Better protect access to Jackrabbit user manager

[lgpl/argeo-commons.git] / server / runtime / org.argeo.server.jackrabbit / src / main / java / org / argeo / jackrabbit / JackrabbitAuthorizations.java

diff --git a/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitAuthorizations.java b/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitAuthorizations.java
index a3cf4e1498509f00100c10ad7e5fd94ac3bc17ae..59cbe2af86786897ff6077ecdbf838fa1e6b8a45 100644 (file)
--- a/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitAuthorizations.java
+++ b/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitAuthorizations.java
@@ -42,20 +42,22 @@ public class JackrabbitAuthorizations extends JcrAuthorizations {
        protected Principal getOrCreatePrincipal(Session session,
                        String principalName) throws RepositoryException {
                UserManager um = ((JackrabbitSession) session).getUserManager();
-               Authorizable authorizable = um.getAuthorizable(principalName);
-               if (authorizable == null) {
-                       groupPrefixes: for (String groupPrefix : groupPrefixes) {
-                               if (principalName.startsWith(groupPrefix)) {
-                                       authorizable = um.createGroup(principalName);
-                                       log.info("Created group " + principalName);
-                                       break groupPrefixes;
+               synchronized (um) {
+                       Authorizable authorizable = um.getAuthorizable(principalName);
+                       if (authorizable == null) {
+                               groupPrefixes: for (String groupPrefix : groupPrefixes) {
+                                       if (principalName.startsWith(groupPrefix)) {
+                                               authorizable = um.createGroup(principalName);
+                                               log.info("Created group " + principalName);
+                                               break groupPrefixes;
+                                       }
                                }
+                               if (authorizable == null)
+                                       throw new ArgeoException("Authorizable " + principalName
+                                                       + " not found");
                        }
-                       if (authorizable == null)
-                               throw new ArgeoException("Authorizable " + principalName
-                                               + " not found");
+                       return authorizable.getPrincipal();
                }
-               return authorizable.getPrincipal();
        }
 
        public void setGroupPrefixes(List<String> groupsToCreate) {