Moves Spring Security / Jackrabbit synchronization in JcrSecurityModel

[lgpl/argeo-commons.git] / server / runtime / org.argeo.server.jcr / src / main / java / org / argeo / jcr / JcrUtils.java

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
index 6f5765ed5c9672c1cdf12909613a069db73a4803..fdb82cb85f2bb054e44a39feb95472b2d4b542e9 100644 (file)
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/JcrUtils.java
@@ -1239,11 +1239,14 @@ public class JcrUtils implements ArgeoJcrConstants {
 
        /**
         * Add privileges on a path to a {@link Principal}. The path must already
-        * exist. Session is saved.
+        * exist. Session is saved. Synchronized to prevent concurrent modifications
+        * of the same node.
         */
-       public static void addPrivileges(Session session, String path,
+       public synchronized static void addPrivileges(Session session, String path,
                        Principal principal, List<Privilege> privs)
                        throws RepositoryException {
+               // make sure the session is in line with the persisted state
+               session.refresh(false);
                AccessControlManager acm = session.getAccessControlManager();
                AccessControlList acl = getAccessControlList(acm, path);
                acl.addAccessControlEntry(principal,
@@ -1256,6 +1259,7 @@ public class JcrUtils implements ArgeoJcrConstants {
                        log.debug("Added privileges " + privBuf + " to " + principal
                                        + " on " + path);
                }
+               session.refresh(true);
                session.save();
        }