Added caching and use of Spring's Assert to X509 provider
This commit is contained in:
parent
90914be3c2
commit
abe9dfd234
|
@ -1,11 +1,13 @@
|
||||||
package net.sf.acegisecurity.providers.x509;
|
package net.sf.acegisecurity.providers.x509;
|
||||||
|
|
||||||
import net.sf.acegisecurity.providers.AuthenticationProvider;
|
import net.sf.acegisecurity.providers.AuthenticationProvider;
|
||||||
|
import net.sf.acegisecurity.providers.x509.cache.NullX509UserCache;
|
||||||
import net.sf.acegisecurity.Authentication;
|
import net.sf.acegisecurity.Authentication;
|
||||||
import net.sf.acegisecurity.AuthenticationException;
|
import net.sf.acegisecurity.AuthenticationException;
|
||||||
import net.sf.acegisecurity.UserDetails;
|
import net.sf.acegisecurity.UserDetails;
|
||||||
import net.sf.acegisecurity.BadCredentialsException;
|
import net.sf.acegisecurity.BadCredentialsException;
|
||||||
import org.springframework.beans.factory.InitializingBean;
|
import org.springframework.beans.factory.InitializingBean;
|
||||||
|
import org.springframework.util.Assert;
|
||||||
import org.apache.commons.logging.Log;
|
import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
|
@ -16,8 +18,10 @@ import java.security.cert.X509Certificate;
|
||||||
* <p>
|
* <p>
|
||||||
* The request will typically originate from
|
* The request will typically originate from
|
||||||
* {@link net.sf.acegisecurity.ui.x509.X509ProcessingFilter}).
|
* {@link net.sf.acegisecurity.ui.x509.X509ProcessingFilter}).
|
||||||
|
* </p>
|
||||||
*
|
*
|
||||||
* @author Luke Taylor
|
* @author Luke Taylor
|
||||||
|
* @version $Id$
|
||||||
*/
|
*/
|
||||||
public class X509AuthenticationProvider implements AuthenticationProvider,
|
public class X509AuthenticationProvider implements AuthenticationProvider,
|
||||||
InitializingBean {
|
InitializingBean {
|
||||||
|
@ -28,6 +32,7 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
|
||||||
//~ Instance fields ========================================================
|
//~ Instance fields ========================================================
|
||||||
|
|
||||||
private X509AuthoritiesPopulator x509AuthoritiesPopulator;
|
private X509AuthoritiesPopulator x509AuthoritiesPopulator;
|
||||||
|
private X509UserCache userCache = new NullX509UserCache();
|
||||||
|
|
||||||
//~ Methods ================================================================
|
//~ Methods ================================================================
|
||||||
|
|
||||||
|
@ -35,10 +40,13 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
|
||||||
this.x509AuthoritiesPopulator = x509AuthoritiesPopulator;
|
this.x509AuthoritiesPopulator = x509AuthoritiesPopulator;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void setX509UserCache(X509UserCache cache) {
|
||||||
|
this.userCache = cache;
|
||||||
|
}
|
||||||
|
|
||||||
public void afterPropertiesSet() throws Exception {
|
public void afterPropertiesSet() throws Exception {
|
||||||
if(x509AuthoritiesPopulator == null) {
|
Assert.notNull(userCache, "An x509UserCache must be set");
|
||||||
throw new IllegalArgumentException("An X509AuthoritiesPopulator must be set");
|
Assert.notNull(x509AuthoritiesPopulator, "An X509AuthoritiesPopulator must be set");
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -71,13 +79,15 @@ public class X509AuthenticationProvider implements AuthenticationProvider,
|
||||||
throw new BadCredentialsException("Certificate is null.");
|
throw new BadCredentialsException("Certificate is null.");
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Cache
|
UserDetails user = userCache.getUserFromCache(clientCertificate);
|
||||||
|
|
||||||
logger.debug("Authenticating with certificate " + clientCertificate);
|
if(user == null) {
|
||||||
|
logger.debug("Authenticating with certificate " + clientCertificate);
|
||||||
|
user = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
|
||||||
|
userCache.putUserInCache(clientCertificate, user);
|
||||||
|
}
|
||||||
|
|
||||||
UserDetails userDetails = x509AuthoritiesPopulator.getUserDetails(clientCertificate);
|
return new X509AuthenticationToken(user, clientCertificate, user.getAuthorities());
|
||||||
|
|
||||||
return new X509AuthenticationToken(userDetails, clientCertificate, userDetails.getAuthorities());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean supports(Class authentication) {
|
public boolean supports(Class authentication) {
|
||||||
|
|
24
core/src/main/java/org/acegisecurity/providers/x509/cache/NullX509UserCache.java
vendored
Normal file
24
core/src/main/java/org/acegisecurity/providers/x509/cache/NullX509UserCache.java
vendored
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
package net.sf.acegisecurity.providers.x509.cache;
|
||||||
|
|
||||||
|
import net.sf.acegisecurity.UserDetails;
|
||||||
|
import net.sf.acegisecurity.providers.x509.X509UserCache;
|
||||||
|
|
||||||
|
import java.security.cert.X509Certificate;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* "Cache" that doesn't do any caching.
|
||||||
|
*
|
||||||
|
* @author Luke Taylor
|
||||||
|
* @version $Id$
|
||||||
|
*/
|
||||||
|
public class NullX509UserCache implements X509UserCache {
|
||||||
|
//~ Methods ================================================================
|
||||||
|
|
||||||
|
public UserDetails getUserFromCache(X509Certificate certificate) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void putUserInCache(X509Certificate certificate, UserDetails user) {}
|
||||||
|
|
||||||
|
public void removeUserFromCache(X509Certificate certificate) {}
|
||||||
|
}
|
Loading…
Reference in New Issue