Author: sohil.shah(a)jboss.com Date: 2007-05-09 19:16:23 -0400 (Wed, 09 May 2007) New Revision: 7232 Modified: trunk/core-cms/src/main/org/jboss/portal/core/cms/servlet/CMSPreviewServlet.java trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/viewfile.jsp Log: Bug Fix: Access denied while viewing document in CMSAdmin Portlet - JBPORTAL-1378 Modified: trunk/core-cms/src/main/org/jboss/portal/core/cms/servlet/CMSPreviewServlet.java =================================================================== --- trunk/core-cms/src/main/org/jboss/portal/core/cms/servlet/CMSPreviewServlet.java 2007-05-09 19:44:47 UTC (rev 7231) +++ trunk/core-cms/src/main/org/jboss/portal/core/cms/servlet/CMSPreviewServlet.java 2007-05-09 23:16:23 UTC (rev 7232) @@ -28,9 +28,19 @@ import org.jboss.portal.cms.Command; import org.jboss.portal.cms.model.Content; import org.jboss.portal.cms.model.File; +import org.jboss.portal.identity.User; +import org.jboss.portal.identity.UserModule; +import org.jboss.portal.identity.IdentityServiceController; +import org.jboss.portal.identity.IdentityContext; +import org.jboss.portal.cms.impl.jcr.JCRCMS; +import org.hibernate.SessionFactory; +import org.hibernate.Session; +import org.hibernate.Transaction; + import javax.management.MBeanServer; import javax.management.ObjectName; +import javax.naming.InitialContext; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; @@ -45,6 +55,9 @@ /** The serialVersionUID */ private static final long serialVersionUID = 1676227756085242093L; + /** + * + */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { String path = (String)request.getParameter("p"); @@ -55,6 +68,11 @@ { MBeanServer mbeanServer = MBeanServerLocator.locateJBoss(); CMS CMSService = (CMS)MBeanProxy.get(CMS.class, new ObjectName("portal:service=CMS"), mbeanServer); + IdentityServiceController identityService = (IdentityServiceController)MBeanProxy.get( + IdentityServiceController.class, new ObjectName("portal:service=Module,type=IdentityServiceController"), mbeanServer); + + //Setup the Identity of the user accessing this servlet + this.setupUser(request, identityService); Command getCMD = CMSService.getCommandFactory().createFileGetCommand(path, version, new Locale(language)); File file = (File)CMSService.execute(getCMD); @@ -85,8 +103,76 @@ } } + /** + * + */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException { doGet(request, response); } + + /** + * + * @param identityService + */ + private void setupUser(HttpServletRequest request,IdentityServiceController identityService) throws Exception + { + String remoteUser = (String)request.getSession().getAttribute("remoteUser"); + if(remoteUser != null && remoteUser.trim().length() > 0) + { + User user = (User)request.getSession().getAttribute("cmsIdentity"); + + if( user == null || + !user.getUserName().equals(remoteUser) //This happens if another user is now logged in to the same session...rare scenario + ) + { + user = this.getUser(remoteUser, identityService); + request.getSession().setAttribute("cmsIdentity", user); + } + + JCRCMS.getUserInfo().set(user); + } + } + + /** + * + * @param identityService + * @return + * @throws Exception + */ + private User getUser(String remoteUser,IdentityServiceController identityService) throws Exception + { + User user = null; + SessionFactory identitySessionFactory = (SessionFactory)new InitialContext().lookup("java:/portal/IdentitySessionFactory"); + Session session = identitySessionFactory.openSession(); + Transaction transaction = session.beginTransaction(); + boolean success = false; + try + { + UserModule userModule = (UserModule) + identityService.getIdentityContext().getObject(IdentityContext.TYPE_USER_MODULE); + user = userModule.findUserByUserName(remoteUser); + success = true; + } + finally + { + if(transaction != null) + { + if(success) + { + transaction.commit(); + } + else + { + transaction.rollback(); + } + } + + if(session != null) + { + session.close(); + } + } + return user; + } } Modified: trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/viewfile.jsp =================================================================== --- trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/viewfile.jsp 2007-05-09 19:44:47 UTC (rev 7231) +++ trunk/core-cms/src/resources/portal-cms-war/WEB-INF/jsp/cms/admin/viewfile.jsp 2007-05-09 23:16:23 UTC (rev 7232) @@ -249,6 +249,9 @@ <% } else { + //save the principal for the preview servlet + String remoteUser = request.getRemoteUser(); + request.getSession().setAttribute("remoteUser",remoteUser); %> <a target="_blank" href="<%= request.getContextPath() %>/cmspreview?v=<%= version.getVersionNumber() %>&l=<%= content.getLocale().getLanguage() %>&p=<%= sCurrPath %>"><%=