1 package org
.argeo
.cms
.internal
.http
;
3 import java
.io
.Serializable
;
4 import java
.security
.PrivilegedExceptionAction
;
5 import java
.util
.LinkedHashMap
;
7 import javax
.jcr
.Repository
;
8 import javax
.jcr
.RepositoryException
;
9 import javax
.jcr
.Session
;
10 import javax
.security
.auth
.Subject
;
11 import javax
.security
.auth
.login
.LoginContext
;
12 import javax
.servlet
.ServletException
;
13 import javax
.servlet
.http
.HttpServletRequest
;
15 import org
.apache
.commons
.logging
.Log
;
16 import org
.apache
.commons
.logging
.LogFactory
;
17 import org
.apache
.jackrabbit
.server
.SessionProvider
;
18 import org
.argeo
.cms
.CmsException
;
19 import org
.argeo
.cms
.auth
.CmsSession
;
20 import org
.argeo
.jcr
.JcrUtils
;
21 import org
.argeo
.node
.NodeConstants
;
24 * Implements an open session in view patter: a new JCR session is created for
27 class CmsSessionProvider
implements SessionProvider
, Serializable
{
28 private static final long serialVersionUID
= -1358136599534938466L;
30 private final static Log log
= LogFactory
.getLog(CmsSessionProvider
.class);
32 private final String alias
;
34 private LinkedHashMap
<Session
, CmsSession
> cmsSessions
= new LinkedHashMap
<>();
36 public CmsSessionProvider(String alias
) {
40 public Session
getSession(HttpServletRequest request
, Repository rep
, String workspace
)
41 throws javax
.jcr
.LoginException
, ServletException
, RepositoryException
{
43 CmsSession cmsSession
= WebCmsSessionImpl
.getCmsSession(request
);
44 if (cmsSession
== null)
45 return anonymousSession(request
, rep
, workspace
);
46 if (log
.isTraceEnabled()) {
47 log
.debug("Get JCR session from " + cmsSession
);
49 Session session
= cmsSession
.getDataSession(alias
, workspace
, rep
);
50 cmsSessions
.put(session
, cmsSession
);
54 private synchronized Session
anonymousSession(HttpServletRequest request
, Repository repository
, String workspace
) {
55 // TODO rather log in here as anonymous?
56 LoginContext lc
= (LoginContext
) request
.getAttribute(NodeConstants
.LOGIN_CONTEXT_USER
);
58 throw new CmsException("No login context available");
62 session
= Subject
.doAs(lc
.getSubject(), new PrivilegedExceptionAction
<Session
>() {
64 public Session
run() throws Exception
{
65 return repository
.login(workspace
);
68 } catch (Exception e
) {
69 throw new CmsException("Cannot log in to JCR", e
);
74 public synchronized void releaseSession(Session session
) {
75 if (cmsSessions
.containsKey(session
)) {
76 CmsSession cmsSession
= cmsSessions
.get(session
);
77 cmsSession
.releaseDataSession(alias
, session
);
80 JcrUtils
.logoutQuietly(session
);