You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by fm...@apache.org on 2012/01/24 20:48:36 UTC

svn commit: r1235447 - /sling/trunk/bundles/jcr/davex/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java

Author: fmeschbe
Date: Tue Jan 24 19:48:36 2012
New Revision: 1235447

URL: http://svn.apache.org/viewvc?rev=1235447&view=rev
Log:
SLING-2325 Improve code readability and make sure temporary admin session is logged out after impersonation

Modified:
    sling/trunk/bundles/jcr/davex/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java

Modified: sling/trunk/bundles/jcr/davex/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
URL: http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/davex/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java?rev=1235447&r1=1235446&r2=1235447&view=diff
==============================================================================
--- sling/trunk/bundles/jcr/davex/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java (original)
+++ sling/trunk/bundles/jcr/davex/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java Tue Jan 24 19:48:36 2012
@@ -180,16 +180,14 @@ public class SlingDavExServlet extends J
                         if (requireLongLivedSession(req)) {
                             // as the session might be longer used by davex than
                             // the request we have to create a new session!
-                            final SimpleCredentials credentials = new SimpleCredentials(session.getUserID(), EMPTY_PW);
-                            credentials.setAttribute(SESSION_FLAG_LONG_LIVED, Boolean.TRUE);
-                            final String wsp = session.getWorkspace().getName();
-                            final Session adminSession = SlingDavExServlet.this.repository.loginAdministrative(wsp);
-                            final Session newSession = adminSession.impersonate(credentials);
-                            log.debug("getSession: Creating new Session ({})", newSession);
+                            final Session newSession = getLongLivedSession(session);
+                            log.debug("getSession: Creating new Session ({}) for {}", newSession,
+                                newSession.getUserID());
                             return newSession;
+
                         }
 
-                        log.debug("getSession: Reusing Session ({})", session);
+                        log.debug("getSession: Using Session ({}) from Sling", session);
                         return session;
                     }
                 }
@@ -198,11 +196,11 @@ public class SlingDavExServlet extends J
             }
 
             public void releaseSession(final Session session) {
-                if (session.getAttribute(SESSION_FLAG_LONG_LIVED) != null) {
-                    log.debug("getSession: Logging out Session ({})", session);
+                if (isLongLivedSession(session)) {
+                    log.debug("releaseSession: Logging out long lived Session ({})", session);
                     session.logout();
                 } else {
-                    log.debug("getSession: Keeping Session ({})", session);
+                    log.debug("releaseSession: Nothing to do with Session ({}) from Sling", session);
                 }
             }
 
@@ -210,6 +208,52 @@ public class SlingDavExServlet extends J
                 final String method = req.getMethod();
                 return REQUEST_METHOD_LOCK.equals(method) || REQUEST_METHOD_SUBSCRIBE.equals(method);
             }
+
+            /**
+             * Creates a new session for the user of the slingSession in the
+             * same workspace as the slingSession.
+             * <p>
+             * Assumption: The admin session has permission to impersonate
+             * as any user without restriction. If this is not the case
+             * the Session.impersonate method throws a LoginException
+             * which is folded into a RepositoryException.
+             *
+             * @param slingSession The session provided by the Sling
+             *            authentication mechanis,
+             * @return a new session which may (and will) outlast the request
+             * @throws RepositoryException If an error occurrs creating the
+             *             session.
+             */
+            private Session getLongLivedSession(final Session slingSession) throws RepositoryException {
+                Session adminSession = null;
+                final String user = slingSession.getUserID();
+                try {
+                    final SimpleCredentials credentials = new SimpleCredentials(user, EMPTY_PW);
+                    credentials.setAttribute(SESSION_FLAG_LONG_LIVED, Boolean.TRUE);
+
+                    final String wsp = slingSession.getWorkspace().getName();
+                    adminSession = SlingDavExServlet.this.repository.loginAdministrative(wsp);
+
+                    return adminSession.impersonate(credentials);
+
+                } catch (RepositoryException re) {
+
+                    // LoginException from impersonate (missing permission)
+                    // and RepositoryException from loginAdministrative and
+                    // impersonate folded into RepositoryException to
+                    // cause a 403/FORBIDDEN response
+                    throw new RepositoryException("Cannot get session for " + user, re);
+
+                } finally {
+                    if (adminSession != null) {
+                        adminSession.logout();
+                    }
+                }
+            }
+
+            private boolean isLongLivedSession(final Session session) {
+                return session.getAttribute(SESSION_FLAG_LONG_LIVED) != null;
+            }
         };
     }
 }