diff --git a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java index f1a1346f0..0fbd4a6b0 100644 --- a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java +++ b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java @@ -118,9 +118,7 @@ public class RoleQueryHelper { buildByCookieNameMapping(request, roleSet); } - if (isApiRequest) { - processAccessToken(request, roleSet); - } + final boolean hasAccessToken = processAccessToken(request, roleSet, isApiRequest); final RequestManager requestManager = ComponentUtil.getRequestManager(); try { @@ -130,7 +128,9 @@ public class RoleQueryHelper { if (isApiRequest && ComponentUtil.getFessConfig().getApiAccessTokenRequiredAsBoolean()) { throw new InvalidAccessTokenException("invalid_token", "Access token is requried."); } - roleSet.addAll(fessConfig.getSearchGuestPermissionList()); + if (!hasAccessToken) { + roleSet.addAll(fessConfig.getSearchGuestPermissionList()); + } }); } catch (final RuntimeException e) { try { @@ -156,8 +156,14 @@ public class RoleQueryHelper { return roleSet; } - protected void processAccessToken(final HttpServletRequest request, final Set roleSet) { - ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).ifPresent(p -> p.forEach(roleSet::add)); + protected boolean processAccessToken(final HttpServletRequest request, final Set roleSet, final boolean isApiRequest) { + if (isApiRequest) { + return ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).map(p -> { + p.forEach(roleSet::add); + return true; + }).orElse(false); + } + return false; } protected void processParameter(final HttpServletRequest request, final Set roleSet) {