SEC-592

implemented NullStatelessTicketCache and test cases and made it the default for CasAuthenticationProvider.

core/src/main/java/org/springframework/security/providers/cas/CasAuthenticationProvider.java

@@ -22,6 +22,7 @@ import org.springframework.security.BadCredentialsException;
 
 import org.springframework.security.providers.AuthenticationProvider;
 import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
+import org.springframework.security.providers.cas.cache.NullStatelessTicketCache;
 
 import org.springframework.security.ui.cas.CasProcessingFilter;
 
@@ -59,7 +60,7 @@ public class CasAuthenticationProvider implements AuthenticationProvider, Initia
     private CasAuthoritiesPopulator casAuthoritiesPopulator;
     private CasProxyDecider casProxyDecider;
     protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
-    private StatelessTicketCache statelessTicketCache;
+    private StatelessTicketCache statelessTicketCache = new NullStatelessTicketCache();
     private String key;
     private TicketValidator ticketValidator;
 

core/src/main/java/org/springframework/security/providers/cas/cache/NullStatelessTicketCache.java

@@ -0,0 +1,63 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.providers.cas.cache;
+
+import org.springframework.security.providers.cas.CasAuthenticationProvider;
+import org.springframework.security.providers.cas.CasAuthenticationToken;
+import org.springframework.security.providers.cas.StatelessTicketCache;
+
+/**
+ * Implementation of @link {@link StatelessTicketCache} that has no backing cache.  Useful
+ * in instances where storing of tickets for stateless session management is not required.
+ * <p>
+ * This is the default StatelessTicketCache of the @link {@link CasAuthenticationProvider} to
+ * eliminate the unnecessary dependency on EhCache that applications have even if they are not using
+ * the stateless session management.
+ * 
+ * @author Scott Battaglia
+ * @version $Id$
+ *
+ *@see CasAuthenticationProvider
+ */
+public final class NullStatelessTicketCache implements StatelessTicketCache {
+
+	/**
+	 * @return null since we are not storing any tickets.
+	 */
+	public CasAuthenticationToken getByTicketId(final String serviceTicket) {
+		return null;
+	}
+
+	/**
+	 * This is a no-op since we are not storing tickets.
+	 */
+	public void putTicketInCache(final CasAuthenticationToken token) {
+		// nothing to do
+	}
+
+	/**
+	 * This is a no-op since we are not storing tickets.
+	 */
+	public void removeTicketFromCache(final CasAuthenticationToken token) {
+		// nothing to do
+	}
+
+	/**
+	 * This is a no-op since we are not storing tickets.
+	 */
+	public void removeTicketFromCache(final String serviceTicket) {
+		// nothing to do
+	}
+}

core/src/test/java/org/springframework/security/providers/cas/cache/NullStatelessTicketCacheTests.java

@@ -0,0 +1,62 @@
+/* Copyright 2004, 2005, 2006 Acegi Technology Pty Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.springframework.security.providers.cas.cache;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.springframework.security.GrantedAuthority;
+import org.springframework.security.GrantedAuthorityImpl;
+import org.springframework.security.providers.cas.CasAuthenticationToken;
+import org.springframework.security.providers.cas.StatelessTicketCache;
+import org.springframework.security.userdetails.User;
+
+import junit.framework.TestCase;
+
+/**
+ * Test cases for the @link {@link NullStatelessTicketCache}
+ * 
+ * @author Scott Battaglia
+ * @version $Id$
+ *
+ */
+public class NullStatelessTicketCacheTests extends TestCase {
+
+	private StatelessTicketCache cache = new NullStatelessTicketCache();
+	
+	public void testGetter() {
+		assertNull(cache.getByTicketId(null));
+		assertNull(cache.getByTicketId("test"));
+	}
+	
+	public void testInsertAndGet() {
+		final CasAuthenticationToken token = getToken();
+		cache.putTicketInCache(token);
+		assertNull(cache.getByTicketId((String) token.getCredentials()));
+	}
+
+	private CasAuthenticationToken getToken() {
+        List<String> proxyList = new ArrayList<String>();
+        proxyList.add("https://localhost/newPortal/j_spring_cas_security_check");
+
+        User user = new User("marissa", "password", true, true, true, true,
+                new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
+
+        return new CasAuthenticationToken("key", user, "ST-0-ER94xMJmn6pha35CQRoZ",
+            new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")}, user,
+            proxyList, "PGTIOU-0-R0zlgrl4pdAQwBvJWO3vnNpevwqStbSGcq3vKB2SqSFFRnjPHt");
+    }
+	
+}