Centralise configure script

[lgpl/argeo-commons.git] / jcr / org.argeo.cms.jcr / src / org / argeo / cms / jcr / CmsJcrUtils.java
diff --git a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java

index b5d9adfcaedbef28390945b1458c191a922b9588..7fde17751c82dc7b0450f4c0b95a6d2d755dfbaf 100644 (file)
--- a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
+++ b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
@@ -1,6 +1,5 @@
  package org.argeo.cms.jcr;
  
-import java.security.PrivilegedAction;
  import java.util.HashMap;
  import java.util.Map;
  
@@ -14,12 +13,13 @@ import javax.jcr.Session;
  import javax.naming.InvalidNameException;
  import javax.naming.ldap.LdapName;
  import javax.security.auth.AuthPermission;
-import javax.security.auth.Subject;
  import javax.security.auth.login.LoginContext;
  import javax.security.auth.login.LoginException;
  
  import org.argeo.api.cms.CmsAuth;
  import org.argeo.api.cms.CmsConstants;
+import org.argeo.jcr.JcrUtils;
+import org.argeo.util.CurrentSubject;
  
  /** Utilities related to Argeo model in JCR */
  public class CmsJcrUtils {
@@ -239,34 +239,36 @@ public class CmsJcrUtils {
         /**
          * Open a JCR session with full read/write rights on the data, as
          * {@link CmsConstants#ROLE_USER_ADMIN}, using the
-        * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security
-        * hardened deployement, use {@link AuthPermission} on this login context.
+        * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security hardened
+        * deployement, use {@link AuthPermission} on this login context.
          */
         public static Session openDataAdminSession(Repository repository, String workspaceName) {
-               ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
                 LoginContext loginContext;
                 try {
-                       loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_DATA_ADMIN);
+                       loginContext = CmsAuth.DATA_ADMIN.newLoginContext();
                         loginContext.login();
                 } catch (LoginException e1) {
                         throw new RuntimeException("Could not login as data admin", e1);
                 } finally {
-                       Thread.currentThread().setContextClassLoader(currentCl);
                 }
-               return Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Session>() {
  
-                       @Override
-                       public Session run() {
+               ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
+               try {
+                       Thread.currentThread().setContextClassLoader(CmsJcrUtils.class.getClassLoader());
+                       return CurrentSubject.callAs(loginContext.getSubject(), () -> {
                                 try {
-                                       return repository.login(workspaceName);
-                               } catch (NoSuchWorkspaceException e) {
+                                       return JcrUtils.loginOrCreateWorkspace(repository, workspaceName);
+                               } catch (NoSuchWorkspaceException e) {// should not happen
                                         throw new IllegalArgumentException("No workspace " + workspaceName + " available", e);
                                 } catch (RepositoryException e) {
                                         throw new RuntimeException("Cannot open data admin session", e);
                                 }
                         }
  
-               });
+                       );
+               } finally {
+                       Thread.currentThread().setContextClassLoader(currentCl);
+               }
         }
  
         /** Singleton. */