userHome.setProperty(ArgeoNames.ARGEO_USER_ID, username);
session.save();
- JcrUtils.clearAccesControList(session, homePath, username);
+ JcrUtils.clearAccessControList(session, homePath, username);
JcrUtils.addPrivilege(session, homePath, username,
Privilege.JCR_ALL);
}
ArgeoNames.ARGEO_CREDENTIALS_NON_EXPIRED, true);
session.save();
- JcrUtils.clearAccesControList(session, userProfile.getPath(),
+ JcrUtils.clearAccessControList(session, userProfile.getPath(),
username);
JcrUtils.addPrivilege(session, userProfile.getPath(), username,
Privilege.JCR_READ);
import org.apache.jackrabbit.core.security.AnonymousPrincipal;
import org.apache.jackrabbit.core.security.SecurityConstants;
import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
-import org.argeo.ArgeoException;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
Authentication authen;
Set<Authentication> authens = subject
.getPrincipals(Authentication.class);
- if (authens.size() == 0)
- throw new ArgeoException("No Spring authentication found in "
- + subject);
- else
+ String userId;
+ if (authens.size() == 0) {
+ // make sure that logged-in user has a Principal, useful for testing
+ // using an admin user
+ userId = super.getUserID(subject, workspaceName);
+ UserManager systemUm = getSystemUserManager(null);
+ if (systemUm.getAuthorizable(userId) == null)
+ systemUm.createUser(userId, "");
+ } else {// Spring Security
authen = authens.iterator().next();
- String userId = authen.getName();
- StringBuffer roles = new StringBuffer("");
- GrantedAuthority[] authorities = authen.getAuthorities();
- for (GrantedAuthority ga : authorities) {
- roles.append(ga.toString());
- }
-
- // do not sync if not changed
- if (userRolesCache.containsKey(userId)
- && userRolesCache.get(userId).equals(roles.toString()))
- return userId;
+ userId = authen.getName();
+ StringBuffer roles = new StringBuffer("");
+ GrantedAuthority[] authorities = authen.getAuthorities();
+ for (GrantedAuthority ga : authorities) {
+ roles.append(ga.toString());
+ }
- // sync Spring and Jackrabbit
- // workspace is irrelevant here
- UserManager systemUm = getSystemUserManager(null);
- syncSpringAndJackrabbitSecurity(systemUm, authen);
- userRolesCache.put(userId, roles.toString());
+ // do not sync if not changed
+ if (userRolesCache.containsKey(userId)
+ && userRolesCache.get(userId).equals(roles.toString()))
+ return userId;
+ // sync Spring and Jackrabbit
+ // workspace is irrelevant here
+ UserManager systemUm = getSystemUserManager(null);
+ syncSpringAndJackrabbitSecurity(systemUm, authen);
+ userRolesCache.put(userId, roles.toString());
+ }
return userId;
}
import org.apache.jackrabbit.api.security.user.UserManager;
import org.argeo.ArgeoException;
import org.argeo.security.jcr.JcrSecurityModel;
-import org.argeo.util.security.SimplePrincipal;
/** Make sure that user authorizable exists before syncing user directories. */
public class JackrabbitSecurityModel extends JcrSecurityModel {
if (session instanceof JackrabbitSession) {
UserManager userManager = ((JackrabbitSession) session)
.getUserManager();
- User user = (User) userManager
- .getAuthorizable(new SimplePrincipal(username));
+ User user = (User) userManager.getAuthorizable(username);
if (user == null)
userManager.createUser(username, "");
}