commit cd4a6665461d5477b6100181bb598f70cfe75ece
author Justin Edelson <justin@apache.org> Wed Dec 21 01:03:15 2011 +0000
committer Justin Edelson <justin@apache.org> Wed Dec 21 01:03:15 2011 +0000
tree 553d429269fcb40b7e0dd5a5fb13508b2b97fca8
parent 8440aa1b7f26cc72911cd2dca28b42f322f885a8

SLING-2325 - using request attribute flag rather than impersonation to ensure that a session lives past the current request

git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1221546 13f79535-47bb-0310-9956-ffa450edef68

src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java

diff --git a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
index aed68c4..28d5cda 100644
--- a/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
+++ b/src/main/java/org/apache/sling/jcr/davex/impl/servlets/SlingDavExServlet.java
@@ -20,12 +20,10 @@
 import java.util.Hashtable;
 import java.util.Map;
 
-import javax.jcr.Credentials;
 import javax.jcr.LoginException;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
 import javax.jcr.Session;
-import javax.jcr.SimpleCredentials;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.felix.scr.annotations.Activate;
@@ -76,6 +74,15 @@
      */
     private static final String PAR_AUTH_REQ = "sling.auth.requirements";
 
+    /**
+     * Constant copied from <code>SlingConstants</code> to enable compatibility
+     * with older API bundle.
+     *
+     * TODO - remove once Sling API 2.3.0 has been released
+     */
+    private static final String ATTR_RESOURCE_RESOLVER_SKIP_CLOSE = "org.apache.sling.api.resource.ResourceResolver.skip.close";
+
+
     @Reference
     private Repository repository;
 
@@ -158,8 +165,6 @@
         return repository;
     }
 
-    private static char[] EMPTY_PW = new char[0];
-
     @Override
     protected SessionProvider getSessionProvider() {
         return new SessionProvider() {
@@ -172,11 +177,11 @@
                 if ( resolver != null ) {
                     final Session session = resolver.adaptTo(Session.class);
                     // as the session might be longer used by davex than the request
-                    // we have to create a new session!
+                    // we have to tell the engine and authenticators to leave the resource
+                    // resolver open
                     if ( session != null ) {
-                        final Credentials credentials = new SimpleCredentials(session.getUserID(), EMPTY_PW);
-                        final Session newSession = session.impersonate(credentials);
-                        return newSession;
+                        req.setAttribute(ATTR_RESOURCE_RESOLVER_SKIP_CLOSE, "");
+                        return session;
                     }
                 }
                 return null;