X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FOsJcrAuthenticationProvider.java;fp=security%2Fruntime%2Forg.argeo.security.core%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjcr%2FOsJcrAuthenticationProvider.java;h=5307673ced6eb589e4e49ea822f5a05d57e29f74;hb=0b7c4d15bef603eed5a7b770482e6cf684bbf381;hp=bccd1c616d67c1aed8fec1d55ed77f24e683bdb5;hpb=b52c8b344846458c2bc36c3e1354893f205f3fd7;p=lgpl%2Fargeo-commons.git

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
index bccd1c616..5307673ce 100644
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/jcr/OsJcrAuthenticationProvider.java
@@ -4,6 +4,7 @@ import javax.jcr.Node;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
+import javax.jcr.security.Privilege;
 
 import org.argeo.ArgeoException;
 import org.argeo.jcr.JcrUtils;
@@ -17,10 +18,12 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
 	private Repository repository;
 	private String securityWorkspace = "security";
 	private Session securitySession;
+	private Session nodeSession;
 
 	public void init() {
 		try {
 			securitySession = repository.login(securityWorkspace);
+			nodeSession = repository.login();
 		} catch (RepositoryException e) {
 			throw new ArgeoException("Cannot initialize", e);
 		}
@@ -28,6 +31,7 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
 
 	public void destroy() {
 		JcrUtils.logoutQuietly(securitySession);
+		JcrUtils.logoutQuietly(nodeSession);
 	}
 
 	public Authentication authenticate(Authentication authentication)
@@ -40,8 +44,17 @@ public class OsJcrAuthenticationProvider extends OsAuthenticationProvider {
 			String username = System.getProperty("user.name");
 			Node userProfile = JcrUtils.createUserProfileIfNeeded(
 					securitySession, username);
-
 			JcrUserDetails.checkAccountStatus(userProfile);
+
+			// each user should have a writable area in the default workspace of
+			// the node
+			Node userNodeHome = JcrUtils.createUserHomeIfNeeded(nodeSession,
+					username);
+			JcrUtils.addPrivilege(nodeSession, userNodeHome.getPath(),
+					username, Privilege.JCR_ALL);
+			if (nodeSession.hasPendingChanges())
+				nodeSession.save();
+
 			// user details
 			JcrUserDetails userDetails = new JcrUserDetails(userProfile, authen
 					.getCredentials().toString(), getBaseAuthorities());