org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java

   1 package org.argeo.cms.internal.http;
   2
   3 import java.io.Serializable;
   4 import java.security.PrivilegedExceptionAction;
   5 import java.util.LinkedHashMap;
   6
   7 import javax.jcr.Repository;
   8 import javax.jcr.RepositoryException;
   9 import javax.jcr.Session;
  10 import javax.security.auth.Subject;
  11 import javax.security.auth.login.LoginContext;
  12 import javax.servlet.ServletException;
  13 import javax.servlet.http.HttpServletRequest;
  14
  15 import org.apache.commons.logging.Log;
  16 import org.apache.commons.logging.LogFactory;
  17 import org.apache.jackrabbit.server.SessionProvider;
  18 import org.argeo.cms.CmsException;
  19 import org.argeo.cms.auth.CmsSession;
  20 import org.argeo.jcr.JcrUtils;
  21 import org.argeo.node.NodeConstants;
  22
  23 /**
  24  * Implements an open session in view patter: a new JCR session is created for
  25  * each request
  26  */
  27 class CmsSessionProvider implements SessionProvider, Serializable {
  28         private static final long serialVersionUID = -1358136599534938466L;
  29
  30         private final static Log log = LogFactory.getLog(CmsSessionProvider.class);
  31
  32         private final String alias;
  33
  34         private LinkedHashMap<Session, CmsSession> cmsSessions = new LinkedHashMap<>();
  35
  36         public CmsSessionProvider(String alias) {
  37                 this.alias = alias;
  38         }
  39
  40         public Session getSession(HttpServletRequest request, Repository rep, String workspace)
  41                         throws javax.jcr.LoginException, ServletException, RepositoryException {
  42
  43                 CmsSession cmsSession = WebCmsSessionImpl.getCmsSession(request);
  44                 if (cmsSession == null)
  45                         return anonymousSession(request, rep, workspace);
  46                 if (log.isTraceEnabled()) {
  47                         log.debug("Get JCR session from " + cmsSession);
  48                 }
  49                 Session session = cmsSession.getDataSession(alias, workspace, rep);
  50                 cmsSessions.put(session, cmsSession);
  51                 return session;
  52         }
  53
  54         private synchronized Session anonymousSession(HttpServletRequest request, Repository repository, String workspace) {
  55                 // TODO rather log in here as anonymous?
  56                 LoginContext lc = (LoginContext) request.getAttribute(NodeConstants.LOGIN_CONTEXT_USER);
  57                 if (lc == null)
  58                         throw new CmsException("No login context available");
  59                 // optimize
  60                 Session session;
  61                 try {
  62                         session = Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction<Session>() {
  63                                 @Override
  64                                 public Session run() throws Exception {
  65                                         return repository.login(workspace);
  66                                 }
  67                         });
  68                 } catch (Exception e) {
  69                         throw new CmsException("Cannot log in to JCR", e);
  70                 }
  71                 return session;
  72         }
  73
  74         public synchronized void releaseSession(Session session) {
  75                 if (cmsSessions.containsKey(session)) {
  76                         CmsSession cmsSession = cmsSessions.get(session);
  77                         cmsSession.releaseDataSession(alias, session);
  78                 } else {
  79                         // anonymous
  80                         JcrUtils.logoutQuietly(session);
  81                 }
  82         }
  83 }