/*
- * Copyright (C) 2007-2012 Mathieu Baudier
+ * Copyright (C) 2007-2012 Argeo GmbH
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.DefaultSecurityManager;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
/** Integrates Spring Security and Jackrabbit Security users and roles. */
public class ArgeoSecurityManager extends DefaultSecurityManager {
private Map<String, String> userRolesCache = Collections
.synchronizedMap(new HashMap<String, String>());
+ @Override
+ public AccessManager getAccessManager(Session session, AMContext amContext)
+ throws RepositoryException {
+ synchronized (getSystemSession()) {
+ return super.getAccessManager(session, amContext);
+ }
+ }
+
+ @Override
+ public UserManager getUserManager(Session session)
+ throws RepositoryException {
+ synchronized (getSystemSession()) {
+ return super.getUserManager(session);
+ }
+ }
+
/**
* Since this is called once when the session is created, we take the
* opportunity to make sure that Jackrabbit users and groups reflect Spring
@Override
public String getUserID(Subject subject, String workspaceName)
throws RepositoryException {
- if (!synchronize)
- return super.getUserID(subject, workspaceName);
+ if (!synchronize) {
+ Authentication authentication = SecurityContextHolder.getContext()
+ .getAuthentication();
+ if (authentication != null)
+ return authentication.getName();
+ else
+ return super.getUserID(subject, workspaceName);
+ }
if (log.isTraceEnabled())
log.trace(subject);