Make open admin session more robust.

diff --git a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
index b5d9adfcaedbef28390945b1458c191a922b9588..4a28dca772652578b6e031107362835a47c39eb4 100644 (file)
--- a/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
+++ b/jcr/org.argeo.cms.jcr/src/org/argeo/cms/jcr/CmsJcrUtils.java
@@ -239,11 +239,10 @@ public class CmsJcrUtils {
        /**
         * Open a JCR session with full read/write rights on the data, as
         * {@link CmsConstants#ROLE_USER_ADMIN}, using the
-        * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security
-        * hardened deployement, use {@link AuthPermission} on this login context.
+        * {@link CmsAuth#LOGIN_CONTEXT_DATA_ADMIN} login context. For security hardened
+        * deployement, use {@link AuthPermission} on this login context.
         */
        public static Session openDataAdminSession(Repository repository, String workspaceName) {
-               ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
                LoginContext loginContext;
                try {
                        loginContext = new LoginContext(CmsAuth.LOGIN_CONTEXT_DATA_ADMIN);
@@ -251,22 +250,28 @@ public class CmsJcrUtils {
                } catch (LoginException e1) {
                        throw new RuntimeException("Could not login as data admin", e1);
                } finally {
-                       Thread.currentThread().setContextClassLoader(currentCl);
                }
-               return Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Session>() {
 
-                       @Override
-                       public Session run() {
-                               try {
-                                       return repository.login(workspaceName);
-                               } catch (NoSuchWorkspaceException e) {
-                                       throw new IllegalArgumentException("No workspace " + workspaceName + " available", e);
-                               } catch (RepositoryException e) {
-                                       throw new RuntimeException("Cannot open data admin session", e);
+               ClassLoader currentCl = Thread.currentThread().getContextClassLoader();
+               try {
+                       Thread.currentThread().setContextClassLoader(CmsJcrUtils.class.getClassLoader());
+                       return Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Session>() {
+
+                               @Override
+                               public Session run() {
+                                       try {
+                                               return repository.login(workspaceName);
+                                       } catch (NoSuchWorkspaceException e) {
+                                               throw new IllegalArgumentException("No workspace " + workspaceName + " available", e);
+                                       } catch (RepositoryException e) {
+                                               throw new RuntimeException("Cannot open data admin session", e);
+                                       }
                                }
-                       }
 
-               });
+                       });
+               } finally {
+                       Thread.currentThread().setContextClassLoader(currentCl);
+               }
        }
 
        /** Singleton. */