X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Fintegration%2FJcrReadServlet.java;h=83393ec8e19b16758080fe9022aaad475c0aa1cf;hb=a940a66aca249a1ce7dea66d43b0e2816845d7d1;hp=026da108aae5ef08700180779ce44f97856d7e2e;hpb=ef7f248b07ca06a29f6b507bbd8d0fa430a38407;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java b/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java index 026da108a..83393ec8e 100644 --- a/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java +++ b/org.argeo.cms/src/org/argeo/cms/integration/JcrReadServlet.java @@ -4,6 +4,9 @@ import java.io.IOException; import java.io.UnsupportedEncodingException; import java.net.URLDecoder; import java.nio.charset.StandardCharsets; +import java.security.AccessControlContext; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.LinkedHashMap; import java.util.List; @@ -20,6 +23,7 @@ import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.Value; import javax.jcr.nodetype.NodeType; +import javax.security.auth.Subject; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -31,6 +35,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.jackrabbit.api.JackrabbitNode; import org.apache.jackrabbit.api.JackrabbitValue; import org.argeo.jcr.JcrUtils; +import org.osgi.service.http.context.ServletContextHelper; import com.fasterxml.jackson.core.JsonGenerator; import com.fasterxml.jackson.databind.ObjectMapper; @@ -123,7 +128,24 @@ public class JcrReadServlet extends HttpServlet { protected Session openJcrSession(HttpServletRequest req, HttpServletResponse resp, Repository repository, String workspace) throws RepositoryException { - return workspace != null ? repository.login(workspace) : repository.login(); + AccessControlContext acc = (AccessControlContext) req.getAttribute(ServletContextHelper.REMOTE_USER); + Subject subject = Subject.getSubject(acc); + try { + return Subject.doAs(subject, new PrivilegedExceptionAction() { + + @Override + public Session run() throws RepositoryException { + return repository.login(workspace); + } + + }); + } catch (PrivilegedActionException e) { + if (e.getException() instanceof RepositoryException) + throw (RepositoryException) e.getException(); + else + throw new RuntimeException(e.getException()); + } +// return workspace != null ? repository.login(workspace) : repository.login(); } protected String getWorkspace(HttpServletRequest req) {