use ramdam path for /admin/server_...

src/main/java/org/codelibs/fess/Constants.java

@@ -326,4 +326,6 @@ public class Constants extends CoreLibConstants {
     public static final String ELASTICSEARCH_WEB_URL_PROPERTY = "es.http.url";
 
     public static final String ELASTICSEARCH_WEB_URL = "http://localhost:9201";
+
+    public static final String ES_API_ACCESS_TOKEN = "esApiAccessToken";
 }

src/main/java/org/codelibs/fess/api/es/EsApiManager.java

@@ -19,6 +19,7 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.util.Locale;
+import java.util.UUID;
 
 import javax.annotation.Resource;
 import javax.servlet.FilterChain;
@@ -28,7 +29,6 @@ import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.codelibs.core.exception.IORuntimeException;
 import org.codelibs.core.io.CopyUtil;
 import org.codelibs.core.io.InputStreamUtil;
 import org.codelibs.core.misc.DynamicProperties;
@@ -37,11 +37,16 @@ import org.codelibs.elasticsearch.runner.net.CurlRequest;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.api.BaseApiManager;
 import org.codelibs.fess.app.web.base.login.FessLoginAssist;
+import org.codelibs.fess.exception.FessSystemException;
+import org.codelibs.fess.exception.WebApiException;
 import org.codelibs.fess.util.ComponentUtil;
+import org.lastaflute.web.servlet.session.SessionManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 public class EsApiManager extends BaseApiManager {
+    private static final String ADMIN_SERVER = "/admin/server_";
+
     private static final Logger logger = LoggerFactory.getLogger(EsApiManager.class);
 
     @Resource
@@ -50,7 +55,7 @@ public class EsApiManager extends BaseApiManager {
     protected String[] acceptedRoles = new String[] { "admin" };
 
     public EsApiManager() {
-        setPathPrefix("/admin/server");
+        setPathPrefix(ADMIN_SERVER);
     }
 
     @Override
@@ -66,10 +71,26 @@ public class EsApiManager extends BaseApiManager {
     @Override
     public void process(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException,
             ServletException {
-        String path = request.getServletPath().substring(pathPrefix.length());
-        if (!path.startsWith("/")) {
-            path = "/" + path;
-        }
+        getSessionManager().getAttribute(Constants.ES_API_ACCESS_TOKEN, String.class).ifPresent(token -> {
+            String servletPath = request.getServletPath();
+            String pathPrefix = ADMIN_SERVER + token;
+            if (!servletPath.startsWith(pathPrefix)) {
+                throw new WebApiException(HttpServletResponse.SC_FORBIDDEN, "Invalid access token.");
+            }
+            final String path;
+            String value = servletPath.substring(pathPrefix.length());
+            if (!value.startsWith("/")) {
+                path = "/" + value;
+            } else {
+                path = value;
+            }
+            processRequest(request, response, path);
+        }).orElse(() -> {
+            throw new WebApiException(HttpServletResponse.SC_FORBIDDEN, "Invalid session.");
+        });
+    }
+
+    protected void processRequest(final HttpServletRequest request, final HttpServletResponse response, String path) {
         final Method httpMethod = Method.valueOf(request.getMethod().toUpperCase(Locale.ROOT));
         final CurlRequest curlRequest = new CurlRequest(httpMethod, getUrl() + path);
         request.getParameterMap().entrySet().stream().forEach(entry -> {
@@ -85,7 +106,7 @@ public class EsApiManager extends BaseApiManager {
                 try (ServletInputStream in = request.getInputStream(); OutputStream out = con.getOutputStream()) {
                     CopyUtil.copy(in, out);
                 } catch (final IOException e) {
-                    throw new IORuntimeException(e);
+                    throw new WebApiException(HttpServletResponse.SC_BAD_REQUEST, e);
                 }
             }
         }).execute(con -> {
@@ -96,17 +117,31 @@ public class EsApiManager extends BaseApiManager {
                 try (InputStream err = con.getErrorStream()) {
                     logger.error(new String(InputStreamUtil.getBytes(err), Constants.CHARSET_UTF_8));
                 } catch (final IOException e1) {}
-                throw new IORuntimeException(e);
+                throw new WebApiException(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e);
             }
         });
-        // TODO exception
     }
 
     public void setAcceptedRoles(final String[] acceptedRoles) {
         this.acceptedRoles = acceptedRoles;
     }
 
+    public String getServerPath() {
+        return getSessionManager().getAttribute(Constants.ES_API_ACCESS_TOKEN, String.class).map(token -> ADMIN_SERVER + token)
+                .orElseGet(() -> {
+                    throw new FessSystemException("Cannot create an access token.");
+                });
+    }
+
     protected String getUrl() {
         return crawlerProperties.getProperty(Constants.ELASTICSEARCH_WEB_URL_PROPERTY, Constants.ELASTICSEARCH_WEB_URL);
     }
+
+    public void saveToken() {
+        getSessionManager().setAttribute(Constants.ES_API_ACCESS_TOKEN, UUID.randomUUID().toString().replace("-", ""));
+    }
+
+    private SessionManager getSessionManager() {
+        return ComponentUtil.getSessionManager();
+    }
 }

src/main/java/org/codelibs/fess/app/web/admin/system/AdminSystemAction.java → src/main/java/org/codelibs/fess/app/web/admin/dashboard/AdminDashboardAction.java

@@ -13,10 +13,11 @@
  * either express or implied. See the License for the specific language
  * governing permissions and limitations under the License.
  */
-package org.codelibs.fess.app.web.admin.system;
+package org.codelibs.fess.app.web.admin.dashboard;
 
 import javax.annotation.Resource;
 
+import org.codelibs.fess.api.es.EsApiManager;
 import org.codelibs.fess.app.web.base.FessAdminAction;
 import org.codelibs.fess.helper.SystemHelper;
 import org.lastaflute.web.Execute;
@@ -27,14 +28,17 @@ import org.lastaflute.web.response.HtmlResponse;
  * @author shinsuke
  * @author Keiichi Watanabe
  */
-public class AdminSystemAction extends FessAdminAction {
+public class AdminDashboardAction extends FessAdminAction {
 
     // ===================================================================================
     //                                                                           Attribute
     //                                                                           =========
 
     @Resource
-    private SystemHelper systemHelper;
+    protected SystemHelper systemHelper;
+
+    @Resource
+    protected EsApiManager esApiManager;
 
     // ===================================================================================
     //                                                                               Hook
@@ -42,7 +46,7 @@ public class AdminSystemAction extends FessAdminAction {
     @Override
     protected void setupHtmlData(final ActionRuntime runtime) {
         super.setupHtmlData(runtime);
-        runtime.registerData("helpLink", systemHelper.getHelpLink("system"));
+        runtime.registerData("helpLink", systemHelper.getHelpLink("dashboard"));
     }
 
     // ===================================================================================
@@ -50,7 +54,10 @@ public class AdminSystemAction extends FessAdminAction {
     //                                                                      ==============
     @Execute
     public HtmlResponse index() {
-        return asHtml(path_AdminSystem_IndexJsp);
+        esApiManager.saveToken();
+        return asHtml(path_AdminDashboard_DashboardJsp).renderWith(data -> {
+            data.register("serverPath", esApiManager.getServerPath());
+        });
     }
 
 }

src/main/java/org/codelibs/fess/app/web/admin/wizard/AdminWizardAction.java

@@ -28,7 +28,7 @@ import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.service.FileConfigService;
 import org.codelibs.fess.app.service.ScheduledJobService;
 import org.codelibs.fess.app.service.WebConfigService;
-import org.codelibs.fess.app.web.admin.system.AdminSystemAction;
+import org.codelibs.fess.app.web.admin.dashboard.AdminDashboardAction;
 import org.codelibs.fess.app.web.base.FessAdminAction;
 import org.codelibs.fess.crawler.util.CharUtil;
 import org.codelibs.fess.es.config.exentity.FileConfig;
@@ -286,6 +286,6 @@ public class AdminWizardAction extends FessAdminAction {
         } else {
             saveError(messages -> messages.addErrorsFailedToStartCrawlProcess(GLOBAL));
         }
-        return redirect(AdminSystemAction.class);
+        return redirect(AdminDashboardAction.class);
     }
 }

src/main/java/org/codelibs/fess/app/web/login/LoginAction.java

@@ -15,7 +15,7 @@
  */
 package org.codelibs.fess.app.web.login;
 
-import org.codelibs.fess.app.web.admin.system.AdminSystemAction;
+import org.codelibs.fess.app.web.admin.dashboard.AdminDashboardAction;
 import org.codelibs.fess.app.web.base.FessSearchAction;
 import org.lastaflute.web.Execute;
 import org.lastaflute.web.response.HtmlResponse;
@@ -44,7 +44,7 @@ public class LoginAction extends FessSearchAction {
     }
 
     private HtmlResponse getHtmlResponse() {
-        return getUserBean().map(user -> redirect(AdminSystemAction.class)).orElse(asHtml(path_Login_IndexJsp));
+        return getUserBean().map(user -> redirect(AdminDashboardAction.class)).orElse(asHtml(path_Login_IndexJsp));
     }
 
     @Execute

src/main/java/org/codelibs/fess/mylasta/action/FessHtmlPath.java

@@ -38,6 +38,9 @@ public interface FessHtmlPath {
     /** The path of the HTML: /admin/crawlingsession/index.jsp */
     HtmlNext path_AdminCrawlingsession_IndexJsp = new HtmlNext("/admin/crawlingsession/index.jsp");
 
+    /** The path of the HTML: /admin/dashboard/dashboard.jsp */
+    HtmlNext path_AdminDashboard_DashboardJsp = new HtmlNext("/admin/dashboard/dashboard.jsp");
+
     /** The path of the HTML: /admin/data/index.jsp */
     HtmlNext path_AdminData_IndexJsp = new HtmlNext("/admin/data/index.jsp");
 
@@ -251,9 +254,6 @@ public interface FessHtmlPath {
     /** The path of the HTML: /admin/suggestelevateword/upload.jsp */
     HtmlNext path_AdminSuggestelevateword_UploadJsp = new HtmlNext("/admin/suggestelevateword/upload.jsp");
 
-    /** The path of the HTML: /admin/system/index.jsp */
-    HtmlNext path_AdminSystem_IndexJsp = new HtmlNext("/admin/system/index.jsp");
-
     /** The path of the HTML: /admin/systeminfo/index.jsp */
     HtmlNext path_AdminSysteminfo_IndexJsp = new HtmlNext("/admin/systeminfo/index.jsp");
 

src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java

@@ -528,7 +528,7 @@ public class FessLabels extends ActionMessages {
     public static final String LABELS_menu_scheduled_job_config = "{labels.menu_scheduled_job_config}";
 
     /** The key of the message: Dashboard */
-    public static final String LABELS_menu_system_config = "{labels.menu_system_config}";
+    public static final String LABELS_menu_dashboard_config = "{labels.menu_dashboard_config}";
 
     /** The key of the message: Index */
     public static final String LABELS_menu_document_config = "{labels.menu_document_config}";
@@ -1356,7 +1356,7 @@ public class FessLabels extends ActionMessages {
     public static final String LABELS_overlapping_host_link_next_page = "{labels.overlapping_host_link_next_page}";
 
     /** The key of the message: System Configuration */
-    public static final String LABELS_system_title_configuration = "{labels.system_title_configuration}";
+    public static final String LABELS_dashboard_title_configuration = "{labels.dashboard_title_configuration}";
 
     /** The key of the message: System Status */
     public static final String LABELS_system_title_system_status = "{labels.system_title_system_status}";

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -28,10 +28,10 @@ public interface FessConfig extends FessEnv {
     /** The key of the configuration. e.g. / */
     String COOKIE_DEFAULT_PATH = "cookie.default.path";
 
-    /** The key of the configuration. e.g. 31556926 */
+    /** The key of the configuration. e.g. 3600 */
     String COOKIE_DEFAULT_EXPIRE = "cookie.default.expire";
 
-    /** The key of the configuration. e.g. 315360000 */
+    /** The key of the configuration. e.g. 86400 */
     String COOKIE_ETERNAL_EXPIRE = "cookie.eternal.expire";
 
     /** The key of the configuration. e.g. FES */
@@ -86,7 +86,7 @@ public interface FessConfig extends FessEnv {
 
     /**
      * Get the value for the key 'cookie.default.expire'. <br>
-     * The value is, e.g. 31556926 <br>
+     * The value is, e.g. 3600 <br>
      * comment: The default expire of cookie in seconds e.g. 31556926: one year, 86400: one day
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
@@ -94,7 +94,7 @@ public interface FessConfig extends FessEnv {
 
     /**
      * Get the value for the key 'cookie.default.expire' as {@link Integer}. <br>
-     * The value is, e.g. 31556926 <br>
+     * The value is, e.g. 3600 <br>
      * comment: The default expire of cookie in seconds e.g. 31556926: one year, 86400: one day
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      * @throws NumberFormatException When the property is not integer.
@@ -103,7 +103,7 @@ public interface FessConfig extends FessEnv {
 
     /**
      * Get the value for the key 'cookie.eternal.expire'. <br>
-     * The value is, e.g. 315360000 <br>
+     * The value is, e.g. 86400 <br>
      * comment: The eternal expire of cookie in seconds e.g. 315360000: ten year, 86400: one day
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
@@ -111,7 +111,7 @@ public interface FessConfig extends FessEnv {
 
     /**
      * Get the value for the key 'cookie.eternal.expire' as {@link Integer}. <br>
-     * The value is, e.g. 315360000 <br>
+     * The value is, e.g. 86400 <br>
      * comment: The eternal expire of cookie in seconds e.g. 315360000: ten year, 86400: one day
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      * @throws NumberFormatException When the property is not integer.

src/main/resources/fess_config.properties

@@ -24,10 +24,10 @@ domain.title = Fess
 cookie.default.path = /
 
 # The default expire of cookie in seconds e.g. 31556926: one year, 86400: one day
-cookie.default.expire = 31556926
+cookie.default.expire = 3600
 
 # The eternal expire of cookie in seconds e.g. 315360000: ten year, 86400: one day
-cookie.eternal.expire = 315360000
+cookie.eternal.expire = 86400
 
 # The cookie key of remember-me for Fess
 cookie.remember.me.harbor.key = FES

src/main/resources/fess_label.properties

@@ -171,7 +171,7 @@ labels.menu_system=System
 labels.menu_wizard=Wizard
 labels.menu_crawl_config=General
 labels.menu_scheduled_job_config=Scheduler
-labels.menu_system_config=Dashboard
+labels.menu_dashboard_config=Dashboard
 labels.menu_document_config=Index
 labels.menu_design=Page Design
 labels.menu_dict=Dictionary
@@ -458,7 +458,7 @@ labels.overlapping_host_link_edit=Edit
 labels.overlapping_host_link_delete=Delete
 labels.overlapping_host_link_prev_page=Prev
 labels.overlapping_host_link_next_page=Next
-labels.system_title_configuration=System Configuration
+labels.dashboard_title_configuration=System Configuration
 labels.system_title_system_status=System Status
 labels.es_button_update=Update
 labels.es_active=Active

src/main/webapp/WEB-INF/view/admin/system/index.jsp → src/main/webapp/WEB-INF/view/admin/dashboard/dashboard.jsp

@@ -2,7 +2,7 @@
 <html>
 <head>
 <meta charset="UTF-8">
-<title><la:message key="labels.admin_brand_title"/> | <la:message key="labels.system_title_configuration" /></title>
+<title><la:message key="labels.admin_brand_title"/> | <la:message key="labels.dashboard_title_configuration" /></title>
 <jsp:include page="/WEB-INF/view/common/admin/head.jsp"></jsp:include>
 </head>
 <body class="skin-blue sidebar-mini">
@@ -14,12 +14,12 @@
 		</jsp:include>
 
 		<div id="content" class="content-wrapper">
-			<iframe id="contentFrame" src="<%=request.getContextPath()%>/admin/server/_plugin/kopf/" seamless></iframe>
+			<iframe id="contentFrame" src="<%=request.getContextPath()%>${serverPath}/_plugin/kopf/" seamless></iframe>
 		</div>
 
 		<jsp:include page="/WEB-INF/view/common/admin/footer.jsp"></jsp:include>
 	</div>
 	<jsp:include page="/WEB-INF/view/common/admin/foot.jsp"></jsp:include>
-	<script src="${f:url('/js/admin/system.js')}" type="text/javascript"></script>
+	<script src="${f:url('/js/admin/dashboard.js')}" type="text/javascript"></script>
 </body>
 </html>

src/main/webapp/WEB-INF/view/common/admin/sidebar.jsp

@@ -27,9 +27,9 @@
 
 			<li
 				class="treeview <c:if test="${param.menuCategoryType=='dashboard'}">active</c:if>"><la:link
-					href="/admin/system/">
+					href="/admin/dashboard/">
 					<i class="fa fa-dashboard"></i>
-					<span><la:message key="labels.menu_system_config" /></span>
+					<span><la:message key="labels.menu_dashboard_config" /></span>
 				</la:link></li>
 
 			<li