in src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java [116:165]
public boolean isValid(final String serviceUserId, final String serviceName, final String subServiceName) {
if (cycleDetection.get()) {
// We are being asked to valid our own service user - hence, allow.
return true;
}
if (serviceUserId == null) {
log.debug("The provided service user id is null");
return false;
}
if (!allowOnlySystemUsers) {
log.debug("There is no enforcement of JCR system users, therefore service user id '{}' is valid", serviceUserId);
return true;
}
if (validIds.contains(serviceUserId)) {
log.debug("The provided service user id '{}' has been already validated and is a known JCR system user id", serviceUserId);
return true;
} else {
Session session = null;
try {
try {
/*
* We have to prevent a cycle if we are trying to login ourselves
*/
cycleDetection.set(true);
try {
session = repository.loginService(VALIDATION_SERVICE_USER, null);
} finally {
cycleDetection.set(false);
}
if (session instanceof JackrabbitSession) {
final UserManager userManager = ((JackrabbitSession) session).getUserManager();
final Authorizable authorizable = userManager.getAuthorizable(serviceUserId);
if (isValidSystemUser(authorizable)) {
validIds.add(serviceUserId);
log.debug("The provided service user id {} is a known JCR system user id", serviceUserId);
return true;
}
}
} catch (final RepositoryException e) {
log.warn("Could not get user information", e);
}
} finally {
if (session != null) {
session.logout();
}
}
log.warn("The provided service user id '{}' is not a known JCR system user id and therefore not allowed in the Sling Service User Mapper.", serviceUserId);
return false;
}
}