in src/main/java/org/apache/sling/jackrabbit/usermanager/impl/post/CreateUserServlet.java [302:422]
public User createUser(Session jcrSession,
String name,
String password,
String passwordConfirm,
Map<String, ?> properties,
List<Modification> changes)
throws RepositoryException {
if (jcrSession == null) {
throw new RepositoryException("JCR Session not found");
}
final String principalName;
if (name == null || name.isEmpty()) {
principalName = getOrGeneratePrincipalName(jcrSession, properties, AuthorizableType.USER);
} else {
principalName = name;
}
// check for an administrator
boolean administrator = false;
try {
UserManager um = AccessControlUtil.getUserManager(jcrSession);
User currentUser = (User) um.getAuthorizable(jcrSession.getUserID());
administrator = currentUser.isAdmin();
if (!administrator && usersPath != null) {
//check if the current user has the minimum privileges needed to create a user
AccessControlManager acm = jcrSession.getAccessControlManager();
administrator = acm.hasPrivileges(usersPath, new Privilege[] {
acm.privilegeFromName(Privilege.JCR_READ),
acm.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL),
acm.privilegeFromName(Privilege.JCR_MODIFY_ACCESS_CONTROL),
acm.privilegeFromName(PrivilegeConstants.REP_WRITE),
acm.privilegeFromName(PrivilegeConstants.REP_USER_MANAGEMENT)
});
}
} catch ( Exception ex ) {
log.warn("Failed to determine if the user is an admin, assuming not. Cause: {}", ex.getMessage());
administrator = false;
}
// make sure user self-registration is enabled
if (!administrator && !selfRegistrationEnabled) {
throw new RepositoryException(
"Sorry, registration of new users is not currently enabled. Please try again later.");
}
// check that the submitted parameter values have valid values.
if (principalName == null || principalName.length() == 0) {
throw new RepositoryException("User name was not submitted");
}
if (password == null) {
throw new RepositoryException("Password was not submitted");
}
if (!password.equals(passwordConfirm)) {
throw new RepositoryException(
"Password value does not match the confirmation password");
}
User user = null;
Session selfRegSession = jcrSession;
boolean useAdminSession = !administrator && selfRegistrationEnabled;
try {
if (useAdminSession) {
//the current user doesn't have permission to create the user,
// but self-registration is enabled, so use an admin session
// to do the work.
selfRegSession = getSession();
}
UserManager userManager = AccessControlUtil.getUserManager(selfRegSession);
Authorizable authorizable = userManager.getAuthorizable(principalName);
if (authorizable != null) {
// user already exists!
throw new RepositoryException(
"A principal already exists with the requested name: "
+ principalName);
} else {
user = userManager.createUser(principalName, password);
String userPath = systemUserManagerPaths.getUserPrefix()
+ user.getID();
Map<String, RequestProperty> reqPropertiesMap = collectContentMap(properties);
Collection<RequestProperty> reqPropertyValues = reqPropertiesMap.values();
changes.add(Modification.onCreated(userPath));
// ensure root of new content with the expected primary/mixin types
processCreate(selfRegSession, user, reqPropertiesMap, changes);
// write content from form
writeContent(selfRegSession, user, reqPropertyValues, changes);
if (selfRegSession.hasPendingChanges()) {
selfRegSession.save();
}
if (useAdminSession) {
//lookup the user from the user session so we can return a live object
UserManager userManager2 = AccessControlUtil.getUserManager(jcrSession);
Authorizable authorizable2 = userManager2.getAuthorizable(user.getID());
if (authorizable2 instanceof User) {
user = (User)authorizable2;
} else {
user = null;
}
}
}
} finally {
if (useAdminSession) {
//done with the self-reg admin session, so clean it up
ungetSession(selfRegSession);
}
}
return user;
}