X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=org.argeo.slc.core%2Fsrc%2Forg%2Fargeo%2Fslc%2Fcore%2Fexecution%2Fhttp%2FRunnerServlet.java;h=5bbf243fb9c77e17ffc524f1bac9e2683c8fafc1;hb=7b83f8fd0c093b7be871e55a1f6d96290bfcb7ec;hp=de0195d31a97be093dc177b97800a2ae4d15d9d3;hpb=1369ce152b1ec9c3c02017f0dedc2e0850d3ab99;p=gpl%2Fargeo-slc.git diff --git a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java index de0195d31..5bbf243fb 100644 --- a/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java +++ b/org.argeo.slc.core/src/org/argeo/slc/core/execution/http/RunnerServlet.java @@ -25,7 +25,6 @@ import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.nodetype.NodeType; -import javax.naming.ldap.LdapName; import javax.security.auth.Subject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; @@ -103,19 +102,21 @@ public class RunnerServlet extends HttpServlet { String workgroup = tokens[1]; CmsSession cmsSession = getByLocalId(req.getSession().getId()); - - boolean authorized = false; - for (String role : cmsSession.getAuthorization().getRoles()) { - if (role.startsWith("cn=" + workgroup)) { - authorized = true; - break; + // FIXME make it more robust + if (cmsSession != null) {// multiuser + boolean authorized = false; + for (String role : cmsSession.getAuthorization().getRoles()) { + if (role.startsWith("cn=" + workgroup) || role.startsWith("uid=" + workgroup)) { + authorized = true; + break; + } + } + if (!authorized) { + resp.setStatus(403); + return; } } - if (!authorized) { - resp.setStatus(403); - return; - } - LdapName userDn = cmsSession.getUserDn(); + // LdapName userDn = cmsSession.getUserDn(); AccessControlContext acc = (AccessControlContext) req.getAttribute(HttpContext.REMOTE_USER); Subject subject = Subject.getSubject(acc); // flow path @@ -129,7 +130,14 @@ public class RunnerServlet extends HttpServlet { String ext = FilenameUtils.getExtension(flowName.toString()); // JCR - Repository repository = bc.getService(bc.getServiceReference(Repository.class)); + Repository repository; + try { + ServiceReference sr = bc.getServiceReferences(Repository.class, "(cn=home)").iterator().next(); + repository = bc.getService(sr); + + } catch (InvalidSyntaxException e2) { + throw new SlcException("Cannot find home repository", e2); + } Session session = Subject.doAs(subject, new PrivilegedAction() { @Override @@ -145,6 +153,9 @@ public class RunnerServlet extends HttpServlet { UUID processUuid = UUID.randomUUID(); GregorianCalendar started = new GregorianCalendar(); Node groupHome = NodeUtils.getGroupHome(session, workgroup); + if (groupHome == null) { + groupHome = NodeUtils.getUserHome(session); + } String processPath = SlcNames.SLC_SYSTEM + "/" + SlcNames.SLC_PROCESSES + "/" + JcrUtils.dateAsPath(started, true) + processUuid; Node processNode = JcrUtils.mkdirs(groupHome, processPath, SlcTypes.SLC_PROCESS); @@ -163,8 +174,8 @@ public class RunnerServlet extends HttpServlet { throw new SlcException("Cannot register SLC process", e1); } - if (log.isDebugEnabled()) - log.debug(userDn + " " + workgroup + " " + flowName); + if (log.isTraceEnabled()) + log.trace(session.getUserID() + " " + workgroup + " " + flowName); try { resp.setHeader("Content-Type", "application/json"); @@ -222,6 +233,10 @@ public class RunnerServlet extends HttpServlet { return baseDir; } + protected HttpContext getHttpContext(String httpAuthrealm) { + return null; + } + public static void register(BundleContext bc, String alias, RunnerServlet runnerServlet, String httpAuthrealm) { try { ServiceTracker serviceTracker = new ServiceTracker(bc, @@ -232,7 +247,10 @@ public class RunnerServlet extends HttpServlet { // TODO Auto-generated method stub HttpService httpService = super.addingService(reference); try { - httpService.registerServlet(alias, runnerServlet, null, new RunnerHttpContext(httpAuthrealm)); + HttpContext httpContext = runnerServlet.getHttpContext(httpAuthrealm); + if (httpContext == null) + httpContext = new RunnerHttpContext(httpAuthrealm); + httpService.registerServlet(alias, runnerServlet, null, httpContext); } catch (Exception e) { throw new SlcException("Cannot register servlet", e); }