in core/src/main/java/org/apache/sling/cms/core/internal/filters/CMSSecurityFilter.java [139:174]
private boolean checkGroupMembership(CMSSecurityConfigInstance securityConfig,
SlingHttpServletRequest slingRequest) {
boolean allowed = false;
try {
Session session = slingRequest.getResourceResolver().adaptTo(Session.class);
UserManager userManager = null;
if (session instanceof JackrabbitSession) {
userManager = ((JackrabbitSession) session).getUserManager();
}
if (userManager == null) {
log.warn("Unable to retrieve user manager");
return false;
}
log.trace("Retrieved user manager {} with session {}", userManager, session);
Authorizable auth = userManager.getAuthorizable(slingRequest.getUserPrincipal());
if (auth == null) {
log.warn("Unable to retrieve user from principal {}", slingRequest.getUserPrincipal());
return false;
}
log.trace("Checking to see if user {} is in required group {}", auth.getID(),
securityConfig.getGroupName());
Iterator<Group> groups = ((User) auth).memberOf();
while (groups.hasNext()) {
if (groups.next().getID().equals(securityConfig.getGroupName())) {
allowed = true;
break;
}
}
} catch (RepositoryException e) {
log.error("Unexpected exception checking group membership", e);
return false;
}
return allowed;
}