X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=org.argeo.cms%2Fsrc%2Forg%2Fargeo%2Fcms%2Finternal%2Fkernel%2FKernel.java;h=67f0c3737caab318e3acd0c8a28d0e207ffe0760;hb=f7944a8accf7b9cfc3cffe6e6f5c611cd48f592c;hp=83f21202e45612855b87d23d29a226479469df3a;hpb=93a457cf047cebb0170abd0f37a9b4291a2ae3e9;p=lgpl%2Fargeo-commons.git diff --git a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java index 83f21202e..67f0c3737 100644 --- a/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java +++ b/org.argeo.cms/src/org/argeo/cms/internal/kernel/Kernel.java @@ -2,17 +2,22 @@ package org.argeo.cms.internal.kernel; import java.lang.management.ManagementFactory; import java.net.URL; +import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Map; import javax.jcr.Repository; import javax.jcr.RepositoryFactory; +import javax.security.auth.Subject; +import javax.security.auth.login.LoginContext; +import javax.security.auth.login.LoginException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.jackrabbit.util.TransientFileFactory; import org.argeo.ArgeoException; import org.argeo.cms.CmsException; +import org.argeo.cms.KernelHeader; import org.argeo.jackrabbit.OsgiJackrabbitRepositoryFactory; import org.argeo.jcr.ArgeoJcrConstants; import org.argeo.security.core.InternalAuthentication; @@ -47,12 +52,35 @@ final class Kernel implements ServiceListener { NodeHttp nodeHttp; private KernelThread kernelThread; - void init() { + private final Subject kernelSubject = new Subject(); + + public Kernel() { URL url = getClass().getClassLoader().getResource( KernelConstants.JAAS_CONFIG); System.setProperty("java.security.auth.login.config", url.toExternalForm()); + try { + LoginContext kernelLc = new LoginContext( + KernelHeader.LOGIN_CONTEXT_SYSTEM, kernelSubject); + kernelLc.login(); + } catch (LoginException e) { + throw new CmsException("Cannot log in kernel", e); + } + } + + final void init() { + Subject.doAs(kernelSubject, new PrivilegedAction() { + + @Override + public Void run() { + doInit(); + return null; + } + + }); + } + private void doInit() { ClassLoader currentContextCl = Thread.currentThread() .getContextClassLoader(); Thread.currentThread().setContextClassLoader( @@ -121,6 +149,14 @@ final class Kernel implements ServiceListener { // Clean hanging threads from Jackrabbit TransientFileFactory.shutdown(); + try { + LoginContext kernelLc = new LoginContext( + KernelHeader.LOGIN_CONTEXT_SYSTEM, kernelSubject); + kernelLc.logout(); + } catch (LoginException e) { + throw new CmsException("Cannot log in kernel", e); + } + long duration = System.currentTimeMillis() - begin; log.info("## ARGEO CMS DOWN in " + (duration / 1000) + "." + (duration % 1000) + "s ##");