Fix regression with anonymous data access

diff --git a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java
index 375520171a213ea5cc9f6ab5e9267e78b6d37d13..c0284f4c72967b7630cff88622d64d9cf57a3fff 100644 (file)
--- a/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java
+++ b/org.argeo.cms/src/org/argeo/cms/internal/http/CmsSessionProvider.java
@@ -1,18 +1,22 @@
 package org.argeo.cms.internal.http;
 
 import java.io.Serializable;
+import java.security.PrivilegedExceptionAction;
 import java.util.LinkedHashMap;
 
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.security.auth.Subject;
+import javax.security.auth.login.LoginContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
 import org.apache.jackrabbit.server.SessionProvider;
+import org.argeo.cms.CmsException;
 import org.argeo.cms.auth.CmsSession;
+import org.argeo.jcr.JcrUtils;
+import org.argeo.node.NodeConstants;
 
 /**
  * Implements an open session in view patter: a new JCR session is created for
@@ -21,7 +25,8 @@ import org.argeo.cms.auth.CmsSession;
 class CmsSessionProvider implements SessionProvider, Serializable {
        private static final long serialVersionUID = -1358136599534938466L;
 
-       private final static Log log = LogFactory.getLog(CmsSessionProvider.class);
+       // private final static Log log =
+       // LogFactory.getLog(CmsSessionProvider.class);
 
        private final String alias;
 
@@ -35,17 +40,40 @@ class CmsSessionProvider implements SessionProvider, Serializable {
                        throws javax.jcr.LoginException, ServletException, RepositoryException {
 
                CmsSession cmsSession = WebCmsSessionImpl.getCmsSession(request);
+               if (cmsSession == null)
+                       return anonymousSession(request, rep, workspace);
                Session session = cmsSession.getDataSession(alias, workspace, rep);
                cmsSessions.put(session, cmsSession);
                return session;
        }
 
-       public void releaseSession(Session session) {
+       private synchronized Session anonymousSession(HttpServletRequest request, Repository repository, String workspace) {
+               // TODO rather log in here as anonymous?
+               LoginContext lc = (LoginContext) request.getAttribute(NodeConstants.LOGIN_CONTEXT_USER);
+               if (lc == null)
+                       throw new CmsException("No login context available");
+               // optimize
+               Session session;
+               try {
+                       session = Subject.doAs(lc.getSubject(), new PrivilegedExceptionAction<Session>() {
+                               @Override
+                               public Session run() throws Exception {
+                                       return repository.login(workspace);
+                               }
+                       });
+               } catch (Exception e) {
+                       throw new CmsException("Cannot log in to JCR", e);
+               }
+               return session;
+       }
+
+       public synchronized void releaseSession(Session session) {
                if (cmsSessions.containsKey(session)) {
                        CmsSession cmsSession = cmsSessions.get(session);
                        cmsSession.releaseDataSession(alias, session);
                } else {
-                       log.warn("No CMS session for JCR session " + session);
+                       // anonymous
+                       JcrUtils.logoutQuietly(session);
                }
        }
 }