X-Git-Url: http://git.argeo.org/?a=blobdiff_plain;f=server%2Fruntime%2Forg.argeo.server.jcr%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fjcr%2FThreadBoundJcrSessionFactory.java;h=01a056aa29432d661d157e885ff1de485e9f228f;hb=b3992d072c6f47e7617556137edef5cd492d076e;hp=ed2857ad5cf3112085dbb51e57b1b93627c49dad;hpb=833d3535cdc4b3c1d9dca4743a346acc232ba67d;p=lgpl%2Fargeo-commons.git diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java index ed2857ad5..01a056aa2 100644 --- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java +++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java @@ -23,6 +23,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; +import javax.jcr.LoginException; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; @@ -50,6 +51,7 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean, private String defaultUsername = "demo"; private String defaultPassword = "demo"; + private Boolean forceDefaultCredentials = false; public ThreadBoundJcrSessionFactory() { Class[] interfaces = { Session.class }; @@ -82,19 +84,37 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean, } protected Session login() { - try { - SimpleCredentials sc = new SimpleCredentials(defaultUsername, - defaultPassword.toCharArray()); - Session sess = repository.login(sc); - if (log.isTraceEnabled()) - log.trace("Log in to JCR session " + sess + "; userId=" - + sess.getUserID()); - // Thread.dumpStack(); - activeSessions.add(sess); - return sess; - } catch (RepositoryException e) { - throw new ArgeoException("Cannot log in to repository", e); - } + Session newSession = null; + // first try to login without credentials, assuming the underlying login + // module will have dealt with authentication (typically using Spring + // Security) + if (!forceDefaultCredentials) + try { + newSession = repository.login(); + } catch (LoginException e1) { + log.warn("Cannot login without credentials: " + e1.getMessage()); + // invalid credentials, go to the next step + } catch (RepositoryException e1) { + // other kind of exception, fail + throw new ArgeoException("Cannot log in to repository", e1); + } + + // log using default username / password (useful for testing purposes) + if (newSession == null) + try { + SimpleCredentials sc = new SimpleCredentials(defaultUsername, + defaultPassword.toCharArray()); + newSession = repository.login(sc); + } catch (RepositoryException e) { + throw new ArgeoException("Cannot log in to repository", e); + } + + // Log and monitor new session + if (log.isTraceEnabled()) + log.trace("Logged in to JCR session " + newSession + "; userId=" + + newSession.getUserID()); + activeSessions.add(newSession); + return newSession; } public Object getObject() { @@ -133,4 +153,8 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean, this.defaultPassword = defaultPassword; } + public void setForceDefaultCredentials(Boolean forceDefaultCredentials) { + this.forceDefaultCredentials = forceDefaultCredentials; + } + }