X-Git-Url: https://git.argeo.org/?a=blobdiff_plain;f=security%2Fruntime%2Forg.argeo.security.jackrabbit%2Fsrc%2Fmain%2Fjava%2Forg%2Fargeo%2Fsecurity%2Fjackrabbit%2FArgeoSecurityManager.java;h=3e9f015bb879258fe1c6fd3e94a71ca603e9c34d;hb=72c5c4c7e5348ad96a451ef866a1e231db976dc7;hp=96260b426f466ca5b69185c4f432d4672ca21df8;hpb=19f918960dfca4fd10de1fbe33554b8e1ce3b62c;p=lgpl%2Fargeo-commons.git diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java index 96260b426..3e9f015bb 100644 --- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java +++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java @@ -26,6 +26,7 @@ import org.apache.jackrabbit.api.security.user.Group; import org.apache.jackrabbit.api.security.user.User; import org.apache.jackrabbit.api.security.user.UserManager; import org.apache.jackrabbit.core.DefaultSecurityManager; +import org.apache.jackrabbit.core.security.AnonymousPrincipal; import org.apache.jackrabbit.core.security.SecurityConstants; import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager; import org.argeo.ArgeoException; @@ -49,7 +50,10 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { if (log.isTraceEnabled()) log.trace(subject); - // skip Jackrabbit system user + // skip anonymous user (no rights) + if (!subject.getPrincipals(AnonymousPrincipal.class).isEmpty()) + return super.getUserID(subject, workspaceName); + // skip Jackrabbit system user (all rights) if (!subject.getPrincipals(ArgeoSystemPrincipal.class).isEmpty()) return super.getUserID(subject, workspaceName); @@ -69,6 +73,8 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { if (user == null) { user = systemUm.createUser(userId, authen.getCredentials() .toString(), authen, null); + JcrUtils.createUserHomeIfNeeded(getSystemSession(), userId); + getSystemSession().save(); setSecurityHomeAuthorizations(user); log.info(userId + " added as " + user); } @@ -93,15 +99,15 @@ public class ArgeoSecurityManager extends DefaultSecurityManager { group.removeMember(user); } - if (log.isDebugEnabled()) - log.debug("Spring and Jackrabbit Security synchronized for user " + if (log.isTraceEnabled()) + log.trace("Spring and Jackrabbit Security synchronized for user " + userId + " in " + (System.currentTimeMillis() - begin) + " ms"); return userId; } protected synchronized void setSecurityHomeAuthorizations(User user) { - // give read privileges on user home + // give read privileges on user security home String userId = ""; try { userId = user.getID();