svn commit: r1812116 - /sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java

Fri, 13 Oct 2017 04:49:53 -0700 

Author: pauls
Date: Fri Oct 13 11:49:22 2017
New Revision: 1812116

URL: http://svn.apache.org/viewvc?rev=1812116&view=rev
Log:
SLING-7144: Make the JcrSystemUserValidator identifiy disabled system users as 
invalid. Patch provided by Angela Schreiber - Thanks.

Modified:
    
sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java

Modified: 
sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java
URL: 
http://svn.apache.org/viewvc/sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java?rev=1812116&r1=1812115&r2=1812116&view=diff
==============================================================================
--- 
sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java
 (original)
+++ 
sling/trunk/bundles/jcr/resource/src/main/java/org/apache/sling/jcr/resource/internal/JcrSystemUserValidator.java
 Fri Oct 13 11:49:22 2017
@@ -128,7 +128,7 @@ public class JcrSystemUserValidator impl
                     if (administrativeSession instanceof JackrabbitSession) {
                         final UserManager userManager = ((JackrabbitSession) 
administrativeSession).getUserManager();
                         final Authorizable authorizable = 
userManager.getAuthorizable(serviceUserId);
-                        if (authorizable != null && !authorizable.isGroup() && 
(isSystemUser((User)authorizable))) {
+                        if (isValidSystemUser(authorizable)) {
                             validIds.add(serviceUserId);
                             log.debug("The provided service user id {} is a 
known JCR system user id", serviceUserId);
                             return true;
@@ -191,7 +191,7 @@ public class JcrSystemUserValidator impl
                             return pName;
                         }
                     });
-                    if (authorizable != null && !authorizable.isGroup() && 
(isSystemUser((User) authorizable))) {
+                    if (isValidSystemUser(authorizable)) {
                         validPrincipalNames.add(pName);
                         log.debug("The provided service principal name {} is a 
known JCR system user", pName);
                     } else {
@@ -210,16 +210,28 @@ public class JcrSystemUserValidator impl
         return invalid.isEmpty();
     }
 
-    private boolean isSystemUser(final User user){
-        if (isSystemUserMethod != null) {
-            try {
-                return (Boolean) isSystemUserMethod.invoke(user);
-            } catch (Exception e) {
-                log.debug("Exception while invoking isSystemUser method", e);
-                return true;
+    private boolean isValidSystemUser(final Authorizable authorizable){
+        if (authorizable == null || authorizable.isGroup()) {
+            return false;
+        }
+
+        User user = (User) authorizable;
+        try {
+            if (!user.isDisabled()) {
+                if (isSystemUserMethod != null) {
+                    try {
+                        return (Boolean) isSystemUserMethod.invoke(user);
+                    } catch (Exception e) {
+                        log.debug("Exception while invoking isSystemUser 
method", e);
+                        return true;
+                    }
+                } else {
+                    return true;
+                }
             }
-         } else {
-             return true;
-         }
+        } catch (RepositoryException e) {
+            log.debug("Exception while invoking isDisabled method", e);
+        }
+        return false;
     }
 }
\ No newline at end of file

Reply via email to