You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 09:47:38 UTC
[sling-org-apache-sling-jcr-davex] 34/44: SLING-2325 Improve code
readability and make sure temporary admin session is logged out after
impersonation
This is an automated email from the ASF dual-hosted git repository.
rombert pushed a commit to annotated tag org.apache.sling.jcr.davex-1.1.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-jcr-davex.git
commit 77ed4cab995da2cf70316aef878aea5cf1e363b6
Author: Felix Meschberger <fm...@apache.org>
AuthorDate: Tue Jan 24 19:48:36 2012 +0000
SLING-2325 Improve code readability and make sure temporary admin session is logged out after impersonation
git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/bundles/jcr/davex@1235447 13f79535-47bb-0310-9956-ffa450edef68
---
.../jcr/davex/impl/servlets/SlingDavExServlet.java | 64 ++++++++++++++++++----
1 file changed, 54 insertions(+), 10 deletions(-)
diff --git a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
index 39b07d2..4933671 100644
--- a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
+++ b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
@@ -180,16 +180,14 @@ public class SlingDavExServlet extends JcrRemotingServlet {
if (requireLongLivedSession(req)) {
// as the session might be longer used by davex than
// the request we have to create a new session!
- final SimpleCredentials credentials = new SimpleCredentials(session.getUserID(), EMPTY_PW);
- credentials.setAttribute(SESSION_FLAG_LONG_LIVED, Boolean.TRUE);
- final String wsp = session.getWorkspace().getName();
- final Session adminSession = SlingDavExServlet.this.repository.loginAdministrative(wsp);
- final Session newSession = adminSession.impersonate(credentials);
- log.debug("getSession: Creating new Session ({})", newSession);
+ final Session newSession = getLongLivedSession(session);
+ log.debug("getSession: Creating new Session ({}) for {}", newSession,
+ newSession.getUserID());
return newSession;
+
}
- log.debug("getSession: Reusing Session ({})", session);
+ log.debug("getSession: Using Session ({}) from Sling", session);
return session;
}
}
@@ -198,11 +196,11 @@ public class SlingDavExServlet extends JcrRemotingServlet {
}
public void releaseSession(final Session session) {
- if (session.getAttribute(SESSION_FLAG_LONG_LIVED) != null) {
- log.debug("getSession: Logging out Session ({})", session);
+ if (isLongLivedSession(session)) {
+ log.debug("releaseSession: Logging out long lived Session ({})", session);
session.logout();
} else {
- log.debug("getSession: Keeping Session ({})", session);
+ log.debug("releaseSession: Nothing to do with Session ({}) from Sling", session);
}
}
@@ -210,6 +208,52 @@ public class SlingDavExServlet extends JcrRemotingServlet {
final String method = req.getMethod();
return REQUEST_METHOD_LOCK.equals(method) || REQUEST_METHOD_SUBSCRIBE.equals(method);
}
+
+ /**
+ * Creates a new session for the user of the slingSession in the
+ * same workspace as the slingSession.
+ * <p>
+ * Assumption: The admin session has permission to impersonate
+ * as any user without restriction. If this is not the case
+ * the Session.impersonate method throws a LoginException
+ * which is folded into a RepositoryException.
+ *
+ * @param slingSession The session provided by the Sling
+ * authentication mechanis,
+ * @return a new session which may (and will) outlast the request
+ * @throws RepositoryException If an error occurrs creating the
+ * session.
+ */
+ private Session getLongLivedSession(final Session slingSession) throws RepositoryException {
+ Session adminSession = null;
+ final String user = slingSession.getUserID();
+ try {
+ final SimpleCredentials credentials = new SimpleCredentials(user, EMPTY_PW);
+ credentials.setAttribute(SESSION_FLAG_LONG_LIVED, Boolean.TRUE);
+
+ final String wsp = slingSession.getWorkspace().getName();
+ adminSession = SlingDavExServlet.this.repository.loginAdministrative(wsp);
+
+ return adminSession.impersonate(credentials);
+
+ } catch (RepositoryException re) {
+
+ // LoginException from impersonate (missing permission)
+ // and RepositoryException from loginAdministrative and
+ // impersonate folded into RepositoryException to
+ // cause a 403/FORBIDDEN response
+ throw new RepositoryException("Cannot get session for " + user, re);
+
+ } finally {
+ if (adminSession != null) {
+ adminSession.logout();
+ }
+ }
+ }
+
+ private boolean isLongLivedSession(final Session session) {
+ return session.getAttribute(SESSION_FLAG_LONG_LIVED) != null;
+ }
};
}
}
--
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.