#738 add Authentication header and replace with access token

src/main/config/es/fess_config.json

@@ -1,7 +1,7 @@
 {
   ".fess_config" : {
     "mappings" : {
-      "api_token": {
+      "access_token": {
         "_all": {
           "enabled": false
         },
@@ -14,6 +14,14 @@
             "type": "string",
             "index": "not_analyzed"
           },
+          "permissions": {
+            "type": "string",
+            "index": "not_analyzed"
+          },
+          "parameter_name" : {
+            "type": "string",
+            "index": "not_analyzed"
+          },
           "createdBy": {
             "type": "string",
             "index": "not_analyzed"
@@ -957,6 +965,13 @@
       "index" : {
         "refresh_interval" : "1s",
         "dbflute" : {
+          "access_token" : {
+            "properties" : {
+              "permissions" : {
+                "array" : "true"
+              }
+            }
+          },
           "data_config" : {
             "properties" : {
               "permissions" : {

src/main/java/org/codelibs/fess/api/gsa/GsaApiManager.java

@@ -505,11 +505,6 @@ public class GsaApiManager extends BaseApiManager implements WebApiManager {
             return pageSize;
         }
 
-        @Override
-        public boolean isAdministrativeAccess() {
-            return false;
-        }
-
         @Override
         public Object getAttribute(final String name) {
             return request.getAttribute(name);
@@ -520,5 +515,10 @@ public class GsaApiManager extends BaseApiManager implements WebApiManager {
             return Locale.ROOT;
         }
 
+        @Override
+        public SearchRequestType getType() {
+            return SearchRequestType.GSA;
+        }
+
     }
 }

src/main/java/org/codelibs/fess/api/json/JsonApiManager.java

@@ -43,6 +43,7 @@ import org.codelibs.fess.entity.GeoInfo;
 import org.codelibs.fess.entity.PingResponse;
 import org.codelibs.fess.entity.SearchRenderData;
 import org.codelibs.fess.entity.SearchRequestParams;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.es.client.FessEsClient;
 import org.codelibs.fess.exception.WebApiException;
 import org.codelibs.fess.helper.LabelTypeHelper;
@@ -288,7 +289,7 @@ public class JsonApiManager extends BaseApiManager {
         Exception err = null;
         final StringBuilder buf = new StringBuilder(255); // TODO replace response stream
         try {
-            final List<Map<String, String>> labelTypeItems = labelTypeHelper.getLabelTypeItemList();
+            final List<Map<String, String>> labelTypeItems = labelTypeHelper.getLabelTypeItemList(SearchRequestType.JSON);
             buf.append("\"record_count\":");
             buf.append(labelTypeItems.size());
             if (!labelTypeItems.isEmpty()) {
@@ -338,7 +339,7 @@ public class JsonApiManager extends BaseApiManager {
         Exception err = null;
         final StringBuilder buf = new StringBuilder(255); // TODO replace response stream
         try {
-            final List<String> popularWordList = popularWordHelper.getWordList(seed, tags, null, fields, excludes);
+            final List<String> popularWordList = popularWordHelper.getWordList(SearchRequestType.JSON, seed, tags, null, fields, excludes);
 
             buf.append("\"result\":[");
             boolean first1 = true;
@@ -804,11 +805,6 @@ public class JsonApiManager extends BaseApiManager {
             return pageSize;
         }
 
-        @Override
-        public boolean isAdministrativeAccess() {
-            return false;
-        }
-
         @Override
         public Object getAttribute(final String name) {
             return request.getAttribute(name);
@@ -819,5 +815,10 @@ public class JsonApiManager extends BaseApiManager {
             return Locale.ROOT;
         }
 
+        @Override
+        public SearchRequestType getType() {
+            return SearchRequestType.JSON;
+        }
+
     }
 }

src/main/java/org/codelibs/fess/api/suggest/SuggestApiManager.java

@@ -34,6 +34,7 @@ import org.codelibs.fess.app.service.SearchService;
 import org.codelibs.fess.entity.FacetInfo;
 import org.codelibs.fess.entity.GeoInfo;
 import org.codelibs.fess.entity.SearchRequestParams;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.helper.RoleQueryHelper;
 import org.codelibs.fess.helper.SuggestHelper;
 import org.codelibs.fess.suggest.entity.SuggestItem;
@@ -73,7 +74,7 @@ public class SuggestApiManager extends BaseApiManager {
             final SuggestRequestBuilder builder = suggestHelper.suggester().suggest();
             builder.setQuery(parameter.getQuery());
             stream(parameter.getSuggestFields()).of(stream -> stream.forEach(builder::addField));
-            roleQueryHelper.build().stream().forEach(builder::addRole);
+            roleQueryHelper.build(SearchRequestType.SUGGEST).stream().forEach(builder::addRole);
             builder.setSize(parameter.getNum());
             stream(langs).of(stream -> stream.forEach(builder::addLang));
 
@@ -237,11 +238,6 @@ public class SuggestApiManager extends BaseApiManager {
             throw new UnsupportedOperationException();
         }
 
-        @Override
-        public boolean isAdministrativeAccess() {
-            return false;
-        }
-
         @Override
         public String[] getExtraQueries() {
             throw new UnsupportedOperationException();
@@ -256,5 +252,10 @@ public class SuggestApiManager extends BaseApiManager {
         public Locale getLocale() {
             throw new UnsupportedOperationException();
         }
+
+        @Override
+        public SearchRequestType getType() {
+            return SearchRequestType.SUGGEST;
+        }
     }
 }

src/main/java/org/codelibs/fess/app/job/ScriptExecutorJob.java

@@ -108,7 +108,7 @@ public class ScriptExecutorJob implements LaJob {
             if (task != null) {
                 try {
                     task.stop();
-                } catch (Exception e) {
+                } catch (final Exception e) {
                     logger.warn("Failed to stop " + jobLog, e);
                 }
             }

src/main/java/org/codelibs/fess/app/pager/ApiTokenPager.java → src/main/java/org/codelibs/fess/app/pager/AccessTokenPager.java

@@ -20,7 +20,7 @@ import java.util.List;
 
 import org.codelibs.fess.Constants;
 
-public class ApiTokenPager implements Serializable {
+public class AccessTokenPager implements Serializable {
     private static final long serialVersionUID = 1L;
 
     public static final int DEFAULT_CURRENT_PAGE_NUMBER = 1;

src/main/java/org/codelibs/fess/app/service/AccessTokenService.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright 2012-2016 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.app.service;
+
+import java.util.List;
+
+import javax.annotation.Resource;
+
+import org.codelibs.core.beans.util.BeanUtil;
+import org.codelibs.fess.Constants;
+import org.codelibs.fess.app.pager.AccessTokenPager;
+import org.codelibs.fess.es.config.cbean.AccessTokenCB;
+import org.codelibs.fess.es.config.exbhv.AccessTokenBhv;
+import org.codelibs.fess.es.config.exentity.AccessToken;
+import org.codelibs.fess.mylasta.direction.FessConfig;
+import org.dbflute.cbean.result.PagingResultBean;
+import org.dbflute.optional.OptionalEntity;
+
+public class AccessTokenService {
+
+    @Resource
+    protected AccessTokenBhv accessTokenBhv;
+
+    @Resource
+    protected FessConfig fessConfig;
+
+    public List<AccessToken> getAccessTokenList(final AccessTokenPager accessTokenPager) {
+
+        final PagingResultBean<AccessToken> accessTokenList = accessTokenBhv.selectPage(cb -> {
+            cb.paging(accessTokenPager.getPageSize(), accessTokenPager.getCurrentPageNumber());
+            setupListCondition(cb, accessTokenPager);
+        });
+
+        // update pager
+        BeanUtil.copyBeanToBean(accessTokenList, accessTokenPager, option -> option.include(Constants.PAGER_CONVERSION_RULE));
+        accessTokenPager.setPageNumberList(accessTokenList.pageRange(op -> op.rangeSize(5)).createPageNumberList());
+
+        return accessTokenList;
+    }
+
+    public OptionalEntity<AccessToken> getAccessToken(final String id) {
+        return accessTokenBhv.selectByPK(id);
+    }
+
+    public void store(final AccessToken accessToken) {
+
+        accessTokenBhv.insertOrUpdate(accessToken, op -> op.setRefresh(true));
+
+    }
+
+    public void delete(final AccessToken accessToken) {
+
+        accessTokenBhv.delete(accessToken, op -> op.setRefresh(true));
+
+    }
+
+    protected void setupListCondition(final AccessTokenCB cb, final AccessTokenPager accessTokenPager) {
+        if (accessTokenPager.id != null) {
+            cb.query().docMeta().setId_Equal(accessTokenPager.id);
+        }
+        // TODO Long, Integer, String supported only.
+
+        // setup condition
+        cb.query().addOrderBy_Name_Asc();
+        cb.query().addOrderBy_CreatedTime_Asc();
+
+        // search
+
+    }
+
+    public OptionalEntity<AccessToken> getAccessTokenByToken(final String token) {
+        return accessTokenBhv.selectEntity(cb -> {
+            cb.query().setToken_CommonTerms(token);
+        });
+    }
+
+}

src/main/java/org/codelibs/fess/app/service/ApiTokenService.java

@@ -1,84 +0,0 @@
-/*
- * Copyright 2012-2016 CodeLibs Project and the Others.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
- * either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-package org.codelibs.fess.app.service;
-
-import java.util.List;
-
-import javax.annotation.Resource;
-
-import org.codelibs.core.beans.util.BeanUtil;
-import org.codelibs.fess.Constants;
-import org.codelibs.fess.app.pager.ApiTokenPager;
-import org.codelibs.fess.es.config.cbean.ApiTokenCB;
-import org.codelibs.fess.es.config.exbhv.ApiTokenBhv;
-import org.codelibs.fess.es.config.exentity.ApiToken;
-import org.codelibs.fess.mylasta.direction.FessConfig;
-import org.dbflute.cbean.result.PagingResultBean;
-import org.dbflute.optional.OptionalEntity;
-
-public class ApiTokenService {
-
-    @Resource
-    protected ApiTokenBhv apiTokenBhv;
-
-    @Resource
-    protected FessConfig fessConfig;
-
-    public List<ApiToken> getApiTokenList(final ApiTokenPager apiTokenPager) {
-
-        final PagingResultBean<ApiToken> apiTokenList = apiTokenBhv.selectPage(cb -> {
-            cb.paging(apiTokenPager.getPageSize(), apiTokenPager.getCurrentPageNumber());
-            setupListCondition(cb, apiTokenPager);
-        });
-
-        // update pager
-        BeanUtil.copyBeanToBean(apiTokenList, apiTokenPager, option -> option.include(Constants.PAGER_CONVERSION_RULE));
-        apiTokenPager.setPageNumberList(apiTokenList.pageRange(op -> op.rangeSize(5)).createPageNumberList());
-
-        return apiTokenList;
-    }
-
-    public OptionalEntity<ApiToken> getApiToken(final String id) {
-        return apiTokenBhv.selectByPK(id);
-    }
-
-    public void store(final ApiToken apiToken) {
-
-        apiTokenBhv.insertOrUpdate(apiToken, op -> op.setRefresh(true));
-
-    }
-
-    public void delete(final ApiToken apiToken) {
-
-        apiTokenBhv.delete(apiToken, op -> op.setRefresh(true));
-
-    }
-
-    protected void setupListCondition(final ApiTokenCB cb, final ApiTokenPager apiTokenPager) {
-        if (apiTokenPager.id != null) {
-            cb.query().docMeta().setId_Equal(apiTokenPager.id);
-        }
-        // TODO Long, Integer, String supported only.
-
-        // setup condition
-        cb.query().addOrderBy_Name_Asc();
-        cb.query().addOrderBy_CreatedTime_Asc();
-
-        // search
-
-    }
-
-}

src/main/java/org/codelibs/fess/app/service/JobLogService.java

@@ -118,7 +118,7 @@ public class JobLogService {
         }
     }
 
-    public void setExpiredJobInterval(long expiredJobInterval) {
+    public void setExpiredJobInterval(final long expiredJobInterval) {
         this.expiredJobInterval = expiredJobInterval;
     }
 

src/main/java/org/codelibs/fess/app/service/SearchService.java

@@ -101,8 +101,7 @@ public class SearchService {
                             return SearchConditionBuilder.builder(searchRequestBuilder)
                                     .query(StringUtil.isBlank(sortField) ? query : query + " sort:" + sortField).offset(pageStart)
                                     .size(pageSize).facetInfo(params.getFacetInfo()).geoInfo(params.getGeoInfo())
-                                    .responseFields(queryHelper.getResponseFields()).administrativeAccess(params.isAdministrativeAccess())
-                                    .build();
+                                    .responseFields(queryHelper.getResponseFields()).searchRequestType(params.getType()).build();
                         }, (searchRequestBuilder, execTime, searchResponse) -> {
                             final QueryResponseList queryResponseList = ComponentUtil.getQueryResponseList();
                             queryResponseList.init(searchResponse, pageStart, pageSize);
@@ -155,8 +154,8 @@ public class SearchService {
 
         // search log
         if (searchLogSupport) {
-            ComponentUtil.getSearchLogHelper().addSearchLog(DfTypeUtil.toLocalDateTime(requestedTime), queryId, query, pageStart, pageSize,
-                    queryResponseList);
+            ComponentUtil.getSearchLogHelper().addSearchLog(params, DfTypeUtil.toLocalDateTime(requestedTime), queryId, query, pageStart,
+                    pageSize, queryResponseList);
         }
     }
 
@@ -165,7 +164,7 @@ public class SearchService {
         final String query =
                 QueryStringBuilder.query(params.getQuery()).extraQueries(params.getExtraQueries()).fields(params.getFields()).build();
 
-        final QueryContext queryContext = queryHelper.build(query, context -> {
+        final QueryContext queryContext = queryHelper.build(params.getType(), query, context -> {
             context.skipRoleQuery();
         });
         return fessEsClient.deleteByQuery(fessConfig.getIndexDocumentUpdateIndex(), fessConfig.getIndexDocumentType(),

src/main/java/org/codelibs/fess/app/web/admin/apitoken/AdminApitokenAction.java → src/main/java/org/codelibs/fess/app/web/admin/accesstoken/AdminAccesstokenAction.java

@@ -13,16 +13,16 @@
  * either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
-package org.codelibs.fess.app.web.admin.apitoken;
+package org.codelibs.fess.app.web.admin.accesstoken;
 
 import javax.annotation.Resource;
 
 import org.codelibs.fess.Constants;
-import org.codelibs.fess.app.pager.ApiTokenPager;
-import org.codelibs.fess.app.service.ApiTokenService;
+import org.codelibs.fess.app.pager.AccessTokenPager;
+import org.codelibs.fess.app.service.AccessTokenService;
 import org.codelibs.fess.app.web.CrudMode;
 import org.codelibs.fess.app.web.base.FessAdminAction;
-import org.codelibs.fess.es.config.exentity.ApiToken;
+import org.codelibs.fess.es.config.exentity.AccessToken;
 import org.codelibs.fess.util.RenderDataUtil;
 import org.dbflute.optional.OptionalEntity;
 import org.dbflute.optional.OptionalThing;
@@ -34,15 +34,15 @@ import org.lastaflute.web.ruts.process.ActionRuntime;
 /**
  * @author shinsuke
  */
-public class AdminApitokenAction extends FessAdminAction {
+public class AdminAccesstokenAction extends FessAdminAction {
 
     // ===================================================================================
     //                                                                           Attribute
     //                                                                           =========
     @Resource
-    private ApiTokenService apiTokenService;
+    private AccessTokenService accessTokenService;
     @Resource
-    private ApiTokenPager apiTokenPager;
+    private AccessTokenPager accessTokenPager;
 
     // ===================================================================================
     //                                                                               Hook
@@ -50,7 +50,7 @@ public class AdminApitokenAction extends FessAdminAction {
     @Override
     protected void setupHtmlData(final ActionRuntime runtime) {
         super.setupHtmlData(runtime);
-        runtime.registerData("helpLink", systemHelper.getHelpLink(fessConfig.getOnlineHelpNameApitoken()));
+        runtime.registerData("helpLink", systemHelper.getHelpLink(fessConfig.getOnlineHelpNameAccesstoken()));
     }
 
     // ===================================================================================
@@ -64,36 +64,36 @@ public class AdminApitokenAction extends FessAdminAction {
     @Execute
     public HtmlResponse list(final OptionalThing<Integer> pageNumber, final SearchForm form) {
         pageNumber.ifPresent(num -> {
-            apiTokenPager.setCurrentPageNumber(pageNumber.get());
+            accessTokenPager.setCurrentPageNumber(pageNumber.get());
         }).orElse(() -> {
-            apiTokenPager.setCurrentPageNumber(0);
+            accessTokenPager.setCurrentPageNumber(0);
         });
-        return asHtml(path_AdminApitoken_AdminApitokenJsp).renderWith(data -> {
+        return asHtml(path_AdminAccesstoken_AdminAccesstokenJsp).renderWith(data -> {
             searchPaging(data, form);
         });
     }
 
     @Execute
     public HtmlResponse search(final SearchForm form) {
-        copyBeanToBean(form, apiTokenPager, op -> op.exclude(Constants.PAGER_CONVERSION_RULE));
-        return asHtml(path_AdminApitoken_AdminApitokenJsp).renderWith(data -> {
+        copyBeanToBean(form, accessTokenPager, op -> op.exclude(Constants.PAGER_CONVERSION_RULE));
+        return asHtml(path_AdminAccesstoken_AdminAccesstokenJsp).renderWith(data -> {
             searchPaging(data, form);
         });
     }
 
     @Execute
     public HtmlResponse reset(final SearchForm form) {
-        apiTokenPager.clear();
-        return asHtml(path_AdminApitoken_AdminApitokenJsp).renderWith(data -> {
+        accessTokenPager.clear();
+        return asHtml(path_AdminAccesstoken_AdminAccesstokenJsp).renderWith(data -> {
             searchPaging(data, form);
         });
     }
 
     protected void searchPaging(final RenderData data, final SearchForm form) {
-        RenderDataUtil.register(data, "apiTokenItems", apiTokenService.getApiTokenList(apiTokenPager)); // page navi
+        RenderDataUtil.register(data, "accessTokenItems", accessTokenService.getAccessTokenList(accessTokenPager)); // page navi
 
         // restore from pager
-        copyBeanToBean(apiTokenPager, form, op -> op.include("id"));
+        copyBeanToBean(accessTokenPager, form, op -> op.include("id"));
     }
 
     // ===================================================================================
@@ -122,7 +122,7 @@ public class AdminApitokenAction extends FessAdminAction {
         saveToken();
         return asDetailsHtml().useForm(EditForm.class, op -> {
             op.setup(form -> {
-                apiTokenService.getApiToken(id).ifPresent(entity -> {
+                accessTokenService.getAccessToken(id).ifPresent(entity -> {
                     copyBeanToBean(entity, form, copyOp -> {
                         copyOp.excludeNull();
                     });
@@ -142,11 +142,11 @@ public class AdminApitokenAction extends FessAdminAction {
         verifyCrudMode(form.crudMode, CrudMode.CREATE);
         validate(form, messages -> {}, () -> asEditHtml());
         verifyToken(() -> asEditHtml());
-        getApiToken(form).ifPresent(
+        getAccessToken(form).ifPresent(
                 entity -> {
-                    entity.setToken(systemHelper.generateApiToken());
+                    entity.setToken(systemHelper.generateAccessToken());
                     try {
-                        apiTokenService.store(entity);
+                        accessTokenService.store(entity);
                         saveInfo(messages -> messages.addSuccessCrudCreateCrudTable(GLOBAL));
                     } catch (final Exception e) {
                         throwValidationError(messages -> messages.addErrorsCrudFailedToCreateCrudTable(GLOBAL, buildThrowableMessage(e)),
@@ -164,12 +164,12 @@ public class AdminApitokenAction extends FessAdminAction {
         validate(form, messages -> {}, () -> asDetailsHtml());
         verifyToken(() -> asDetailsHtml());
         final String id = form.id;
-        apiTokenService
-                .getApiToken(id)
+        accessTokenService
+                .getAccessToken(id)
                 .ifPresent(
                         entity -> {
                             try {
-                                apiTokenService.delete(entity);
+                                accessTokenService.delete(entity);
                                 saveInfo(messages -> messages.addSuccessCrudDeleteCrudTable(GLOBAL));
                             } catch (final Exception e) {
                                 throwValidationError(
@@ -186,17 +186,17 @@ public class AdminApitokenAction extends FessAdminAction {
     //                                                                        Assist Logic
     //                                                                        ============
 
-    private OptionalEntity<ApiToken> getEntity(final CreateForm form, final String username, final long currentTime) {
+    private OptionalEntity<AccessToken> getEntity(final CreateForm form, final String username, final long currentTime) {
         switch (form.crudMode) {
         case CrudMode.CREATE:
-            return OptionalEntity.of(new ApiToken()).map(entity -> {
+            return OptionalEntity.of(new AccessToken()).map(entity -> {
                 entity.setCreatedBy(username);
                 entity.setCreatedTime(currentTime);
                 return entity;
             });
         case CrudMode.EDIT:
             if (form instanceof EditForm) {
-                return apiTokenService.getApiToken(((EditForm) form).id);
+                return accessTokenService.getAccessToken(((EditForm) form).id);
             }
             break;
         default:
@@ -205,7 +205,7 @@ public class AdminApitokenAction extends FessAdminAction {
         return OptionalEntity.empty();
     }
 
-    protected OptionalEntity<ApiToken> getApiToken(final CreateForm form) {
+    protected OptionalEntity<AccessToken> getAccessToken(final CreateForm form) {
         final String username = systemHelper.getUsername();
         final long currentTime = systemHelper.getCurrentTimeAsLong();
         return getEntity(form, username, currentTime).map(entity -> {
@@ -232,21 +232,21 @@ public class AdminApitokenAction extends FessAdminAction {
     //                                                                           =========
 
     private HtmlResponse asListHtml() {
-        return asHtml(path_AdminApitoken_AdminApitokenJsp).renderWith(data -> {
-            RenderDataUtil.register(data, "apiTokenItems", apiTokenService.getApiTokenList(apiTokenPager));
+        return asHtml(path_AdminAccesstoken_AdminAccesstokenJsp).renderWith(data -> {
+            RenderDataUtil.register(data, "accessTokenItems", accessTokenService.getAccessTokenList(accessTokenPager));
         }).useForm(SearchForm.class, setup -> {
             setup.setup(form -> {
-                copyBeanToBean(apiTokenPager, form, op -> op.include("id"));
+                copyBeanToBean(accessTokenPager, form, op -> op.include("id"));
             });
         });
     }
 
     private HtmlResponse asEditHtml() {
-        return asHtml(path_AdminApitoken_AdminApitokenEditJsp);
+        return asHtml(path_AdminAccesstoken_AdminAccesstokenEditJsp);
     }
 
     private HtmlResponse asDetailsHtml() {
-        return asHtml(path_AdminApitoken_AdminApitokenDetailsJsp);
+        return asHtml(path_AdminAccesstoken_AdminAccesstokenDetailsJsp);
     }
 
 }

src/main/java/org/codelibs/fess/app/web/admin/apitoken/CreateForm.java → src/main/java/org/codelibs/fess/app/web/admin/accesstoken/CreateForm.java

@@ -13,7 +13,7 @@
  * either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
-package org.codelibs.fess.app.web.admin.apitoken;
+package org.codelibs.fess.app.web.admin.accesstoken;
 
 import javax.validation.constraints.Size;
 

src/main/java/org/codelibs/fess/app/web/admin/apitoken/EditForm.java → src/main/java/org/codelibs/fess/app/web/admin/accesstoken/EditForm.java

@@ -13,7 +13,7 @@
  * either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
-package org.codelibs.fess.app.web.admin.apitoken;
+package org.codelibs.fess.app.web.admin.accesstoken;
 
 import javax.validation.constraints.Size;
 

src/main/java/org/codelibs/fess/app/web/admin/apitoken/SearchForm.java → src/main/java/org/codelibs/fess/app/web/admin/accesstoken/SearchForm.java

@@ -13,7 +13,7 @@
  * either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
-package org.codelibs.fess.app.web.admin.apitoken;
+package org.codelibs.fess.app.web.admin.accesstoken;
 
 /**
  * @author codelibs

src/main/java/org/codelibs/fess/app/web/admin/searchlist/ListForm.java

@@ -125,11 +125,6 @@ public class ListForm implements SearchRequestParams {
         }
     }
 
-    @Override
-    public boolean isAdministrativeAccess() {
-        return true;
-    }
-
     @Override
     public Object getAttribute(final String name) {
         return LaRequestUtil.getRequest().getAttribute(name);
@@ -139,4 +134,9 @@ public class ListForm implements SearchRequestParams {
     public Locale getLocale() {
         return LaRequestUtil.getRequest().getLocale();
     }
+
+    @Override
+    public SearchRequestType getType() {
+        return SearchRequestType.ADMIN_SEARCH;
+    }
 }

src/main/java/org/codelibs/fess/app/web/admin/upgrade/AdminUpgradeAction.java

@@ -715,7 +715,7 @@ public class AdminUpgradeAction extends FessAdminAction {
                 "{\"name\":\"Thumbnail Purger\",\"target\":\"all\",\"cronExpression\":\"0 0 * * *\",\"scriptType\":\"groovy\",\"scriptData\":\"return container.getComponent(\\\"purgeThumbnailJob\\\").expiry(30 * 24 * 60 * 60 * 1000).execute();\",\"jobLogging\":true,\"crawler\":false,\"available\":true,\"sortOrder\":6,\"createdBy\":\"system\",\"createdTime\":0,\"updatedBy\":\"system\",\"updatedTime\":0}");
 
         // alias
-        IndicesOptions indexOrAliasOptions = IndicesOptions.fromOptions(false, false, true, true);
+        final IndicesOptions indexOrAliasOptions = IndicesOptions.fromOptions(false, false, true, true);
         if (!existsIndex(indicesClient, searchIndex, indexOrAliasOptions)) {
             try {
                 final IndicesAliasesResponse response =
@@ -1060,7 +1060,7 @@ public class AdminUpgradeAction extends FessAdminAction {
                     jsonBuilder().startObject().startObject("analysis").startObject(type).field(name).copyCurrentStructure(contentParser)
                             .endObject().endObject().endObject();
             indicesClient.prepareUpdateSettings(index).setSettings(builder.string()).execute().actionGet();
-        } catch (Exception e) {
+        } catch (final Exception e) {
             logger.warn("Failed to set analyzer to " + index, e);
         }
     }
@@ -1069,12 +1069,12 @@ public class AdminUpgradeAction extends FessAdminAction {
         try {
             final IndexRequest indexRequest = new IndexRequest(index, type, id).source(source);
             fessEsClient.index(indexRequest).actionGet();
-        } catch (Exception e) {
+        } catch (final Exception e) {
             logger.warn("Failed to add " + id + " to " + index + "/" + type, e);
         }
     }
 
-    private boolean existsIndex(IndicesAdminClient indicesClient, String index, IndicesOptions options) {
+    private boolean existsIndex(final IndicesAdminClient indicesClient, final String index, final IndicesOptions options) {
         try {
             final IndicesExistsResponse response =
                     indicesClient.prepareExists(index).setIndicesOptions(options).execute().actionGet(fessConfig.getIndexSearchTimeout());
@@ -1089,13 +1089,13 @@ public class AdminUpgradeAction extends FessAdminAction {
         indicesClient.prepareDelete(index).execute(new ActionListener<DeleteIndexResponse>() {
 
             @Override
-            public void onResponse(DeleteIndexResponse response) {
+            public void onResponse(final DeleteIndexResponse response) {
                 logger.info("Deleted " + index + " index.");
                 comsumer.accept(response);
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(final Throwable e) {
                 logger.warn("Failed to delete " + index + " index.", e);
             }
         });

src/main/java/org/codelibs/fess/app/web/base/FessSearchAction.java

@@ -30,6 +30,7 @@ import org.codelibs.core.lang.StringUtil;
 import org.codelibs.core.net.URLUtil;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.web.sso.SsoAction;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.es.client.FessEsClient;
 import org.codelibs.fess.helper.LabelTypeHelper;
 import org.codelibs.fess.helper.OpenSearchHelper;
@@ -98,7 +99,7 @@ public abstract class FessSearchAction extends FessBaseAction {
         runtime.registerData("favoriteSupport", favoriteSupport);
         runtime.registerData("thumbnailSupport", thumbnailSupport);
         if (fessConfig.isWebApiPopularWord()) {
-            runtime.registerData("popularWords", popularWordHelper.getWordList(null, null, null, null, null));
+            runtime.registerData("popularWords", popularWordHelper.getWordList(SearchRequestType.SEARCH, null, null, null, null, null));
         }
         return super.hookBefore(runtime);
     }
@@ -113,7 +114,7 @@ public abstract class FessSearchAction extends FessBaseAction {
         super.setupHtmlData(runtime);
         runtime.registerData("osddLink", openSearchHelper.hasOpenSearchFile());
 
-        final List<Map<String, String>> labelTypeItems = labelTypeHelper.getLabelTypeItemList();
+        final List<Map<String, String>> labelTypeItems = labelTypeHelper.getLabelTypeItemList(SearchRequestType.SEARCH);
         runtime.registerData("labelTypeItems", labelTypeItems);
         runtime.registerData("displayLabelTypeItems", labelTypeItems != null && !labelTypeItems.isEmpty());
 
@@ -143,7 +144,7 @@ public abstract class FessSearchAction extends FessBaseAction {
     protected void buildFormParams(final SearchForm form) {
 
         // label
-        final List<Map<String, String>> labelTypeItems = labelTypeHelper.getLabelTypeItemList();
+        final List<Map<String, String>> labelTypeItems = labelTypeHelper.getLabelTypeItemList(SearchRequestType.SEARCH);
 
         if (!labelTypeItems.isEmpty() && !form.fields.containsKey(FessSearchAction.LABEL_FIELD)) {
             final String[] defaultLabelValues = fessConfig.getDefaultLabelValues(getUserBean());

src/main/java/org/codelibs/fess/app/web/base/SearchForm.java

@@ -122,11 +122,6 @@ public class SearchForm implements SearchRequestParams {
         return sort;
     }
 
-    @Override
-    public boolean isAdministrativeAccess() {
-        return false;
-    }
-
     @Override
     public Object getAttribute(final String name) {
         return LaRequestUtil.getRequest().getAttribute(name);
@@ -136,4 +131,9 @@ public class SearchForm implements SearchRequestParams {
     public Locale getLocale() {
         return LaRequestUtil.getRequest().getLocale();
     }
+
+    @Override
+    public SearchRequestType getType() {
+        return SearchRequestType.SEARCH;
+    }
 }

src/main/java/org/codelibs/fess/app/web/search/SearchAction.java

@@ -32,6 +32,7 @@ import org.codelibs.fess.app.service.SearchService;
 import org.codelibs.fess.app.web.base.FessSearchAction;
 import org.codelibs.fess.app.web.base.SearchForm;
 import org.codelibs.fess.entity.SearchRenderData;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.exception.InvalidQueryException;
 import org.codelibs.fess.exception.ResultOffsetExceededException;
 import org.codelibs.fess.util.RenderDataUtil;
@@ -136,7 +137,8 @@ public class SearchAction extends FessSearchAction {
                             thumbnailManager.storeRequest(queryId, documentItems);
                         }
                     }
-                    RenderDataUtil.register(data, "displayQuery", getDisplayQuery(form, labelTypeHelper.getLabelTypeItemList()));
+                    RenderDataUtil.register(data, "displayQuery",
+                            getDisplayQuery(form, labelTypeHelper.getLabelTypeItemList(SearchRequestType.SEARCH)));
                     createPagingQuery(form);
                 });
         } catch (final InvalidQueryException e) {

src/main/java/org/codelibs/fess/crawler/transformer/FessXpathTransformer.java

@@ -251,7 +251,7 @@ public class FessXpathTransformer extends XpathTransformer implements FessTransf
         // site
         putResultDataBody(dataMap, fessConfig.getIndexFieldSite(), getSite(url, urlEncoding));
         // filename
-        String fileName = getFileName(url, urlEncoding);
+        final String fileName = getFileName(url, urlEncoding);
         if (StringUtil.isNotBlank(fileName)) {
             putResultDataBody(dataMap, fessConfig.getIndexFieldFilename(), fileName);
         }
@@ -359,7 +359,7 @@ public class FessXpathTransformer extends XpathTransformer implements FessTransf
     protected String normalizeCanonicalUrl(final String baseUrl, final String canonicalUrl) {
         try {
             return new URL(new URL(baseUrl), canonicalUrl).toString();
-        } catch (MalformedURLException e) {
+        } catch (final MalformedURLException e) {
             logger.warn("Invalid canonical url: " + baseUrl + " : " + canonicalUrl, e);
         }
         return null;

src/main/java/org/codelibs/fess/ds/impl/FileListIndexUpdateCallbackImpl.java

@@ -222,7 +222,7 @@ public class FileListIndexUpdateCallbackImpl implements IndexUpdateCallback {
             }
             executor.shutdown();
             executor.awaitTermination(executorTerminationTimeout, TimeUnit.SECONDS);
-        } catch (InterruptedException e) {
+        } catch (final InterruptedException e) {
             if (logger.isDebugEnabled()) {
                 logger.debug("Failed to interrupt executor.", e);
             }
@@ -266,7 +266,7 @@ public class FileListIndexUpdateCallbackImpl implements IndexUpdateCallback {
         this.maxRedirectCount = maxRedirectCount;
     }
 
-    public void setExecutorTerminationTimeout(int executorTerminationTimeout) {
+    public void setExecutorTerminationTimeout(final int executorTerminationTimeout) {
         this.executorTerminationTimeout = executorTerminationTimeout;
     }
 

src/main/java/org/codelibs/fess/ds/impl/GitBucketDataStoreImpl.java

@@ -66,16 +66,16 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
             try {
                 final String name = (String) repository.get("name");
                 final String owner = (String) repository.get("owner");
-                final boolean isPrivate = (boolean) repository.get("is_private"); // TODO Use this info for roles
+                repository.get("is_private");
 
-                List<String> pathList = collectFileNames(rootURL, authToken, owner, name, "", 0, readInterval);
-                for (String path : pathList) {
+                final List<String> pathList = collectFileNames(rootURL, authToken, owner, name, "", 0, readInterval);
+                for (final String path : pathList) {
                     storeFileContent(rootURL, authToken, owner, name, path, dataConfig, callback, paramMap, scriptMap, defaultDataMap);
                     if (readInterval > 0) {
                         sleep(readInterval);
                     }
                 }
-            } catch (Exception e) {
+            } catch (final Exception e) {
                 logger.warn("Failed to access to " + repository, e);
             }
         }
@@ -103,12 +103,12 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
     protected List<Map<String, Object>> getRepositoryList(final String rootURL, final String authToken) {
         final String url = rootURL + "api/v3/fess/repos";
         try (CurlResponse curlResponse = Curl.get(url).header("Authorization", "token " + authToken).execute()) {
-            final String content = curlResponse.getContentAsString();
+            curlResponse.getContentAsString();
             final Map<String, Object> map = curlResponse.getContentAsMap();
             assert (map.containsKey("repositories"));
             final List<Map<String, Object>> repoList = (List<Map<String, Object>>) map.get("repositories");
             return repoList;
-        } catch (Exception e) {
+        } catch (final Exception e) {
             logger.warn("Failed to access to " + rootURL, e);
             return Collections.emptyList();
         }
@@ -140,7 +140,7 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
 
             callback.store(paramMap, dataMap);
 
-        } catch (Exception e) {
+        } catch (final Exception e) {
             // TODO CrawlingAccessException?
             logger.warn("Failed to parse " + url, e);
         }
@@ -154,15 +154,15 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
             return Collections.emptyList();
         }
 
-        List<String> resultList = new ArrayList<String>();
+        final List<String> resultList = new ArrayList<>();
         final String url = rootURL + "api/v3/repos/" + owner + "/" + name + "/contents/" + path;
 
         try (CurlResponse curlResponse = Curl.get(url).header("Authorization", "token " + authToken).execute()) {
             final InputStream iStream = curlResponse.getContentAsStream();
-            List<Object> fileList = parseList(iStream);
+            final List<Object> fileList = parseList(iStream);
 
             for (int i = 0; i < fileList.size(); ++i) {
-                Map<String, String> file = (Map<String, String>) fileList.get(i);
+                final Map<String, String> file = (Map<String, String>) fileList.get(i);
                 final String newPath = path.isEmpty() ? file.get("name") : path + "/" + file.get("name");
                 switch (file.get("type")) {
                 case "file":
@@ -176,7 +176,7 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
                     break;
                 }
             }
-        } catch (Exception e) {
+        } catch (final Exception e) {
             logger.warn("Failed to access to " + url, e);
         }
         return resultList;

src/main/java/org/codelibs/fess/entity/SearchRequestParams.java

@@ -42,14 +42,14 @@ public interface SearchRequestParams {
 
     int getPageSize();
 
-    boolean isAdministrativeAccess();
-
     String[] getExtraQueries();
 
     Object getAttribute(String name);
 
     Locale getLocale();
 
+    SearchRequestType getType();
+
     public default String[] simplifyArray(final String[] values) {
         return stream(values).get(stream -> stream.filter(StringUtil::isNotBlank).distinct().toArray(n -> new String[n]));
     }
@@ -89,4 +89,8 @@ public interface SearchRequestParams {
     public default GeoInfo createGeoInfo(final HttpServletRequest request) {
         return new GeoInfo(request);
     }
+
+    public enum SearchRequestType {
+        SEARCH, ADMIN_SEARCH, JSON, GSA, SUGGEST;
+    }
 }

src/main/java/org/codelibs/fess/es/client/FessEsClient.java

@@ -52,6 +52,7 @@ import org.codelibs.fess.entity.FacetInfo;
 import org.codelibs.fess.entity.GeoInfo;
 import org.codelibs.fess.entity.PingResponse;
 import org.codelibs.fess.entity.QueryContext;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.exception.FessSystemException;
 import org.codelibs.fess.exception.InvalidQueryException;
 import org.codelibs.fess.exception.ResultOffsetExceededException;
@@ -864,7 +865,7 @@ public class FessEsClient implements Client {
         private int size = Constants.DEFAULT_PAGE_SIZE;
         private GeoInfo geoInfo;
         private FacetInfo facetInfo;
-        private boolean administrativeAccess = false;
+        private SearchRequestType searchRequestType = SearchRequestType.SEARCH;
 
         public static SearchConditionBuilder builder(final SearchRequestBuilder searchRequestBuilder) {
             return new SearchConditionBuilder(searchRequestBuilder);
@@ -879,8 +880,8 @@ public class FessEsClient implements Client {
             return this;
         }
 
-        public SearchConditionBuilder administrativeAccess(final boolean administrativeAccess) {
-            this.administrativeAccess = administrativeAccess;
+        public SearchConditionBuilder searchRequestType(final SearchRequestType searchRequestType) {
+            this.searchRequestType = searchRequestType;
             return this;
         }
 
@@ -920,8 +921,8 @@ public class FessEsClient implements Client {
                 throw new ResultOffsetExceededException("The number of result size is exceeded.");
             }
 
-            final QueryContext queryContext = queryHelper.build(query, context -> {
-                if (administrativeAccess) {
+            final QueryContext queryContext = queryHelper.build(searchRequestType, query, context -> {
+                if (SearchRequestType.ADMIN_SEARCH.equals(searchRequestType)) {
                     context.skipRoleQuery();
                 }
                 // geo

src/main/java/org/codelibs/fess/es/config/bsbhv/BsApiTokenBhv.java → src/main/java/org/codelibs/fess/es/config/bsbhv/BsAccessTokenBhv.java

@@ -20,9 +20,9 @@ import java.util.Map;
 
 import org.codelibs.fess.es.config.allcommon.EsAbstractBehavior;
 import org.codelibs.fess.es.config.allcommon.EsAbstractEntity.RequestOptionCall;
-import org.codelibs.fess.es.config.bsentity.dbmeta.ApiTokenDbm;
-import org.codelibs.fess.es.config.cbean.ApiTokenCB;
-import org.codelibs.fess.es.config.exentity.ApiToken;
+import org.codelibs.fess.es.config.bsentity.dbmeta.AccessTokenDbm;
+import org.codelibs.fess.es.config.cbean.AccessTokenCB;
+import org.codelibs.fess.es.config.exentity.AccessToken;
 import org.dbflute.Entity;
 import org.dbflute.bhv.readable.CBCall;
 import org.dbflute.bhv.readable.EntityRowHandler;
@@ -39,7 +39,7 @@ import org.elasticsearch.action.index.IndexRequestBuilder;
 /**
  * @author ESFlute (using FreeGen)
  */
-public abstract class BsApiTokenBhv extends EsAbstractBehavior<ApiToken, ApiTokenCB> {
+public abstract class BsAccessTokenBhv extends EsAbstractBehavior<AccessToken, AccessTokenCB> {
 
     // ===================================================================================
     //                                                                    Control Override
@@ -56,25 +56,27 @@ public abstract class BsApiTokenBhv extends EsAbstractBehavior<ApiToken, ApiToke
 
     @Override
     public String asEsIndexType() {
-        return "api_token";
+        return "access_token";
     }
 
     @Override
     public String asEsSearchType() {
-        return "api_token";
+        return "access_token";
     }
 
     @Override
-    public ApiTokenDbm asDBMeta() {
-        return ApiTokenDbm.getInstance();
+    public AccessTokenDbm asDBMeta() {
+        return AccessTokenDbm.getInstance();
     }
 
     @Override
-    protected <RESULT extends ApiToken> RESULT createEntity(Map<String, Object> source, Class<? extends RESULT> entityType) {
+    protected <RESULT extends AccessToken> RESULT createEntity(Map<String, Object> source, Class<? extends RESULT> entityType) {
         try {
             final RESULT result = entityType.newInstance();
             result.setName(DfTypeUtil.toString(source.get("name")));
             result.setToken(DfTypeUtil.toString(source.get("token")));
+            result.setPermissions(toStringArray(source.get("permissions")));
+            result.setParameterName(DfTypeUtil.toString(source.get("parameter_name")));
             result.setCreatedBy(DfTypeUtil.toString(source.get("createdBy")));
             result.setCreatedTime(DfTypeUtil.toLong(source.get("createdTime")));
             result.setUpdatedBy(DfTypeUtil.toString(source.get("updatedBy")));
@@ -89,25 +91,25 @@ public abstract class BsApiTokenBhv extends EsAbstractBehavior<ApiToken, ApiToke
     // ===================================================================================
     //                                                                              Select
     //                                                                              ======
-    public int selectCount(CBCall<ApiTokenCB> cbLambda) {
+    public int selectCount(CBCall<AccessTokenCB> cbLambda) {
         return facadeSelectCount(createCB(cbLambda));
     }
 
-    public OptionalEntity<ApiToken> selectEntity(CBCall<ApiTokenCB> cbLambda) {
+    public OptionalEntity<AccessToken> selectEntity(CBCall<AccessTokenCB> cbLambda) {
         return facadeSelectEntity(createCB(cbLambda));
     }
 
-    protected OptionalEntity<ApiToken> facadeSelectEntity(ApiTokenCB cb) {
+    protected OptionalEntity<AccessToken> facadeSelectEntity(AccessTokenCB cb) {
         return doSelectOptionalEntity(cb, typeOfSelectedEntity());
     }
 
-    protected <ENTITY extends ApiToken> OptionalEntity<ENTITY> doSelectOptionalEntity(ApiTokenCB cb, Class<? extends ENTITY> tp) {
+    protected <ENTITY extends AccessToken> OptionalEntity<ENTITY> doSelectOptionalEntity(AccessTokenCB cb, Class<? extends ENTITY> tp) {
         return createOptionalEntity(doSelectEntity(cb, tp), cb);
     }
 
     @Override
-    public ApiTokenCB newConditionBean() {
-        return new ApiTokenCB();
+    public AccessTokenCB newConditionBean() {
+        return new AccessTokenCB();
     }
 
     @Override
@@ -115,141 +117,141 @@ public abstract class BsApiTokenBhv extends EsAbstractBehavior<ApiToken, ApiToke
         return facadeSelectEntity(downcast(cb)).orElse(null);
     }
 
-    public ApiToken selectEntityWithDeletedCheck(CBCall<ApiTokenCB> cbLambda) {
+    public AccessToken selectEntityWithDeletedCheck(CBCall<AccessTokenCB> cbLambda) {
         return facadeSelectEntityWithDeletedCheck(createCB(cbLambda));
     }
 
-    public OptionalEntity<ApiToken> selectByPK(String id) {
+    public OptionalEntity<AccessToken> selectByPK(String id) {
         return facadeSelectByPK(id);
     }
 
-    protected OptionalEntity<ApiToken> facadeSelectByPK(String id) {
+    protected OptionalEntity<AccessToken> facadeSelectByPK(String id) {
         return doSelectOptionalByPK(id, typeOfSelectedEntity());
     }
 
-    protected <ENTITY extends ApiToken> ENTITY doSelectByPK(String id, Class<? extends ENTITY> tp) {
+    protected <ENTITY extends AccessToken> ENTITY doSelectByPK(String id, Class<? extends ENTITY> tp) {
         return doSelectEntity(xprepareCBAsPK(id), tp);
     }
 
-    protected ApiTokenCB xprepareCBAsPK(String id) {
+    protected AccessTokenCB xprepareCBAsPK(String id) {
         assertObjectNotNull("id", id);
         return newConditionBean().acceptPK(id);
     }
 
-    protected <ENTITY extends ApiToken> OptionalEntity<ENTITY> doSelectOptionalByPK(String id, Class<? extends ENTITY> tp) {
+    protected <ENTITY extends AccessToken> OptionalEntity<ENTITY> doSelectOptionalByPK(String id, Class<? extends ENTITY> tp) {
         return createOptionalEntity(doSelectByPK(id, tp), id);
     }
 
     @Override
-    protected Class<? extends ApiToken> typeOfSelectedEntity() {
-        return ApiToken.class;
+    protected Class<? extends AccessToken> typeOfSelectedEntity() {
+        return AccessToken.class;
     }
 
     @Override
-    protected Class<ApiToken> typeOfHandlingEntity() {
-        return ApiToken.class;
+    protected Class<AccessToken> typeOfHandlingEntity() {
+        return AccessToken.class;
     }
 
     @Override
-    protected Class<ApiTokenCB> typeOfHandlingConditionBean() {
-        return ApiTokenCB.class;
+    protected Class<AccessTokenCB> typeOfHandlingConditionBean() {
+        return AccessTokenCB.class;
     }
 
-    public ListResultBean<ApiToken> selectList(CBCall<ApiTokenCB> cbLambda) {
+    public ListResultBean<AccessToken> selectList(CBCall<AccessTokenCB> cbLambda) {
         return facadeSelectList(createCB(cbLambda));
     }
 
-    public PagingResultBean<ApiToken> selectPage(CBCall<ApiTokenCB> cbLambda) {
+    public PagingResultBean<AccessToken> selectPage(CBCall<AccessTokenCB> cbLambda) {
         // #pending same?
-        return (PagingResultBean<ApiToken>) facadeSelectList(createCB(cbLambda));
+        return (PagingResultBean<AccessToken>) facadeSelectList(createCB(cbLambda));
     }
 
-    public void selectCursor(CBCall<ApiTokenCB> cbLambda, EntityRowHandler<ApiToken> entityLambda) {
+    public void selectCursor(CBCall<AccessTokenCB> cbLambda, EntityRowHandler<AccessToken> entityLambda) {
         facadeSelectCursor(createCB(cbLambda), entityLambda);
     }
 
-    public void selectBulk(CBCall<ApiTokenCB> cbLambda, EntityRowHandler<List<ApiToken>> entityLambda) {
+    public void selectBulk(CBCall<AccessTokenCB> cbLambda, EntityRowHandler<List<AccessToken>> entityLambda) {
         delegateSelectBulk(createCB(cbLambda), entityLambda, typeOfSelectedEntity());
     }
 
     // ===================================================================================
     //                                                                              Update
     //                                                                              ======
-    public void insert(ApiToken entity) {
+    public void insert(AccessToken entity) {
         doInsert(entity, null);
     }
 
-    public void insert(ApiToken entity, RequestOptionCall<IndexRequestBuilder> opLambda) {
+    public void insert(AccessToken entity, RequestOptionCall<IndexRequestBuilder> opLambda) {
         entity.asDocMeta().indexOption(opLambda);
         doInsert(entity, null);
     }
 
-    public void update(ApiToken entity) {
+    public void update(AccessToken entity) {
         doUpdate(entity, null);
     }
 
-    public void update(ApiToken entity, RequestOptionCall<IndexRequestBuilder> opLambda) {
+    public void update(AccessToken entity, RequestOptionCall<IndexRequestBuilder> opLambda) {
         entity.asDocMeta().indexOption(opLambda);
         doUpdate(entity, null);
     }
 
-    public void insertOrUpdate(ApiToken entity) {
+    public void insertOrUpdate(AccessToken entity) {
         doInsertOrUpdate(entity, null, null);
     }
 
-    public void insertOrUpdate(ApiToken entity, RequestOptionCall<IndexRequestBuilder> opLambda) {
+    public void insertOrUpdate(AccessToken entity, RequestOptionCall<IndexRequestBuilder> opLambda) {
         entity.asDocMeta().indexOption(opLambda);
         doInsertOrUpdate(entity, null, null);
     }
 
-    public void delete(ApiToken entity) {
+    public void delete(AccessToken entity) {
         doDelete(entity, null);
     }
 
-    public void delete(ApiToken entity, RequestOptionCall<DeleteRequestBuilder> opLambda) {
+    public void delete(AccessToken entity, RequestOptionCall<DeleteRequestBuilder> opLambda) {
         entity.asDocMeta().deleteOption(opLambda);
         doDelete(entity, null);
     }
 
-    public int queryDelete(CBCall<ApiTokenCB> cbLambda) {
+    public int queryDelete(CBCall<AccessTokenCB> cbLambda) {
         return doQueryDelete(createCB(cbLambda), null);
     }
 
-    public int[] batchInsert(List<ApiToken> list) {
+    public int[] batchInsert(List<AccessToken> list) {
         return batchInsert(list, null, null);
     }
 
-    public int[] batchInsert(List<ApiToken> list, RequestOptionCall<BulkRequestBuilder> call) {
+    public int[] batchInsert(List<AccessToken> list, RequestOptionCall<BulkRequestBuilder> call) {
         return batchInsert(list, call, null);
     }
 
-    public int[] batchInsert(List<ApiToken> list, RequestOptionCall<BulkRequestBuilder> call,
+    public int[] batchInsert(List<AccessToken> list, RequestOptionCall<BulkRequestBuilder> call,
             RequestOptionCall<IndexRequestBuilder> entityCall) {
         return doBatchInsert(new BulkList<>(list, call, entityCall), null);
     }
 
-    public int[] batchUpdate(List<ApiToken> list) {
+    public int[] batchUpdate(List<AccessToken> list) {
         return batchUpdate(list, null, null);
     }
 
-    public int[] batchUpdate(List<ApiToken> list, RequestOptionCall<BulkRequestBuilder> call) {
+    public int[] batchUpdate(List<AccessToken> list, RequestOptionCall<BulkRequestBuilder> call) {
         return batchUpdate(list, call, null);
     }
 
-    public int[] batchUpdate(List<ApiToken> list, RequestOptionCall<BulkRequestBuilder> call,
+    public int[] batchUpdate(List<AccessToken> list, RequestOptionCall<BulkRequestBuilder> call,
             RequestOptionCall<IndexRequestBuilder> entityCall) {
         return doBatchUpdate(new BulkList<>(list, call, entityCall), null);
     }
 
-    public int[] batchDelete(List<ApiToken> list) {
+    public int[] batchDelete(List<AccessToken> list) {
         return batchDelete(list, null, null);
     }
 
-    public int[] batchDelete(List<ApiToken> list, RequestOptionCall<BulkRequestBuilder> call) {
+    public int[] batchDelete(List<AccessToken> list, RequestOptionCall<BulkRequestBuilder> call) {
         return batchDelete(list, call, null);
     }
 
-    public int[] batchDelete(List<ApiToken> list, RequestOptionCall<BulkRequestBuilder> call,
+    public int[] batchDelete(List<AccessToken> list, RequestOptionCall<BulkRequestBuilder> call,
             RequestOptionCall<IndexRequestBuilder> entityCall) {
         return doBatchDelete(new BulkList<>(list, call, entityCall), null);
     }

src/main/java/org/codelibs/fess/es/config/bsentity/BsApiToken.java → src/main/java/org/codelibs/fess/es/config/bsentity/BsAccessToken.java

@@ -20,13 +20,13 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.codelibs.fess.es.config.allcommon.EsAbstractEntity;
-import org.codelibs.fess.es.config.bsentity.dbmeta.ApiTokenDbm;
+import org.codelibs.fess.es.config.bsentity.dbmeta.AccessTokenDbm;
 
 /**
  * ${table.comment}
  * @author ESFlute (using FreeGen)
  */
-public class BsApiToken extends EsAbstractEntity {
+public class BsAccessToken extends EsAbstractEntity {
 
     // ===================================================================================
     //                                                                          Definition
@@ -43,6 +43,12 @@ public class BsApiToken extends EsAbstractEntity {
     /** token */
     protected String token;
 
+    /** permissions */
+    protected String[] permissions;
+
+    /** parameter_name */
+    protected String parameterName;
+
     /** createdBy */
     protected String createdBy;
 
@@ -61,13 +67,13 @@ public class BsApiToken extends EsAbstractEntity {
     //                                                                             DB Meta
     //                                                                             =======
     @Override
-    public ApiTokenDbm asDBMeta() {
-        return ApiTokenDbm.getInstance();
+    public AccessTokenDbm asDBMeta() {
+        return AccessTokenDbm.getInstance();
     }
 
     @Override
     public String asTableDbName() {
-        return "api_token";
+        return "access_token";
     }
 
     // ===================================================================================
@@ -82,6 +88,12 @@ public class BsApiToken extends EsAbstractEntity {
         if (token != null) {
             sourceMap.put("token", token);
         }
+        if (permissions != null) {
+            sourceMap.put("permissions", permissions);
+        }
+        if (parameterName != null) {
+            sourceMap.put("parameter_name", parameterName);
+        }
         if (createdBy != null) {
             sourceMap.put("createdBy", createdBy);
         }
@@ -105,6 +117,8 @@ public class BsApiToken extends EsAbstractEntity {
         StringBuilder sb = new StringBuilder();
         sb.append(dm).append(name);
         sb.append(dm).append(token);
+        sb.append(dm).append(permissions);
+        sb.append(dm).append(parameterName);
         sb.append(dm).append(createdBy);
         sb.append(dm).append(createdTime);
         sb.append(dm).append(updatedBy);
@@ -139,6 +153,26 @@ public class BsApiToken extends EsAbstractEntity {
         this.token = value;
     }
 
+    public String[] getPermissions() {
+        checkSpecifiedProperty("permissions");
+        return permissions;
+    }
+
+    public void setPermissions(String[] value) {
+        registerModifiedProperty("permissions");
+        this.permissions = value;
+    }
+
+    public String getParameterName() {
+        checkSpecifiedProperty("parameterName");
+        return convertEmptyToNull(parameterName);
+    }
+
+    public void setParameterName(String value) {
+        registerModifiedProperty("parameterName");
+        this.parameterName = value;
+    }
+
     public String getCreatedBy() {
         checkSpecifiedProperty("createdBy");
         return convertEmptyToNull(createdBy);

src/main/java/org/codelibs/fess/es/config/bsentity/dbmeta/ApiTokenDbm.java → src/main/java/org/codelibs/fess/es/config/bsentity/dbmeta/AccessTokenDbm.java

@@ -19,7 +19,7 @@ import java.time.LocalDateTime;
 import java.util.List;
 import java.util.Map;
 
-import org.codelibs.fess.es.config.exentity.ApiToken;
+import org.codelibs.fess.es.config.exentity.AccessToken;
 import org.dbflute.Entity;
 import org.dbflute.dbmeta.AbstractDBMeta;
 import org.dbflute.dbmeta.info.ColumnInfo;
@@ -32,19 +32,19 @@ import org.dbflute.util.DfTypeUtil;
 /**
  * @author ESFlute (using FreeGen)
  */
-public class ApiTokenDbm extends AbstractDBMeta {
+public class AccessTokenDbm extends AbstractDBMeta {
 
     protected static final Class<?> suppressUnusedImportLocalDateTime = LocalDateTime.class;
 
     // ===================================================================================
     //                                                                           Singleton
     //                                                                           =========
-    private static final ApiTokenDbm _instance = new ApiTokenDbm();
+    private static final AccessTokenDbm _instance = new AccessTokenDbm();
 
-    private ApiTokenDbm() {
+    private AccessTokenDbm() {
     }
 
-    public static ApiTokenDbm getInstance() {
+    public static AccessTokenDbm getInstance() {
         return _instance;
     }
 
@@ -79,15 +79,19 @@ public class ApiTokenDbm extends AbstractDBMeta {
     //                                       ---------------
     protected final Map<String, PropertyGateway> _epgMap = newHashMap();
     {
-        setupEpg(_epgMap, et -> ((ApiToken) et).getName(), (et, vl) -> ((ApiToken) et).setName(DfTypeUtil.toString(vl)), "name");
-        setupEpg(_epgMap, et -> ((ApiToken) et).getToken(), (et, vl) -> ((ApiToken) et).setToken(DfTypeUtil.toString(vl)), "token");
-        setupEpg(_epgMap, et -> ((ApiToken) et).getCreatedBy(), (et, vl) -> ((ApiToken) et).setCreatedBy(DfTypeUtil.toString(vl)),
+        setupEpg(_epgMap, et -> ((AccessToken) et).getName(), (et, vl) -> ((AccessToken) et).setName(DfTypeUtil.toString(vl)), "name");
+        setupEpg(_epgMap, et -> ((AccessToken) et).getToken(), (et, vl) -> ((AccessToken) et).setToken(DfTypeUtil.toString(vl)), "token");
+        setupEpg(_epgMap, et -> ((AccessToken) et).getPermissions(), (et, vl) -> ((AccessToken) et).setPermissions((String[]) vl),
+                "permissions");
+        setupEpg(_epgMap, et -> ((AccessToken) et).getParameterName(),
+                (et, vl) -> ((AccessToken) et).setParameterName(DfTypeUtil.toString(vl)), "parameterName");
+        setupEpg(_epgMap, et -> ((AccessToken) et).getCreatedBy(), (et, vl) -> ((AccessToken) et).setCreatedBy(DfTypeUtil.toString(vl)),
                 "createdBy");
-        setupEpg(_epgMap, et -> ((ApiToken) et).getCreatedTime(), (et, vl) -> ((ApiToken) et).setCreatedTime(DfTypeUtil.toLong(vl)),
+        setupEpg(_epgMap, et -> ((AccessToken) et).getCreatedTime(), (et, vl) -> ((AccessToken) et).setCreatedTime(DfTypeUtil.toLong(vl)),
                 "createdTime");
-        setupEpg(_epgMap, et -> ((ApiToken) et).getUpdatedBy(), (et, vl) -> ((ApiToken) et).setUpdatedBy(DfTypeUtil.toString(vl)),
+        setupEpg(_epgMap, et -> ((AccessToken) et).getUpdatedBy(), (et, vl) -> ((AccessToken) et).setUpdatedBy(DfTypeUtil.toString(vl)),
                 "updatedBy");
-        setupEpg(_epgMap, et -> ((ApiToken) et).getUpdatedTime(), (et, vl) -> ((ApiToken) et).setUpdatedTime(DfTypeUtil.toLong(vl)),
+        setupEpg(_epgMap, et -> ((AccessToken) et).getUpdatedTime(), (et, vl) -> ((AccessToken) et).setUpdatedTime(DfTypeUtil.toLong(vl)),
                 "updatedTime");
     }
 
@@ -99,9 +103,9 @@ public class ApiTokenDbm extends AbstractDBMeta {
     // ===================================================================================
     //                                                                          Table Info
     //                                                                          ==========
-    protected final String _tableDbName = "api_token";
-    protected final String _tableDispName = "api_token";
-    protected final String _tablePropertyName = "ApiToken";
+    protected final String _tableDbName = "access_token";
+    protected final String _tableDispName = "access_token";
+    protected final String _tablePropertyName = "AccessToken";
 
     public String getTableDbName() {
         return _tableDbName;
@@ -129,6 +133,10 @@ public class ApiTokenDbm extends AbstractDBMeta {
             0, null, false, null, null, null, null, null, false);
     protected final ColumnInfo _columnToken = cci("token", "token", null, null, String.class, "token", null, false, false, false, "String",
             0, 0, null, false, null, null, null, null, null, false);
+    protected final ColumnInfo _columnPermissions = cci("permissions", "permissions", null, null, String[].class, "permissions", null,
+            false, false, false, "String", 0, 0, null, false, null, null, null, null, null, false);
+    protected final ColumnInfo _columnParameterName = cci("parameter_name", "parameter_name", null, null, String.class, "parameterName",
+            null, false, false, false, "String", 0, 0, null, false, null, null, null, null, null, false);
     protected final ColumnInfo _columnCreatedBy = cci("createdBy", "createdBy", null, null, String.class, "createdBy", null, false, false,
             false, "String", 0, 0, null, false, null, null, null, null, null, false);
     protected final ColumnInfo _columnCreatedTime = cci("createdTime", "createdTime", null, null, Long.class, "createdTime", null, false,
@@ -146,6 +154,14 @@ public class ApiTokenDbm extends AbstractDBMeta {
         return _columnToken;
     }
 
+    public ColumnInfo columnPermissions() {
+        return _columnPermissions;
+    }
+
+    public ColumnInfo columnParameterName() {
+        return _columnParameterName;
+    }
+
     public ColumnInfo columnCreatedBy() {
         return _columnCreatedBy;
     }
@@ -166,6 +182,8 @@ public class ApiTokenDbm extends AbstractDBMeta {
         List<ColumnInfo> ls = newArrayList();
         ls.add(columnName());
         ls.add(columnToken());
+        ls.add(columnPermissions());
+        ls.add(columnParameterName());
         ls.add(columnCreatedBy());
         ls.add(columnCreatedTime());
         ls.add(columnUpdatedBy());
@@ -196,17 +214,17 @@ public class ApiTokenDbm extends AbstractDBMeta {
     //                                                                           =========
     @Override
     public String getEntityTypeName() {
-        return "org.codelibs.fess.es.config.exentity.ApiToken";
+        return "org.codelibs.fess.es.config.exentity.AccessToken";
     }
 
     @Override
     public String getConditionBeanTypeName() {
-        return "org.codelibs.fess.es.config.cbean.ApiTokenCB";
+        return "org.codelibs.fess.es.config.cbean.AccessTokenCB";
     }
 
     @Override
     public String getBehaviorTypeName() {
-        return "org.codelibs.fess.es.config.exbhv.ApiTokenBhv";
+        return "org.codelibs.fess.es.config.exbhv.AccessTokenBhv";
     }
 
     // ===================================================================================
@@ -214,7 +232,7 @@ public class ApiTokenDbm extends AbstractDBMeta {
     //                                                                         ===========
     @Override
     public Class<? extends Entity> getEntityType() {
-        return ApiToken.class;
+        return AccessToken.class;
     }
 
     // ===================================================================================
@@ -222,7 +240,7 @@ public class ApiTokenDbm extends AbstractDBMeta {
     //                                                                     ===============
     @Override
     public Entity newEntity() {
-        return new ApiToken();
+        return new AccessToken();
     }
 
     // ===================================================================================

src/main/java/org/codelibs/fess/es/config/cbean/ApiTokenCB.java → src/main/java/org/codelibs/fess/es/config/cbean/AccessTokenCB.java

@@ -15,10 +15,10 @@
  */
 package org.codelibs.fess.es.config.cbean;
 
-import org.codelibs.fess.es.config.cbean.bs.BsApiTokenCB;
+import org.codelibs.fess.es.config.cbean.bs.BsAccessTokenCB;
 
 /**
  * @author ESFlute (using FreeGen)
  */
-public class ApiTokenCB extends BsApiTokenCB {
+public class AccessTokenCB extends BsAccessTokenCB {
 }

src/main/java/org/codelibs/fess/es/config/cbean/bs/BsApiTokenCB.java → src/main/java/org/codelibs/fess/es/config/cbean/bs/BsAccessTokenCB.java

@@ -20,10 +20,10 @@ import java.util.List;
 import java.util.Map;
 
 import org.codelibs.fess.es.config.allcommon.EsAbstractConditionBean;
-import org.codelibs.fess.es.config.bsentity.dbmeta.ApiTokenDbm;
-import org.codelibs.fess.es.config.cbean.ApiTokenCB;
-import org.codelibs.fess.es.config.cbean.cq.ApiTokenCQ;
-import org.codelibs.fess.es.config.cbean.cq.bs.BsApiTokenCQ;
+import org.codelibs.fess.es.config.bsentity.dbmeta.AccessTokenDbm;
+import org.codelibs.fess.es.config.cbean.AccessTokenCB;
+import org.codelibs.fess.es.config.cbean.cq.AccessTokenCQ;
+import org.codelibs.fess.es.config.cbean.cq.bs.BsAccessTokenCQ;
 import org.dbflute.cbean.ConditionQuery;
 import org.elasticsearch.action.search.SearchRequestBuilder;
 import org.elasticsearch.index.query.QueryBuilder;
@@ -31,25 +31,25 @@ import org.elasticsearch.index.query.QueryBuilder;
 /**
  * @author ESFlute (using FreeGen)
  */
-public class BsApiTokenCB extends EsAbstractConditionBean {
+public class BsAccessTokenCB extends EsAbstractConditionBean {
 
     // ===================================================================================
     //                                                                           Attribute
     //                                                                           =========
-    protected BsApiTokenCQ _conditionQuery;
+    protected BsAccessTokenCQ _conditionQuery;
     protected HpSpecification _specification;
 
     // ===================================================================================
     //                                                                             Control
     //                                                                             =======
     @Override
-    public ApiTokenDbm asDBMeta() {
-        return ApiTokenDbm.getInstance();
+    public AccessTokenDbm asDBMeta() {
+        return AccessTokenDbm.getInstance();
     }
 
     @Override
     public String asTableDbName() {
-        return "api_token";
+        return "access_token";
     }
 
     @Override
@@ -65,11 +65,11 @@ public class BsApiTokenCB extends EsAbstractConditionBean {
     // ===================================================================================
     //                                                                         Primary Key
     //                                                                         ===========
-    public ApiTokenCB acceptPK(String id) {
+    public AccessTokenCB acceptPK(String id) {
         assertObjectNotNull("id", id);
-        BsApiTokenCB cb = this;
+        BsAccessTokenCB cb = this;
         cb.query().docMeta().setId_Equal(id);
-        return (ApiTokenCB) this;
+        return (AccessTokenCB) this;
     }
 
     @Override
@@ -103,20 +103,20 @@ public class BsApiTokenCB extends EsAbstractConditionBean {
     // ===================================================================================
     //                                                                               Query
     //                                                                               =====
-    public BsApiTokenCQ query() {
+    public BsAccessTokenCQ query() {
         assertQueryPurpose();
         return doGetConditionQuery();
     }
 
-    protected BsApiTokenCQ doGetConditionQuery() {
+    protected BsAccessTokenCQ doGetConditionQuery() {
         if (_conditionQuery == null) {
             _conditionQuery = createLocalCQ();
         }
         return _conditionQuery;
     }
 
-    protected BsApiTokenCQ createLocalCQ() {
-        return new ApiTokenCQ();
+    protected BsAccessTokenCQ createLocalCQ() {
+        return new AccessTokenCQ();
     }
 
     // ===================================================================================
@@ -155,6 +155,14 @@ public class BsApiTokenCB extends EsAbstractConditionBean {
             doColumn("token");
         }
 
+        public void columnPermissions() {
+            doColumn("permissions");
+        }
+
+        public void columnParameterName() {
+            doColumn("parameter_name");
+        }
+
         public void columnCreatedBy() {
             doColumn("createdBy");
         }

src/main/java/org/codelibs/fess/es/config/cbean/cq/ApiTokenCQ.java → src/main/java/org/codelibs/fess/es/config/cbean/cq/AccessTokenCQ.java

@@ -15,10 +15,10 @@
  */
 package org.codelibs.fess.es.config.cbean.cq;
 
-import org.codelibs.fess.es.config.cbean.cq.bs.BsApiTokenCQ;
+import org.codelibs.fess.es.config.cbean.cq.bs.BsAccessTokenCQ;
 
 /**
  * @author ESFlute (using FreeGen)
  */
-public class ApiTokenCQ extends BsApiTokenCQ {
+public class AccessTokenCQ extends BsAccessTokenCQ {
 }

src/main/java/org/codelibs/fess/es/config/cbean/cq/bs/BsApiTokenCQ.java → src/main/java/org/codelibs/fess/es/config/cbean/cq/bs/BsAccessTokenCQ.java

@@ -19,7 +19,7 @@ import java.time.LocalDateTime;
 import java.util.Collection;
 
 import org.codelibs.fess.es.config.allcommon.EsAbstractConditionQuery;
-import org.codelibs.fess.es.config.cbean.cq.ApiTokenCQ;
+import org.codelibs.fess.es.config.cbean.cq.AccessTokenCQ;
 import org.dbflute.cbean.ckey.ConditionKey;
 import org.elasticsearch.index.query.BoolQueryBuilder;
 import org.elasticsearch.index.query.CommonTermsQueryBuilder;
@@ -37,7 +37,7 @@ import org.elasticsearch.index.query.WildcardQueryBuilder;
 /**
  * @author ESFlute (using FreeGen)
  */
-public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
+public abstract class BsAccessTokenCQ extends EsAbstractConditionQuery {
 
     protected static final Class<?> suppressUnusedImportLocalDateTime = LocalDateTime.class;
 
@@ -46,44 +46,44 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
     //                                                                       =============
     @Override
     public String asTableDbName() {
-        return "api_token";
+        return "access_token";
     }
 
     @Override
     public String xgetAliasName() {
-        return "api_token";
+        return "access_token";
     }
 
     // ===================================================================================
     //                                                                       Query Control
     //                                                                       =============
-    public void filtered(FilteredCall<ApiTokenCQ, ApiTokenCQ> filteredLambda) {
+    public void filtered(FilteredCall<AccessTokenCQ, AccessTokenCQ> filteredLambda) {
         filtered(filteredLambda, null);
     }
 
-    public void filtered(FilteredCall<ApiTokenCQ, ApiTokenCQ> filteredLambda, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+    public void filtered(FilteredCall<AccessTokenCQ, AccessTokenCQ> filteredLambda, ConditionOptionCall<BoolQueryBuilder> opLambda) {
         bool((must, should, mustNot, filter) -> {
             filteredLambda.callback(must, filter);
         }, opLambda);
     }
 
-    public void not(OperatorCall<ApiTokenCQ> notLambda) {
+    public void not(OperatorCall<AccessTokenCQ> notLambda) {
         not(notLambda, null);
     }
 
-    public void not(final OperatorCall<ApiTokenCQ> notLambda, final ConditionOptionCall<BoolQueryBuilder> opLambda) {
+    public void not(final OperatorCall<AccessTokenCQ> notLambda, final ConditionOptionCall<BoolQueryBuilder> opLambda) {
         bool((must, should, mustNot, filter) -> notLambda.callback(mustNot), opLambda);
     }
 
-    public void bool(BoolCall<ApiTokenCQ> boolLambda) {
+    public void bool(BoolCall<AccessTokenCQ> boolLambda) {
         bool(boolLambda, null);
     }
 
-    public void bool(BoolCall<ApiTokenCQ> boolLambda, ConditionOptionCall<BoolQueryBuilder> opLambda) {
-        ApiTokenCQ mustQuery = new ApiTokenCQ();
-        ApiTokenCQ shouldQuery = new ApiTokenCQ();
-        ApiTokenCQ mustNotQuery = new ApiTokenCQ();
-        ApiTokenCQ filterQuery = new ApiTokenCQ();
+    public void bool(BoolCall<AccessTokenCQ> boolLambda, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        AccessTokenCQ mustQuery = new AccessTokenCQ();
+        AccessTokenCQ shouldQuery = new AccessTokenCQ();
+        AccessTokenCQ mustNotQuery = new AccessTokenCQ();
+        AccessTokenCQ filterQuery = new AccessTokenCQ();
         boolLambda.callback(mustQuery, shouldQuery, mustNotQuery, filterQuery);
         if (mustQuery.hasQueries() || shouldQuery.hasQueries() || mustNotQuery.hasQueries() || filterQuery.hasQueries()) {
             BoolQueryBuilder builder =
@@ -152,12 +152,12 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         setId_Terms(idList, opLambda);
     }
 
-    public BsApiTokenCQ addOrderBy_Id_Asc() {
+    public BsAccessTokenCQ addOrderBy_Id_Asc() {
         regOBA("_id");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_Id_Desc() {
+    public BsAccessTokenCQ addOrderBy_Id_Desc() {
         regOBD("_id");
         return this;
     }
@@ -359,12 +359,12 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         }
     }
 
-    public BsApiTokenCQ addOrderBy_Name_Asc() {
+    public BsAccessTokenCQ addOrderBy_Name_Asc() {
         regOBA("name");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_Name_Desc() {
+    public BsAccessTokenCQ addOrderBy_Name_Desc() {
         regOBD("name");
         return this;
     }
@@ -566,16 +566,430 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         }
     }
 
-    public BsApiTokenCQ addOrderBy_Token_Asc() {
+    public BsAccessTokenCQ addOrderBy_Token_Asc() {
         regOBA("token");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_Token_Desc() {
+    public BsAccessTokenCQ addOrderBy_Token_Desc() {
         regOBD("token");
         return this;
     }
 
+    public void setPermissions_Equal(String permissions) {
+        setPermissions_Term(permissions, null);
+    }
+
+    public void setPermissions_Equal(String permissions, ConditionOptionCall<TermQueryBuilder> opLambda) {
+        setPermissions_Term(permissions, opLambda);
+    }
+
+    public void setPermissions_Term(String permissions) {
+        setPermissions_Term(permissions, null);
+    }
+
+    public void setPermissions_Term(String permissions, ConditionOptionCall<TermQueryBuilder> opLambda) {
+        TermQueryBuilder builder = regTermQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_NotEqual(String permissions) {
+        setPermissions_NotTerm(permissions, null);
+    }
+
+    public void setPermissions_NotTerm(String permissions) {
+        setPermissions_NotTerm(permissions, null);
+    }
+
+    public void setPermissions_NotEqual(String permissions, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        setPermissions_NotTerm(permissions, opLambda);
+    }
+
+    public void setPermissions_NotTerm(String permissions, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        not(not -> not.setPermissions_Term(permissions), opLambda);
+    }
+
+    public void setPermissions_Terms(Collection<String> permissionsList) {
+        setPermissions_Terms(permissionsList, null);
+    }
+
+    public void setPermissions_Terms(Collection<String> permissionsList, ConditionOptionCall<TermsQueryBuilder> opLambda) {
+        TermsQueryBuilder builder = regTermsQ("permissions", permissionsList);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_InScope(Collection<String> permissionsList) {
+        setPermissions_Terms(permissionsList, null);
+    }
+
+    public void setPermissions_InScope(Collection<String> permissionsList, ConditionOptionCall<TermsQueryBuilder> opLambda) {
+        setPermissions_Terms(permissionsList, opLambda);
+    }
+
+    public void setPermissions_Match(String permissions) {
+        setPermissions_Match(permissions, null);
+    }
+
+    public void setPermissions_Match(String permissions, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_MatchPhrase(String permissions) {
+        setPermissions_MatchPhrase(permissions, null);
+    }
+
+    public void setPermissions_MatchPhrase(String permissions, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchPhraseQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_MatchPhrasePrefix(String permissions) {
+        setPermissions_MatchPhrasePrefix(permissions, null);
+    }
+
+    public void setPermissions_MatchPhrasePrefix(String permissions, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchPhrasePrefixQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_Fuzzy(String permissions) {
+        setPermissions_Fuzzy(permissions, null);
+    }
+
+    public void setPermissions_Fuzzy(String permissions, ConditionOptionCall<FuzzyQueryBuilder> opLambda) {
+        FuzzyQueryBuilder builder = regFuzzyQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_Prefix(String permissions) {
+        setPermissions_Prefix(permissions, null);
+    }
+
+    public void setPermissions_Prefix(String permissions, ConditionOptionCall<PrefixQueryBuilder> opLambda) {
+        PrefixQueryBuilder builder = regPrefixQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_Wildcard(String permissions) {
+        setPermissions_Wildcard(permissions, null);
+    }
+
+    public void setPermissions_Wildcard(String permissions, ConditionOptionCall<WildcardQueryBuilder> opLambda) {
+        WildcardQueryBuilder builder = regWildcardQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_Regexp(String permissions) {
+        setPermissions_Regexp(permissions, null);
+    }
+
+    public void setPermissions_Regexp(String permissions, ConditionOptionCall<RegexpQueryBuilder> opLambda) {
+        RegexpQueryBuilder builder = regRegexpQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_GreaterThan(String permissions) {
+        setPermissions_GreaterThan(permissions, null);
+    }
+
+    public void setPermissions_GreaterThan(String permissions, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("permissions", ConditionKey.CK_GREATER_THAN, permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_LessThan(String permissions) {
+        setPermissions_LessThan(permissions, null);
+    }
+
+    public void setPermissions_LessThan(String permissions, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("permissions", ConditionKey.CK_LESS_THAN, permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_GreaterEqual(String permissions) {
+        setPermissions_GreaterEqual(permissions, null);
+    }
+
+    public void setPermissions_GreaterEqual(String permissions, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("permissions", ConditionKey.CK_GREATER_EQUAL, permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_LessEqual(String permissions) {
+        setPermissions_LessEqual(permissions, null);
+    }
+
+    public void setPermissions_LessEqual(String permissions, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("permissions", ConditionKey.CK_LESS_EQUAL, permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_Exists() {
+        setPermissions_Exists(null);
+    }
+
+    public void setPermissions_Exists(ConditionOptionCall<ExistsQueryBuilder> opLambda) {
+        ExistsQueryBuilder builder = regExistsQ("permissions");
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setPermissions_CommonTerms(String permissions) {
+        setPermissions_CommonTerms(permissions, null);
+    }
+
+    public void setPermissions_CommonTerms(String permissions, ConditionOptionCall<CommonTermsQueryBuilder> opLambda) {
+        CommonTermsQueryBuilder builder = regCommonTermsQ("permissions", permissions);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public BsAccessTokenCQ addOrderBy_Permissions_Asc() {
+        regOBA("permissions");
+        return this;
+    }
+
+    public BsAccessTokenCQ addOrderBy_Permissions_Desc() {
+        regOBD("permissions");
+        return this;
+    }
+
+    public void setParameterName_Equal(String parameterName) {
+        setParameterName_Term(parameterName, null);
+    }
+
+    public void setParameterName_Equal(String parameterName, ConditionOptionCall<TermQueryBuilder> opLambda) {
+        setParameterName_Term(parameterName, opLambda);
+    }
+
+    public void setParameterName_Term(String parameterName) {
+        setParameterName_Term(parameterName, null);
+    }
+
+    public void setParameterName_Term(String parameterName, ConditionOptionCall<TermQueryBuilder> opLambda) {
+        TermQueryBuilder builder = regTermQ("parameter_name", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_NotEqual(String parameterName) {
+        setParameterName_NotTerm(parameterName, null);
+    }
+
+    public void setParameterName_NotTerm(String parameterName) {
+        setParameterName_NotTerm(parameterName, null);
+    }
+
+    public void setParameterName_NotEqual(String parameterName, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        setParameterName_NotTerm(parameterName, opLambda);
+    }
+
+    public void setParameterName_NotTerm(String parameterName, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        not(not -> not.setParameterName_Term(parameterName), opLambda);
+    }
+
+    public void setParameterName_Terms(Collection<String> parameterNameList) {
+        setParameterName_Terms(parameterNameList, null);
+    }
+
+    public void setParameterName_Terms(Collection<String> parameterNameList, ConditionOptionCall<TermsQueryBuilder> opLambda) {
+        TermsQueryBuilder builder = regTermsQ("parameter_name", parameterNameList);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_InScope(Collection<String> parameterNameList) {
+        setParameterName_Terms(parameterNameList, null);
+    }
+
+    public void setParameterName_InScope(Collection<String> parameterNameList, ConditionOptionCall<TermsQueryBuilder> opLambda) {
+        setParameterName_Terms(parameterNameList, opLambda);
+    }
+
+    public void setParameterName_Match(String parameterName) {
+        setParameterName_Match(parameterName, null);
+    }
+
+    public void setParameterName_Match(String parameterName, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchQ("parameter_name", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_MatchPhrase(String parameterName) {
+        setParameterName_MatchPhrase(parameterName, null);
+    }
+
+    public void setParameterName_MatchPhrase(String parameterName, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchPhraseQ("parameter_name", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_MatchPhrasePrefix(String parameterName) {
+        setParameterName_MatchPhrasePrefix(parameterName, null);
+    }
+
+    public void setParameterName_MatchPhrasePrefix(String parameterName, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchPhrasePrefixQ("parameter_name", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_Fuzzy(String parameterName) {
+        setParameterName_Fuzzy(parameterName, null);
+    }
+
+    public void setParameterName_Fuzzy(String parameterName, ConditionOptionCall<FuzzyQueryBuilder> opLambda) {
+        FuzzyQueryBuilder builder = regFuzzyQ("parameter_name", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_Prefix(String parameterName) {
+        setParameterName_Prefix(parameterName, null);
+    }
+
+    public void setParameterName_Prefix(String parameterName, ConditionOptionCall<PrefixQueryBuilder> opLambda) {
+        PrefixQueryBuilder builder = regPrefixQ("parameter_name", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_Wildcard(String parameterName) {
+        setParameterName_Wildcard(parameterName, null);
+    }
+
+    public void setParameterName_Wildcard(String parameterName, ConditionOptionCall<WildcardQueryBuilder> opLambda) {
+        WildcardQueryBuilder builder = regWildcardQ("parameterName", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_Regexp(String parameterName) {
+        setParameterName_Regexp(parameterName, null);
+    }
+
+    public void setParameterName_Regexp(String parameterName, ConditionOptionCall<RegexpQueryBuilder> opLambda) {
+        RegexpQueryBuilder builder = regRegexpQ("parameterName", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_GreaterThan(String parameterName) {
+        setParameterName_GreaterThan(parameterName, null);
+    }
+
+    public void setParameterName_GreaterThan(String parameterName, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("parameter_name", ConditionKey.CK_GREATER_THAN, parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_LessThan(String parameterName) {
+        setParameterName_LessThan(parameterName, null);
+    }
+
+    public void setParameterName_LessThan(String parameterName, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("parameter_name", ConditionKey.CK_LESS_THAN, parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_GreaterEqual(String parameterName) {
+        setParameterName_GreaterEqual(parameterName, null);
+    }
+
+    public void setParameterName_GreaterEqual(String parameterName, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("parameter_name", ConditionKey.CK_GREATER_EQUAL, parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_LessEqual(String parameterName) {
+        setParameterName_LessEqual(parameterName, null);
+    }
+
+    public void setParameterName_LessEqual(String parameterName, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("parameter_name", ConditionKey.CK_LESS_EQUAL, parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_Exists() {
+        setParameterName_Exists(null);
+    }
+
+    public void setParameterName_Exists(ConditionOptionCall<ExistsQueryBuilder> opLambda) {
+        ExistsQueryBuilder builder = regExistsQ("parameterName");
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setParameterName_CommonTerms(String parameterName) {
+        setParameterName_CommonTerms(parameterName, null);
+    }
+
+    public void setParameterName_CommonTerms(String parameterName, ConditionOptionCall<CommonTermsQueryBuilder> opLambda) {
+        CommonTermsQueryBuilder builder = regCommonTermsQ("parameterName", parameterName);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public BsAccessTokenCQ addOrderBy_ParameterName_Asc() {
+        regOBA("parameter_name");
+        return this;
+    }
+
+    public BsAccessTokenCQ addOrderBy_ParameterName_Desc() {
+        regOBD("parameter_name");
+        return this;
+    }
+
     public void setCreatedBy_Equal(String createdBy) {
         setCreatedBy_Term(createdBy, null);
     }
@@ -773,12 +1187,12 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         }
     }
 
-    public BsApiTokenCQ addOrderBy_CreatedBy_Asc() {
+    public BsAccessTokenCQ addOrderBy_CreatedBy_Asc() {
         regOBA("createdBy");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_CreatedBy_Desc() {
+    public BsAccessTokenCQ addOrderBy_CreatedBy_Desc() {
         regOBD("createdBy");
         return this;
     }
@@ -947,12 +1361,12 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         }
     }
 
-    public BsApiTokenCQ addOrderBy_CreatedTime_Asc() {
+    public BsAccessTokenCQ addOrderBy_CreatedTime_Asc() {
         regOBA("createdTime");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_CreatedTime_Desc() {
+    public BsAccessTokenCQ addOrderBy_CreatedTime_Desc() {
         regOBD("createdTime");
         return this;
     }
@@ -1154,12 +1568,12 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         }
     }
 
-    public BsApiTokenCQ addOrderBy_UpdatedBy_Asc() {
+    public BsAccessTokenCQ addOrderBy_UpdatedBy_Asc() {
         regOBA("updatedBy");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_UpdatedBy_Desc() {
+    public BsAccessTokenCQ addOrderBy_UpdatedBy_Desc() {
         regOBD("updatedBy");
         return this;
     }
@@ -1328,12 +1742,12 @@ public abstract class BsApiTokenCQ extends EsAbstractConditionQuery {
         }
     }
 
-    public BsApiTokenCQ addOrderBy_UpdatedTime_Asc() {
+    public BsAccessTokenCQ addOrderBy_UpdatedTime_Asc() {
         regOBA("updatedTime");
         return this;
     }
 
-    public BsApiTokenCQ addOrderBy_UpdatedTime_Desc() {
+    public BsAccessTokenCQ addOrderBy_UpdatedTime_Desc() {
         regOBD("updatedTime");
         return this;
     }

src/main/java/org/codelibs/fess/es/config/exbhv/ApiTokenBhv.java → src/main/java/org/codelibs/fess/es/config/exbhv/AccessTokenBhv.java

@@ -15,11 +15,11 @@
  */
 package org.codelibs.fess.es.config.exbhv;
 
-import org.codelibs.fess.es.config.bsbhv.BsApiTokenBhv;
+import org.codelibs.fess.es.config.bsbhv.BsAccessTokenBhv;
 
 /**
  * @author FreeGen
  */
-public class ApiTokenBhv extends BsApiTokenBhv {
+public class AccessTokenBhv extends BsAccessTokenBhv {
 
 }

src/main/java/org/codelibs/fess/es/config/exentity/ApiToken.java → src/main/java/org/codelibs/fess/es/config/exentity/AccessToken.java

@@ -15,12 +15,14 @@
  */
 package org.codelibs.fess.es.config.exentity;
 
-import org.codelibs.fess.es.config.bsentity.BsApiToken;
+import java.util.Arrays;
+
+import org.codelibs.fess.es.config.bsentity.BsAccessToken;
 
 /**
  * @author ESFlute (using FreeGen)
  */
-public class ApiToken extends BsApiToken {
+public class AccessToken extends BsAccessToken {
 
     private static final long serialVersionUID = 1L;
 
@@ -42,8 +44,9 @@ public class ApiToken extends BsApiToken {
 
     @Override
     public String toString() {
-        return "ApiToken [name=" + name + ", token=" + token + ", createdBy=" + createdBy + ", createdTime=" + createdTime + ", updatedBy="
-                + updatedBy + ", updatedTime=" + updatedTime + ", docMeta=" + docMeta + "]";
+        return "AccessToken [name=" + name + ", token=" + token + ", permissions=" + Arrays.toString(permissions) + ", parameterName="
+                + parameterName + ", createdBy=" + createdBy + ", createdTime=" + createdTime + ", updatedBy=" + updatedBy
+                + ", updatedTime=" + updatedTime + ", docMeta=" + docMeta + "]";
     }
 
 }

src/main/java/org/codelibs/fess/exception/InvalidAccessTokenException.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2012-2016 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.exception;
+
+public class InvalidAccessTokenException extends FessSystemException {
+
+    private static final long serialVersionUID = 1L;
+
+    private final String type;
+
+    public InvalidAccessTokenException(final String type, final String message) {
+        super(message);
+        this.type = type;
+    }
+
+    public String getType() {
+        return type;
+    }
+
+}

src/main/java/org/codelibs/fess/helper/DocumentHelper.java

@@ -119,7 +119,7 @@ public class DocumentHelper {
         final long startTime = System.currentTimeMillis();
         try (final ResponseData responseData = client.execute(RequestDataBuilder.newRequestData().get().url(url).build())) {
             if (responseData.getRedirectLocation() != null) {
-                Set<RequestData> childUrlList = new HashSet<>();
+                final Set<RequestData> childUrlList = new HashSet<>();
                 childUrlList.add(RequestDataBuilder.newRequestData().get().url(responseData.getRedirectLocation()).build());
                 throw new ChildUrlsException(childUrlList, "Redirected from " + url);
             }

src/main/java/org/codelibs/fess/helper/JobHelper.java

@@ -137,17 +137,17 @@ public class JobHelper {
     }
 
     public TimeoutTask startMonitorTask(final JobLog jobLog) {
-        TimeoutTarget target = new MonitorTarget(jobLog);
+        final TimeoutTarget target = new MonitorTarget(jobLog);
         return TimeoutManager.getInstance().addTimeoutTarget(target, monitorInterval, true);
     }
 
-    public void setMonitorInterval(int monitorInterval) {
+    public void setMonitorInterval(final int monitorInterval) {
         this.monitorInterval = monitorInterval;
     }
 
     static class MonitorTarget implements TimeoutTarget {
 
-        private JobLog jobLog;
+        private final JobLog jobLog;
 
         public MonitorTarget(final JobLog jobLog) {
             this.jobLog = jobLog;

src/main/java/org/codelibs/fess/helper/KeyMatchHelper.java

@@ -26,6 +26,7 @@ import javax.annotation.PostConstruct;
 import org.codelibs.core.misc.Pair;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.service.KeyMatchService;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.es.client.FessEsClient;
 import org.codelibs.fess.es.client.FessEsClient.SearchConditionBuilder;
 import org.codelibs.fess.es.config.exentity.KeyMatch;
@@ -100,8 +101,8 @@ public class KeyMatchHelper {
                         fessConfig.getIndexDocumentType(),
                         searchRequestBuilder -> {
                             return SearchConditionBuilder.builder(searchRequestBuilder.setPreference(Constants.SEARCH_PREFERENCE_PRIMARY))
-                                    .administrativeAccess(true).size(keyMatch.getMaxSize()).query(keyMatch.getQuery())
-                                    .responseFields(new String[] { fessConfig.getIndexFieldDocId() }).build();
+                                    .searchRequestType(SearchRequestType.ADMIN_SEARCH).size(keyMatch.getMaxSize())
+                                    .query(keyMatch.getQuery()).responseFields(new String[] { fessConfig.getIndexFieldDocId() }).build();
                         });
         return documentList;
     }

src/main/java/org/codelibs/fess/helper/LabelTypeHelper.java

@@ -33,6 +33,7 @@ import javax.annotation.Resource;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.service.LabelTypeService;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.es.config.exentity.LabelType;
 import org.codelibs.fess.util.ComponentUtil;
 import org.slf4j.Logger;
@@ -70,13 +71,13 @@ public class LabelTypeHelper {
         labelTypeItemList = itemList;
     }
 
-    public List<Map<String, String>> getLabelTypeItemList() {
+    public List<Map<String, String>> getLabelTypeItemList(final SearchRequestType searchRequestType) {
         if (labelTypeItemList == null) {
             init();
         }
 
         final List<Map<String, String>> itemList = new ArrayList<>();
-        final Set<String> roleSet = roleQueryHelper.build();
+        final Set<String> roleSet = roleQueryHelper.build(searchRequestType);
         if (roleSet.isEmpty()) {
             for (final LabelTypeItem item : labelTypeItemList) {
                 if (item.getPermissions().length == 0) {

src/main/java/org/codelibs/fess/helper/PopularWordHelper.java

@@ -26,6 +26,7 @@ import java.util.concurrent.TimeUnit;
 import javax.annotation.PostConstruct;
 
 import org.codelibs.core.lang.StringUtil;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.suggest.request.popularwords.PopularWordsRequestBuilder;
 import org.codelibs.fess.util.ComponentUtil;
@@ -52,12 +53,12 @@ public class PopularWordHelper {
                         .expireAfterWrite(fessConfig.getSuggestPopularWordCacheExpireAsInteger().longValue(), TimeUnit.MINUTES).build();
     }
 
-    public List<String> getWordList(final String seed, final String[] tags, final String[] roles, final String[] fields,
-            final String[] excludes) {
+    public List<String> getWordList(final SearchRequestType searchRequestType, final String seed, final String[] tags,
+            final String[] roles, final String[] fields, final String[] excludes) {
         final String baseSeed = seed != null ? seed : fessConfig.getSuggestPopularWordSeed();
         final String[] baseTags = tags != null ? tags : fessConfig.getSuggestPopularWordTagsAsArray();
         final String[] baseRoles =
-                roles != null ? roles : ComponentUtil.getRoleQueryHelper().build().stream().filter(StringUtil::isNotBlank)
+                roles != null ? roles : ComponentUtil.getRoleQueryHelper().build(searchRequestType).stream().filter(StringUtil::isNotBlank)
                         .toArray(n -> new String[n]);
         final String[] baseFields = fields != null ? fields : fessConfig.getSuggestPopularWordFieldsAsArray();
         final String[] baseExcludes = excludes != null ? excludes : fessConfig.getSuggestPopularWordExcludesAsArray();

src/main/java/org/codelibs/fess/helper/QueryHelper.java

@@ -53,6 +53,7 @@ import org.codelibs.fess.Constants;
 import org.codelibs.fess.entity.FacetInfo;
 import org.codelibs.fess.entity.GeoInfo;
 import org.codelibs.fess.entity.QueryContext;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.exception.InvalidQueryException;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
@@ -283,7 +284,7 @@ public class QueryHelper {
         }
     }
 
-    public QueryContext build(final String query, final Consumer<QueryContext> context) {
+    public QueryContext build(final SearchRequestType searchRequestType, final String query, final Consumer<QueryContext> context) {
         String q;
         if (additionalQuery != null && StringUtil.isNotBlank(query)) {
             q = query + " " + additionalQuery;
@@ -294,7 +295,7 @@ public class QueryHelper {
         final QueryContext queryContext = new QueryContext(q, true);
         buildBaseQuery(queryContext, context);
         buildBoostQuery(queryContext);
-        buildRoleQuery(queryContext);
+        buildRoleQuery(queryContext, searchRequestType);
 
         if (!queryContext.hasSorts() && defaultSortBuilders != null) {
             queryContext.addSorts(defaultSortBuilders);
@@ -302,9 +303,9 @@ public class QueryHelper {
         return queryContext;
     }
 
-    protected void buildRoleQuery(final QueryContext queryContext) {
+    protected void buildRoleQuery(final QueryContext queryContext, final SearchRequestType searchRequestType) {
         if (roleQueryHelper != null && queryContext.roleQueryEnabled()) {
-            final Set<String> roleSet = roleQueryHelper.build();
+            final Set<String> roleSet = roleQueryHelper.build(searchRequestType);
             if (!roleSet.isEmpty()) {
                 queryContext.addQuery(boolQuery -> {
                     final BoolQueryBuilder roleQuery = QueryBuilders.boolQuery();

src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java

@@ -18,7 +18,6 @@ package org.codelibs.fess.helper;
 import static org.codelibs.core.stream.StreamUtil.stream;
 
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -31,6 +30,9 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.codelibs.core.crypto.CachedCipher;
 import org.codelibs.core.lang.StringUtil;
+import org.codelibs.fess.app.service.AccessTokenService;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
+import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.mylasta.action.FessUserBean;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
@@ -49,6 +51,8 @@ import org.slf4j.LoggerFactory;
  */
 public class RoleQueryHelper {
 
+    private static final String USER_ROLES = "userRoles";
+
     private static final Logger logger = LoggerFactory.getLogger(RoleQueryHelper.class);
 
     public CachedCipher cipher;
@@ -80,80 +84,125 @@ public class RoleQueryHelper {
         }));
     }
 
-    public Set<String> build() {
-        final Set<String> roleList = new HashSet<>();
+    public Set<String> build(final SearchRequestType searchRequestType) {
+        final Set<String> roleSet = new HashSet<>();
         final HttpServletRequest request = LaRequestUtil.getOptionalRequest().orElse(null);
+        final boolean isApiRequest =
+                !SearchRequestType.SEARCH.equals(searchRequestType) && !SearchRequestType.ADMIN_SEARCH.equals(searchRequestType);
+
+        if (request != null) {
+            @SuppressWarnings("unchecked")
+            final Set<String> list = (Set<String>) request.getAttribute(USER_ROLES);
+            if (list != null) {
+                return list;
+            }
 
-        // request parameter
-        if (request != null && StringUtil.isNotBlank(parameterKey)) {
-            roleList.addAll(buildByParameter(request));
-        }
+            // request parameter
+            if (StringUtil.isNotBlank(parameterKey)) {
+                processParameter(request, roleSet);
+            }
 
-        // request header
-        if (request != null && StringUtil.isNotBlank(headerKey)) {
-            roleList.addAll(buildByHeader(request));
-        }
+            // request header
+            if (StringUtil.isNotBlank(headerKey)) {
+                processHeader(request, roleSet);
+            }
 
-        // cookie
-        if (request != null && StringUtil.isNotBlank(cookieKey)) {
-            roleList.addAll(buildByCookie(request));
-        }
+            // cookie
+            if (StringUtil.isNotBlank(cookieKey)) {
+                processCookie(request, roleSet);
+            }
+
+            // cookie mapping
+            if (cookieNameMap != null) {
+                buildByCookieNameMapping(request, roleSet);
+            }
 
-        // cookie mapping
-        if (cookieNameMap != null) {
-            roleList.addAll(buildByCookieNameMapping(request));
+            if (isApiRequest) {
+                processAccessToken(request, roleSet);
+            }
         }
 
         final FessConfig fessConfig = ComponentUtil.getFessConfig();
         final RequestManager requestManager = ComponentUtil.getRequestManager();
         try {
             requestManager.findUserBean(FessUserBean.class)
-                    .ifPresent(fessUserBean -> stream(fessUserBean.getPermissions()).of(stream -> stream.forEach(roleList::add)))
-                    .orElse(() -> roleList.addAll(fessConfig.getSearchGuestPermissionList()));
+                    .ifPresent(fessUserBean -> stream(fessUserBean.getPermissions()).of(stream -> stream.forEach(roleSet::add)))
+                    .orElse(() -> {
+                        if (isApiRequest && ComponentUtil.getFessConfig().getApiAccessTokenRequiredAsBoolean()) {
+                            throw new InvalidAccessTokenException("invalid_token", "Access token is requried.");
+                        }
+                        roleSet.addAll(fessConfig.getSearchGuestPermissionList());
+                    });
         } catch (final RuntimeException e) {
             requestManager.findLoginManager(FessUserBean.class).ifPresent(manager -> manager.logout());
             throw e;
         }
 
         if (defaultRoleList != null) {
-            roleList.addAll(defaultRoleList);
+            roleSet.addAll(defaultRoleList);
         }
 
         if (logger.isDebugEnabled()) {
-            logger.debug("roleList: " + roleList);
+            logger.debug("roleSet: " + roleSet);
+        }
+
+        if (request != null) {
+            request.setAttribute(USER_ROLES, roleSet);
+        }
+        return roleSet;
+    }
+
+    protected void processAccessToken(final HttpServletRequest request, final Set<String> roleSet) {
+        final String token = request.getHeader("Authorization");
+        if (StringUtil.isNotBlank(token)) {
+            final AccessTokenService accessTokenService = ComponentUtil.getComponent(AccessTokenService.class);
+            accessTokenService.getAccessTokenByToken(token).ifPresent(accessToken -> {
+                stream(accessToken.getPermissions()).of(stream -> stream.forEach(roleSet::add));
+                final String name = accessToken.getParameterName();
+                stream(request.getParameterValues(name)).of(stream -> stream.filter(StringUtil::isNotBlank).forEach(roleSet::add));
+            }).orElse(() -> {
+                throw new InvalidAccessTokenException("invalid_token", "Invalid token: " + token);
+            });
         }
 
-        return roleList;
     }
 
-    protected Set<String> buildByParameter(final HttpServletRequest request) {
+    protected String getAccessToken(final HttpServletRequest request) {
+        final String token = request.getHeader("Authorization");
+        if (token != null) {
+            final String[] values = token.trim().split(" ");
+            if (values.length == 2 && "Bearer".equals(values[0])) {
+                return values[1];
+            }
+            throw new InvalidAccessTokenException("invalid_request", "Invalid format: " + token);
+        }
+        return request.getParameter("access_token");
+    }
 
+    protected void processParameter(final HttpServletRequest request, final Set<String> roleSet) {
         final String parameter = request.getParameter(parameterKey);
         if (logger.isDebugEnabled()) {
             logger.debug(parameterKey + ":" + parameter);
         }
         if (StringUtil.isNotEmpty(parameter)) {
-            return decodedRoleList(parameter, encryptedParameterValue);
+            parseRoleSet(parameter, encryptedParameterValue, roleSet);
         }
 
-        return Collections.emptySet();
     }
 
-    protected Set<String> buildByHeader(final HttpServletRequest request) {
+    protected void processHeader(final HttpServletRequest request, final Set<String> roleSet) {
 
         final String parameter = request.getHeader(headerKey);
         if (logger.isDebugEnabled()) {
             logger.debug(headerKey + ":" + parameter);
         }
         if (StringUtil.isNotEmpty(parameter)) {
-            return decodedRoleList(parameter, encryptedHeaderValue);
+            parseRoleSet(parameter, encryptedHeaderValue, roleSet);
         }
 
-        return Collections.emptySet();
-
     }
 
-    protected Set<String> buildByCookie(final HttpServletRequest request) {
+    protected void processCookie(final HttpServletRequest request, final Set<String> roleSet) {
 
         final Cookie[] cookies = request.getCookies();
         if (cookies != null) {
@@ -164,26 +213,22 @@ public class RoleQueryHelper {
                         logger.debug(cookieKey + ":" + value);
                     }
                     if (StringUtil.isNotEmpty(value)) {
-                        return decodedRoleList(value, encryptedCookieValue);
+                        parseRoleSet(value, encryptedCookieValue, roleSet);
                     }
                 }
             }
         }
 
-        return Collections.emptySet();
     }
 
-    protected Set<String> buildByCookieNameMapping(final HttpServletRequest request) {
-
-        final Set<String> roleNameSet = new HashSet<>();
+    protected void buildByCookieNameMapping(final HttpServletRequest request, final Set<String> roleSet) {
         final Cookie[] cookies = request.getCookies();
         if (cookies != null) {
             for (final Cookie cookie : cookies) {
-                addRoleFromCookieMapping(roleNameSet, cookie);
+                addRoleFromCookieMapping(roleSet, cookie);
             }
         }
 
-        return roleNameSet;
     }
 
     protected void addRoleFromCookieMapping(final Set<String> roleNameList, final Cookie cookie) {
@@ -193,13 +238,12 @@ public class RoleQueryHelper {
         }
     }
 
-    protected Set<String> decodedRoleList(final String value, final boolean encrypted) {
+    protected void parseRoleSet(final String value, final boolean encrypted, final Set<String> roleSet) {
         String rolesStr = value;
         if (encrypted && cipher != null) {
             rolesStr = cipher.decryptoText(rolesStr);
         }
 
-        final Set<String> roleSet = new HashSet<>();
         if (valueSeparator.length() > 0) {
             final String[] values = rolesStr.split(valueSeparator);
             if (values.length > 1) {
@@ -218,7 +262,6 @@ public class RoleQueryHelper {
                 }
             }
         }
-        return roleSet;
     }
 
     public void addCookieNameMapping(final String cookieName, final String roleName) {

src/main/java/org/codelibs/fess/helper/SearchLogHelper.java

@@ -33,6 +33,7 @@ import org.codelibs.core.collection.LruHashMap;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.service.SearchService;
+import org.codelibs.fess.entity.SearchRequestParams;
 import org.codelibs.fess.es.log.exbhv.ClickLogBhv;
 import org.codelibs.fess.es.log.exbhv.FavoriteLogBhv;
 import org.codelibs.fess.es.log.exbhv.SearchFieldLogBhv;
@@ -72,8 +73,8 @@ public class SearchLogHelper {
         userInfoCache = new LruHashMap<>(userInfoCacheSize);
     }
 
-    public void addSearchLog(final LocalDateTime requestedTime, final String queryId, final String query, final int pageStart,
-            final int pageSize, final QueryResponseList queryResponseList) {
+    public void addSearchLog(final SearchRequestParams params, final LocalDateTime requestedTime, final String queryId, final String query,
+            final int pageStart, final int pageSize, final QueryResponseList queryResponseList) {
 
         final RoleQueryHelper roleQueryHelper = ComponentUtil.getRoleQueryHelper();
         final UserInfoHelper userInfoHelper = ComponentUtil.getUserInfoHelper();
@@ -86,7 +87,7 @@ public class SearchLogHelper {
             }
         }
 
-        searchLog.setRoles(roleQueryHelper.build().stream().toArray(n -> new String[n]));
+        searchLog.setRoles(roleQueryHelper.build(params.getType()).stream().toArray(n -> new String[n]));
         searchLog.setQueryId(queryId);
         searchLog.setHitCount(queryResponseList.getAllRecordCount());
         searchLog.setResponseTime(queryResponseList.getExecTime());

src/main/java/org/codelibs/fess/helper/SystemHelper.java

@@ -303,12 +303,12 @@ public class SystemHelper {
         ComponentUtil.getJobManager().reboot();
     }
 
-    public String generateApiToken() {
-        return RandomStringUtils.random(ComponentUtil.getFessConfig().getApiTokenLengthAsInteger().intValue(), 0, 0, true, true, null,
-                random);
+    public String generateAccessToken() {
+        return RandomStringUtils.random(ComponentUtil.getFessConfig().getApiAccessTokenLengthAsInteger().intValue(), 0, 0, true, true,
+                null, random);
     }
 
-    public void setRandom(Random random) {
+    public void setRandom(final Random random) {
         this.random = random;
     }
 

src/main/java/org/codelibs/fess/mylasta/action/FessHtmlPath.java

@@ -23,14 +23,14 @@ import org.lastaflute.web.response.next.HtmlNext;
  */
 public interface FessHtmlPath {
 
-    /** The path of the HTML: /admin/apitoken/admin_apitoken.jsp */
-    HtmlNext path_AdminApitoken_AdminApitokenJsp = new HtmlNext("/admin/apitoken/admin_apitoken.jsp");
+    /** The path of the HTML: /admin/accesstoken/admin_accesstoken.jsp */
+    HtmlNext path_AdminAccesstoken_AdminAccesstokenJsp = new HtmlNext("/admin/accesstoken/admin_accesstoken.jsp");
 
-    /** The path of the HTML: /admin/apitoken/admin_apitoken_details.jsp */
-    HtmlNext path_AdminApitoken_AdminApitokenDetailsJsp = new HtmlNext("/admin/apitoken/admin_apitoken_details.jsp");
+    /** The path of the HTML: /admin/accesstoken/admin_accesstoken_details.jsp */
+    HtmlNext path_AdminAccesstoken_AdminAccesstokenDetailsJsp = new HtmlNext("/admin/accesstoken/admin_accesstoken_details.jsp");
 
-    /** The path of the HTML: /admin/apitoken/admin_apitoken_edit.jsp */
-    HtmlNext path_AdminApitoken_AdminApitokenEditJsp = new HtmlNext("/admin/apitoken/admin_apitoken_edit.jsp");
+    /** The path of the HTML: /admin/accesstoken/admin_accesstoken_edit.jsp */
+    HtmlNext path_AdminAccesstoken_AdminAccesstokenEditJsp = new HtmlNext("/admin/accesstoken/admin_accesstoken_edit.jsp");
 
     /** The path of the HTML: /admin/backup/admin_backup.jsp */
     HtmlNext path_AdminBackup_AdminBackupJsp = new HtmlNext("/admin/backup/admin_backup.jsp");

src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java

@@ -560,8 +560,8 @@ public class FessLabels extends UserMessages {
     /** The key of the message: Back Up */
     public static final String LABELS_menu_backup = "{labels.menu_backup}";
 
-    /** The key of the message: API Token */
-    public static final String LABELS_menu_api_token = "{labels.menu_api_token}";
+    /** The key of the message: Access Token */
+    public static final String LABELS_menu_access_token = "{labels.menu_access_token}";
 
     /** The key of the message: Search... */
     public static final String LABELS_SIDEBAR_placeholder_search = "{labels.sidebar.placeholder_search}";
@@ -2082,23 +2082,23 @@ public class FessLabels extends UserMessages {
     /** The key of the message: Sort Order */
     public static final String LABELS_boost_document_rule_sort_order = "{labels.boost_document_rule_sort_order}";
 
-    /** The key of the message: API Token */
-    public static final String LABELS_api_token_configuration = "{labels.api_token_configuration}";
+    /** The key of the message: Access Token */
+    public static final String LABELS_access_token_configuration = "{labels.access_token_configuration}";
 
-    /** The key of the message: API Token */
-    public static final String LABELS_api_token_title_details = "{labels.api_token_title_details}";
+    /** The key of the message: Access Token */
+    public static final String LABELS_access_token_title_details = "{labels.access_token_title_details}";
 
     /** The key of the message: Name */
-    public static final String LABELS_api_token_list_name = "{labels.api_token_list_name}";
+    public static final String LABELS_access_token_list_name = "{labels.access_token_list_name}";
 
     /** The key of the message: Name */
-    public static final String LABELS_api_token_name = "{labels.api_token_name}";
+    public static final String LABELS_access_token_name = "{labels.access_token_name}";
 
     /** The key of the message: Token */
-    public static final String LABELS_api_token_token = "{labels.api_token_token}";
+    public static final String LABELS_access_token_token = "{labels.access_token_token}";
 
     /** The key of the message: Created */
-    public static final String LABELS_api_token_updated_time = "{labels.api_token_updated_time}";
+    public static final String LABELS_access_token_updated_time = "{labels.access_token_updated_time}";
 
     /** The key of the message: Additional Word */
     public static final String LABELS_elevate_word_configuration = "{labels.elevate_word_configuration}";

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -117,7 +117,10 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     String SUPPORTED_LANGUAGES = "supported.languages";
 
     /** The key of the configuration. e.g. 60 */
-    String API_TOKEN_LENGTH = "api.token.length";
+    String API_ACCESS_TOKEN_LENGTH = "api.access.token.length";
+
+    /** The key of the configuration. e.g. false */
+    String API_ACCESS_TOKEN_REQUIRED = "api.access.token.required";
 
     /** The key of the configuration. e.g. 50 */
     String CRAWLER_DOCUMENT_MAX_SITE_LENGTH = "crawler.document.max.site.length";
@@ -775,8 +778,8 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. esreq */
     String ONLINE_HELP_NAME_ESREQ = "online.help.name.esreq";
 
-    /** The key of the configuration. e.g. apitoken */
-    String ONLINE_HELP_NAME_APITOKEN = "online.help.name.apitoken";
+    /** The key of the configuration. e.g. accesstoken */
+    String ONLINE_HELP_NAME_ACCESSTOKEN = "online.help.name.accesstoken";
 
     /** The key of the configuration. e.g. ja */
     String ONLINE_HELP_SUPPORTED_LANGS = "online.help.supported.langs";
@@ -1282,19 +1285,33 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     String getSupportedLanguages();
 
     /**
-     * Get the value for the key 'api.token.length'. <br>
+     * Get the value for the key 'api.access.token.length'. <br>
      * The value is, e.g. 60 <br>
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
-    String getApiTokenLength();
+    String getApiAccessTokenLength();
 
     /**
-     * Get the value for the key 'api.token.length' as {@link Integer}. <br>
+     * Get the value for the key 'api.access.token.length' as {@link Integer}. <br>
      * The value is, e.g. 60 <br>
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      * @throws NumberFormatException When the property is not integer.
      */
-    Integer getApiTokenLengthAsInteger();
+    Integer getApiAccessTokenLengthAsInteger();
+
+    /**
+     * Get the value for the key 'api.access.token.required'. <br>
+     * The value is, e.g. false <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getApiAccessTokenRequired();
+
+    /**
+     * Is the property for the key 'api.access.token.required' true? <br>
+     * The value is, e.g. false <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isApiAccessTokenRequired();
 
     /**
      * Get the value for the key 'crawler.document.max.site.length'. <br>
@@ -3468,11 +3485,11 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     String getOnlineHelpNameEsreq();
 
     /**
-     * Get the value for the key 'online.help.name.apitoken'. <br>
-     * The value is, e.g. apitoken <br>
+     * Get the value for the key 'online.help.name.accesstoken'. <br>
+     * The value is, e.g. accesstoken <br>
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
-    String getOnlineHelpNameApitoken();
+    String getOnlineHelpNameAccesstoken();
 
     /**
      * Get the value for the key 'online.help.supported.langs'. <br>
@@ -4432,12 +4449,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return get(FessConfig.SUPPORTED_LANGUAGES);
         }
 
-        public String getApiTokenLength() {
-            return get(FessConfig.API_TOKEN_LENGTH);
+        public String getApiAccessTokenLength() {
+            return get(FessConfig.API_ACCESS_TOKEN_LENGTH);
+        }
+
+        public Integer getApiAccessTokenLengthAsInteger() {
+            return getAsInteger(FessConfig.API_ACCESS_TOKEN_LENGTH);
+        }
+
+        public String getApiAccessTokenRequired() {
+            return get(FessConfig.API_ACCESS_TOKEN_REQUIRED);
         }
 
-        public Integer getApiTokenLengthAsInteger() {
-            return getAsInteger(FessConfig.API_TOKEN_LENGTH);
+        public boolean isApiAccessTokenRequired() {
+            return is(FessConfig.API_ACCESS_TOKEN_REQUIRED);
         }
 
         public String getCrawlerDocumentMaxSiteLength() {
@@ -5588,8 +5613,8 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return get(FessConfig.ONLINE_HELP_NAME_ESREQ);
         }
 
-        public String getOnlineHelpNameApitoken() {
-            return get(FessConfig.ONLINE_HELP_NAME_APITOKEN);
+        public String getOnlineHelpNameAccesstoken() {
+            return get(FessConfig.ONLINE_HELP_NAME_ACCESSTOKEN);
         }
 
         public String getOnlineHelpSupportedLangs() {

src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java

@@ -589,6 +589,12 @@ public interface FessProp {
         return Constants.TRUE.equalsIgnoreCase(getIndexerFavoriteCountEnabled());
     }
 
+    String getApiAccessTokenRequired();
+
+    public default boolean getApiAccessTokenRequiredAsBoolean() {
+        return Constants.TRUE.equalsIgnoreCase(getApiAccessTokenRequired());
+    }
+
     String getIndexerThreadDumpEnabled();
 
     public default boolean getIndexerThreadDumpEnabledAsBoolean() {
@@ -1306,7 +1312,7 @@ public interface FessProp {
     public default int[] getCrawlerDocumentSpaceCharsAsArray() {
         int[] spaceChars = (int[]) propMap.get(CRAWLER_DOCUMENT_SPACE_CHARS);
         if (spaceChars == null) {
-            String spaceStr = getCrawlerDocumentSpaceChars();
+            final String spaceStr = getCrawlerDocumentSpaceChars();
             if (spaceStr.startsWith("u")) {
                 spaceChars =
                         split(spaceStr, "u").get(
@@ -1326,7 +1332,7 @@ public interface FessProp {
 
     String getQueryAdditionalResponseFields();
 
-    public default String[] getQueryAdditionalResponseFields(String... fields) {
+    public default String[] getQueryAdditionalResponseFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalResponseFields(), ",").of(
@@ -1336,7 +1342,7 @@ public interface FessProp {
 
     String getQueryAdditionalCacheResponseFields();
 
-    public default String[] getQueryAdditionalCacheResponseFields(String... fields) {
+    public default String[] getQueryAdditionalCacheResponseFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalCacheResponseFields(), ",").of(
@@ -1346,7 +1352,7 @@ public interface FessProp {
 
     String getQueryAdditionalHighlightedFields();
 
-    public default String[] getQueryAdditionalHighlightedFields(String... fields) {
+    public default String[] getQueryAdditionalHighlightedFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalHighlightedFields(), ",").of(
@@ -1356,7 +1362,7 @@ public interface FessProp {
 
     String getQueryAdditionalSearchFields();
 
-    public default String[] getQueryAdditionalSearchFields(String... fields) {
+    public default String[] getQueryAdditionalSearchFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalSearchFields(), ",").of(
@@ -1366,7 +1372,7 @@ public interface FessProp {
 
     String getQueryAdditionalFacetFields();
 
-    public default String[] getQueryAdditionalFacetFields(String... fields) {
+    public default String[] getQueryAdditionalFacetFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalFacetFields(), ",").of(
@@ -1376,7 +1382,7 @@ public interface FessProp {
 
     String getQueryAdditionalSortFields();
 
-    public default String[] getQueryAdditionalSortFields(String... fields) {
+    public default String[] getQueryAdditionalSortFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalSortFields(), ",")
@@ -1386,7 +1392,7 @@ public interface FessProp {
 
     String getQueryAdditionalApiResponseFields();
 
-    public default String[] getQueryAdditionalApiResponseFields(String... fields) {
+    public default String[] getQueryAdditionalApiResponseFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalApiResponseFields(), ",").of(
@@ -1396,7 +1402,7 @@ public interface FessProp {
 
     String getQueryAdditionalNotAnalyzedFields();
 
-    public default String[] getQueryAdditionalNotAnalyzedFields(String... fields) {
+    public default String[] getQueryAdditionalNotAnalyzedFields(final String... fields) {
         final List<String> list = new ArrayList<>(fields.length + 10);
         stream(fields).of(stream -> stream.forEach(list::add));
         split(getQueryAdditionalNotAnalyzedFields(), ",").of(

src/main/resources/esflute_config.xml

@@ -8,7 +8,7 @@
 	<component name="behaviorCommandInvoker" class="org.dbflute.bhv.core.BehaviorCommandInvoker"/>
 
     <!-- The components of Behavior. -->
-    <component name="apiTokenBhv" class="org.codelibs.fess.es.config.exbhv.ApiTokenBhv"/>
+    <component name="accessTokenBhv" class="org.codelibs.fess.es.config.exbhv.AccessTokenBhv"/>
     <component name="boostDocumentRuleBhv" class="org.codelibs.fess.es.config.exbhv.BoostDocumentRuleBhv"/>
     <component name="crawlingInfoBhv" class="org.codelibs.fess.es.config.exbhv.CrawlingInfoBhv"/>
     <component name="crawlingInfoParamBhv" class="org.codelibs.fess.es.config.exbhv.CrawlingInfoParamBhv"/>

src/main/resources/fess_config.properties

@@ -71,7 +71,8 @@ supported.uploaded.css.extentions=css
 supported.uploaded.media.extentions=jpg,jpeg,gif,png,swf
 supported.uploaded.files=license.properties
 supported.languages=ar,bg,ca,da,de,el,en,es,eu,fa,fi,fr,ga,gl,hi,hu,hy,id,it,ja,lv,ko,nl,no,pt,ro,ru,sv,th,tr,zh_CN,zh_TW,zh
-api.token.length=60
+api.access.token.length=60
+api.access.token.required=false
 
 # ========================================================================================
 #                                                                                   Index
@@ -403,7 +404,7 @@ online.help.name.crawlinginfo=crawlinginfo
 online.help.name.backup=backup
 online.help.name.upgrade=upgrade
 online.help.name.esreq=esreq
-online.help.name.apitoken=apitoken
+online.help.name.accesstoken=accesstoken
 
 online.help.supported.langs=ja
 

src/main/resources/fess_indices/.fess_config/api_token.json → src/main/resources/fess_indices/.fess_config/access_token.json

@@ -1,5 +1,5 @@
 {
-  "api_token": {
+  "access_token": {
     "_source": {
       "enabled": true
     },
@@ -15,6 +15,14 @@
         "type": "string",
         "index": "not_analyzed"
       },
+      "permissions": {
+        "type": "string",
+        "index": "not_analyzed"
+      },
+      "parameter_name" : {
+        "type": "string",
+        "index": "not_analyzed"
+      },
       "createdBy": {
         "type": "string",
         "index": "not_analyzed"

src/main/resources/fess_label.properties

@@ -177,7 +177,7 @@ labels.menu_jobLog=Job Log
 labels.menu_failure_url=Failure URL
 labels.menu_search_list=Search
 labels.menu_backup=Back Up
-labels.menu_api_token=API Token
+labels.menu_access_token=Access Token
 labels.sidebar.placeholder_search=Search...
 labels.sidebar.menu=MENU
 labels.footer.copyright=Copyright(C) 2009-2016 <a href="https://github.com/codelibs">CodeLibs Project</a>. <span class="br-phone"></span>All Rights Reserved.
@@ -684,12 +684,12 @@ labels.boost_document_rule_list_url_expr=Condition
 labels.boost_document_rule_url_expr=Condition
 labels.boost_document_rule_boost_expr=Boost Expr
 labels.boost_document_rule_sort_order=Sort Order
-labels.api_token_configuration=API Token
-labels.api_token_title_details=API Token
-labels.api_token_list_name=Name
-labels.api_token_name=Name
-labels.api_token_token=Token
-labels.api_token_updated_time=Created
+labels.access_token_configuration=Access Token
+labels.access_token_title_details=Access Token
+labels.access_token_list_name=Name
+labels.access_token_name=Name
+labels.access_token_token=Token
+labels.access_token_updated_time=Created
 labels.elevate_word_configuration=Additional Word
 labels.elevate_word_title_details=Additional Word
 labels.elevate_word_link_list=List

src/main/resources/fess_label_en.properties

@@ -177,7 +177,7 @@ labels.menu_jobLog=Job Log
 labels.menu_failure_url=Failure URL
 labels.menu_search_list=Search
 labels.menu_backup=Back Up
-labels.menu_api_token=API Token
+labels.menu_access_token=Access Token
 labels.sidebar.placeholder_search=Search...
 labels.sidebar.menu=MENU
 labels.footer.copyright=Copyright(C) 2009-2016 <a href="https://github.com/codelibs">CodeLibs Project</a>. <span class="br-phone"></span>All Rights Reserved.
@@ -684,12 +684,12 @@ labels.boost_document_rule_list_url_expr=Condition
 labels.boost_document_rule_url_expr=Condition
 labels.boost_document_rule_boost_expr=Boost Expr
 labels.boost_document_rule_sort_order=Sort Order
-labels.api_token_configuration=API Token
-labels.api_token_title_details=API Token
-labels.api_token_list_name=Name
-labels.api_token_name=Name
-labels.api_token_token=Token
-labels.api_token_updated_time=Created
+labels.access_token_configuration=Access Token
+labels.access_token_title_details=Access Token
+labels.access_token_list_name=Name
+labels.access_token_name=Name
+labels.access_token_token=Token
+labels.access_token_updated_time=Created
 labels.elevate_word_configuration=Additional Word
 labels.elevate_word_title_details=Additional Word
 labels.elevate_word_link_list=List

src/main/resources/fess_label_ja.properties

@@ -173,7 +173,7 @@ labels.menu_jobLog=\u30b8\u30e7\u30d6\u30ed\u30b0
 labels.menu_failure_url=\u969c\u5bb3URL
 labels.menu_search_list=\u691c\u7d22
 labels.menu_backup=\u30d0\u30c3\u30af\u30a2\u30c3\u30d7
-labels.menu_api_token=API\u30c8\u30fc\u30af\u30f3
+labels.menu_access_token=\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3
 labels.sidebar.placeholder_search=\u691c\u7d22...
 labels.sidebar.menu=\u30e1\u30cb\u30e5\u30fc
 labels.footer.copyright=Copyright(C) 2009-2016 <a href="https://github.com/codelibs">CodeLibs Project</a>. <span class="br-phone"></span>All Rights Reserved.
@@ -682,12 +682,12 @@ labels.boost_document_rule_list_url_expr=\u72b6\u614b
 labels.boost_document_rule_url_expr=\u72b6\u614b
 labels.boost_document_rule_boost_expr=\u30d6\u30fc\u30b9\u30c8\u5024\u5f0f
 labels.boost_document_rule_sort_order=\u30bd\u30fc\u30c8\u9806
-labels.api_token_configuration=API\u30c8\u30fc\u30af\u30f3
-labels.api_token_title_details=API\u30c8\u30fc\u30af\u30f3
-labels.api_token_list_name=\u540d\u524d
-labels.api_token_name=\u540d\u524d
-labels.api_token_token=\u30c8\u30fc\u30af\u30f3
-labels.api_token_updated_time=\u4f5c\u6210\u65e5
+labels.access_token_configuration=\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3
+labels.access_token_title_details=\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30f3
+labels.access_token_list_name=\u540d\u524d
+labels.access_token_name=\u540d\u524d
+labels.access_token_token=\u30c8\u30fc\u30af\u30f3
+labels.access_token_updated_time=\u4f5c\u6210\u65e5
 labels.elevate_word_configuration=\u8ffd\u52a0\u306e\u5358\u8a9e
 labels.elevate_word_title_details=\u8ffd\u52a0\u306e\u5358\u8a9e
 labels.elevate_word_link_list=\u4e00\u89a7

src/main/webapp/WEB-INF/view/admin/apitoken/admin_apitoken.jsp → src/main/webapp/WEB-INF/view/admin/accesstoken/admin_accesstoken.jsp

@@ -3,7 +3,7 @@
 <head>
 <meta charset="UTF-8">
 <title><la:message key="labels.admin_brand_title" /> | <la:message
-		key="labels.api_token_configuration" /></title>
+		key="labels.access_token_configuration" /></title>
 <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
 </head>
 <body class="hold-transition skin-blue sidebar-mini">
@@ -11,12 +11,12 @@
 		<jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
 		<jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
 			<jsp:param name="menuCategoryType" value="crawl" />
-			<jsp:param name="menuType" value="apiToken" />
+			<jsp:param name="menuType" value="accessToken" />
 		</jsp:include>
 		<div class="content-wrapper">
 			<section class="content-header">
 				<h1>
-					<la:message key="labels.api_token_configuration" />
+					<la:message key="labels.access_token_configuration" />
 				</h1>
 				<jsp:include page="/WEB-INF/view/common/admin/crud/breadcrumb.jsp"></jsp:include>
 			</section>
@@ -37,7 +37,7 @@
 									<la:errors />
 								</div>
 								<%-- List --%>
-								<c:if test="${apiTokenPager.allRecordCount == 0}">
+								<c:if test="${accessTokenPager.allRecordCount == 0}">
 									<div class="row top10">
 										<div class="col-sm-12">
 											<i class="fa fa-info-circle text-light-blue"></i>
@@ -45,21 +45,21 @@
 										</div>
 									</div>
 								</c:if>
-								<c:if test="${apiTokenPager.allRecordCount > 0}">
+								<c:if test="${accessTokenPager.allRecordCount > 0}">
 									<div class="row">
 										<div class="col-sm-12">
 											<table class="table table-bordered table-striped">
 												<thead>
 													<tr>
 														<th><la:message
-																key="labels.api_token_list_name" /></th>
+																key="labels.access_token_list_name" /></th>
 													</tr>
 												</thead>
 												<tbody>
 													<c:forEach var="data" varStatus="s"
-														items="${apiTokenItems}">
+														items="${accessTokenItems}">
 														<tr
-															data-href="${contextPath}/admin/apitoken/details/4/${f:u(data.id)}">
+															data-href="${contextPath}/admin/accesstoken/details/4/${f:u(data.id)}">
 															<td>${f:h(data.name)}</td>
 														</tr>
 													</c:forEach>
@@ -67,7 +67,7 @@
 											</table>
 										</div>
 									</div>
-									<c:set var="pager" value="${apiTokenPager}"
+									<c:set var="pager" value="${accessTokenPager}"
 										scope="request" />
 									<c:import url="/WEB-INF/view/common/admin/crud/pagination.jsp" />
 								</c:if>

src/main/webapp/WEB-INF/view/admin/apitoken/admin_apitoken_details.jsp → src/main/webapp/WEB-INF/view/admin/accesstoken/admin_accesstoken_details.jsp

@@ -3,7 +3,7 @@
 <head>
 <meta charset="UTF-8">
 <title><la:message key="labels.admin_brand_title" /> | <la:message
-		key="labels.api_token_configuration" /></title>
+		key="labels.access_token_configuration" /></title>
 <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
 </head>
 <body class="hold-transition skin-blue sidebar-mini">
@@ -11,17 +11,17 @@
 		<jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
 		<jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
 			<jsp:param name="menuCategoryType" value="crawl" />
-			<jsp:param name="menuType" value="apiToken" />
+			<jsp:param name="menuType" value="accessToken" />
 		</jsp:include>
 		<div class="content-wrapper">
 			<section class="content-header">
 				<h1>
-					<la:message key="labels.api_token_title_details" />
+					<la:message key="labels.access_token_title_details" />
 				</h1>
 				<jsp:include page="/WEB-INF/view/common/admin/crud/breadcrumb.jsp"></jsp:include>
 			</section>
 			<section class="content">
-				<la:form action="/admin/apitoken/">
+				<la:form action="/admin/accesstoken/">
 					<la:hidden property="crudMode" />
 					<c:if test="${crudMode==2 || crudMode==3 || crudMode==4}">
 						<la:hidden property="id" />
@@ -51,17 +51,17 @@
 										<tbody>
 											<tr>
 												<th class="col-xs-2"><la:message
-														key="labels.api_token_name" /></th>
+														key="labels.access_token_name" /></th>
 												<td>${f:h(name)}<la:hidden property="name" /></td>
 											</tr>
 											<tr>
 												<th><la:message
-														key="labels.api_token_token" /></th>
+														key="labels.access_token_token" /></th>
 												<td>${f:h(token)}</td>
 											</tr>
 											<tr>
 												<th><la:message
-														key="labels.api_token_updated_time" /></th>
+														key="labels.access_token_updated_time" /></th>
 												<td>${fe:date(updatedTime)}</td>
 											</tr>
 										</tbody>

src/main/webapp/WEB-INF/view/admin/apitoken/admin_apitoken_edit.jsp → src/main/webapp/WEB-INF/view/admin/accesstoken/admin_accesstoken_edit.jsp

@@ -3,7 +3,7 @@
 <head>
 <meta charset="UTF-8">
 <title><la:message key="labels.admin_brand_title" /> | <la:message
-		key="labels.api_token_configuration" /></title>
+		key="labels.access_token_configuration" /></title>
 <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
 </head>
 <body class="hold-transition skin-blue sidebar-mini">
@@ -11,17 +11,17 @@
 		<jsp:include page="/WEB-INF/view/common/admin/header.jsp"></jsp:include>
 		<jsp:include page="/WEB-INF/view/common/admin/sidebar.jsp">
 			<jsp:param name="menuCategoryType" value="crawl" />
-			<jsp:param name="menuType" value="apiToken" />
+			<jsp:param name="menuType" value="accessToken" />
 		</jsp:include>
 		<div class="content-wrapper">
 			<section class="content-header">
 				<h1>
-					<la:message key="labels.api_token_title_details" />
+					<la:message key="labels.access_token_title_details" />
 				</h1>
 				<jsp:include page="/WEB-INF/view/common/admin/crud/breadcrumb.jsp"></jsp:include>
 			</section>
 			<section class="content">
-				<la:form action="/admin/apitoken/" styleClass="form-horizontal">
+				<la:form action="/admin/accesstoken/" styleClass="form-horizontal">
 					<la:hidden property="crudMode" />
 					<c:if test="${crudMode==2}">
 						<la:hidden property="id" />
@@ -46,7 +46,7 @@
 									</div>
 									<div class="form-group">
 										<label for="name" class="col-sm-3 control-label"><la:message
-												key="labels.api_token_name" /></label>
+												key="labels.access_token_name" /></label>
 										<div class="col-sm-9">
 											<la:errors property="name" />
 											<la:text property="name" styleClass="form-control"/>

src/main/webapp/WEB-INF/view/common/admin/sidebar.jsp

@@ -70,10 +70,10 @@
 							<span><la:message key="labels.menu_dict" /></span>
 						</la:link></li>
 
-					<li <c:if test="${param.menuType=='apiToken'}">class="active"</c:if>><la:link
-							href="/admin/apitoken/">
+					<li <c:if test="${param.menuType=='accessToken'}">class="active"</c:if>><la:link
+							href="/admin/accesstoken/">
 							<i class='fa fa-circle-o'></i>
-							<span><la:message key="labels.menu_api_token" /></span>
+							<span><la:message key="labels.menu_access_token" /></span>
 						</la:link></li>
 
 				</ul></li>

src/test/java/org/codelibs/fess/helper/QueryHelperTest.java

@@ -19,6 +19,7 @@ import org.apache.lucene.analysis.core.WhitespaceAnalyzer;
 import org.apache.lucene.queryparser.classic.QueryParser;
 import org.apache.lucene.queryparser.ext.ExtendableQueryParser;
 import org.codelibs.fess.Constants;
+import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.unit.UnitFessTestCase;
 import org.codelibs.fess.util.ComponentUtil;
@@ -100,7 +101,7 @@ public class QueryHelperTest extends UnitFessTestCase {
     }
 
     private QueryBuilder buildQuery(String query) {
-        return queryHelper.build(query, context -> {
+        return queryHelper.build(SearchRequestType.SEARCH, query, context -> {
             context.skipRoleQuery();
         }).getQueryBuilder();
     }

src/test/java/org/codelibs/fess/helper/RoleQueryHelperTest.java

@@ -15,43 +15,67 @@
  */
 package org.codelibs.fess.helper;
 
+import java.util.HashSet;
 import java.util.Set;
 
 import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
 
 import org.codelibs.core.crypto.CachedCipher;
 import org.codelibs.core.exception.IllegalBlockSizeRuntimeException;
 import org.codelibs.fess.unit.UnitFessTestCase;
 
 public class RoleQueryHelperTest extends UnitFessTestCase {
-    public RoleQueryHelper roleQueryHelperImpl;
     public CachedCipher cipher;
 
     @Override
     public void setUp() throws Exception {
         super.setUp();
-        roleQueryHelperImpl = new RoleQueryHelper();
         cipher = new CachedCipher();
         cipher.setKey("1234567890123456");
     }
 
+    private Set<String> buildByParameter(final RoleQueryHelper roleQueryHelperImpl, final HttpServletRequest request) {
+        Set<String> roleSet = new HashSet<>();
+        roleQueryHelperImpl.processParameter(request, roleSet);
+        return roleSet;
+    }
+
+    private Set<String> buildByHeader(final RoleQueryHelper roleQueryHelperImpl, final HttpServletRequest request) {
+        Set<String> roleSet = new HashSet<>();
+        roleQueryHelperImpl.processHeader(request, roleSet);
+        return roleSet;
+    }
+
+    private Set<String> buildByCookie(final RoleQueryHelper roleQueryHelperImpl, final HttpServletRequest request) {
+        Set<String> roleSet = new HashSet<>();
+        roleQueryHelperImpl.processCookie(request, roleSet);
+        return roleSet;
+    }
+
+    private Set<String> decodedRoleList(final RoleQueryHelper roleQueryHelperImpl, final String value, final boolean encrypted) {
+        Set<String> roleSet = new HashSet<>();
+        roleQueryHelperImpl.parseRoleSet(value, encrypted, roleSet);
+        return roleSet;
+    }
+
     public void test_buildByParameter() {
         final RoleQueryHelper roleQueryHelperImpl = new RoleQueryHelper();
 
         Set<String> roleSet;
 
-        roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+        roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.parameterKey = "fess1";
 
         getMockRequest().setParameter("aaa", "bbb");
-        roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+        roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.encryptedParameterValue = false;
         getMockRequest().setParameter("fess1", "xxx\nrole1,role2,role3");
-        roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+        roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -62,7 +86,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.cipher = cipher;
         roleQueryHelperImpl.encryptedParameterValue = true;
         getMockRequest().setParameter("fess2", cipher.encryptoText("xxx\nrole1,role2,role3"));
-        roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+        roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -70,7 +94,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
 
         getMockRequest().setParameter("fess2", "fail");
         try {
-            roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+            roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
             fail();
         } catch (final IllegalBlockSizeRuntimeException e) {
             // ok
@@ -79,14 +103,14 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.parameterKey = "fess3";
 
         roleQueryHelperImpl.encryptedParameterValue = false;
-        roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+        roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.parameterKey = "fess4";
 
         roleQueryHelperImpl.cipher = cipher;
         roleQueryHelperImpl.encryptedParameterValue = true;
-        roleSet = roleQueryHelperImpl.buildByParameter(getMockRequest());
+        roleSet = buildByParameter(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
     }
@@ -97,7 +121,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         Set<String> roleSet;
 
         try {
-            roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+            roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
             fail();
         } catch (final NullPointerException e) {
             //ok
@@ -106,12 +130,12 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.headerKey = "fess1";
 
         getMockRequest().addHeader("aaa", "bbb");
-        roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+        roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.encryptedHeaderValue = false;
         getMockRequest().addHeader("fess1", "xxx\nrole1,role2,role3");
-        roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+        roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -122,7 +146,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.cipher = cipher;
         roleQueryHelperImpl.encryptedHeaderValue = true;
         getMockRequest().addHeader("fess2", cipher.encryptoText("xxx\nrole1,role2,role3"));
-        roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+        roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -131,7 +155,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.headerKey = "fess2x";
         getMockRequest().addHeader("fess2x", "fail");
         try {
-            roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+            roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
             fail();
         } catch (final IllegalBlockSizeRuntimeException e) {
             // ok
@@ -140,14 +164,14 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.headerKey = "fess3";
 
         roleQueryHelperImpl.encryptedHeaderValue = false;
-        roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+        roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.headerKey = "fess4";
 
         roleQueryHelperImpl.cipher = cipher;
         roleQueryHelperImpl.encryptedHeaderValue = true;
-        roleSet = roleQueryHelperImpl.buildByHeader(getMockRequest());
+        roleSet = buildByHeader(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
     }
 
@@ -157,13 +181,13 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         Set<String> roleSet;
         Cookie cookie;
 
-        roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+        roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         cookie = new Cookie("aaa", "bbb");
         getMockRequest().addCookie(cookie);
         try {
-            roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+            roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
             fail();
         } catch (final NullPointerException e) {
             // ok
@@ -171,13 +195,13 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
 
         roleQueryHelperImpl.cookieKey = "fess1";
 
-        roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+        roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.encryptedCookieValue = false;
         cookie = new Cookie("fess1", "xxx\nrole1,role2,role3");
         getMockRequest().addCookie(cookie);
-        roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+        roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -189,7 +213,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.encryptedCookieValue = true;
         cookie = new Cookie("fess2", cipher.encryptoText("xxx\nrole1,role2,role3"));
         getMockRequest().addCookie(cookie);
-        roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+        roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -202,7 +226,7 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         cookie = new Cookie("fess2x", "fail");
         getMockRequest().addCookie(cookie);
         try {
-            roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+            roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
             fail();
         } catch (final Exception e) {
             // ok
@@ -211,14 +235,14 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
         roleQueryHelperImpl.cookieKey = "fess3";
 
         roleQueryHelperImpl.encryptedCookieValue = false;
-        roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+        roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
 
         roleQueryHelperImpl.cookieKey = "fess4";
 
         roleQueryHelperImpl.cipher = cipher;
         roleQueryHelperImpl.encryptedCookieValue = true;
-        roleSet = roleQueryHelperImpl.buildByCookie(getMockRequest());
+        roleSet = buildByCookie(roleQueryHelperImpl, getMockRequest());
         assertEquals(0, roleSet.size());
     }
 
@@ -232,28 +256,28 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
 
         encrypted = false;
         value = "";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = false;
         value = "role1";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = false;
         value = "role1,role2";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = false;
         value = "xxx\nrole1";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(1, roleSet.size());
         assertTrue(roleSet.contains("role1"));
 
         encrypted = false;
         value = "xxx\nrole1,role2";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(2, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -262,25 +286,25 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
 
         encrypted = false;
         value = "";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = false;
         value = "role1";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(1, roleSet.size());
         assertTrue(roleSet.contains("role1"));
 
         encrypted = false;
         value = "role1,role2";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(2, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
 
         encrypted = false;
         value = "role1,role2,role3";
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -298,28 +322,28 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
 
         encrypted = true;
         value = cipher.encryptoText("");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = true;
         value = cipher.encryptoText("role1");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = true;
         value = cipher.encryptoText("role1,role2");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = true;
         value = cipher.encryptoText("xxx\nrole1");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(1, roleSet.size());
         assertTrue(roleSet.contains("role1"));
 
         encrypted = true;
         value = cipher.encryptoText("xxx\nrole1,role2");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(2, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
@@ -328,25 +352,25 @@ public class RoleQueryHelperTest extends UnitFessTestCase {
 
         encrypted = true;
         value = cipher.encryptoText("");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(0, roleSet.size());
 
         encrypted = true;
         value = cipher.encryptoText("role1");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(1, roleSet.size());
         assertTrue(roleSet.contains("role1"));
 
         encrypted = true;
         value = cipher.encryptoText("role1,role2");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(2, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));
 
         encrypted = true;
         value = cipher.encryptoText("role1,role2,role3");
-        roleSet = roleQueryHelperImpl.decodedRoleList(value, encrypted);
+        roleSet = decodedRoleList(roleQueryHelperImpl, value, encrypted);
         assertEquals(3, roleSet.size());
         assertTrue(roleSet.contains("role1"));
         assertTrue(roleSet.contains("role2"));