- // skip Jackrabbit system user (all rights)
- if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty())
- return super.getUserID(subject, workspaceName);
-
- // retrieve Spring authentication from JAAS
- // TODO? use Spring Security context holder
- Authentication authen;
- Set<Authentication> authens = subject
- .getPrincipals(Authentication.class);
- String userId = super.getUserID(subject, workspaceName);
- if (authens.size() == 0) {
- // make sure that logged-in user has a Principal, useful for testing
- // using an admin user
- UserManager systemUm = getSystemUserManager(null);
- if (systemUm.getAuthorizable(userId) == null)
- systemUm.createUser(userId, "");
- } else {// Spring Security
- authen = authens.iterator().next();
-
- if (!userId.equals(authen.getName()))
- log.warn("User ID is '" + userId + "' but authen is "
- + authen.getName());
- StringBuffer roles = new StringBuffer("");
- Collection<? extends GrantedAuthority> authorities = authen
- .getAuthorities();
- for (GrantedAuthority ga : authorities) {
- roles.append(ga.toString());
- }
-
- // do not sync if not changed
- if (userRolesCache.containsKey(userId)
- && userRolesCache.get(userId).equals(roles.toString()))
- return userId;
-
- // sync Spring and Jackrabbit
- // workspace is irrelevant here
- UserManager systemUm = getSystemUserManager(null);
- syncSpringAndJackrabbitSecurity(systemUm, authen);
- userRolesCache.put(userId, roles.toString());
+ if (userPrincipal.size() > 1) {
+ StringBuilder buf = new StringBuilder();
+ for (X500Principal principal : userPrincipal)
+ buf.append(' ').append('\"').append(principal).append('\"');
+ throw new RuntimeException("Multiple user principals:" + buf);