public Node getRuntimeRolesFolderNode(final Session session, ITenant tenant)
     throws RepositoryException {
   Node tenantRootFolderNode = null;
   try {
     tenantRootFolderNode =
         (Node) session.getItem(ServerRepositoryPaths.getTenantRootFolderPath(tenant));
   } catch (PathNotFoundException e) {
     throw new RepositoryException(
         "Error retrieving RuntimeRoles for folder, folder not found", e);
     // Assert.state(false, Messages.getInstance().getString(
     // "JcrRoleAuthorizationPolicyRoleBindingDao.ERROR_0002_REPO_NOT_INITIALIZED")); //$NON-NLS-1$
   }
   Node authzFolderNode = tenantRootFolderNode.getNode(FOLDER_NAME_AUTHZ);
   Node roleBasedFolderNode = authzFolderNode.getNode(FOLDER_NAME_ROLEBASED);
   return roleBasedFolderNode.getNode(FOLDER_NAME_RUNTIMEROLES);
 }
  private RepositoryFile createUserHomeFolder(ITenant theTenant, String username, Session session)
      throws RepositoryException {
    Builder aclsForUserHomeFolder = null;
    Builder aclsForTenantHomeFolder = null;

    if (theTenant == null) {
      theTenant = JcrTenantUtils.getTenant(username, true);
      username = JcrTenantUtils.getPrincipalName(username, true);
    }
    if (theTenant == null || theTenant.getId() == null) {
      theTenant = JcrTenantUtils.getCurrentTenant();
    }
    if (theTenant == null || theTenant.getId() == null) {
      theTenant = JcrTenantUtils.getDefaultTenant();
    }
    RepositoryFile userHomeFolder = null;
    String userId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
    final RepositoryFileSid userSid = new RepositoryFileSid(userId);
    RepositoryFile tenantHomeFolder = null;
    RepositoryFile tenantRootFolder = null;
    RepositoryFileSid ownerSid = null;
    // Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
    tenantRootFolder =
        JcrRepositoryFileUtils.getFileByAbsolutePath(
            session,
            ServerRepositoryPaths.getTenantRootFolderPath(theTenant),
            pathConversionHelper,
            lockHelper,
            false,
            null);
    if (tenantRootFolder != null) {
      // Try to see if Tenant Home folder exist
      tenantHomeFolder =
          JcrRepositoryFileUtils.getFileByAbsolutePath(
              session,
              ServerRepositoryPaths.getTenantHomeFolderPath(theTenant),
              pathConversionHelper,
              lockHelper,
              false,
              null);

      if (tenantHomeFolder == null) {
        String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
        ownerSid = new RepositoryFileSid(ownerId, Type.USER);

        String tenantAuthenticatedRoleId =
            tenantedRoleNameUtils.getPrincipleId(theTenant, authenticatedRoleName);
        RepositoryFileSid tenantAuthenticatedRoleSid =
            new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);

        aclsForTenantHomeFolder =
            new RepositoryFileAcl.Builder(userSid)
                .ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));

        aclsForUserHomeFolder =
            new RepositoryFileAcl.Builder(userSid)
                .ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
        tenantHomeFolder =
            internalCreateFolder(
                session,
                tenantRootFolder.getId(),
                new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName())
                    .folder(true)
                    .title(
                        Messages.getInstance()
                            .getString("AbstractJcrBackedUserRoleDao.usersFolderDisplayName"))
                    .build(),
                aclsForTenantHomeFolder.build(),
                "tenant home folder"); //$NON-NLS-1$
      } else {
        String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
        ownerSid = new RepositoryFileSid(ownerId, Type.USER);
        aclsForUserHomeFolder =
            new RepositoryFileAcl.Builder(userSid)
                .ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
      }

      // now check if user's home folder exist
      userHomeFolder =
          JcrRepositoryFileUtils.getFileByAbsolutePath(
              session,
              ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username),
              pathConversionHelper,
              lockHelper,
              false,
              null);
      if (userHomeFolder == null) {
        userHomeFolder =
            internalCreateFolder(
                session,
                tenantHomeFolder.getId(),
                new RepositoryFile.Builder(username).folder(true).build(),
                aclsForUserHomeFolder.build(),
                "user home folder"); //$NON-NLS-1$
      }
    }
    return userHomeFolder;
  }