fix #1474 add AccessTokenHelper

src/main/java/org/codelibs/fess/app/service/AccessTokenService.java

@@ -92,7 +92,7 @@ public class AccessTokenService {
     }
 
     public OptionalEntity<Set<String>> getPermissions(final HttpServletRequest request) {
-        final String token = request.getHeader("Authorization");
+        final String token = ComponentUtil.getAccessTokenHelper().getAccessTokenFromRequest(request);
         if (StringUtil.isNotBlank(token)) {
             return accessTokenBhv
                     .selectEntity(cb -> {

src/main/java/org/codelibs/fess/app/web/admin/accesstoken/AdminAccesstokenAction.java

@@ -203,7 +203,7 @@ public class AdminAccesstokenAction extends FessAdminAction {
         verifyToken(() -> asEditHtml());
         getAccessToken(form).ifPresent(
                 entity -> {
-                    entity.setToken(systemHelper.generateAccessToken());
+                    entity.setToken(accessTokenHelper.generateAccessToken());
                     try {
                         accessTokenService.store(entity);
                         saveInfo(messages -> messages.addSuccessCrudCreateCrudTable(GLOBAL));

src/main/java/org/codelibs/fess/app/web/api/admin/accesstoken/ApiAdminAccesstokenAction.java

@@ -85,7 +85,7 @@ public class ApiAdminAccesstokenAction extends FessApiAdminAction {
         validateApi(body, messages -> {});
         body.crudMode = CrudMode.CREATE;
         final AccessToken accessToken = getAccessToken(body).map(entity -> {
-            entity.setToken(systemHelper.generateAccessToken());
+            entity.setToken(accessTokenHelper.generateAccessToken());
             try {
                 accessTokenService.store(entity);
             } catch (final Exception e) {

src/main/java/org/codelibs/fess/app/web/base/FessBaseAction.java

@@ -23,6 +23,7 @@ import org.codelibs.core.beans.util.BeanUtil;
 import org.codelibs.core.beans.util.CopyOptions;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.web.base.login.FessLoginAssist;
+import org.codelibs.fess.helper.AccessTokenHelper;
 import org.codelibs.fess.helper.ActivityHelper;
 import org.codelibs.fess.helper.SystemHelper;
 import org.codelibs.fess.helper.ViewHelper;
@@ -84,6 +85,9 @@ public abstract class FessBaseAction extends TypicalAction // has several interf
     @Resource
     protected SystemHelper systemHelper;
 
+    @Resource
+    protected AccessTokenHelper accessTokenHelper;
+
     @Resource
     protected ViewHelper viewHelper;
 

src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java

@@ -0,0 +1,51 @@
+/*
+ * Copyright 2012-2017 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.helper;
+
+import java.security.SecureRandom;
+import java.util.Random;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.codelibs.core.lang.StringUtil;
+import org.codelibs.fess.util.ComponentUtil;
+
+public class AccessTokenHelper {
+
+    protected Random random = new SecureRandom();
+
+    public String generateAccessToken() {
+        return RandomStringUtils.random(ComponentUtil.getFessConfig().getApiAccessTokenLengthAsInteger().intValue(), 0, 0, true, true,
+                null, random);
+    }
+
+    public String getAccessTokenFromRequest(final HttpServletRequest request) {
+        final String token = request.getHeader("Authorization");
+        if (token != null) {
+            return token;
+        }
+        final String name = ComponentUtil.getFessConfig().getApiAccessTokenRequestParameter();
+        if (StringUtil.isBlank(name)) {
+            return null;
+        }
+        return request.getParameter(name);
+    }
+
+    public void setRandom(final Random random) {
+        this.random = random;
+    }
+}

src/main/java/org/codelibs/fess/helper/SystemHelper.java

@@ -24,7 +24,6 @@ import java.net.InetAddress;
 import java.net.URLEncoder;
 import java.net.UnknownHostException;
 import java.nio.file.Files;
-import java.security.SecureRandom;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
 import java.util.Date;
@@ -33,7 +32,6 @@ import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Random;
 import java.util.UUID;
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.TimeUnit;
@@ -45,7 +43,6 @@ import javax.annotation.PreDestroy;
 import javax.servlet.ServletContext;
 
 import org.apache.commons.lang3.LocaleUtils;
-import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.core.misc.Pair;
@@ -86,8 +83,6 @@ public class SystemHelper {
 
     protected List<Runnable> shutdownHookList = new ArrayList<>();
 
-    protected Random random = new SecureRandom();
-
     protected AtomicInteger previousClusterState = new AtomicInteger(0);
 
     @PostConstruct
@@ -374,15 +369,6 @@ public class SystemHelper {
         return buf.toString();
     }
 
-    public String generateAccessToken() {
-        return RandomStringUtils.random(ComponentUtil.getFessConfig().getApiAccessTokenLengthAsInteger().intValue(), 0, 0, true, true,
-                null, random);
-    }
-
-    public void setRandom(final Random random) {
-        this.random = random;
-    }
-
     public boolean isChangedClusterState(final int status) {
         return previousClusterState.getAndSet(status) != status;
     }

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -151,6 +151,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. false */
     String API_ACCESS_TOKEN_REQUIRED = "api.access.token.required";
 
+    /** The key of the configuration. e.g.  */
+    String API_ACCESS_TOKEN_REQUEST_PARAMETER = "api.access.token.request.parameter";
+
     /** The key of the configuration. e.g. Radmin-api */
     String API_ADMIN_ACCESS_PERMISSIONS = "api.admin.access.permissions";
 
@@ -1599,6 +1602,21 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      */
     boolean isApiAccessTokenRequired();
 
+    /**
+     * Get the value for the key 'api.access.token.request.parameter'. <br>
+     * The value is, e.g.  <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getApiAccessTokenRequestParameter();
+
+    /**
+     * Get the value for the key 'api.access.token.request.parameter' as {@link Integer}. <br>
+     * The value is, e.g.  <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     * @throws NumberFormatException When the property is not integer.
+     */
+    Integer getApiAccessTokenRequestParameterAsInteger();
+
     /**
      * Get the value for the key 'api.admin.access.permissions'. <br>
      * The value is, e.g. Radmin-api <br>
@@ -5603,6 +5621,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return is(FessConfig.API_ACCESS_TOKEN_REQUIRED);
         }
 
+        public String getApiAccessTokenRequestParameter() {
+            return get(FessConfig.API_ACCESS_TOKEN_REQUEST_PARAMETER);
+        }
+
+        public Integer getApiAccessTokenRequestParameterAsInteger() {
+            return getAsInteger(FessConfig.API_ACCESS_TOKEN_REQUEST_PARAMETER);
+        }
+
         public String getApiAdminAccessPermissions() {
             return get(FessConfig.API_ADMIN_ACCESS_PERMISSIONS);
         }
@@ -7717,6 +7743,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
                             "ar,bg,bn,ca,ckb_IQ,cs,da,de,el,en,en_IE,es,et,eu,fa,fi,fr,gl,gu,he,hi,hr,hu,hy,id,it,ja,ko,lt,lv,mk,ml,nl,no,pa,pl,pt,pt_BR,ro,ru,si,sq,sv,ta,te,th,tl,tr,uk,ur,vi,zh_CN,zh_TW,zh");
             defaultMap.put(FessConfig.API_ACCESS_TOKEN_LENGTH, "60");
             defaultMap.put(FessConfig.API_ACCESS_TOKEN_REQUIRED, "false");
+            defaultMap.put(FessConfig.API_ACCESS_TOKEN_REQUEST_PARAMETER, "");
             defaultMap.put(FessConfig.API_ADMIN_ACCESS_PERMISSIONS, "Radmin-api");
             defaultMap.put(FessConfig.VIRTUAL_HOST_HEADERS, "");
             defaultMap.put(FessConfig.HTTP_PROXY_HOST, "");

src/main/java/org/codelibs/fess/util/ComponentUtil.java

@@ -32,6 +32,7 @@ import org.codelibs.fess.dict.DictionaryManager;
 import org.codelibs.fess.ds.DataStoreFactory;
 import org.codelibs.fess.es.client.FessEsClient;
 import org.codelibs.fess.exception.ContainerNotAvailableException;
+import org.codelibs.fess.helper.AccessTokenHelper;
 import org.codelibs.fess.helper.ActivityHelper;
 import org.codelibs.fess.helper.CrawlingConfigHelper;
 import org.codelibs.fess.helper.CrawlingInfoHelper;
@@ -81,6 +82,8 @@ public final class ComponentUtil {
 
     private static final Logger logger = LoggerFactory.getLogger(ComponentUtil.class);
 
+    private static final String ACCESS_TOKEN_HELPER = "accessTokenHelper";
+
     private static final String AUTHENTICATION_MANAGER = "authenticationManager";
 
     private static final String THUMBNAIL_MANAGER = "thumbnailManager";
@@ -414,6 +417,10 @@ public final class ComponentUtil {
         return getComponent(VIRTUAL_HOST_HELPER);
     }
 
+    public static AccessTokenHelper getAccessTokenHelper() {
+        return getComponent(ACCESS_TOKEN_HELPER);
+    }
+
     public static <T> T getComponent(final Class<T> clazz) {
         try {
             return SingletonLaContainer.getComponent(clazz);

src/main/resources/app.xml

@@ -18,6 +18,8 @@
 	<include path="crawler/client.xml" />
 	<include path="crawler/mimetype.xml" />
 
+	<component name="accessTokenHelper" class="org.codelibs.fess.helper.AccessTokenHelper">
+	</component>
 	<component name="activityHelper" class="org.codelibs.fess.helper.ActivityHelper">
 	</component>
 	<component name="jobHelper" class="org.codelibs.fess.helper.JobHelper">

src/main/resources/fess_config.properties

@@ -96,6 +96,7 @@ supported.uploaded.files=license.properties
 supported.languages=ar,bg,bn,ca,ckb_IQ,cs,da,de,el,en,en_IE,es,et,eu,fa,fi,fr,gl,gu,he,hi,hr,hu,hy,id,it,ja,ko,lt,lv,mk,ml,nl,no,pa,pl,pt,pt_BR,ro,ru,si,sq,sv,ta,te,th,tl,tr,uk,ur,vi,zh_CN,zh_TW,zh
 api.access.token.length=60
 api.access.token.required=false
+api.access.token.request.parameter=
 api.admin.access.permissions=Radmin-api
 
 # Virtual Host: Host:fess.codelibs.org=fess