From 7497859fd48bb56b4dc158ded8abc4086d012de4 Mon Sep 17 00:00:00 2001 From: Mathieu Baudier Date: Fri, 10 Feb 2017 11:26:59 +0100 Subject: [PATCH] Fix regression with anonymous data access --- .../cms/internal/http/CmsSessionProvider.java | 38 ++++++++++++++++--- 1 file changed, 33 insertions(+), 5 deletions(-) diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java index 375520171..c0284f4c7 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java @@ -1,18 +1,22 @@ package org.argeo.cms.internal.http; import java.io.Serializable; +import java.security.PrivilegedExceptionAction; import java.util.LinkedHashMap; import javax.jcr.Repository; import javax.jcr.RepositoryException; import javax.jcr.Session; +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; import org.apache.jackrabbit.server.SessionProvider; +import org.argeo.cms.CmsException; import org.argeo.cms.auth.CmsSession; +import org.argeo.jcr.JcrUtils; +import org.argeo.node.NodeConstants; /** * Implements an open session in view patter: a new JCR session is created for @@ -21,7 +25,8 @@ import org.argeo.cms.auth.CmsSession; class CmsSessionProvider implements SessionProvider, Serializable { private static final long serialVersionUID = -1358136599534938466L; - private final static Log log = LogFactory.getLog(CmsSessionProvider.class); + // private final static Log log = + // LogFactory.getLog(CmsSessionProvider.class); private final String alias; @@ -35,17 +40,40 @@ class CmsSessionProvider implements SessionProvider, Serializable { throws javax.jcr.LoginException, ServletException, RepositoryException { CmsSession cmsSession = WebCmsSessionImpl.getCmsSession(request); + if (cmsSession == null) + return anonymousSession(request, rep, workspace); Session session = cmsSession.getDataSession(alias, workspace, rep); cmsSessions.put(session, cmsSession); return session; } - public void releaseSession(Session session) { + private synchronized Session anonymousSession(HttpServletRequest request, Repository repository, String workspace) { + // TODO rather log in here as anonymous? + LoginContext lc = (LoginContext) request.getAttribute(NodeConstants.LOGIN_CONTEXT_USER); + if (lc == null) + throw new CmsException("No login context available"); + // optimize + Session session; + try { + session = Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction() { + @Override + public Session run() throws Exception { + return repository.login(workspace); + } + }); + } catch (Exception e) { + throw new CmsException("Cannot log in to JCR", e); + } + return session; + } + + public synchronized void releaseSession(Session session) { if (cmsSessions.containsKey(session)) { CmsSession cmsSession = cmsSessions.get(session); cmsSession.releaseDataSession(alias, session); } else { - log.warn("No CMS session for JCR session " + session); + // anonymous + JcrUtils.logoutQuietly(session); } } } -- 2.30.2