Improve Jackrabbit security

git-svn-id: https://svn.argeo.org/commons/trunk@4330 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc

diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index e5b83e3169d2afa3df0f675190d16fe69123d345..5612b638868cd462cc310f8b25dd7812ea196427 100644 (file)
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -112,18 +112,22 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 
                public boolean grants(Set<Principal> principals, String workspaceName)
                                throws RepositoryException {
+                       // everybody has access to all workspaces
+                       // TODO: implements finer access to workspaces
+                       return true;
+
                        // anonymous has access to the default workspace (required for
                        // remoting which does a default login when initializing the
                        // repository)
-                       Boolean anonymous = false;
-                       for (Principal principal : principals)
-                               if (principal instanceof AnonymousPrincipal)
-                                       anonymous = true;
-
-                       if (anonymous && workspaceName.equals(defaultWorkspace))
-                               return true;
-                       else
-                               return wam.grants(principals, workspaceName);
+                       // Boolean anonymous = false;
+                       // for (Principal principal : principals)
+                       // if (principal instanceof AnonymousPrincipal)
+                       // anonymous = true;
+                       //
+                       // if (anonymous && workspaceName.equals(defaultWorkspace))
+                       // return true;
+                       // else
+                       // return wam.grants(principals, workspaceName);
                }
        }
 

diff --git a/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitContainer.java b/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitContainer.java
index 51063ace7640b2323e3cf23e1cf676de2a01ae20..895c31c591ecf19fa45f7b39a633e81868123ce8 100644 (file)
--- a/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitContainer.java
+++ b/server/runtime/org.argeo.server.jackrabbit/src/main/java/org/argeo/jackrabbit/JackrabbitContainer.java
@@ -165,6 +165,7 @@ public class JackrabbitContainer implements InitializingBean, DisposableBean,
                                Session session = null;
                                try {
                                        session = repository.login(credentialsToUse);
+                                       processNewSession(session);
                                        // Load cnds as resources
                                        for (String resUrl : cndFiles) {
                                                Resource res = resourceLoader.getResource(resUrl);