X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Facr%2FCmsContentRepository.java;h=89e725043923694498846d06b0307fd9d454fa50;hb=117eaabc86f6c09eff9a4b971ac137d51f45e953;hp=3b47c1630aa4f63a41a30d0909d2ace7b13350de;hpb=0e533d2562def311fdd7aa71f1d0d704e466861e;p=lgpl%2Fargeo-commons.git

diff --git a/org.argeo.cms/src/org/argeo/cms/acr/CmsContentRepository.java b/org.argeo.cms/src/org/argeo/cms/acr/CmsContentRepository.java
index 3b47c1630..89e725043 100644
--- a/org.argeo.cms/src/org/argeo/cms/acr/CmsContentRepository.java
+++ b/org.argeo.cms/src/org/argeo/cms/acr/CmsContentRepository.java
@@ -5,6 +5,7 @@ import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
 
+import javax.security.auth.Subject;
 import javax.security.auth.login.LoginContext;
 import javax.security.auth.login.LoginException;
 
@@ -42,8 +43,11 @@ public class CmsContentRepository extends AbstractContentRepository {
 
 	@Override
 	public ContentSession get(Locale locale) {
-		if (!CmsSession.hasCmsSession(CurrentSubject.current())) {
-			if (DataAdminPrincipal.isDataAdmin(CurrentSubject.current())) {
+		Subject subject = CurrentSubject.current();
+		if (subject == null)
+			throw new IllegalStateException("Caller must be authenticated");
+		if (!CmsSession.hasCmsSession(subject)) {
+			if (DataAdminPrincipal.isDataAdmin(subject)) {
 				// TODO open multiple data admin sessions?
 				return getSystemSession();
 			}