Admin session to the proper content provider workspace

[lgpl/argeo-commons.git] / jcr / org.argeo.cms.jcr / src / org / argeo / cms / jcr / CmsJcrUtils.java
diff --git a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java

index b5d9adfcaedbef28390945b1458c191a922b9588..3849c5b97fac4c90611a8987f8d93ba7e84f0882 100644 (file)
--- a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
+++ b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
@@ -20,6 +20,7 @@ import javax.security.auth.login.LoginException;
  
  import org.argeo.api.cms.CmsAuth;
  import org.argeo.api.cms.CmsConstants;
+import org.argeo.jcr.JcrUtils;
  
  /** Utilities related to Argeo model in JCR */
  public class CmsJcrUtils {
@@ -239,34 +240,39 @@ public class CmsJcrUtils {
         /**
          * Open a JCR session with full read/write rights on the data, as
          * {@link CmsConstants#ROLE_USER_ADMIN}, using the
-        * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security
-        * hardened deployement, use {@link AuthPermission} on this login context.
+        * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security hardened
+        * deployement, use {@link AuthPermission} on this login context.
          */
         public static Session openDataAdminSession(Repository repository, String workspaceName) {
-               ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
                 LoginContext loginContext;
                 try {
-                       loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_DATA_ADMIN);
+                       loginContext = CmsAuth.DATA_ADMIN.newLoginContext();
                         loginContext.login();
                 } catch (LoginException e1) {
                         throw new RuntimeException("Could not login as data admin", e1);
                 } finally {
-                       Thread.currentThread().setContextClassLoader(currentCl);
                 }
-               return Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Session>() {
  
-                       @Override
-                       public Session run() {
-                               try {
-                                       return repository.login(workspaceName);
-                               } catch (NoSuchWorkspaceException e) {
-                                       throw new IllegalArgumentException("No workspace " + workspaceName + " available", e);
-                               } catch (RepositoryException e) {
-                                       throw new RuntimeException("Cannot open data admin session", e);
+               ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
+               try {
+                       Thread.currentThread().setContextClassLoader(CmsJcrUtils.class.getClassLoader());
+                       return Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Session>() {
+
+                               @Override
+                               public Session run() {
+                                       try {
+                                               return JcrUtils.loginOrCreateWorkspace(repository, workspaceName);
+                                       } catch (NoSuchWorkspaceException e) {// should not happen
+                                               throw new IllegalArgumentException("No workspace " + workspaceName + " available", e);
+                                       } catch (RepositoryException e) {
+                                               throw new RuntimeException("Cannot open data admin session", e);
+                                       }
                                 }
-                       }
  
-               });
+                       });
+               } finally {
+                       Thread.currentThread().setContextClassLoader(currentCl);
+               }
         }
  
         /** Singleton. */