Fix issue with anonymous access to data

[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / kernel / HomeRepository.java

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java
index 68acd2d62baa9086ceb1c257567fb50699d2f1f5..97407866f1d24d2b28a31ff96a6aff641a3e19b6 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/HomeRepository.java
@@ -14,7 +14,6 @@ import javax.naming.ldap.LdapName;
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 
-import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.argeo.cms.CmsException;
 import org.argeo.jcr.JcrRepositoryWrapper;
 import org.argeo.jcr.JcrUtils;
@@ -48,7 +47,8 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants {
                        @Override
                        public Void run() {
                                try {
-                                       initJcr(getRepository().login());
+                                       Session adminSession = getRepository().login();
+                                       initJcr(adminSession);
                                } catch (RepositoryException e) {
                                        throw new CmsException("Cannot init JCR home", e);
                                }
@@ -89,8 +89,8 @@ class HomeRepository extends JcrRepositoryWrapper implements KernelConstants {
                        return;
 //             if (session.getUserID().equals(AuthConstants.ROLE_KERNEL))
 //                     return;
-               if (session.getUserID().equals(SecurityConstants.ADMIN_ID))
-                       return;
+//             if (session.getUserID().equals(SecurityConstants.ADMIN_ID))
+//                     return;
 
                if (checkedUsers.contains(username))
                        return;