瀏覽代碼

modify role handing and minor fixes

Shinsuke Sugaya 9 年之前
父節點
當前提交
5d2ee61de8

+ 1 - 1
src/main/java/org/codelibs/fess/app/web/base/login/FessLoginAssist.java

@@ -119,7 +119,7 @@ public class FessLoginAssist extends TypicalLoginAssist<String, FessUserBean, Fe
     protected void checkPermission(final LoginHandlingResource resource) throws LoginRequiredException {
         if (resource.getActionClass().getName().startsWith(Constants.ADMIN_PACKAGE)) {
             getSessionUserBean().ifPresent(user -> {
-                if (!user.hasRoles(fessConfig.getAuthenticationAdminRoles().split(","))) {
+                if (!user.hasRoles(fessConfig.getAuthenticationAdminRolesAsArray())) {
                     throw new UserRoleLoginException(RootAction.class);
                 }
             });

+ 1 - 1
src/main/java/org/codelibs/fess/app/web/login/LoginAction.java

@@ -69,7 +69,7 @@ public class LoginAction extends FessSearchAction {
     }
 
     private HtmlResponse redirectByUser(FessUserBean user) {
-        if (!user.hasRoles(fessConfig.getAuthenticationAdminRoles().split(","))) {
+        if (!user.hasRoles(fessConfig.getAuthenticationAdminRolesAsArray())) {
             return redirectToRoot();
         }
         return redirect(AdminDashboardAction.class);

+ 1 - 2
src/main/java/org/codelibs/fess/crawler/FessCrawlerThread.java

@@ -66,7 +66,6 @@ public class FessCrawlerThread extends CrawlerThread {
             final SambaHelper sambaHelper = ComponentUtil.getSambaHelper();
             final IndexingHelper indexingHelper = ComponentUtil.getIndexingHelper();
             final FessEsClient fessEsClient = ComponentUtil.getElasticsearchClient();
-            final boolean useAclAsRole = Constants.TRUE.equals(fessConfig.getAclAsRole());
 
             final String url = urlQueue.getUrl();
             ResponseData responseData = null;
@@ -78,7 +77,7 @@ public class FessCrawlerThread extends CrawlerThread {
                 for (final String roleType : crawlingConfig.getRoleTypeValues()) {
                     roleTypeList.add(roleType);
                 }
-                if (useAclAsRole && url.startsWith("smb://")) {
+                if (fessConfig.isSmbRoleFromFile() && url.startsWith("smb://")) {
                     // head method
                     responseData = client.execute(RequestDataBuilder.newRequestData().head().url(url).build());
                     if (responseData == null) {

+ 1 - 2
src/main/java/org/codelibs/fess/crawler/transformer/AbstractFessFileTransformer.java

@@ -159,7 +159,6 @@ public abstract class AbstractFessFileTransformer extends AbstractFessXpathTrans
         final String sessionId = crawlingInfoHelper.getCanonicalSessionId(responseData.getSessionId());
         final PathMappingHelper pathMappingHelper = ComponentUtil.getPathMappingHelper();
         final SambaHelper sambaHelper = ComponentUtil.getSambaHelper();
-        final boolean useAclAsRole = Constants.TRUE.equals(fessConfig.getAclAsRole());
         final CrawlingConfigHelper crawlingConfigHelper = ComponentUtil.getCrawlingConfigHelper();
         final CrawlingConfig crawlingConfig = crawlingConfigHelper.get(responseData.getSessionId());
         final Date documentExpires = crawlingInfoHelper.getDocumentExpires(crawlingConfig);
@@ -281,7 +280,7 @@ public abstract class AbstractFessFileTransformer extends AbstractFessXpathTrans
         for (final String roleType : crawlingConfig.getRoleTypeValues()) {
             roleTypeList.add(roleType);
         }
-        if (useAclAsRole && responseData.getUrl().startsWith("smb://")) {
+        if (fessConfig.isSmbRoleFromFile() && responseData.getUrl().startsWith("smb://")) {
             final ACE[] aces = (ACE[]) responseData.getMetaDataMap().get(SmbClient.SMB_ACCESS_CONTROL_ENTRIES);
             if (aces != null) {
                 for (final ACE item : aces) {

+ 15 - 0
src/main/java/org/codelibs/fess/entity/FessUser.java

@@ -1,3 +1,18 @@
+/*
+ * Copyright 2012-2015 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
 package org.codelibs.fess.entity;
 
 import java.io.Serializable;

+ 13 - 1
src/main/java/org/codelibs/fess/helper/SambaHelper.java

@@ -38,6 +38,18 @@ public class SambaHelper {
     public static final int SID_TYPE_WKN_GRP = 5;
 
     public String getAccountId(final SID sid) {
-        return sid.getType() + "|" + sid.getAccountName();
+        return convert(sid.getType(), sid.getAccountName());
+    }
+
+    public String getRoleByUser(String name) {
+        return convert(SID_TYPE_USER, name);
+    }
+
+    public String getRoleByGroup(String name) {
+        return convert(SID_TYPE_DOM_GRP, name);
+    }
+
+    protected String convert(int type, String name) {
+        return type + name;
     }
 }

+ 1 - 1
src/main/java/org/codelibs/fess/job/CrawlJob.java

@@ -300,7 +300,7 @@ public class CrawlJob {
         } else {
             cmdList.add("-Dfess.log.level=" + logLevel);
         }
-        StreamUtil.of(fessConfig.getJvmCrawlerOptions().split("\n")).filter(value -> StringUtil.isNotBlank(value))
+        StreamUtil.of(fessConfig.getJvmCrawlerOptionsAsArray()).filter(value -> StringUtil.isNotBlank(value))
                 .forEach(value -> cmdList.add(value));
 
         File ownTmpDir = null;

+ 1 - 1
src/main/java/org/codelibs/fess/job/SuggestJob.java

@@ -170,7 +170,7 @@ public class SuggestJob {
         cmdList.add("-Dfess.log.path=" + logFilePath);
         addSystemProperty(cmdList, "fess.log.name", "fess-suggest", "-suggest");
         addSystemProperty(cmdList, "fess.log.level", null, null);
-        StreamUtil.of(fessConfig.getJvmSuggestOptions().split("\n")).filter(value -> StringUtil.isNotBlank(value))
+        StreamUtil.of(fessConfig.getJvmSuggestOptionsAsArray()).filter(value -> StringUtil.isNotBlank(value))
                 .forEach(value -> cmdList.add(value));
 
         File ownTmpDir = null;

+ 12 - 1
src/main/java/org/codelibs/fess/ldap/LdapManager.java

@@ -32,6 +32,7 @@ import javax.naming.directory.SearchResult;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.entity.FessUser;
 import org.codelibs.fess.filter.AdLoginInfoFilter;
+import org.codelibs.fess.helper.SambaHelper;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
 import org.dbflute.optional.OptionalEntity;
@@ -81,8 +82,14 @@ public class LdapManager {
     }
 
     public String[] getRoles(final LdapUser ldapUser, String bindDn, String accountFilter) {
+        SambaHelper sambaHelper = ComponentUtil.getSambaHelper();
+        FessConfig fessConfig = ComponentUtil.getFessConfig();
         final List<String> roleList = new ArrayList<String>();
 
+        if (fessConfig.isSmbRoleAsUser()) {
+            roleList.add(sambaHelper.getRoleByUser(ldapUser.getName()));
+        }
+
         DirContext ctx = null;
         try {
             ctx = new InitialDirContext(ldapUser.getEnvironment());
@@ -120,7 +127,11 @@ public class LdapManager {
 
                         strTmp = strTmp.substring(strStart, strEnd);
 
-                        roleList.add(strTmp);
+                        if (fessConfig.isSmbRoleAsGroup()) {
+                            roleList.add(sambaHelper.getRoleByGroup(strTmp));
+                        } else {
+                            roleList.add(strTmp);
+                        }
                     }
                 }
             }

+ 14 - 2
src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java

@@ -428,9 +428,15 @@ public class FessLabels extends ActionMessages {
     /** The key of the message: LDAP URL */
     public static final String LABELS_LDAP_PROVIDER_URL = "{labels.ldapProviderUrl}";
 
-    /** The key of the message: LDAP Principal */
+    /** The key of the message: Bind DN */
     public static final String LABELS_LDAP_SECURITY_PRINCIPAL = "{labels.ldapSecurityPrincipal}";
 
+    /** The key of the message: Base DN */
+    public static final String LABELS_LDAP_BASE_DN = "{labels.ldapBaseDn}";
+
+    /** The key of the message: Account Filter */
+    public static final String LABELS_LDAP_ACCOUNT_FILTER = "{labels.ldapAccountFilter}";
+
     /** The key of the message: System */
     public static final String LABELS_menu_system = "{labels.menu_system}";
 
@@ -1986,9 +1992,15 @@ public class FessLabels extends ActionMessages {
     /** The key of the message: LDAP URL */
     public static final String LABELS_ldap_provider_url = "{labels.ldap_provider_url}";
 
-    /** The key of the message: LDAP Principal */
+    /** The key of the message: Bind DN */
     public static final String LABELS_ldap_security_principal = "{labels.ldap_security_principal}";
 
+    /** The key of the message: Base DN */
+    public static final String LABELS_ldap_base_dn = "{labels.ldap_base_dn}";
+
+    /** The key of the message: Account Filter */
+    public static final String LABELS_ldap_account_filter = "{labels.ldap_account_filter}";
+
     /** The key of the message: Send TestMail */
     public static final String LABELS_send_testmail = "{labels.send_testmail}";
 

+ 60 - 10
src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -20,7 +20,7 @@ import org.lastaflute.core.direction.exception.ConfigPropertyNotFoundException;
 /**
  * @author FreeGen
  */
-public interface FessConfig extends FessEnv {
+public interface FessConfig extends FessEnv, FessProp {
 
     /** The key of the configuration. e.g. Fess */
     String DOMAIN_TITLE = "domain.title";
@@ -175,7 +175,13 @@ public interface FessConfig extends FessEnv {
     String QUERY_BOOST_CONTENT_LANG = "query.boost.content.lang";
 
     /** The key of the configuration. e.g. true */
-    String ACL_AS_ROLE = "acl.as.role";
+    String SMB_ROLE_FROM_FILE = "smb.role.from.file";
+
+    /** The key of the configuration. e.g. true */
+    String SMB_ROLE_AS_USER = "smb.role.as.user";
+
+    /** The key of the configuration. e.g. true */
+    String SMB_ROLE_AS_GROUP = "smb.role.as.group";
 
     /** The key of the configuration. e.g. admin */
     String AUTHENTICATION_ADMIN_ROLES = "authentication.admin.roles";
@@ -774,20 +780,48 @@ public interface FessConfig extends FessEnv {
     java.math.BigDecimal getQueryBoostContentLangAsDecimal();
 
     /**
-     * Get the value for the key 'acl.as.role'. <br>
+     * Get the value for the key 'smb.role.from.file'. <br>
      * The value is, e.g. true <br>
      * comment: acl
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
-    String getAclAsRole();
+    String getSmbRoleFromFile();
 
     /**
-     * Is the property for the key 'acl.as.role' true? <br>
+     * Is the property for the key 'smb.role.from.file' true? <br>
      * The value is, e.g. true <br>
      * comment: acl
      * @return The determination, true or false. (if not found, exception but basically no way)
      */
-    boolean isAclAsRole();
+    boolean isSmbRoleFromFile();
+
+    /**
+     * Get the value for the key 'smb.role.as.user'. <br>
+     * The value is, e.g. true <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getSmbRoleAsUser();
+
+    /**
+     * Is the property for the key 'smb.role.as.user' true? <br>
+     * The value is, e.g. true <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isSmbRoleAsUser();
+
+    /**
+     * Get the value for the key 'smb.role.as.group'. <br>
+     * The value is, e.g. true <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getSmbRoleAsGroup();
+
+    /**
+     * Is the property for the key 'smb.role.as.group' true? <br>
+     * The value is, e.g. true <br>
+     * @return The determination, true or false. (if not found, exception but basically no way)
+     */
+    boolean isSmbRoleAsGroup();
 
     /**
      * Get the value for the key 'authentication.admin.roles'. <br>
@@ -1649,12 +1683,28 @@ public interface FessConfig extends FessEnv {
             return getAsDecimal(FessConfig.QUERY_BOOST_CONTENT_LANG);
         }
 
-        public String getAclAsRole() {
-            return get(FessConfig.ACL_AS_ROLE);
+        public String getSmbRoleFromFile() {
+            return get(FessConfig.SMB_ROLE_FROM_FILE);
+        }
+
+        public boolean isSmbRoleFromFile() {
+            return is(FessConfig.SMB_ROLE_FROM_FILE);
+        }
+
+        public String getSmbRoleAsUser() {
+            return get(FessConfig.SMB_ROLE_AS_USER);
+        }
+
+        public boolean isSmbRoleAsUser() {
+            return is(FessConfig.SMB_ROLE_AS_USER);
+        }
+
+        public String getSmbRoleAsGroup() {
+            return get(FessConfig.SMB_ROLE_AS_GROUP);
         }
 
-        public boolean isAclAsRole() {
-            return is(FessConfig.ACL_AS_ROLE);
+        public boolean isSmbRoleAsGroup() {
+            return is(FessConfig.SMB_ROLE_AS_GROUP);
         }
 
         public String getAuthenticationAdminRoles() {

+ 1 - 1
src/main/java/org/codelibs/fess/mylasta/direction/FessEnv.java

@@ -21,7 +21,7 @@ import org.lastaflute.core.direction.exception.ConfigPropertyNotFoundException;
 /**
  * @author FreeGen
  */
-public interface FessEnv extends FessProp {
+public interface FessEnv {
 
     /** The key of the configuration. e.g. hot */
     String lasta_di_SMART_DEPLOY_MODE = "lasta_di.smart.deploy.mode";

+ 18 - 0
src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java

@@ -51,4 +51,22 @@ public interface FessProp {
     public default String getLdapAccountFilter() {
         return getProperty(Constants.LDAP_ACCOUNT_FILTER);
     }
+
+    String getAuthenticationAdminRoles();
+
+    public default String[] getAuthenticationAdminRolesAsArray() {
+        return getAuthenticationAdminRoles().split(",");
+    }
+
+    String getJvmCrawlerOptions();
+
+    public default String[] getJvmCrawlerOptionsAsArray() {
+        return getJvmCrawlerOptions().split("\n");
+    }
+
+    String getJvmSuggestOptions();
+
+    public default String[] getJvmSuggestOptionsAsArray() {
+        return getJvmSuggestOptions().split("\n");
+    }
 }

+ 3 - 1
src/main/resources/fess_config.properties

@@ -96,7 +96,9 @@ query.boost.content=1.0
 query.boost.content.lang=1.3
 
 # acl
-acl.as.role=true
+smb.role.from.file=true
+smb.role.as.user=true
+smb.role.as.group=true
 
 # ========================================================================================
 #                                                                                     Web

+ 2 - 0
src/main/resources/fess_label_en.properties

@@ -136,6 +136,7 @@ labels.ex_q=Extended Query
 labels.ldapProviderUrl=LDAP URL
 labels.ldapSecurityPrincipal=Bind DN
 labels.ldapBaseDn=Base DN
+labels.ldapAccountFilter=Account Filter
 
 labels.menu_system=System
 labels.menu_wizard=Wizard
@@ -661,4 +662,5 @@ labels.general_menu_ldap=LDAP
 labels.ldap_provider_url=LDAP URL
 labels.ldap_security_principal=Bind DN
 labels.ldap_base_dn=Base DN
+labels.ldap_account_filter=Account Filter
 labels.send_testmail=Send TestMail

+ 2 - 0
src/main/resources/fess_label_ja.properties

@@ -652,3 +652,5 @@ labels.general_menu_ldap=LDAP
 labels.ldap_provider_url=LDAP URL
 labels.ldap_security_principal=Bind DN
 labels.ldap_base_dn=Base DN
+labels.ldapAccountFilter=\u30a2\u30ab\u30a6\u30f3\u30c8\u30d5\u30a3\u30eb\u30bf
+labels.ldap_account_filter=\u30a2\u30ab\u30a6\u30f3\u30c8\u30d5\u30a3\u30eb\u30bf