X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2FAbstractCmsEntryPoint.java;h=6ff18def0521a11eecd9e082a6ec488e3bcba171;hb=ea63d7d123a50ff10657946ce3d928a57944621d;hp=6e30d8e31d7b16b3b9cf4938faf954e0721839b5;hpb=2271d52a03e92f0349824b69f7e0f705e2eff01c;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java
index 6e30d8e31..6ff18def0 100644
--- a/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java
+++ b/org.argeo.cms/src/org/argeo/cms/AbstractCmsEntryPoint.java
@@ -15,6 +15,7 @@ import javax.jcr.Session;
 import javax.jcr.nodetype.NodeType;
 import javax.security.auth.Subject;
 import javax.security.auth.login.LoginException;
+import javax.security.auth.x500.X500Principal;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
@@ -71,7 +72,9 @@ public abstract class AbstractCmsEntryPoint extends AbstractEntryPoint
 		final HttpSession httpSession = httpRequest.getSession();
 		AccessControlContext acc = (AccessControlContext) httpSession
 				.getAttribute(KernelHeader.ACCESS_CONTROL_CONTEXT);
-		if (acc != null)
+		if (acc != null
+				&& Subject.getSubject(acc).getPrincipals(X500Principal.class)
+						.size() == 1)
 			subject = Subject.getSubject(acc);
 		else
 			subject = new Subject();