Fix bad authentication cache invalidation

Author: adrienlauer

CHANGELOG.md

@@ -1,9 +1,10 @@
-# Version 3.6.2 (2018-06-15)
+# Version 3.6.2 (2018-06-18)
 
 * [chg] Also support proxy exclusions without wildcard (`*.somedomain.com`, `.somedomain.com` and `somedomain.com` are all supported).
 * [chg] Moved provided `javax.annotation.Nullable` to `org.seedstack.seed.Nullable` to avoid module clashes in Java 9+.
 * [chg] Various dependency improvements for Java9+ modules.
 * [fix] Prevent the session regeneration mechanism to create a session when none exists.
+* [fix] Fix bug preventing proper invalidation of the Shiro authentication cache.
 
 # Version 3.6.1 (2018-06-06)
 

security/core/src/main/java/org/seedstack/seed/security/internal/ShiroRealmAdapter.java

@@ -106,6 +106,42 @@ protected AuthenticationInfo doGetAuthenticationInfo(
         return authcInfo;
     }
 
+    @Override
+    public boolean supports(AuthenticationToken token) {
+        org.seedstack.seed.security.AuthenticationToken seedToken = convertToken(token);
+        return seedToken != null && realm.supportedToken().isAssignableFrom(seedToken.getClass());
+    }
+
+    @Override
+    protected Object getAuthenticationCacheKey(AuthenticationToken token) {
+        Object authenticationCacheKey = super.getAuthenticationCacheKey(token);
+        if (authenticationCacheKey instanceof PrincipalProvider) {
+            return ((PrincipalProvider) authenticationCacheKey).getPrincipal();
+        } else {
+            return authenticationCacheKey;
+        }
+    }
+
+    @Override
+    protected Object getAuthenticationCacheKey(PrincipalCollection principals) {
+        Object authenticationCacheKey = super.getAuthenticationCacheKey(principals);
+        if (authenticationCacheKey instanceof PrincipalProvider) {
+            return ((PrincipalProvider) authenticationCacheKey).getPrincipal();
+        } else {
+            return authenticationCacheKey;
+        }
+    }
+
+    @Override
+    protected Object getAuthorizationCacheKey(PrincipalCollection principals) {
+        Object authenticationCacheKey = super.getAuthenticationCacheKey(principals);
+        if (authenticationCacheKey instanceof PrincipalProvider) {
+            return ((PrincipalProvider) authenticationCacheKey).getPrincipal();
+        } else {
+            return authenticationCacheKey;
+        }
+    }
+
     Realm getRealm() {
         return realm;
     }
@@ -114,12 +150,6 @@ void setRealm(Realm realm) {
         this.realm = realm;
     }
 
-    @Override
-    public boolean supports(AuthenticationToken token) {
-        org.seedstack.seed.security.AuthenticationToken seedToken = convertToken(token);
-        return seedToken != null && realm.supportedToken().isAssignableFrom(seedToken.getClass());
-    }
-
     private org.seedstack.seed.security.AuthenticationToken convertToken(AuthenticationToken token) {
         if (token instanceof org.seedstack.seed.security.AuthenticationToken) {
             return (org.seedstack.seed.security.AuthenticationToken) token;

security/core/src/test/java/org/seedstack/seed/security/fixtures/TestCacheManager.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright © 2013-2018, The SeedStack authors <http://seedstack.org>
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+package org.seedstack.seed.security.fixtures;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.util.HashMap;
+import java.util.Map;
+import org.apache.shiro.cache.AbstractCacheManager;
+import org.apache.shiro.cache.Cache;
+import org.apache.shiro.cache.CacheException;
+import org.apache.shiro.cache.MapCache;
+import org.seedstack.seed.Logging;
+import org.slf4j.Logger;
+
+public class TestCacheManager extends AbstractCacheManager {
+    @Logging
+    private Logger logger;
+
+    @Override
+    @SuppressWarnings("unchecked")
+    protected Cache createCache(String s) throws CacheException {
+        return new TestCache(s, new HashMap());
+    }
+
+    private class TestCache<K, V> extends MapCache<K, V> {
+        private final String name;
+        private Class<?> keyType;
+
+        TestCache(String name, Map<K, V> backingMap) {
+            super(name, backingMap);
+            this.name = name;
+        }
+
+        @Override
+        public V get(K key) throws CacheException {
+            logger.info("Getting {} from {} security cache", key, name);
+            assertKeyClass(key);
+            return super.get(key);
+        }
+
+        @Override
+        public V put(K key, V value) throws CacheException {
+            logger.info("Putting {} / {} in {} security cache", key, value, name);
+            assertKeyClass(key);
+            return super.put(key, value);
+        }
+
+        @Override
+        public V remove(K key) throws CacheException {
+            logger.info("Removing {} from {} security cache", key, name);
+            assertKeyClass(key);
+            return super.remove(key);
+        }
+
+        private synchronized void assertKeyClass(K key) {
+            if (keyType == null) {
+                keyType = key.getClass();
+            } else {
+                assertThat(key).isOfAnyClassIn(keyType);
+            }
+        }
+    }
+}

security/core/src/test/resources/application.yaml

@@ -9,6 +9,8 @@
 logging: INFO
 security:
   realms: ConfigurationRealm
+  cache:
+    manager: org.seedstack.seed.security.fixtures.TestCacheManager
   users:
     Obiwan:
       password: yodarulez