|
@@ -118,9 +118,7 @@ public class RoleQueryHelper {
|
|
|
buildByCookieNameMapping(request, roleSet);
|
|
|
}
|
|
|
|
|
|
- if (isApiRequest) {
|
|
|
- processAccessToken(request, roleSet);
|
|
|
- }
|
|
|
+ final boolean hasAccessToken = processAccessToken(request, roleSet, isApiRequest);
|
|
|
|
|
|
final RequestManager requestManager = ComponentUtil.getRequestManager();
|
|
|
try {
|
|
@@ -130,7 +128,9 @@ public class RoleQueryHelper {
|
|
|
if (isApiRequest && ComponentUtil.getFessConfig().getApiAccessTokenRequiredAsBoolean()) {
|
|
|
throw new InvalidAccessTokenException("invalid_token", "Access token is requried.");
|
|
|
}
|
|
|
- roleSet.addAll(fessConfig.getSearchGuestPermissionList());
|
|
|
+ if (!hasAccessToken) {
|
|
|
+ roleSet.addAll(fessConfig.getSearchGuestPermissionList());
|
|
|
+ }
|
|
|
});
|
|
|
} catch (final RuntimeException e) {
|
|
|
try {
|
|
@@ -156,8 +156,14 @@ public class RoleQueryHelper {
|
|
|
return roleSet;
|
|
|
}
|
|
|
|
|
|
- protected void processAccessToken(final HttpServletRequest request, final Set<String> roleSet) {
|
|
|
- ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).ifPresent(p -> p.forEach(roleSet::add));
|
|
|
+ protected boolean processAccessToken(final HttpServletRequest request, final Set<String> roleSet, final boolean isApiRequest) {
|
|
|
+ if (isApiRequest) {
|
|
|
+ return ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).map(p -> {
|
|
|
+ p.forEach(roleSet::add);
|
|
|
+ return true;
|
|
|
+ }).orElse(false);
|
|
|
+ }
|
|
|
+ return false;
|
|
|
}
|
|
|
|
|
|
protected void processParameter(final HttpServletRequest request, final Set<String> roleSet) {
|