('OVERRIDE', {
            'SERVICE_LOC': {
                'sessionInfo' : 'profile/uw-frame',
            }
        })
    ;
    return config;
});
```

Notify @andrew-petro @levett @ahoffmann @paul.erickson @bjsousa @andrew-summers @alundholm 

To assignee @dwitter2 - the plan is to use this for capital-equipment and iaa-diagnostic-tool, among others, then we no longer have the mismatch in our demos (with frame defaulting to showing one logged in as 'Bucky'). 

See merge request !10

Now matches uw-frame format exactly.

Was accidentally nesting one folder too deep, e.g. /profile/profile.

Due to new features.

Add PviAttributeBindingFilter

AttributeBindingFilter is a filter that is used along with
rest-proxy to add headers to a request based on the attributes added
with the filter.

WIP for suggestions/critiques on the design and implementation.

Please review: @paul.erickson @ahoffmann @bjsousa 

See merge request !9

PviAttributeBindingFilter is a filter that binds the currently
authenticated user's PVI to the request as an attribute with the key
"wiscedupvi".

Switch to Map<String, String> for attributes

Using a Map allows for multiple attributes to be added to the request.

Change to AttributeBindingFilter for user specific attributes

Filter supports UWUserDetails style attributes (such as `wiscedupvi`) for
adding attributes specific to an authenticated user to a request.

Change to PviAttributeBindingFilter

The filter only needs to add a user's PVI as an attribute.

Add type check for principal

Principal is not always guaranteed to be a UWUserDetails instance at the
point it will hit this filter.

UdsPersonUserDetailsImpl#getPvi now returns computed PVI

PVI was returning null in previous version.

See merge request !8

Noise was copied from Spring Security SwitchUserFilter, not relevant to this use case, as it applies to every request, not just a special login attempt.