projects / lgpl / argeo-commons.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- Fix JCR security model initialisation order
[lgpl/argeo-commons.git] / org.argeo.cms / src / org / argeo / cms / internal / useradmin / jackrabbit / JackrabbitUserAdminService.java
diff --git a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
index d35f996f49e7e78b074119748fa5ed70d2545f8e..6b73a3e19af4e182fda24d06aeac4d9b56927a81 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/useradmin/jackrabbit/JackrabbitUserAdminService.java
@@ -28,6 +28,7 @@ import org.argeo.cms.internal.auth.JcrSecurityModel;
 import org.argeo.jcr.JcrUtils;
 import org.argeo.jcr.UserJcrUtils;
 import org.argeo.security.NodeAuthenticationToken;
+import org.argeo.security.SecurityUtils;
 import org.argeo.security.UserAdminService;
 import org.argeo.security.jcr.JcrUserDetails;
 import org.argeo.security.jcr.NewUserDetails;
@@ -63,7 +64,6 @@ public class JackrabbitUserAdminService implements UserAdminService,
                                .getAuthentication();
                authentication.getName();
                adminSession = (JackrabbitSession) repository.login();
-               securityModel.init(adminSession);
                Authorizable adminGroup = getUserManager().getAuthorizable(
                                KernelHeader.ROLE_ADMIN);
                if (adminGroup == null) {
@@ -79,6 +79,7 @@ public class JackrabbitUserAdminService implements UserAdminService,
                        securityModel.sync(adminSession, KernelHeader.USERNAME_ADMIN, null);
                        adminSession.save();
                }
+               securityModel.init(adminSession);
        }
 
        public void destroy() throws RepositoryException {
@@ -282,7 +283,10 @@ public class JackrabbitUserAdminService implements UserAdminService,
                                Group group = (Group) groups.next();
                                String groupName = group.getPrincipal().getName();
                                String role = groupNameToRole(groupName);
-                               if (role != null && !role.equals(KernelHeader.ROLE_GROUP_ADMIN))
+                               if (role != null
+                                               && !role.equals(KernelHeader.ROLE_GROUP_ADMIN)
+                                               && !(role.equals(KernelHeader.ROLE_ADMIN) && !SecurityUtils
+                                                               .hasCurrentThreadAuthority(KernelHeader.ROLE_ADMIN)))
                                        res.add(role);
                        }
                        return res;
Argeo Commons - Lightweight integration framework in pure Java/OSGi