From 7db94cb5b750fc862a52913f49202d2cbacfc623 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Thu, 17 Mar 2005 19:57:12 +0000
Subject: [PATCH] X509 UserDetails cache interface and implementation

---
 .../providers/x509/X509UserCache.java         |  26 +++++
 .../x509/cache/EhCacheBasedX509UserCache.java | 103 ++++++++++++++++++
 2 files changed, 129 insertions(+)
 create mode 100644 core/src/main/java/org/acegisecurity/providers/x509/X509UserCache.java
 create mode 100644 core/src/main/java/org/acegisecurity/providers/x509/cache/EhCacheBasedX509UserCache.java

diff --git a/core/src/main/java/org/acegisecurity/providers/x509/X509UserCache.java b/core/src/main/java/org/acegisecurity/providers/x509/X509UserCache.java
new file mode 100644
index 0000000000..2ee9720446
--- /dev/null
+++ b/core/src/main/java/org/acegisecurity/providers/x509/X509UserCache.java
@@ -0,0 +1,26 @@
+package net.sf.acegisecurity.providers.x509;
+
+import net.sf.acegisecurity.UserDetails;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * Provides a cache of {@link UserDetails} objects for the
+ * {@link X509AuthenticationProvider}.
+ * <p>
+ * Similar in function to the {@link net.sf.acegisecurity.providers.dao.UserCache}
+ * used by the Dao provider, but the cache is keyed with the user's certificate
+ * rather than the user name.  
+ * </p>
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public interface X509UserCache {
+
+    UserDetails getUserFromCache(X509Certificate userCertificate);
+
+    void putUserInCache(X509Certificate key, UserDetails user);
+
+    void removeUserFromCache(X509Certificate key);
+}
diff --git a/core/src/main/java/org/acegisecurity/providers/x509/cache/EhCacheBasedX509UserCache.java b/core/src/main/java/org/acegisecurity/providers/x509/cache/EhCacheBasedX509UserCache.java
new file mode 100644
index 0000000000..b748910f87
--- /dev/null
+++ b/core/src/main/java/org/acegisecurity/providers/x509/cache/EhCacheBasedX509UserCache.java
@@ -0,0 +1,103 @@
+/* Copyright 2004 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.sf.acegisecurity.providers.x509.cache;
+
+import net.sf.acegisecurity.UserDetails;
+import net.sf.acegisecurity.providers.dao.UserCache;
+import net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache;
+import net.sf.acegisecurity.providers.x509.X509UserCache;
+
+import net.sf.ehcache.Cache;
+import net.sf.ehcache.CacheException;
+import net.sf.ehcache.Element;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import org.springframework.beans.factory.InitializingBean;
+
+import org.springframework.dao.DataRetrievalFailureException;
+import org.springframework.util.Assert;
+
+import java.security.cert.X509Certificate;
+
+
+/**
+ * Caches <code>User</code> objects using a Spring IoC defined <a
+ * HREF="http://ehcache.sourceforge.net">EHCACHE</a>.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class EhCacheBasedX509UserCache implements X509UserCache, InitializingBean {
+    //~ Static fields/initializers =============================================
+
+    private static final Log logger = LogFactory.getLog(EhCacheBasedX509UserCache.class);
+
+    //~ Instance fields ========================================================
+
+    private Cache cache;
+
+    //~ Methods ================================================================
+
+    public void setCache(Cache cache) {
+        this.cache = cache;
+    }
+
+    public UserDetails getUserFromCache(X509Certificate userCert) {
+        Element element = null;
+
+        try {
+            element = cache.get(userCert);
+        } catch (CacheException cacheException) {
+            throw new DataRetrievalFailureException("Cache failure: "
+                + cacheException.getMessage());
+        }
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Cache hit: " + (element != null) + "; subjectDN: "
+                + userCert.getSubjectDN());
+        }
+
+        if (element == null) {
+            return null;
+        } else {
+            return (UserDetails) element.getValue();
+        }
+    }
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(cache, "cache is mandatory");
+    }
+
+    public void putUserInCache(X509Certificate userCert, UserDetails user) {
+        Element element = new Element(userCert, user);
+
+        if (logger.isDebugEnabled()) {
+            logger.debug("Cache put: " + element.getKey());
+        }
+
+        cache.put(element);
+    }
+
+    public void removeUserFromCache(X509Certificate userCert) {
+        if (logger.isDebugEnabled()) {
+            logger.debug("Cache remove: " + userCert.getSubjectDN());
+        }
+
+        this.removeUserFromCache(userCert);
+    }
+}