X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;ds=sidebyside;f=security%2Fruntime%2Forg.argeo.security.jackrabbit%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoSecurityManager.java;h=1109980696d61d110aab683ddbde53f937286d4b;hb=1d5afdce3e91054f07ddd3c98309c363b4cf1d46;hp=96260b426f466ca5b69185c4f432d4672ca21df8;hpb=19f918960dfca4fd10de1fbe33554b8e1ce3b62c;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 96260b426..110998069 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -1,3 +1,18 @@ +/* + * Copyright (C) 2007-2012 Mathieu Baudier + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package org.argeo.security.jackrabbit; import java.security.Principal; @@ -26,6 +41,7 @@ import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.core.DefaultSecurityManager; +import org.apache.jackrabbit.core.security.AnonymousPrincipal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.argeo.ArgeoException; @@ -49,7 +65,10 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { if (log.isTraceEnabled()) log.trace(subject); - // skip Jackrabbit system user + // skip anonymous user (no rights) + if (!subject.getPrincipals(AnonymousPrincipal.class).isEmpty()) + return super.getUserID(subject, workspaceName); + // skip Jackrabbit system user (all rights) if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty()) return super.getUserID(subject, workspaceName); @@ -69,6 +88,8 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { if (user == null) { user = systemUm.createUser(userId, authen.getCredentials() .toString(), authen, null); + JcrUtils.createUserHomeIfNeeded(getSystemSession(), userId); + getSystemSession().save(); setSecurityHomeAuthorizations(user); log.info(userId + " added as " + user); } @@ -93,15 +114,15 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { group.removeMember(user); } - if (log.isDebugEnabled()) - log.debug("Spring and Jackrabbit Security synchronized for user " + if (log.isTraceEnabled()) + log.trace("Spring and Jackrabbit Security synchronized for user " + userId + " in " + (System.currentTimeMillis() - begin) + " ms"); return userId; } protected synchronized void setSecurityHomeAuthorizations(User user) { - // give read privileges on user home + // give read privileges on user security home String userId = ""; try { userId = user.getID();