@param principal - the caller identity whose cached credentials are to
be accessed.
@param allowRefresh - a flag indicating if the cache access should flush
any expired entries.
*/
private DomainInfo getCacheInfo(Principal principal, boolean allowRefresh)
{
if( domainCache == null )
return null;
DomainInfo cacheInfo = null;
synchronized( domainCache )
{
if( allowRefresh == true )
cacheInfo = (DomainInfo) domainCache.get(principal);
else
cacheInfo = (DomainInfo) domainCache.peek(principal);
if( cacheInfo != null )
cacheInfo.acquire();
}
return cacheInfo;
}
private boolean validateCache(DomainInfo info, Object credential,
Subject theSubject)
{
Object subjectCredential = info.credential;
boolean isValid = false;
// Check for a null credential as can be the case for an anonymous user
if( credential == null || subjectCredential == null )
{
// Both credentials must be null
isValid = (credential == null) && (subjectCredential == null);
}
return isValid
}
public boolean isValid(Principal principal, Object credential,
Subject activeSubject)
{
// Check the cache first
DomainInfo cacheInfo = getCacheInfo(principal, true); // hier
if( trace )
log.trace("Begin isValid, principal:"+principal+", cache info: "+cacheInfo);
boolean isValid = false;
if( cacheInfo != null )
{
isValid = validateCache(cacheInfo, credential, activeSubject);
if( cacheInfo != null )
cacheInfo.release();
}
if( isValid == false )
isValid = authenticate(principal, credential, activeSubject);
if( trace )
log.trace("End isValid, "+isValid);
return isValid;
}