in src/main/java/org/apache/sling/extensions/webconsolesecurityprovider/internal/SlingWebConsoleSecurityProvider2.java [107:141]
private User authenticate(final Session session) throws RepositoryException {
String userId = session.getUserID();
if (session instanceof JackrabbitSession) {
UserManager umgr = ((JackrabbitSession) session).getUserManager();
Authorizable a = umgr.getAuthorizable(userId);
if (a instanceof User) {
// check users
if (users.contains(userId)) {
return (User)a;
}
// check groups
Iterator<Group> gi = a.memberOf();
while (gi.hasNext()) {
if (groups.contains(gi.next().getID())) {
return (User)a;
}
}
logger.info(
"authenticate: User {} is denied Web Console access",
userId);
} else {
logger.error(
"authenticate: Expected user ID {} to refer to a user",
userId);
}
} else {
logger.info(
"authenticate: Jackrabbit Session required to grant access to the Web Console for {}; got {}",
userId, session.getClass());
}
return null;
}