diff --git a/src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java b/src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java index 2fc893e1a..09375eac8 100644 --- a/src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java +++ b/src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java @@ -119,7 +119,7 @@ public class FessLoginAssist extends TypicalLoginAssist { - if (!user.hasRoles(fessConfig.getAuthenticationAdminRoles().split(","))) { + if (!user.hasRoles(fessConfig.getAuthenticationAdminRolesAsArray())) { throw new UserRoleLoginException(RootAction.class); } }); diff --git a/src/main/java/org/codelibs/fess/app/web/login/LoginAction.java b/src/main/java/org/codelibs/fess/app/web/login/LoginAction.java index 52c1f2df4..b5f429809 100644 --- a/src/main/java/org/codelibs/fess/app/web/login/LoginAction.java +++ b/src/main/java/org/codelibs/fess/app/web/login/LoginAction.java @@ -69,7 +69,7 @@ public class LoginAction extends FessSearchAction { } private HtmlResponse redirectByUser(FessUserBean user) { - if (!user.hasRoles(fessConfig.getAuthenticationAdminRoles().split(","))) { + if (!user.hasRoles(fessConfig.getAuthenticationAdminRolesAsArray())) { return redirectToRoot(); } return redirect(AdminDashboardAction.class); diff --git a/src/main/java/org/codelibs/fess/crawler/FessCrawlerThread.java b/src/main/java/org/codelibs/fess/crawler/FessCrawlerThread.java index 65499f900..80644bf73 100644 --- a/src/main/java/org/codelibs/fess/crawler/FessCrawlerThread.java +++ b/src/main/java/org/codelibs/fess/crawler/FessCrawlerThread.java @@ -66,7 +66,6 @@ public class FessCrawlerThread extends CrawlerThread { final SambaHelper sambaHelper = ComponentUtil.getSambaHelper(); final IndexingHelper indexingHelper = ComponentUtil.getIndexingHelper(); final FessEsClient fessEsClient = ComponentUtil.getElasticsearchClient(); - final boolean useAclAsRole = Constants.TRUE.equals(fessConfig.getAclAsRole()); final String url = urlQueue.getUrl(); ResponseData responseData = null; @@ -78,7 +77,7 @@ public class FessCrawlerThread extends CrawlerThread { for (final String roleType : crawlingConfig.getRoleTypeValues()) { roleTypeList.add(roleType); } - if (useAclAsRole && url.startsWith("smb://")) { + if (fessConfig.isSmbRoleFromFile() && url.startsWith("smb://")) { // head method responseData = client.execute(RequestDataBuilder.newRequestData().head().url(url).build()); if (responseData == null) { diff --git a/src/main/java/org/codelibs/fess/crawler/transformer/AbstractFessFileTransformer.java b/src/main/java/org/codelibs/fess/crawler/transformer/AbstractFessFileTransformer.java index 609521c48..40aafa426 100644 --- a/src/main/java/org/codelibs/fess/crawler/transformer/AbstractFessFileTransformer.java +++ b/src/main/java/org/codelibs/fess/crawler/transformer/AbstractFessFileTransformer.java @@ -159,7 +159,6 @@ public abstract class AbstractFessFileTransformer extends AbstractFessXpathTrans final String sessionId = crawlingInfoHelper.getCanonicalSessionId(responseData.getSessionId()); final PathMappingHelper pathMappingHelper = ComponentUtil.getPathMappingHelper(); final SambaHelper sambaHelper = ComponentUtil.getSambaHelper(); - final boolean useAclAsRole = Constants.TRUE.equals(fessConfig.getAclAsRole()); final CrawlingConfigHelper crawlingConfigHelper = ComponentUtil.getCrawlingConfigHelper(); final CrawlingConfig crawlingConfig = crawlingConfigHelper.get(responseData.getSessionId()); final Date documentExpires = crawlingInfoHelper.getDocumentExpires(crawlingConfig); @@ -281,7 +280,7 @@ public abstract class AbstractFessFileTransformer extends AbstractFessXpathTrans for (final String roleType : crawlingConfig.getRoleTypeValues()) { roleTypeList.add(roleType); } - if (useAclAsRole && responseData.getUrl().startsWith("smb://")) { + if (fessConfig.isSmbRoleFromFile() && responseData.getUrl().startsWith("smb://")) { final ACE[] aces = (ACE[]) responseData.getMetaDataMap().get(SmbClient.SMB_ACCESS_CONTROL_ENTRIES); if (aces != null) { for (final ACE item : aces) { diff --git a/src/main/java/org/codelibs/fess/entity/FessUser.java b/src/main/java/org/codelibs/fess/entity/FessUser.java index 6ca260d5b..2ad63a058 100644 --- a/src/main/java/org/codelibs/fess/entity/FessUser.java +++ b/src/main/java/org/codelibs/fess/entity/FessUser.java @@ -1,3 +1,18 @@ +/* + * Copyright 2012-2015 CodeLibs Project and the Others. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, + * either express or implied. See the License for the specific language + * governing permissions and limitations under the License. + */ package org.codelibs.fess.entity; import java.io.Serializable; diff --git a/src/main/java/org/codelibs/fess/helper/SambaHelper.java b/src/main/java/org/codelibs/fess/helper/SambaHelper.java index a2a333647..bc673506b 100644 --- a/src/main/java/org/codelibs/fess/helper/SambaHelper.java +++ b/src/main/java/org/codelibs/fess/helper/SambaHelper.java @@ -38,6 +38,18 @@ public class SambaHelper { public static final int SID_TYPE_WKN_GRP = 5; public String getAccountId(final SID sid) { - return sid.getType() + "|" + sid.getAccountName(); + return convert(sid.getType(), sid.getAccountName()); + } + + public String getRoleByUser(String name) { + return convert(SID_TYPE_USER, name); + } + + public String getRoleByGroup(String name) { + return convert(SID_TYPE_DOM_GRP, name); + } + + protected String convert(int type, String name) { + return type + name; } } diff --git a/src/main/java/org/codelibs/fess/job/CrawlJob.java b/src/main/java/org/codelibs/fess/job/CrawlJob.java index d83d6021c..eca9e7f28 100644 --- a/src/main/java/org/codelibs/fess/job/CrawlJob.java +++ b/src/main/java/org/codelibs/fess/job/CrawlJob.java @@ -300,7 +300,7 @@ public class CrawlJob { } else { cmdList.add("-Dfess.log.level=" + logLevel); } - StreamUtil.of(fessConfig.getJvmCrawlerOptions().split("\n")).filter(value -> StringUtil.isNotBlank(value)) + StreamUtil.of(fessConfig.getJvmCrawlerOptionsAsArray()).filter(value -> StringUtil.isNotBlank(value)) .forEach(value -> cmdList.add(value)); File ownTmpDir = null; diff --git a/src/main/java/org/codelibs/fess/job/SuggestJob.java b/src/main/java/org/codelibs/fess/job/SuggestJob.java index c089dc8e5..6796a5175 100644 --- a/src/main/java/org/codelibs/fess/job/SuggestJob.java +++ b/src/main/java/org/codelibs/fess/job/SuggestJob.java @@ -170,7 +170,7 @@ public class SuggestJob { cmdList.add("-Dfess.log.path=" + logFilePath); addSystemProperty(cmdList, "fess.log.name", "fess-suggest", "-suggest"); addSystemProperty(cmdList, "fess.log.level", null, null); - StreamUtil.of(fessConfig.getJvmSuggestOptions().split("\n")).filter(value -> StringUtil.isNotBlank(value)) + StreamUtil.of(fessConfig.getJvmSuggestOptionsAsArray()).filter(value -> StringUtil.isNotBlank(value)) .forEach(value -> cmdList.add(value)); File ownTmpDir = null; diff --git a/src/main/java/org/codelibs/fess/ldap/LdapManager.java b/src/main/java/org/codelibs/fess/ldap/LdapManager.java index 3e6c8cbe8..918dadcba 100644 --- a/src/main/java/org/codelibs/fess/ldap/LdapManager.java +++ b/src/main/java/org/codelibs/fess/ldap/LdapManager.java @@ -32,6 +32,7 @@ import javax.naming.directory.SearchResult; import org.codelibs.core.lang.StringUtil; import org.codelibs.fess.entity.FessUser; import org.codelibs.fess.filter.AdLoginInfoFilter; +import org.codelibs.fess.helper.SambaHelper; import org.codelibs.fess.mylasta.direction.FessConfig; import org.codelibs.fess.util.ComponentUtil; import org.dbflute.optional.OptionalEntity; @@ -81,8 +82,14 @@ public class LdapManager { } public String[] getRoles(final LdapUser ldapUser, String bindDn, String accountFilter) { + SambaHelper sambaHelper = ComponentUtil.getSambaHelper(); + FessConfig fessConfig = ComponentUtil.getFessConfig(); final List roleList = new ArrayList(); + if (fessConfig.isSmbRoleAsUser()) { + roleList.add(sambaHelper.getRoleByUser(ldapUser.getName())); + } + DirContext ctx = null; try { ctx = new InitialDirContext(ldapUser.getEnvironment()); @@ -120,7 +127,11 @@ public class LdapManager { strTmp = strTmp.substring(strStart, strEnd); - roleList.add(strTmp); + if (fessConfig.isSmbRoleAsGroup()) { + roleList.add(sambaHelper.getRoleByGroup(strTmp)); + } else { + roleList.add(strTmp); + } } } } diff --git a/src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java b/src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java index 3bbd86c0f..30651d65e 100644 --- a/src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java +++ b/src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java @@ -428,9 +428,15 @@ public class FessLabels extends ActionMessages { /** The key of the message: LDAP URL */ public static final String LABELS_LDAP_PROVIDER_URL = "{labels.ldapProviderUrl}"; - /** The key of the message: LDAP Principal */ + /** The key of the message: Bind DN */ public static final String LABELS_LDAP_SECURITY_PRINCIPAL = "{labels.ldapSecurityPrincipal}"; + /** The key of the message: Base DN */ + public static final String LABELS_LDAP_BASE_DN = "{labels.ldapBaseDn}"; + + /** The key of the message: Account Filter */ + public static final String LABELS_LDAP_ACCOUNT_FILTER = "{labels.ldapAccountFilter}"; + /** The key of the message: System */ public static final String LABELS_menu_system = "{labels.menu_system}"; @@ -1986,9 +1992,15 @@ public class FessLabels extends ActionMessages { /** The key of the message: LDAP URL */ public static final String LABELS_ldap_provider_url = "{labels.ldap_provider_url}"; - /** The key of the message: LDAP Principal */ + /** The key of the message: Bind DN */ public static final String LABELS_ldap_security_principal = "{labels.ldap_security_principal}"; + /** The key of the message: Base DN */ + public static final String LABELS_ldap_base_dn = "{labels.ldap_base_dn}"; + + /** The key of the message: Account Filter */ + public static final String LABELS_ldap_account_filter = "{labels.ldap_account_filter}"; + /** The key of the message: Send TestMail */ public static final String LABELS_send_testmail = "{labels.send_testmail}"; diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java index 48bc48c26..80b072469 100644 --- a/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java +++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java @@ -20,7 +20,7 @@ import org.lastaflute.core.direction.exception.ConfigPropertyNotFoundException; /** * @author FreeGen */ -public interface FessConfig extends FessEnv { +public interface FessConfig extends FessEnv, FessProp { /** The key of the configuration. e.g. Fess */ String DOMAIN_TITLE = "domain.title"; @@ -175,7 +175,13 @@ public interface FessConfig extends FessEnv { String QUERY_BOOST_CONTENT_LANG = "query.boost.content.lang"; /** The key of the configuration. e.g. true */ - String ACL_AS_ROLE = "acl.as.role"; + String SMB_ROLE_FROM_FILE = "smb.role.from.file"; + + /** The key of the configuration. e.g. true */ + String SMB_ROLE_AS_USER = "smb.role.as.user"; + + /** The key of the configuration. e.g. true */ + String SMB_ROLE_AS_GROUP = "smb.role.as.group"; /** The key of the configuration. e.g. admin */ String AUTHENTICATION_ADMIN_ROLES = "authentication.admin.roles"; @@ -774,20 +780,48 @@ public interface FessConfig extends FessEnv { java.math.BigDecimal getQueryBoostContentLangAsDecimal(); /** - * Get the value for the key 'acl.as.role'.
+ * Get the value for the key 'smb.role.from.file'.
* The value is, e.g. true
* comment: acl * @return The value of found property. (NotNull: if not found, exception but basically no way) */ - String getAclAsRole(); + String getSmbRoleFromFile(); /** - * Is the property for the key 'acl.as.role' true?
+ * Is the property for the key 'smb.role.from.file' true?
* The value is, e.g. true
* comment: acl * @return The determination, true or false. (if not found, exception but basically no way) */ - boolean isAclAsRole(); + boolean isSmbRoleFromFile(); + + /** + * Get the value for the key 'smb.role.as.user'.
+ * The value is, e.g. true
+ * @return The value of found property. (NotNull: if not found, exception but basically no way) + */ + String getSmbRoleAsUser(); + + /** + * Is the property for the key 'smb.role.as.user' true?
+ * The value is, e.g. true
+ * @return The determination, true or false. (if not found, exception but basically no way) + */ + boolean isSmbRoleAsUser(); + + /** + * Get the value for the key 'smb.role.as.group'.
+ * The value is, e.g. true
+ * @return The value of found property. (NotNull: if not found, exception but basically no way) + */ + String getSmbRoleAsGroup(); + + /** + * Is the property for the key 'smb.role.as.group' true?
+ * The value is, e.g. true
+ * @return The determination, true or false. (if not found, exception but basically no way) + */ + boolean isSmbRoleAsGroup(); /** * Get the value for the key 'authentication.admin.roles'.
@@ -1649,12 +1683,28 @@ public interface FessConfig extends FessEnv { return getAsDecimal(FessConfig.QUERY_BOOST_CONTENT_LANG); } - public String getAclAsRole() { - return get(FessConfig.ACL_AS_ROLE); + public String getSmbRoleFromFile() { + return get(FessConfig.SMB_ROLE_FROM_FILE); } - public boolean isAclAsRole() { - return is(FessConfig.ACL_AS_ROLE); + public boolean isSmbRoleFromFile() { + return is(FessConfig.SMB_ROLE_FROM_FILE); + } + + public String getSmbRoleAsUser() { + return get(FessConfig.SMB_ROLE_AS_USER); + } + + public boolean isSmbRoleAsUser() { + return is(FessConfig.SMB_ROLE_AS_USER); + } + + public String getSmbRoleAsGroup() { + return get(FessConfig.SMB_ROLE_AS_GROUP); + } + + public boolean isSmbRoleAsGroup() { + return is(FessConfig.SMB_ROLE_AS_GROUP); } public String getAuthenticationAdminRoles() { diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessEnv.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessEnv.java index 72afe36a2..d8080c9d3 100644 --- a/src/main/java/org/codelibs/fess/mylasta/direction/FessEnv.java +++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessEnv.java @@ -21,7 +21,7 @@ import org.lastaflute.core.direction.exception.ConfigPropertyNotFoundException; /** * @author FreeGen */ -public interface FessEnv extends FessProp { +public interface FessEnv { /** The key of the configuration. e.g. hot */ String lasta_di_SMART_DEPLOY_MODE = "lasta_di.smart.deploy.mode"; diff --git a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java index d27cbc64d..50e601731 100644 --- a/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java +++ b/src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java @@ -51,4 +51,22 @@ public interface FessProp { public default String getLdapAccountFilter() { return getProperty(Constants.LDAP_ACCOUNT_FILTER); } + + String getAuthenticationAdminRoles(); + + public default String[] getAuthenticationAdminRolesAsArray() { + return getAuthenticationAdminRoles().split(","); + } + + String getJvmCrawlerOptions(); + + public default String[] getJvmCrawlerOptionsAsArray() { + return getJvmCrawlerOptions().split("\n"); + } + + String getJvmSuggestOptions(); + + public default String[] getJvmSuggestOptionsAsArray() { + return getJvmSuggestOptions().split("\n"); + } } diff --git a/src/main/resources/fess_config.properties b/src/main/resources/fess_config.properties index 111deca72..e59e22d51 100644 --- a/src/main/resources/fess_config.properties +++ b/src/main/resources/fess_config.properties @@ -96,7 +96,9 @@ query.boost.content=1.0 query.boost.content.lang=1.3 # acl -acl.as.role=true +smb.role.from.file=true +smb.role.as.user=true +smb.role.as.group=true # ======================================================================================== # Web diff --git a/src/main/resources/fess_label_en.properties b/src/main/resources/fess_label_en.properties index e053a6a8e..68dbe7b14 100644 --- a/src/main/resources/fess_label_en.properties +++ b/src/main/resources/fess_label_en.properties @@ -136,6 +136,7 @@ labels.ex_q=Extended Query labels.ldapProviderUrl=LDAP URL labels.ldapSecurityPrincipal=Bind DN labels.ldapBaseDn=Base DN +labels.ldapAccountFilter=Account Filter labels.menu_system=System labels.menu_wizard=Wizard @@ -661,4 +662,5 @@ labels.general_menu_ldap=LDAP labels.ldap_provider_url=LDAP URL labels.ldap_security_principal=Bind DN labels.ldap_base_dn=Base DN +labels.ldap_account_filter=Account Filter labels.send_testmail=Send TestMail diff --git a/src/main/resources/fess_label_ja.properties b/src/main/resources/fess_label_ja.properties index 78a19ddaa..a8f2974de 100644 --- a/src/main/resources/fess_label_ja.properties +++ b/src/main/resources/fess_label_ja.properties @@ -652,3 +652,5 @@ labels.general_menu_ldap=LDAP labels.ldap_provider_url=LDAP URL labels.ldap_security_principal=Bind DN labels.ldap_base_dn=Base DN +labels.ldapAccountFilter=\u30a2\u30ab\u30a6\u30f3\u30c8\u30d5\u30a3\u30eb\u30bf +labels.ldap_account_filter=\u30a2\u30ab\u30a6\u30f3\u30c8\u30d5\u30a3\u30eb\u30bf