From 757231ada3408c39ef3d88527c61b1279ba462b8 Mon Sep 17 00:00:00 2001
From: Mathieu Baudier <mbaudier@argeo.org>
Date: Fri, 7 Dec 2012 20:29:56 +0000
Subject: [PATCH] Fix issues with admin

git-svn-id: https://svn.argeo.org/commons/trunk@5912 4cfe0d0a-d680-48aa-b62c-e0a02a3f76cc
---
 .../META-INF/spring/security-ldap-jcr.xml             |  9 ---------
 .../META-INF/spring/security-os.xml                   |  9 ---------
 .../argeo/security/jackrabbit/ArgeoLoginModule.java   |  6 +++---
 .../security/jackrabbit/ArgeoSecurityManager.java     | 11 +++++++++--
 4 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml b/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml
index b7b3bf3ee..3235e66f4 100644
--- a/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml
+++ b/security/modules/org.argeo.security.dao.ldap/META-INF/spring/security-ldap-jcr.xml
@@ -19,15 +19,6 @@
 		<property name="repository" ref="nodeRepository" />
 		<property name="bundleContext" ref="bundleContext" />
 	</bean>
-	<bean class="org.argeo.jackrabbit.JackrabbitAuthorizations"
-		init-method="run">
-		<property name="principalPrivileges">
-			<map>
-				<entry key="jcr:all" value="ROLE_ADMIN" />
-			</map>
-		</property>
-		<property name="repository" ref="argeoDataModel" />
-	</bean>
 
 	<bean id="jcrLdapSynchronizer" class="org.argeo.security.ldap.jcr.JcrLdapSynchronizer"
 		init-method="init" destroy-method="destroy" depends-on="argeoDataModel">
diff --git a/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml b/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml
index 188476c51..3d94f502d 100644
--- a/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml
+++ b/security/modules/org.argeo.security.dao.os/META-INF/spring/security-os.xml
@@ -22,15 +22,6 @@
 		<property name="repository" ref="nodeRepository" />
 		<property name="bundleContext" ref="bundleContext" />
 	</bean>
-	<bean class="org.argeo.jackrabbit.JackrabbitAuthorizations"
-		init-method="run">
-		<property name="principalPrivileges">
-			<map>
-				<entry key="jcr:all" value="ROLE_ADMIN" />
-			</map>
-		</property>
-		<property name="repository" ref="argeoDataModel" />
-	</bean>
 
 	<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
 		<property name="providers">
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
index 3250a2b16..43c544083 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoLoginModule.java
@@ -39,7 +39,7 @@ import org.springframework.security.providers.anonymous.AnonymousAuthenticationT
 
 /** Jackrabbit login mechanism based on Spring Security */
 public class ArgeoLoginModule extends AbstractLoginModule {
-	// private String adminRole = "ROLE_ADMIN";
+	private String adminRole = "ROLE_ADMIN";
 
 	@SuppressWarnings("unused")
 	@Override
@@ -100,8 +100,8 @@ public class ArgeoLoginModule extends AbstractLoginModule {
 			for (GrantedAuthority ga : authen.getAuthorities()) {
 				principals.add(new GrantedAuthorityPrincipal(ga));
 				// FIXME: make it more generic
-				// if (adminRole.equals(ga.getAuthority()))
-				// principals.add(new AdminPrincipal(authen.getName()));
+				if (adminRole.equals(ga.getAuthority()))
+					principals.add(new AdminPrincipal(authen.getName()));
 			}
 		}
 
diff --git a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
index 9a06e349d..3450c75d8 100644
--- a/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
+++ b/security/runtime/org.argeo.security.jackrabbit/src/main/java/org/argeo/security/jackrabbit/ArgeoSecurityManager.java
@@ -41,6 +41,7 @@ import org.apache.jackrabbit.core.security.SecurityConstants;
 import org.apache.jackrabbit.core.security.authorization.WorkspaceAccessManager;
 import org.springframework.security.Authentication;
 import org.springframework.security.GrantedAuthority;
+import org.springframework.security.context.SecurityContextHolder;
 
 /** Integrates Spring Security and Jackrabbit Security users and roles. */
 public class ArgeoSecurityManager extends DefaultSecurityManager {
@@ -81,8 +82,14 @@ public class ArgeoSecurityManager extends DefaultSecurityManager {
 	@Override
 	public String getUserID(Subject subject, String workspaceName)
 			throws RepositoryException {
-		if (!synchronize)
-			return super.getUserID(subject, workspaceName);
+		if (!synchronize) {
+			Authentication authentication = SecurityContextHolder.getContext()
+					.getAuthentication();
+			if (authentication != null)
+				return authentication.getName();
+			else
+				return super.getUserID(subject, workspaceName);
+		}
 
 		if (log.isTraceEnabled())
 			log.trace(subject);
-- 
2.30.2