Added caching and use of Spring's Assert to X509 provider

core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationProvider.java

@@ -1,11 +1,13 @@
 package net.sf.acegisecurity.providers.x509;
 
 import net.sf.acegisecurity.providers.AuthenticationProvider;
+import net.sf.acegisecurity.providers.x509.cache.NullX509UserCache;
 import net.sf.acegisecurity.Authentication;
 import net.sf.acegisecurity.AuthenticationException;
 import net.sf.acegisecurity.UserDetails;
 import net.sf.acegisecurity.BadCredentialsException;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.util.Assert;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
@@ -16,8 +18,10 @@ import java.security.cert.X509Certificate;
  * <p>
  * The request will typically originate from
  * {@link net.sf.acegisecurity.ui.x509.X509ProcessingFilter}).
+ * </p>
  *
  * @author Luke Taylor
+ * @version $Id$
  */
 public class X509AuthenticationProvider implements AuthenticationProvider,
     InitializingBean {
@@ -28,6 +32,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
     //~ Instance fields ========================================================
 
     private X509AuthoritiesPopulator x509AuthoritiesPopulator;
+    private X509UserCache userCache = new NullX509UserCache();
 
     //~ Methods ================================================================
 
@@ -35,10 +40,13 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
         this.x509AuthoritiesPopulator = x509AuthoritiesPopulator;
     }
 
-    public void afterPropertiesSet() throws Exception {
+    public void setX509UserCache(X509UserCache cache) {
-        if(x509AuthoritiesPopulator == null) {
+        this.userCache = cache;
-            throw new IllegalArgumentException("An X509AuthoritiesPopulator must be set");
     }
+
+    public void afterPropertiesSet() throws Exception {
+        Assert.notNull(userCache, "An x509UserCache must be set");
+        Assert.notNull(x509AuthoritiesPopulator, "An X509AuthoritiesPopulator must be set");
     }
 
     /**
@@ -71,13 +79,15 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
             throw new BadCredentialsException("Certificate is null.");
         }
 
-        // TODO: Cache
+        UserDetails user = userCache.getUserFromCache(clientCertificate);
 
+        if(user == null) {
             logger.debug("Authenticating with certificate " + clientCertificate);
+            user = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
+            userCache.putUserInCache(clientCertificate, user);
+        }
 
-        UserDetails userDetails = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
+        return new X509AuthenticationToken(user, clientCertificate, user.getAuthorities());
-
-        return new X509AuthenticationToken(userDetails, clientCertificate, userDetails.getAuthorities());
     }
 
     public boolean supports(Class authentication) {

core/src/main/java/org/acegisecurity/providers/x509/cache/NullX509UserCache.java

@@ -0,0 +1,24 @@
+package net.sf.acegisecurity.providers.x509.cache;
+
+import net.sf.acegisecurity.UserDetails;
+import net.sf.acegisecurity.providers.x509.X509UserCache;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * "Cache" that doesn't do any caching.
+ *
+ * @author Luke Taylor
+ * @version $Id$
+ */
+public class NullX509UserCache implements X509UserCache {
+    //~ Methods ================================================================
+
+    public UserDetails getUserFromCache(X509Certificate certificate) {
+        return null;
+    }
+
+    public void putUserInCache(X509Certificate certificate, UserDetails user) {}
+
+    public void removeUserFromCache(X509Certificate certificate) {}
+}