fix #1475 #1474

2018-02-01 20:17:57 +09:00 · 2018-02-01 20:17:57 +09:00 · 201c834e5c
commit 201c834e5c
parent 00989598da
2 changed files with 11 additions and 16 deletions
--- a/src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/AccessTokenHelper.java
@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletRequest;

 import org.apache.commons.lang3.RandomStringUtils;
 import org.codelibs.core.lang.StringUtil;
+import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.util.ComponentUtil;

 public class AccessTokenHelper {
@ -36,13 +37,19 @@ public class AccessTokenHelper {
    public String getAccessTokenFromRequest(final HttpServletRequest request) {
        final String token = request.getHeader("Authorization");
        if (token != null) {
-            return token;
+            final String[] values = token.trim().split(" ");
+            if (values.length == 2 && "Bearer".equals(values[0])) {
+                return values[1];
+            } else if (values.length == 1) {
+                return values[0];
+            }
+            throw new InvalidAccessTokenException("invalid_request", "Invalid format: " + token);
        }
        final String name = ComponentUtil.getFessConfig().getApiAccessTokenRequestParameter();
-        if (StringUtil.isBlank(name)) {
-            return null;
+        if (StringUtil.isNotBlank(name)) {
+            return request.getParameter(name);
        }
-        return request.getParameter(name);
+        return null;
    }

    public void setRandom(final Random random) {
--- a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
@ -160,18 +160,6 @@ public class RoleQueryHelper {
        ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).ifPresent(p -> p.forEach(roleSet::add));
    }

-    protected String getAccessToken(final HttpServletRequest request) {
-        final String token = request.getHeader("Authorization");
-        if (token != null) {
-            final String[] values = token.trim().split(" ");
-            if (values.length == 2 && "Bearer".equals(values[0])) {
-                return values[1];
-            }
-            throw new InvalidAccessTokenException("invalid_request", "Invalid format: " + token);
-        }
-        return request.getParameter("access_token");
-    }
-
    protected void processParameter(final HttpServletRequest request, final Set<String> roleSet) {
        final String parameter = request.getParameter(parameterKey);
        if (logger.isDebugEnabled()) {