package org.argeo.cms.jcr;
-import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.security.auth.AuthPermission;
-import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.argeo.api.cms.CmsAuth;
import org.argeo.api.cms.CmsConstants;
+import org.argeo.jcr.JcrUtils;
+import org.argeo.util.CurrentSubject;
/** Utilities related to Argeo model in JCR */
public class CmsJcrUtils {
/**
* Open a JCR session with full read/write rights on the data, as
* {@link CmsConstants#ROLE_USER_ADMIN}, using the
- * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security
- * hardened deployement, use {@link AuthPermission} on this login context.
+ * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security hardened
+ * deployement, use {@link AuthPermission} on this login context.
*/
public static Session openDataAdminSession(Repository repository, String workspaceName) {
- ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
LoginContext loginContext;
try {
- loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_DATA_ADMIN);
+ loginContext = CmsAuth.DATA_ADMIN.newLoginContext();
loginContext.login();
} catch (LoginException e1) {
throw new RuntimeException("Could not login as data admin", e1);
} finally {
- Thread.currentThread().setContextClassLoader(currentCl);
}
- return Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Session>() {
- @Override
- public Session run() {
+ ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
+ try {
+ Thread.currentThread().setContextClassLoader(CmsJcrUtils.class.getClassLoader());
+ return CurrentSubject.callAs(loginContext.getSubject(), () -> {
try {
- return repository.login(workspaceName);
- } catch (NoSuchWorkspaceException e) {
+ return JcrUtils.loginOrCreateWorkspace(repository, workspaceName);
+ } catch (NoSuchWorkspaceException e) {// should not happen
throw new IllegalArgumentException("No workspace " + workspaceName + " available", e);
} catch (RepositoryException e) {
throw new RuntimeException("Cannot open data admin session", e);
}
}
- });
+ );
+ } finally {
+ Thread.currentThread().setContextClassLoader(currentCl);
+ }
}
/** Singleton. */