X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=security%2Fruntime%2Forg.argeo.security.jackrabbit%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoSecurityManager.java;h=3450c75d8dbd51f9e9418814a82023e8cdd4a205;hb=3a3d316af102ba410d1d9e6de349d0c8f7ac044f;hp=85878663692719b6e07c02839a9d134de611ec00;hpb=ab67f29f68578db72f4a95d5e9e3cb5d2db232f8;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index 858786636..3450c75d8 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2012 Mathieu Baudier
+ * Copyright (C) 2007-2012 Argeo GmbH
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -34,21 +34,46 @@ import org.apache.jackrabbit.api.security.user.Group;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.api.security.user.UserManager;
 import org.apache.jackrabbit.core.DefaultSecurityManager;
+import org.apache.jackrabbit.core.security.AMContext;
+import org.apache.jackrabbit.core.security.AccessManager;
 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
 
 /** Integrates Spring Security and Jackrabbit Security users and roles. */
 public class ArgeoSecurityManager extends DefaultSecurityManager {
+	/** Legacy security sync */
+	final static String PROPERTY_JACKRABBIT_SECURITY_SYNC_1_1 = "argeo.jackarabbit.securitySync.1.1";
+
 	private final static Log log = LogFactory
 			.getLog(ArgeoSecurityManager.class);
 
+	private static Boolean synchronize = Boolean.parseBoolean(System
+			.getProperty(PROPERTY_JACKRABBIT_SECURITY_SYNC_1_1, "false"));
+
 	/** TODO? use a bounded buffer */
 	private Map<String, String> userRolesCache = Collections
 			.synchronizedMap(new HashMap<String, String>());
 
+	@Override
+	public AccessManager getAccessManager(Session session, AMContext amContext)
+			throws RepositoryException {
+		synchronized (getSystemSession()) {
+			return super.getAccessManager(session, amContext);
+		}
+	}
+
+	@Override
+	public UserManager getUserManager(Session session)
+			throws RepositoryException {
+		synchronized (getSystemSession()) {
+			return super.getUserManager(session);
+		}
+	}
+
 	/**
 	 * Since this is called once when the session is created, we take the
 	 * opportunity to make sure that Jackrabbit users and groups reflect Spring
@@ -57,6 +82,15 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 	@Override
 	public String getUserID(Subject subject, String workspaceName)
 			throws RepositoryException {
+		if (!synchronize) {
+			Authentication authentication = SecurityContextHolder.getContext()
+					.getAuthentication();
+			if (authentication != null)
+				return authentication.getName();
+			else
+				return super.getUserID(subject, workspaceName);
+		}
+
 		if (log.isTraceEnabled())
 			log.trace(subject);
 		// skip anonymous user (no rights)
@@ -71,18 +105,19 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 		Authentication authen;
 		Set<Authentication> authens = subject
 				.getPrincipals(Authentication.class);
-		String userId;
+		String userId = super.getUserID(subject, workspaceName);
 		if (authens.size() == 0) {
 			// make sure that logged-in user has a Principal, useful for testing
 			// using an admin user
-			userId = super.getUserID(subject, workspaceName);
 			UserManager systemUm = getSystemUserManager(null);
 			if (systemUm.getAuthorizable(userId) == null)
 				systemUm.createUser(userId, "");
 		} else {// Spring Security
 			authen = authens.iterator().next();
 
-			userId = authen.getName();
+			if (!userId.equals(authen.getName()))
+				log.warn("User ID is '" + userId + "' but authen is "
+						+ authen.getName());
 			StringBuffer roles = new StringBuffer("");
 			GrantedAuthority[] authorities = authen.getAuthorities();
 			for (GrantedAuthority ga : authorities) {
@@ -107,7 +142,7 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 	 * Make sure that the Jackrabbit security model contains this user and its
 	 * granted authorities
 	 */
-	static void syncSpringAndJackrabbitSecurity(UserManager systemUm,
+	static private void syncSpringAndJackrabbitSecurity(UserManager systemUm,
 			Authentication authen) throws RepositoryException {
 		long begin = System.currentTimeMillis();