X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.jackrabbit%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoSecurityManager.java;h=00c674580076d7bcbf7d6bdef5b2a343fc47ca6e;hb=5c83877a10b02faf5bc065c59250f31a0befe0f6;hp=efd19b87d6a7e22539208a32a3d81dacf03a5d0e;hpb=0450e423bd759c9e27b43044670e659271392d71;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index efd19b87d..00c674580 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -17,8 +17,11 @@ package org.argeo.security.jackrabbit;
 
 import java.security.Principal;
 import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import javax.jcr.RepositoryException;
@@ -34,7 +37,6 @@ import org.apache.jackrabbit.core.DefaultSecurityManager;
 import org.apache.jackrabbit.core.security.AnonymousPrincipal;
 import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.argeo.ArgeoException;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
 
@@ -43,6 +45,10 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 	private final static Log log = LogFactory
 			.getLog(ArgeoSecurityManager.class);
 
+	/** TODO? use a bounded buffer */
+	private Map<String, String> userRolesCache = Collections
+			.synchronizedMap(new HashMap<String, String>());
+
 	/**
 	 * Since this is called once when the session is created, we take the
 	 * opportunity to make sure that Jackrabbit users and groups reflect Spring
@@ -65,18 +71,36 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 		Authentication authen;
 		Set<Authentication> authens = subject
 				.getPrincipals(Authentication.class);
-		if (authens.size() == 0)
-			throw new ArgeoException("No Spring authentication found in "
-					+ subject);
-		else
+		String userId;
+		if (authens.size() == 0) {
+			// make sure that logged-in user has a Principal, useful for testing
+			// using an admin user
+			userId = super.getUserID(subject, workspaceName);
+			UserManager systemUm = getSystemUserManager(null);
+			if (systemUm.getAuthorizable(userId) == null)
+				systemUm.createUser(userId, "");
+		} else {// Spring Security
 			authen = authens.iterator().next();
 
-		// sync Spring and Jackrabbit
-		// workspace is irrelevant here
-		UserManager systemUm = getSystemUserManager(null);
-		syncSpringAndJackrabbitSecurity(systemUm, authen);
+			userId = authen.getName();
+			StringBuffer roles = new StringBuffer("");
+			GrantedAuthority[] authorities = authen.getAuthorities();
+			for (GrantedAuthority ga : authorities) {
+				roles.append(ga.toString());
+			}
+
+			// do not sync if not changed
+			if (userRolesCache.containsKey(userId)
+					&& userRolesCache.get(userId).equals(roles.toString()))
+				return userId;
 
-		return authen.getName();
+			// sync Spring and Jackrabbit
+			// workspace is irrelevant here
+			UserManager systemUm = getSystemUserManager(null);
+			syncSpringAndJackrabbitSecurity(systemUm, authen);
+			userRolesCache.put(userId, roles.toString());
+		}
+		return userId;
 	}
 
 	/**