fix #1497 check if access token is set
This commit is contained in:
Shinsuke Sugaya
parent
3978fe3618
commit
4cf2acfd7d
1 changed files with 12 additions and 6 deletions
|
|
@ -118,9 +118,7 @@ public class RoleQueryHelper {
|
|||
buildByCookieNameMapping(request, roleSet);
|
||||
}
|
||||
|
||||
if (isApiRequest) {
|
||||
processAccessToken(request, roleSet);
|
||||
}
|
||||
final boolean hasAccessToken = processAccessToken(request, roleSet, isApiRequest);
|
||||
|
||||
final RequestManager requestManager = ComponentUtil.getRequestManager();
|
||||
try {
|
||||
|
|
@ -130,7 +128,9 @@ public class RoleQueryHelper {
|
|||
if (isApiRequest && ComponentUtil.getFessConfig().getApiAccessTokenRequiredAsBoolean()) {
|
||||
throw new InvalidAccessTokenException("invalid_token", "Access token is requried.");
|
||||
}
|
||||
roleSet.addAll(fessConfig.getSearchGuestPermissionList());
|
||||
if (!hasAccessToken) {
|
||||
roleSet.addAll(fessConfig.getSearchGuestPermissionList());
|
||||
}
|
||||
});
|
||||
} catch (final RuntimeException e) {
|
||||
try {
|
||||
|
|
@ -156,8 +156,14 @@ public class RoleQueryHelper {
|
|||
return roleSet;
|
||||
}
|
||||
|
||||
protected void processAccessToken(final HttpServletRequest request, final Set<String> roleSet) {
|
||||
ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).ifPresent(p -> p.forEach(roleSet::add));
|
||||
protected boolean processAccessToken(final HttpServletRequest request, final Set<String> roleSet, final boolean isApiRequest) {
|
||||
if (isApiRequest) {
|
||||
return ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).map(p -> {
|
||||
p.forEach(roleSet::add);
|
||||
return true;
|
||||
}).orElse(false);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
protected void processParameter(final HttpServletRequest request, final Set<String> roleSet) {
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue