admin role check

2015-11-10 23:22:09 +09:00 · 2015-11-10 23:22:09 +09:00 · 3ff54e4137
commit 3ff54e4137
parent 3b5ac3385c
7 changed files with 88 additions and 2 deletions
--- a/src/main/java/org/codelibs/fess/Constants.java
+++ b/src/main/java/org/codelibs/fess/Constants.java
@ -328,4 +328,6 @@ public class Constants extends CoreLibConstants {
    public static final String ELASTICSEARCH_WEB_URL = "http://localhost:9201";

    public static final String ES_API_ACCESS_TOKEN = "esApiAccessToken";
+
+    public static final String ADMIN_PACKAGE = "org.codelibs.fess.app.web.admin";
 }
--- a/src/main/java/org/codelibs/fess/app/web/base/FessAdminAction.java
+++ b/src/main/java/org/codelibs/fess/app/web/base/FessAdminAction.java
@ -21,12 +21,15 @@ import javax.servlet.ServletContext;

 import org.codelibs.core.beans.util.BeanUtil;
 import org.codelibs.core.beans.util.CopyOptions;
+import org.codelibs.fess.exception.UserRoleLoginException;
 import org.codelibs.fess.mylasta.action.FessMessages;
 import org.dbflute.optional.OptionalThing;
 import org.lastaflute.di.util.LdiFileUtil;
+import org.lastaflute.web.callback.ActionRuntime;
 import org.lastaflute.web.callback.TypicalEmbeddedKeySupplier;
 import org.lastaflute.web.callback.TypicalKey.TypicalSimpleEmbeddedKeySupplier;
 import org.lastaflute.web.login.LoginManager;
+import org.lastaflute.web.response.ActionResponse;
 import org.lastaflute.web.util.LaServletContextUtil;
 import org.lastaflute.web.validation.VaMessenger;

@ -106,4 +109,17 @@ public abstract class FessAdminAction extends FessBaseAction {
            }
        };
    }
+
+    // ===================================================================================
+    //                                                                               Hook
+    //                                                                              ======
+    @Override
+    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
+        try {
+            return super.godHandPrologue(runtime);
+        } catch (UserRoleLoginException e) {
+            return redirect(e.getActionClass());
+        }
+    }
+
 }
--- a/src/main/java/org/codelibs/fess/app/web/base/FessBaseAction.java
+++ b/src/main/java/org/codelibs/fess/app/web/base/FessBaseAction.java
@ -77,7 +77,7 @@ public abstract class FessBaseAction extends TypicalAction // has several interf
    // to suppress unexpected override by sub-class
    // you should remove the 'final' if you need to override this
    @Override
-    public final ActionResponse godHandPrologue(final ActionRuntime runtime) {
+    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
        return super.godHandPrologue(runtime);
    }

--- a/src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java
+++ b/src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java
@ -17,9 +17,12 @@ package org.codelibs.fess.app.web.base.login;

 import javax.annotation.Resource;

+import org.codelibs.fess.Constants;
+import org.codelibs.fess.app.web.RootAction;
 import org.codelibs.fess.app.web.login.LoginAction;
 import org.codelibs.fess.es.user.exbhv.UserBhv;
 import org.codelibs.fess.es.user.exentity.User;
+import org.codelibs.fess.exception.UserRoleLoginException;
 import org.codelibs.fess.mylasta.action.FessUserBean;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.dbflute.optional.OptionalEntity;
@ -104,7 +107,13 @@ public class FessLoginAssist extends TypicalLoginAssist<String, FessUserBean, Us

    @Override
    protected void checkPermission(final LoginHandlingResource resource) throws LoginRequiredException {
-        super.checkPermission(resource);
+        if (resource.getActionClass().getName().startsWith(Constants.ADMIN_PACKAGE)) {
+            getSessionUserBean().ifPresent(user -> {
+                if (!user.hasRoles(fessConfig.getAuthenticationAdminRoles().split(","))) {
+                    throw new UserRoleLoginException(RootAction.class);
+                }
+            });
+        }
    }

    // ===================================================================================
--- a/src/main/java/org/codelibs/fess/exception/UserRoleLoginException.java
+++ b/src/main/java/org/codelibs/fess/exception/UserRoleLoginException.java
@ -0,0 +1,38 @@
+/*
+ * Copyright 2012-2015 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.exception;
+
+import org.codelibs.fess.app.web.RootAction;
+
+public class UserRoleLoginException extends RuntimeException {
+
+    private static final long serialVersionUID = 1L;
+
+    private Class<?> actionClass;
+
+    public UserRoleLoginException(Class<RootAction> actionClass) {
+        this.actionClass = actionClass;
+    }
+
+    public Class<?> getActionClass() {
+        return actionClass;
+    }
+
+    @Override
+    public Throwable fillInStackTrace() {
+        return null;
+    }
+}
--- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
+++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
@ -25,6 +25,9 @@ public interface FessConfig extends FessEnv {
    /** The key of the configuration. e.g. Fess */
    String DOMAIN_TITLE = "domain.title";

+    /** The key of the configuration. e.g. admin */
+    String AUTHENTICATION_ADMIN_ROLES = "authentication.admin.roles";
+
    /** The key of the configuration. e.g. / */
    String COOKIE_DEFAULT_PATH = "cookie.default.path";

@ -76,6 +79,14 @@ public interface FessConfig extends FessEnv {
     */
    String getDomainTitle();

+    /**
+     * Get the value for the key 'authentication.admin.roles'. <br>
+     * The value is, e.g. admin <br>
+     * comment: ------
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getAuthenticationAdminRoles();
+
    /**
     * Get the value for the key 'cookie.default.path'. <br>
     * The value is, e.g. / <br>
@ -204,6 +215,10 @@ public interface FessConfig extends FessEnv {
            return get(FessConfig.DOMAIN_TITLE);
        }

+        public String getAuthenticationAdminRoles() {
+            return get(FessConfig.AUTHENTICATION_ADMIN_ROLES);
+        }
+
        public String getCookieDefaultPath() {
            return get(FessConfig.COOKIE_DEFAULT_PATH);
        }
--- a/src/main/resources/fess_config.properties
+++ b/src/main/resources/fess_config.properties
@ -17,6 +17,11 @@ domain.title = Fess
 # ========================================================================================
 #                                                                                     Web
 #                                                                                    =====
+# ----------------------------------------------------------
+#                                                 Permission
+#                                                     ------
+authentication.admin.roles=admin
+
 # ----------------------------------------------------------
 #                                                     Cookie
 #                                                     ------
@ -51,3 +56,4 @@ paging.page.range.fill.limit = true
 mail.from.name = Administrator
 mail.from.address = root@localhost

+