in src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java [160:204]
protected SessionProvider getSessionProvider() {
return new SessionProvider() {
public Session getSession(final HttpServletRequest req, final Repository repository, final String workspace)
throws LoginException, RepositoryException, ServletException {
final ResourceResolver resolver = (ResourceResolver) req.getAttribute(AuthenticationSupport.REQUEST_ATTRIBUTE_RESOLVER);
if (resolver != null) {
final Session session = resolver.adaptTo(Session.class);
if (session != null) {
final Session newSession = getLongLivedSession(session);
log.debug("getSession: Creating new Session ({}) for {}", newSession, newSession.getUserID());
return newSession;
}
}
throw new ServletException("ResourceResolver missing or not providing on JCR Session");
}
public void releaseSession(final Session session) {
log.debug("releaseSession: Logging out long lived Session ({})", session);
session.logout();
}
/**
* Creates a new session for the user of the slingSession in the
* same workspace as the slingSession.
* <p>
* Assumption: Every session can impersonate itself as it is defined by JCR 2.0.
*
* @param slingSession The session provided by the Sling
* authentication mechanism,
* @return a new session which may (and will) outlast the request
* @throws RepositoryException If an error occurs creating the session.
*/
private Session getLongLivedSession(final Session slingSession) throws RepositoryException {
final String user = slingSession.getUserID();
try {
final SimpleCredentials credentials = new SimpleCredentials(user, EMPTY_PW);
return slingSession.impersonate(credentials);
} catch (Exception re) {
throw new RepositoryException("Cannot get session for " + user, re);
}
}
};
}