+ /** Make sure Jackrabbit roles are in line with authentication */
+ void syncRoles(UserManager userManager, User user, List<String> roles)
+ throws RepositoryException {
+ List<String> userGroupIds = new ArrayList<String>();
+ for (String role : roles) {
+ Group group = (Group) userManager.getAuthorizable(role);
+ if (group == null) {
+ group = userManager.createGroup(role);
+ log.info(role + " added as " + group);
+ }
+ if (!group.isMember(user))
+ group.addMember(user);
+ userGroupIds.add(role);
+ }
+
+ // check if user has not been removed from some groups
+ for (Iterator<Group> it = user.declaredMemberOf(); it.hasNext();) {
+ Group group = it.next();
+ if (!userGroupIds.contains(group.getID()))
+ group.removeMember(user);
+ }
+ }