From b3992d072c6f47e7617556137edef5cd492d076e Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Sun, 30 Jan 2011 15:42:40 +0000
Subject: [PATCH] Integrate JCR security with Spring

git-svn-id: https://svn.argeo.org/commons/trunk@4098 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../jcr/ThreadBoundJcrSessionFactory.java     | 24 ++++++++++++-------
 1 file changed, 15 insertions(+), 9 deletions(-)

diff --git a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
index ef044ce8b..01a056aa2 100644
--- a/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
+++ b/server/runtime/org.argeo.server.jcr/src/main/java/org/argeo/jcr/ThreadBoundJcrSessionFactory.java
@@ -51,6 +51,7 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
 
 	private String defaultUsername = "demo";
 	private String defaultPassword = "demo";
+	private Boolean forceDefaultCredentials = false;
 
 	public ThreadBoundJcrSessionFactory() {
 		Class<?>[] interfaces = { Session.class };
@@ -87,15 +88,16 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
 		// first try to login without credentials, assuming the underlying login
 		// module will have dealt with authentication (typically using Spring
 		// Security)
-		try {
-			newSession = repository.login();
-		} catch (LoginException e1) {
-			log.warn("Cannot login without credentials: " + e1.getMessage());
-			// invalid credentials, go to the next step
-		} catch (RepositoryException e1) {
-			// other kind of exception, fail
-			throw new ArgeoException("Cannot log in to repository", e1);
-		}
+		if (!forceDefaultCredentials)
+			try {
+				newSession = repository.login();
+			} catch (LoginException e1) {
+				log.warn("Cannot login without credentials: " + e1.getMessage());
+				// invalid credentials, go to the next step
+			} catch (RepositoryException e1) {
+				// other kind of exception, fail
+				throw new ArgeoException("Cannot log in to repository", e1);
+			}
 
 		// log using default username / password (useful for testing purposes)
 		if (newSession == null)
@@ -151,4 +153,8 @@ public class ThreadBoundJcrSessionFactory implements FactoryBean,
 		this.defaultPassword = defaultPassword;
 	}
 
+	public void setForceDefaultCredentials(Boolean forceDefaultCredentials) {
+		this.forceDefaultCredentials = forceDefaultCredentials;
+	}
+
 }
-- 
2.30.2