X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fintegration%2FJcrReadServlet.java;h=83393ec8e19b16758080fe9022aaad475c0aa1cf;hb=4c96729d93e6db492312a54e1f876cb27389793e;hp=f4bcc15d42091e167e7a45fece92312e7aaf9351;hpb=2f47a72478c876464ac31cecc138183fccfeac91;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java b/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java index f4bcc15d4..83393ec8e 100644 --- a/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java +++ b/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java @@ -4,6 +4,9 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; +import java.security.AccessControlContext; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; @@ -20,6 +23,7 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.Value; import javax.jcr.nodetype.NodeType; +import javax.security.auth.Subject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -31,6 +35,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.jackrabbit.api.JackrabbitNode; import org.apache.jackrabbit.api.JackrabbitValue; import org.argeo.jcr.JcrUtils; +import org.osgi.service.http.context.ServletContextHelper; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.ObjectMapper; @@ -102,8 +107,9 @@ public class JcrReadServlet extends HttpServlet { return; } if (!acceptHeader.isEmpty() && !acceptHeader.contains(JSON_CONTENT_TYPE)) { - log.warn("Content type " + acceptHeader + " in Accept header is not supported. Supported: " - + JSON_CONTENT_TYPE + " (default), " + XML_CONTENT_TYPE); + if (log.isTraceEnabled()) + log.warn("Content type " + acceptHeader + " in Accept header is not supported. Supported: " + + JSON_CONTENT_TYPE + " (default), " + XML_CONTENT_TYPE); } resp.setContentType(JSON_CONTENT_TYPE); JsonGenerator jsonGenerator = getObjectMapper().getFactory().createGenerator(resp.getWriter()); @@ -122,7 +128,24 @@ public class JcrReadServlet extends HttpServlet { protected Session openJcrSession(HttpServletRequest req, HttpServletResponse resp, Repository repository, String workspace) throws RepositoryException { - return workspace != null ? repository.login(workspace) : repository.login(); + AccessControlContext acc = (AccessControlContext) req.getAttribute(ServletContextHelper.REMOTE_USER); + Subject subject = Subject.getSubject(acc); + try { + return Subject.doAs(subject, new PrivilegedExceptionAction() { + + @Override + public Session run() throws RepositoryException { + return repository.login(workspace); + } + + }); + } catch (PrivilegedActionException e) { + if (e.getException() instanceof RepositoryException) + throw (RepositoryException) e.getException(); + else + throw new RuntimeException(e.getException()); + } +// return workspace != null ? repository.login(workspace) : repository.login(); } protected String getWorkspace(HttpServletRequest req) {