diff --git a/src/main/java/org/codelibs/fess/app/web/base/login/AzureAdCredential.java b/src/main/java/org/codelibs/fess/app/web/base/login/AzureAdCredential.java index ce02d34b3..537168c96 100644 --- a/src/main/java/org/codelibs/fess/app/web/base/login/AzureAdCredential.java +++ b/src/main/java/org/codelibs/fess/app/web/base/login/AzureAdCredential.java @@ -20,6 +20,7 @@ import static org.codelibs.core.stream.StreamUtil.stream; import java.util.HashSet; import java.util.Set; +import org.codelibs.core.lang.StringUtil; import org.codelibs.fess.entity.FessUser; import org.codelibs.fess.helper.SystemHelper; import org.codelibs.fess.sso.aad.AzureAdAuthenticator; @@ -27,6 +28,7 @@ import org.codelibs.fess.util.ComponentUtil; import org.lastaflute.web.login.credential.LoginCredential; import com.microsoft.aad.adal4j.AuthenticationResult; +import com.microsoft.aad.adal4j.UserInfo; public class AzureAdCredential implements LoginCredential, FessCredential { @@ -87,10 +89,12 @@ public class AzureAdCredential implements LoginCredential, FessCredential { if (permissions == null) { final SystemHelper systemHelper = ComponentUtil.getSystemHelper(); final Set permissionSet = new HashSet<>(); - permissionSet.add(systemHelper.getSearchRoleByUser(authResult.getUserInfo().getUniqueId())); + final UserInfo userInfo = authResult.getUserInfo(); + permissionSet.add(systemHelper.getSearchRoleByUser(userInfo.getUniqueId())); + permissionSet.add(systemHelper.getSearchRoleByUser(userInfo.getDisplayableId())); stream(groups).of(stream -> stream.forEach(s -> permissionSet.add(systemHelper.getSearchRoleByGroup(s)))); stream(roles).of(stream -> stream.forEach(s -> permissionSet.add(systemHelper.getSearchRoleByRole(s)))); - permissions = permissionSet.toArray(new String[permissionSet.size()]); + permissions = permissionSet.stream().filter(StringUtil::isNotBlank).distinct().toArray(n -> new String[n]); } return permissions; } diff --git a/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java b/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java index 33116dabe..7f8c812a7 100644 --- a/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java +++ b/src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java @@ -345,26 +345,41 @@ public class AzureAdAuthenticator implements SsoAuthenticator { if (logger.isDebugEnabled()) { logger.debug("member: {}", memberOf); } - final String id = (String) memberOf.get("id"); - if (StringUtil.isBlank(id)) { - logger.warn("id is empty: {}", memberOf); - continue; - } String memberType = (String) memberOf.get("@odata.type"); if (memberType == null) { logger.warn("@odata.type is null: {}", memberOf); continue; } memberType = memberType.toLowerCase(Locale.ENGLISH); - if (memberType.contains("group")) { - groupList.add(id); - } else if (memberType.contains("role")) { - roleList.add(id); - } else { - if (logger.isDebugEnabled()) { - logger.debug("unknown @odata.type: {}", memberOf); + final String id = (String) memberOf.get("id"); + if (StringUtil.isNotBlank(id)) { + if (memberType.contains("group")) { + groupList.add(id); + } else if (memberType.contains("role")) { + roleList.add(id); + } else { + if (logger.isDebugEnabled()) { + logger.debug("unknown @odata.type: {}", memberOf); + } + groupList.add(id); } - groupList.add(id); + } else { + logger.warn("id is empty: {}", memberOf); + } + final String mail = (String) memberOf.get("mail"); + if (StringUtil.isNotBlank(mail)) { + if (memberType.contains("group")) { + groupList.add(mail); + } else if (memberType.contains("role")) { + roleList.add(mail); + } else { + if (logger.isDebugEnabled()) { + logger.debug("unknown @odata.type: {}", memberOf); + } + groupList.add(mail); + } + } else if (logger.isDebugEnabled()) { + logger.debug("mail is empty: {}", memberOf); } } } else if (contentMap.containsKey("error")) {