Package org.alfresco.repo.security.authentication.identityservice

Class CachingUserTokenProvider

java.lang.Object

org.alfresco.repo.security.authentication.identityservice.CachingUserTokenProvider

All Implemented Interfaces:

UserTokenProvider

public class CachingUserTokenProvider
extends Object
implements UserTokenProvider

Decorator UserTokenProvider that adds local-JVM caching of previously validated user tokens.

Wraps a delegate UserTokenProvider (typically DirectUserTokenProvider) and consults a SimpleCache before delegating. On a cache HIT the previously stored access token is re-validated locally via IdentityServiceFacade.decodeToken(String) (signature, exp, iss, optionally azp / aud); if validation succeeds the cached entry is returned without contacting the Identity Provider. On a MISS, an invalid cached entry, or any failure during local validation the call is delegated to the wrapped provider and the resulting UserToken is then cached.

Encapsulation: all cache behaviour (key derivation, lookup, validity check, invalidation, population) lives entirely in this class. Consumers see only the UserTokenProvider contract; they never observe a cache, an entry, or a key. This makes it safe to swap caching on/off at the wiring layer without touching consumer code.

Storage scope: the cached access token is a bearer credential and MUST NOT leave the JVM that obtained it. The backing SimpleCache is therefore expected to be configured as cluster.type=local. Cache keys are SHA-256 digests of username + 0x00 + password encoded as base64url, so the password and user name never appear in cleartext in the cache.

Constructor Summary

Constructors

Constructor	Description
CachingUserTokenProvider(UserTokenProvider delegate, SimpleCache<String,UserToken> backingCache, IdentityServiceFacade identityServiceFacade)

Method Summary

Modifier and Type	Method	Description
UserToken	getUserToken(UserTokenRequest request)	Authenticate the supplied request against the Identity Service (or a local cache thereof) and return the resulting validated user token.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

CachingUserTokenProvider

public CachingUserTokenProvider(UserTokenProvider delegate,
 SimpleCache<String,UserToken> backingCache,
 IdentityServiceFacade identityServiceFacade)

Method Details

getUserToken

public UserToken getUserToken(UserTokenRequest request)

Description copied from interface: UserTokenProvider

Authenticate the supplied request against the Identity Service (or a local cache thereof) and return the resulting validated user token.

Specified by:

getUserToken in interface UserTokenProvider

Parameters:

request - credential pair; never null. Field-level null-validation is enforced by UserTokenRequest so implementations may rely on both components being non-null.

Returns:

a validated UserToken