commit 7e0d0c6138257f2b741501933a6b71f0f4c31848
author Karl Pauls <pauls@apache.org> Fri Oct 13 11:49:22 2017 +0000
committer Karl Pauls <pauls@apache.org> Fri Oct 13 11:49:22 2017 +0000
tree eb441e60fc89d886e72542b97ed8e867d4c814e5
parent 6f8e8737e2e3e993b4cb8fadc02ffe67a22f788d

SLING-7144: Make the JcrSystemUserValidator identifiy disabled system users as invalid. Patch provided by Angela Schreiber - Thanks.

git-svn-id: https://svn.apache.org/repos/asf/sling/trunk@1812116 13f79535-47bb-0310-9956-ffa450edef68

src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java

diff --git a/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java b/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java
index b331dfe..4101e44 100644
--- a/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java
+++ b/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java
@@ -128,7 +128,7 @@
                     if (administrativeSession instanceof JackrabbitSession) {
                         final UserManager userManager = ((JackrabbitSession) administrativeSession).getUserManager();
                         final Authorizable authorizable = userManager.getAuthorizable(serviceUserId);
-                        if (authorizable != null && !authorizable.isGroup() && (isSystemUser((User)authorizable))) {
+                        if (isValidSystemUser(authorizable)) {
                             validIds.add(serviceUserId);
                             log.debug("The provided service user id {} is a known JCR system user id", serviceUserId);
                             return true;
@@ -191,7 +191,7 @@
                             return pName;
                         }
                     });
-                    if (authorizable != null && !authorizable.isGroup() && (isSystemUser((User) authorizable))) {
+                    if (isValidSystemUser(authorizable)) {
                         validPrincipalNames.add(pName);
                         log.debug("The provided service principal name {} is a known JCR system user", pName);
                     } else {
@@ -210,16 +210,28 @@
         return invalid.isEmpty();
     }
 
-    private boolean isSystemUser(final User user){
-        if (isSystemUserMethod != null) {
-            try {
-                return (Boolean) isSystemUserMethod.invoke(user);
-            } catch (Exception e) {
-                log.debug("Exception while invoking isSystemUser method", e);
-                return true;
+    private boolean isValidSystemUser(final Authorizable authorizable){
+        if (authorizable == null || authorizable.isGroup()) {
+            return false;
+        }
+
+        User user = (User) authorizable;
+        try {
+            if (!user.isDisabled()) {
+                if (isSystemUserMethod != null) {
+                    try {
+                        return (Boolean) isSystemUserMethod.invoke(user);
+                    } catch (Exception e) {
+                        log.debug("Exception while invoking isSystemUser method", e);
+                        return true;
+                    }
+                } else {
+                    return true;
+                }
             }
-         } else {
-             return true;
-         }
+        } catch (RepositoryException e) {
+            log.debug("Exception while invoking isDisabled method", e);
+        }
+        return false;
     }
 }
\ No newline at end of file