admin role check

src/main/java/org/codelibs/fess/Constants.java

@@ -328,4 +328,6 @@ public class Constants extends CoreLibConstants {
     public static final String ELASTICSEARCH_WEB_URL = "http://localhost:9201";
 
     public static final String ES_API_ACCESS_TOKEN = "esApiAccessToken";
+
+    public static final String ADMIN_PACKAGE = "org.codelibs.fess.app.web.admin";
 }

src/main/java/org/codelibs/fess/app/web/base/FessAdminAction.java

@@ -21,12 +21,15 @@ import javax.servlet.ServletContext;
 
 import org.codelibs.core.beans.util.BeanUtil;
 import org.codelibs.core.beans.util.CopyOptions;
+import org.codelibs.fess.exception.UserRoleLoginException;
 import org.codelibs.fess.mylasta.action.FessMessages;
 import org.dbflute.optional.OptionalThing;
 import org.lastaflute.di.util.LdiFileUtil;
+import org.lastaflute.web.callback.ActionRuntime;
 import org.lastaflute.web.callback.TypicalEmbeddedKeySupplier;
 import org.lastaflute.web.callback.TypicalKey.TypicalSimpleEmbeddedKeySupplier;
 import org.lastaflute.web.login.LoginManager;
+import org.lastaflute.web.response.ActionResponse;
 import org.lastaflute.web.util.LaServletContextUtil;
 import org.lastaflute.web.validation.VaMessenger;
 
@@ -106,4 +109,17 @@ public abstract class FessAdminAction extends FessBaseAction {
             }
         };
     }
+
+    // ===================================================================================
+    //                                                                               Hook
+    //                                                                              ======
+    @Override
+    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
+        try {
+            return super.godHandPrologue(runtime);
+        } catch (UserRoleLoginException e) {
+            return redirect(e.getActionClass());
+        }
+    }
+
 }

src/main/java/org/codelibs/fess/app/web/base/FessBaseAction.java

@@ -77,7 +77,7 @@ public abstract class FessBaseAction extends TypicalAction // has several interf
     // to suppress unexpected override by sub-class
     // you should remove the 'final' if you need to override this
     @Override
-    public final ActionResponse godHandPrologue(final ActionRuntime runtime) {
+    public ActionResponse godHandPrologue(final ActionRuntime runtime) {
         return super.godHandPrologue(runtime);
     }
 

src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java

@@ -17,9 +17,12 @@ package org.codelibs.fess.app.web.base.login;
 
 import javax.annotation.Resource;
 
+import org.codelibs.fess.Constants;
+import org.codelibs.fess.app.web.RootAction;
 import org.codelibs.fess.app.web.login.LoginAction;
 import org.codelibs.fess.es.user.exbhv.UserBhv;
 import org.codelibs.fess.es.user.exentity.User;
+import org.codelibs.fess.exception.UserRoleLoginException;
 import org.codelibs.fess.mylasta.action.FessUserBean;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.dbflute.optional.OptionalEntity;
@@ -104,7 +107,13 @@ public class FessLoginAssist extends TypicalLoginAssist<String, FessUserBean, Us
 
     @Override
     protected void checkPermission(final LoginHandlingResource resource) throws LoginRequiredException {
-        super.checkPermission(resource);
+        if (resource.getActionClass().getName().startsWith(Constants.ADMIN_PACKAGE)) {
+            getSessionUserBean().ifPresent(user -> {
+                if (!user.hasRoles(fessConfig.getAuthenticationAdminRoles().split(","))) {
+                    throw new UserRoleLoginException(RootAction.class);
+                }
+            });
+        }
     }
 
     // ===================================================================================

src/main/java/org/codelibs/fess/exception/UserRoleLoginException.java

@@ -0,0 +1,38 @@
+/*
+ * Copyright 2012-2015 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.exception;
+
+import org.codelibs.fess.app.web.RootAction;
+
+public class UserRoleLoginException extends RuntimeException {
+
+    private static final long serialVersionUID = 1L;
+
+    private Class<?> actionClass;
+
+    public UserRoleLoginException(Class<RootAction> actionClass) {
+        this.actionClass = actionClass;
+    }
+
+    public Class<?> getActionClass() {
+        return actionClass;
+    }
+
+    @Override
+    public Throwable fillInStackTrace() {
+        return null;
+    }
+}

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -25,6 +25,9 @@ public interface FessConfig extends FessEnv {
     /** The key of the configuration. e.g. Fess */
     String DOMAIN_TITLE = "domain.title";
 
+    /** The key of the configuration. e.g. admin */
+    String AUTHENTICATION_ADMIN_ROLES = "authentication.admin.roles";
+
     /** The key of the configuration. e.g. / */
     String COOKIE_DEFAULT_PATH = "cookie.default.path";
 
@@ -76,6 +79,14 @@ public interface FessConfig extends FessEnv {
      */
     String getDomainTitle();
 
+    /**
+     * Get the value for the key 'authentication.admin.roles'. <br>
+     * The value is, e.g. admin <br>
+     * comment: ------
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getAuthenticationAdminRoles();
+
     /**
      * Get the value for the key 'cookie.default.path'. <br>
      * The value is, e.g. / <br>
@@ -204,6 +215,10 @@ public interface FessConfig extends FessEnv {
             return get(FessConfig.DOMAIN_TITLE);
         }
 
+        public String getAuthenticationAdminRoles() {
+            return get(FessConfig.AUTHENTICATION_ADMIN_ROLES);
+        }
+
         public String getCookieDefaultPath() {
             return get(FessConfig.COOKIE_DEFAULT_PATH);
         }

src/main/resources/fess_config.properties

@@ -17,6 +17,11 @@ domain.title = Fess
 # ========================================================================================
 #                                                                                     Web
 #                                                                                    =====
+# ----------------------------------------------------------
+#                                                 Permission
+#                                                     ------
+authentication.admin.roles=admin
+
 # ----------------------------------------------------------
 #                                                     Cookie
 #                                                     ------
@@ -51,3 +56,4 @@ paging.page.range.fill.limit = true
 mail.from.name = Administrator
 mail.from.address = root@localhost
 
+