fix #2116 add mail as permission
This commit is contained in:
Shinsuke Sugaya
parent
856e2a45e3
commit
0341bab3bb
2 changed files with 34 additions and 15 deletions
|
|
@ -20,6 +20,7 @@ import static org.codelibs.core.stream.StreamUtil.stream;
|
|||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import org.codelibs.core.lang.StringUtil;
|
||||
import org.codelibs.fess.entity.FessUser;
|
||||
import org.codelibs.fess.helper.SystemHelper;
|
||||
import org.codelibs.fess.sso.aad.AzureAdAuthenticator;
|
||||
|
|
@ -27,6 +28,7 @@ import org.codelibs.fess.util.ComponentUtil;
|
|||
import org.lastaflute.web.login.credential.LoginCredential;
|
||||
|
||||
import com.microsoft.aad.adal4j.AuthenticationResult;
|
||||
import com.microsoft.aad.adal4j.UserInfo;
|
||||
|
||||
public class AzureAdCredential implements LoginCredential, FessCredential {
|
||||
|
||||
|
|
@ -87,10 +89,12 @@ public class AzureAdCredential implements LoginCredential, FessCredential {
|
|||
if (permissions == null) {
|
||||
final SystemHelper systemHelper = ComponentUtil.getSystemHelper();
|
||||
final Set<String> permissionSet = new HashSet<>();
|
||||
permissionSet.add(systemHelper.getSearchRoleByUser(authResult.getUserInfo().getUniqueId()));
|
||||
final UserInfo userInfo = authResult.getUserInfo();
|
||||
permissionSet.add(systemHelper.getSearchRoleByUser(userInfo.getUniqueId()));
|
||||
permissionSet.add(systemHelper.getSearchRoleByUser(userInfo.getDisplayableId()));
|
||||
stream(groups).of(stream -> stream.forEach(s -> permissionSet.add(systemHelper.getSearchRoleByGroup(s))));
|
||||
stream(roles).of(stream -> stream.forEach(s -> permissionSet.add(systemHelper.getSearchRoleByRole(s))));
|
||||
permissions = permissionSet.toArray(new String[permissionSet.size()]);
|
||||
permissions = permissionSet.stream().filter(StringUtil::isNotBlank).distinct().toArray(n -> new String[n]);
|
||||
}
|
||||
return permissions;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -345,26 +345,41 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
|
|||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("member: {}", memberOf);
|
||||
}
|
||||
final String id = (String) memberOf.get("id");
|
||||
if (StringUtil.isBlank(id)) {
|
||||
logger.warn("id is empty: {}", memberOf);
|
||||
continue;
|
||||
}
|
||||
String memberType = (String) memberOf.get("@odata.type");
|
||||
if (memberType == null) {
|
||||
logger.warn("@odata.type is null: {}", memberOf);
|
||||
continue;
|
||||
}
|
||||
memberType = memberType.toLowerCase(Locale.ENGLISH);
|
||||
if (memberType.contains("group")) {
|
||||
groupList.add(id);
|
||||
} else if (memberType.contains("role")) {
|
||||
roleList.add(id);
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("unknown @odata.type: {}", memberOf);
|
||||
final String id = (String) memberOf.get("id");
|
||||
if (StringUtil.isNotBlank(id)) {
|
||||
if (memberType.contains("group")) {
|
||||
groupList.add(id);
|
||||
} else if (memberType.contains("role")) {
|
||||
roleList.add(id);
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("unknown @odata.type: {}", memberOf);
|
||||
}
|
||||
groupList.add(id);
|
||||
}
|
||||
groupList.add(id);
|
||||
} else {
|
||||
logger.warn("id is empty: {}", memberOf);
|
||||
}
|
||||
final String mail = (String) memberOf.get("mail");
|
||||
if (StringUtil.isNotBlank(mail)) {
|
||||
if (memberType.contains("group")) {
|
||||
groupList.add(mail);
|
||||
} else if (memberType.contains("role")) {
|
||||
roleList.add(mail);
|
||||
} else {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("unknown @odata.type: {}", memberOf);
|
||||
}
|
||||
groupList.add(mail);
|
||||
}
|
||||
} else if (logger.isDebugEnabled()) {
|
||||
logger.debug("mail is empty: {}", memberOf);
|
||||
}
|
||||
}
|
||||
} else if (contentMap.containsKey("error")) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue