Merge branch '10.3.x'

src/main/config/es/fess_config.json

@@ -22,6 +22,9 @@
             "type": "string",
             "index": "not_analyzed"
           },
+          "expiredTime" : {
+            "type" : "long"
+          },
           "createdBy": {
             "type": "string",
             "index": "not_analyzed"

src/main/java/org/codelibs/fess/Constants.java

@@ -363,6 +363,10 @@ public class Constants extends CoreLibConstants {
 
     public static final String LDAP_SECURITY_PRINCIPAL = "ldap.security.principal";
 
+    public static final String LDAP_ADMIN_SECURITY_PRINCIPAL = "ldap.admin.security.principal";
+
+    public static final String LDAP_ADMIN_SECURITY_CREDENTIALS = "ldap.admin.security.credentials";
+
     public static final String LDAP_PROVIDER_URL = "ldap.provider.url";
 
     public static final String LDAP_SECURITY_AUTHENTICATION = "ldap.security.authentication";
@@ -396,4 +400,6 @@ public class Constants extends CoreLibConstants {
     public static final String GSA_API_VERSION = "3.2";
 
     public static final String PERMISSIONS = "permissions";
+
+    public static final String CIPHER_PREFIX = "{cipher}";
 }

src/main/java/org/codelibs/fess/api/gsa/GsaApiManager.java

@@ -49,6 +49,7 @@ import org.codelibs.fess.entity.FacetInfo;
 import org.codelibs.fess.entity.GeoInfo;
 import org.codelibs.fess.entity.SearchRenderData;
 import org.codelibs.fess.entity.SearchRequestParams;
+import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.util.ComponentUtil;
 import org.dbflute.optional.OptionalThing;
@@ -264,6 +265,11 @@ public class GsaApiManager extends BaseApiManager implements WebApiManager {
             if (logger.isDebugEnabled()) {
                 logger.debug("Failed to process a search request.", e);
             }
+            if (e instanceof InvalidAccessTokenException) {
+                final InvalidAccessTokenException iate = (InvalidAccessTokenException) e;
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setHeader("WWW-Authenticate", "Bearer error=\"" + iate.getType() + "\"");
+            }
         }
 
         writeXmlResponse(status, xmlDtd, buf.toString(), errMsg);

src/main/java/org/codelibs/fess/api/json/JsonApiManager.java

@@ -45,6 +45,7 @@ import org.codelibs.fess.entity.SearchRenderData;
 import org.codelibs.fess.entity.SearchRequestParams;
 import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.es.client.FessEsClient;
+import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.exception.WebApiException;
 import org.codelibs.fess.helper.LabelTypeHelper;
 import org.codelibs.fess.helper.PopularWordHelper;
@@ -62,6 +63,7 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentFactory;
 import org.elasticsearch.script.Script;
 import org.lastaflute.web.util.LaRequestUtil;
+import org.lastaflute.web.util.LaResponseUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -538,6 +540,13 @@ public class JsonApiManager extends BaseApiManager {
             return;
         }
 
+        if (t instanceof InvalidAccessTokenException) {
+            final InvalidAccessTokenException e = (InvalidAccessTokenException) t;
+            final HttpServletResponse response = LaResponseUtil.getResponse();
+            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            response.setHeader("WWW-Authenticate", "Bearer error=\"" + e.getType() + "\"");
+        }
+
         final StringBuilder sb = new StringBuilder();
         if (StringUtil.isBlank(t.getMessage())) {
             sb.append(t.getClass().getName());

src/main/java/org/codelibs/fess/api/suggest/SuggestApiManager.java

@@ -35,6 +35,7 @@ import org.codelibs.fess.entity.FacetInfo;
 import org.codelibs.fess.entity.GeoInfo;
 import org.codelibs.fess.entity.SearchRequestParams;
 import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
+import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.helper.RoleQueryHelper;
 import org.codelibs.fess.helper.SuggestHelper;
 import org.codelibs.fess.suggest.entity.SuggestItem;
@@ -148,6 +149,11 @@ public class SuggestApiManager extends BaseApiManager {
             if (logger.isDebugEnabled()) {
                 logger.debug("Failed to process a suggest request.", e);
             }
+            if (e instanceof InvalidAccessTokenException) {
+                final InvalidAccessTokenException iate = (InvalidAccessTokenException) e;
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setHeader("WWW-Authenticate", "Bearer error=\"" + iate.getType() + "\"");
+            }
         }
 
         JsonApiManager.writeJsonResponse(status, buf.toString(), errMsg);

src/main/java/org/codelibs/fess/app/web/admin/accesstoken/AdminAccesstokenAction.java

@@ -15,14 +15,22 @@
  */
 package org.codelibs.fess.app.web.admin.accesstoken;
 
+import static org.codelibs.core.stream.StreamUtil.split;
+import static org.codelibs.core.stream.StreamUtil.stream;
+
+import java.util.stream.Collectors;
+
 import javax.annotation.Resource;
 
+import org.codelibs.core.lang.StringUtil;
 import org.codelibs.fess.Constants;
 import org.codelibs.fess.app.pager.AccessTokenPager;
 import org.codelibs.fess.app.service.AccessTokenService;
 import org.codelibs.fess.app.web.CrudMode;
 import org.codelibs.fess.app.web.base.FessAdminAction;
 import org.codelibs.fess.es.config.exentity.AccessToken;
+import org.codelibs.fess.helper.PermissionHelper;
+import org.codelibs.fess.util.ComponentUtil;
 import org.codelibs.fess.util.RenderDataUtil;
 import org.dbflute.optional.OptionalEntity;
 import org.dbflute.optional.OptionalThing;
@@ -36,6 +44,12 @@ import org.lastaflute.web.ruts.process.ActionRuntime;
  */
 public class AdminAccesstokenAction extends FessAdminAction {
 
+    private static final String TOKEN = "token";
+
+    private static final String EXPIRES = "expires";
+
+    private static final String EXPIRED_TIME = "expiredTime";
+
     // ===================================================================================
     //                                                                           Attribute
     //                                                                           =========
@@ -120,18 +134,61 @@ public class AdminAccesstokenAction extends FessAdminAction {
     public HtmlResponse details(final int crudMode, final String id) {
         verifyCrudMode(crudMode, CrudMode.DETAILS);
         saveToken();
-        return asDetailsHtml().useForm(EditForm.class, op -> {
-            op.setup(form -> {
-                accessTokenService.getAccessToken(id).ifPresent(entity -> {
-                    copyBeanToBean(entity, form, copyOp -> {
-                        copyOp.excludeNull();
+        return asDetailsHtml().useForm(
+                EditForm.class,
+                op -> {
+                    op.setup(form -> {
+                        accessTokenService
+                                .getAccessToken(id)
+                                .ifPresent(
+                                        entity -> {
+                                            copyBeanToBean(entity, form, copyOp -> copyOp.exclude(Constants.PERMISSIONS, EXPIRED_TIME)
+                                                    .excludeNull().dateConverter(Constants.DEFAULT_DATETIME_FORMAT, EXPIRES));
+                                            final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
+                                            form.permissions =
+                                                    stream(entity.getPermissions()).get(
+                                                            stream -> stream.map(permissionHelper::decode).filter(StringUtil::isNotBlank)
+                                                                    .distinct().collect(Collectors.joining("\n")));
+                                            form.crudMode = crudMode;
+                                        })
+                                .orElse(() -> {
+                                    throwValidationError(messages -> messages.addErrorsCrudCouldNotFindCrudTable(GLOBAL, id),
+                                            () -> asListHtml());
+                                });
                     });
-                    form.crudMode = crudMode;
-                }).orElse(() -> {
+                });
+    }
+
+    @Execute
+    public HtmlResponse edit(final EditForm form) {
+        validate(form, messages -> {}, () -> asListHtml());
+        final String id = form.id;
+        accessTokenService
+                .getAccessToken(id)
+                .ifPresent(
+                        entity -> {
+                            copyBeanToBean(
+                                    entity,
+                                    form,
+                                    op -> op.exclude(Constants.PERMISSIONS, EXPIRED_TIME).dateConverter(Constants.DEFAULT_DATETIME_FORMAT,
+                                            EXPIRES));
+                            final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
+                            form.permissions =
+                                    stream(entity.getPermissions()).get(
+                                            stream -> stream.map(permissionHelper::decode).filter(StringUtil::isNotBlank).distinct()
+                                                    .collect(Collectors.joining("\n")));
+                        }).orElse(() -> {
                     throwValidationError(messages -> messages.addErrorsCrudCouldNotFindCrudTable(GLOBAL, id), () -> asListHtml());
                 });
-            });
-        });
+        saveToken();
+        if (form.crudMode.intValue() == CrudMode.EDIT) {
+            // back
+            form.crudMode = CrudMode.DETAILS;
+            return asDetailsHtml();
+        } else {
+            form.crudMode = CrudMode.EDIT;
+            return asEditHtml();
+        }
     }
 
     // -----------------------------------------------------
@@ -158,6 +215,26 @@ public class AdminAccesstokenAction extends FessAdminAction {
         return redirect(getClass());
     }
 
+    @Execute
+    public HtmlResponse update(final EditForm form) {
+        verifyCrudMode(form.crudMode, CrudMode.EDIT);
+        validate(form, messages -> {}, () -> asEditHtml());
+        verifyToken(() -> asEditHtml());
+        getAccessToken(form).ifPresent(
+                entity -> {
+                    try {
+                        accessTokenService.store(entity);
+                        saveInfo(messages -> messages.addSuccessCrudUpdateCrudTable(GLOBAL));
+                    } catch (final Exception e) {
+                        throwValidationError(messages -> messages.addErrorsCrudFailedToUpdateCrudTable(GLOBAL, buildThrowableMessage(e)),
+                                () -> asEditHtml());
+                    }
+                }).orElse(() -> {
+            throwValidationError(messages -> messages.addErrorsCrudCouldNotFindCrudTable(GLOBAL, form.id), () -> asEditHtml());
+        });
+        return redirect(getClass());
+    }
+
     @Execute
     public HtmlResponse delete(final EditForm form) {
         verifyCrudMode(form.crudMode, CrudMode.DETAILS);
@@ -208,12 +285,19 @@ public class AdminAccesstokenAction extends FessAdminAction {
     protected OptionalEntity<AccessToken> getAccessToken(final CreateForm form) {
         final String username = systemHelper.getUsername();
         final long currentTime = systemHelper.getCurrentTimeAsLong();
-        return getEntity(form, username, currentTime).map(entity -> {
-            entity.setUpdatedBy(username);
-            entity.setUpdatedTime(currentTime);
-            copyBeanToBean(form, entity, op -> op.exclude(Constants.COMMON_CONVERSION_RULE));
-            return entity;
-        });
+        return getEntity(form, username, currentTime).map(
+                entity -> {
+                    entity.setUpdatedBy(username);
+                    entity.setUpdatedTime(currentTime);
+                    copyBeanToBean(form, entity,
+                            op -> op.exclude(Constants.COMMON_CONVERSION_RULE).exclude(TOKEN, Constants.PERMISSIONS, EXPIRED_TIME)
+                                    .dateConverter(Constants.DEFAULT_DATETIME_FORMAT, EXPIRES));
+                    final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
+                    entity.setPermissions(split(form.permissions, "\n").get(
+                            stream -> stream.map(s -> permissionHelper.encode(s)).filter(StringUtil::isNotBlank).distinct()
+                                    .toArray(n -> new String[n])));
+                    return entity;
+                });
     }
 
     // ===================================================================================

src/main/java/org/codelibs/fess/app/web/admin/accesstoken/CreateForm.java

@@ -15,6 +15,7 @@
  */
 package org.codelibs.fess.app.web.admin.accesstoken;
 
+import javax.validation.constraints.Pattern;
 import javax.validation.constraints.Size;
 
 import org.codelibs.fess.app.web.CrudMode;
@@ -28,12 +29,21 @@ public class CreateForm {
     public Integer crudMode;
 
     @Required
-    @Size(max = 10000)
+    @Size(max = 1000)
     public String name;
 
     @Size(max = 10000)
     public String token;
 
+    @Size(max = 4000)
+    public String permissions;
+
+    @Size(max = 10000)
+    public String parameterName;
+
+    @Pattern(regexp = "[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9]")
+    public String expires;
+
     @Required
     @Size(max = 1000)
     public String createdBy;

src/main/java/org/codelibs/fess/app/web/admin/general/AdminGeneralAction.java

@@ -45,6 +45,8 @@ import org.slf4j.LoggerFactory;
  */
 public class AdminGeneralAction extends FessAdminAction {
 
+    private static final String DUMMY_PASSWORD = "**********";
+
     private static final Logger logger = LoggerFactory.getLogger(AdminGeneralAction.class);
 
     // ===================================================================================
@@ -144,6 +146,10 @@ public class AdminGeneralAction extends FessAdminAction {
         fessConfig.setPurgeSuggestSearchLogDay(form.purgeSuggestSearchLogDay);
         fessConfig.setLdapProviderUrl(form.ldapProviderUrl);
         fessConfig.setLdapSecurityPrincipal(form.ldapSecurityPrincipal);
+        fessConfig.setLdapAdminSecurityPrincipal(form.ldapAdminSecurityPrincipal);
+        if (form.ldapAdminSecurityCredentials != null && StringUtil.isNotBlank(form.ldapAdminSecurityCredentials.replace("*", " "))) {
+            fessConfig.setLdapAdminSecurityCredentials(form.ldapAdminSecurityCredentials);
+        }
         fessConfig.setLdapBaseDn(form.ldapBaseDn);
         fessConfig.setLdapAccountFilter(form.ldapAccountFilter);
         fessConfig.setNotificationLogin(form.notificationLogin);
@@ -182,6 +188,8 @@ public class AdminGeneralAction extends FessAdminAction {
         form.purgeSuggestSearchLogDay = fessConfig.getPurgeSuggestSearchLogDay();
         form.ldapProviderUrl = fessConfig.getLdapProviderUrl();
         form.ldapSecurityPrincipal = fessConfig.getLdapSecurityPrincipal();
+        form.ldapAdminSecurityPrincipal = fessConfig.getLdapAdminSecurityPrincipal();
+        form.ldapAdminSecurityCredentials = DUMMY_PASSWORD;//fessConfig.getLdapAdminSecurityCredentials();
         form.ldapBaseDn = fessConfig.getLdapBaseDn();
         form.ldapAccountFilter = fessConfig.getLdapAccountFilter();
         form.notificationLogin = fessConfig.getNotificationLogin();

src/main/java/org/codelibs/fess/app/web/admin/general/EditForm.java

@@ -127,6 +127,12 @@ public class EditForm {
     @Size(max = 1000)
     public String ldapSecurityPrincipal;
 
+    @Size(max = 1000)
+    public String ldapAdminSecurityPrincipal;
+
+    @Size(max = 1000)
+    public String ldapAdminSecurityCredentials;
+
     @Size(max = 1000)
     public String ldapBaseDn;
 

src/main/java/org/codelibs/fess/ds/impl/GitBucketDataStoreImpl.java

@@ -17,16 +17,24 @@ package org.codelibs.fess.ds.impl;
 
 import java.io.InputStream;
 import java.util.ArrayList;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
 
 import org.apache.commons.io.FilenameUtils;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.elasticsearch.runner.net.Curl;
 import org.codelibs.elasticsearch.runner.net.CurlResponse;
+import org.codelibs.fess.crawler.client.CrawlerClientFactory;
+import org.codelibs.fess.crawler.client.http.HcHttpClient;
+import org.codelibs.fess.crawler.client.http.RequestHeader;
 import org.codelibs.fess.ds.IndexUpdateCallback;
+import org.codelibs.fess.es.config.exentity.CrawlingConfig;
+import org.codelibs.fess.es.config.exentity.CrawlingConfigWrapper;
 import org.codelibs.fess.es.config.exentity.DataConfig;
 import org.elasticsearch.common.xcontent.json.JsonXContent;
 import org.slf4j.Logger;
@@ -42,6 +50,8 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
 
     protected static final String TOKEN_PARAM = "token";
     protected static final String GITBUCKET_URL_PARAM = "url";
+    protected static final String PRIVATE_REPOSITORY_PARAM = "is_private";
+    protected static final String COLLABORATORS_PARAM = "collaborators";
 
     @Override
     protected void storeData(final DataConfig dataConfig, final IndexUpdateCallback callback, final Map<String, String> paramMap,
@@ -62,19 +72,43 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
             return;
         }
 
+        final CrawlingConfig crawlingConfig = new CrawlingConfigWrapper(dataConfig) {
+            @Override
+            public Map<String, Object> initializeClientFactory(CrawlerClientFactory crawlerClientFactory) {
+                final Map<String, Object> paramMap = super.initializeClientFactory(crawlerClientFactory);
+                List<RequestHeader> headerList = new ArrayList<>();
+                RequestHeader[] headers = (RequestHeader[]) paramMap.get(HcHttpClient.REQUERT_HEADERS_PROPERTY);
+                if (headers != null) {
+                    for (RequestHeader header : headers) {
+                        headerList.add(header);
+                    }
+                }
+                headerList.add(new RequestHeader("Authorization", "token " + authToken));
+                paramMap.put(HcHttpClient.REQUERT_HEADERS_PROPERTY, headerList.toArray(new RequestHeader[headerList.size()]));
+                return paramMap;
+            }
+        };
         for (final Map<String, Object> repository : repositoryList) {
             try {
                 final String name = (String) repository.get("name");
                 final String owner = (String) repository.get("owner");
-                repository.get("is_private");
+                final List<String> roleList = createRoleList(owner, repository);
 
-                final List<String> pathList = collectFileNames(rootURL, authToken, owner, name, "", 0, readInterval);
-                for (final String path : pathList) {
-                    storeFileContent(rootURL, authToken, owner, name, path, dataConfig, callback, paramMap, scriptMap, defaultDataMap);
-                    if (readInterval > 0) {
-                        sleep(readInterval);
-                    }
-                }
+                collectFileNames(
+                        rootURL,
+                        authToken,
+                        owner,
+                        name,
+                        StringUtil.EMPTY,
+                        0,
+                        readInterval,
+                        path -> {
+                            storeFileContent(rootURL, authToken, owner, name, roleList, path, crawlingConfig, callback, paramMap,
+                                    scriptMap, defaultDataMap);
+                            if (readInterval > 0) {
+                                sleep(readInterval);
+                            }
+                        });
             } catch (final Exception e) {
                 logger.warn("Failed to access to " + repository, e);
             }
@@ -84,9 +118,9 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
 
     protected String getRootURL(final Map<String, String> paramMap) {
         if (paramMap.containsKey(GITBUCKET_URL_PARAM)) {
-            String url = paramMap.get(GITBUCKET_URL_PARAM);
-            if (url.charAt(url.length() - 1) != '/') {
-                url += "/";
+            final String url = paramMap.get(GITBUCKET_URL_PARAM);
+            if (!url.endsWith("/")) {
+                return url + "/";
             }
             return url;
         }
@@ -103,9 +137,9 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
     protected List<Map<String, Object>> getRepositoryList(final String rootURL, final String authToken) {
         final String url = rootURL + "api/v3/fess/repos";
         try (CurlResponse curlResponse = Curl.get(url).header("Authorization", "token " + authToken).execute()) {
-            curlResponse.getContentAsString();
             final Map<String, Object> map = curlResponse.getContentAsMap();
             assert (map.containsKey("repositories"));
+            @SuppressWarnings("unchecked")
             final List<Map<String, Object>> repoList = (List<Map<String, Object>>) map.get("repositories");
             return repoList;
         } catch (final Exception e) {
@@ -114,47 +148,92 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
         }
     }
 
+    private List<String> createRoleList(final String owner, final Map<String, Object> repository) {
+        Boolean isPrivate = true;
+        if (repository.containsKey(PRIVATE_REPOSITORY_PARAM)) {
+            isPrivate = (Boolean) repository.get(PRIVATE_REPOSITORY_PARAM);
+        }
+        if (!isPrivate) {
+            return Collections.singletonList("Rguest");
+        }
+        @SuppressWarnings("unchecked")
+        final List<String> collaboratorList = (List<String>) repository.get(COLLABORATORS_PARAM);
+        collaboratorList.add(owner);
+        return collaboratorList.stream().map(user -> "1" + user).collect(Collectors.toList());
+    }
+
+    private List<String> createLabelList(final String owner, final String name) {
+        final List<String> labelList = new ArrayList<String>();
+        Collections.addAll(labelList, "GitBucket", owner + "/" + name);
+        return labelList;
+    }
+
     private List<Object> parseList(final InputStream is) { // TODO This function should be moved to CurlResponse
         try {
             return JsonXContent.jsonXContent.createParser(is).list();
         } catch (final Exception e) {
+            logger.warn("Failed to parse a list.", e);
             return Collections.emptyList();
         }
     }
 
-    private void storeFileContent(final String rootURL, final String authToken, final String owner, final String name, final String path,
-            final DataConfig dataConfig, final IndexUpdateCallback callback, final Map<String, String> paramMap,
-            final Map<String, String> scriptMap, final Map<String, Object> defaultDataMap) {
-        final String url = rootURL + owner + "/" + name + "/blob/master/" + path;
-        final String filename = FilenameUtils.getName(url);
+    private void storeFileContent(final String rootURL, final String authToken, final String owner, final String name,
+            List<String> roleList, final String path, final CrawlingConfig crawlingConfig, final IndexUpdateCallback callback,
+            final Map<String, String> paramMap, final Map<String, String> scriptMap, final Map<String, Object> defaultDataMap) {
+        final String apiUrl = rootURL + "api/v3/repos/" + owner + "/" + name + "/contents/" + path;
+        final String viewUrl = rootURL + owner + "/" + name + "/blob/master/" + path;
 
-        try (CurlResponse curlResponse = Curl.get(url).param("raw", "true").header("Authorization", "token " + authToken).execute()) {
-            logger.info("Get a content from " + url);
-            // TODO Use DoucmentHelper#processRequest and scriptMap
-            final Map<String, Object> dataMap = new HashMap<>();
-            dataMap.putAll(defaultDataMap);
-            dataMap.put("title", owner + "/" + name + " : " + filename);
-            dataMap.put("url", url);
-            dataMap.put("content", curlResponse.getContentAsString());
-            dataMap.put("label", "GitBucket"); // TODO role
+        if (logger.isInfoEnabled()) {
+            logger.info("Get a content from " + apiUrl);
+        }
+        final Map<String, Object> dataMap = new HashMap<>();
+        dataMap.putAll(defaultDataMap);
+        // FIXME Use DocumentHelper
+        // dataMap.putAll(ComponentUtil.getDocumentHelper().processRequest(crawlingConfig, paramMap.get("crawlingInfoId"), url));
+        dataMap.putAll(processContentRequest(authToken, apiUrl, viewUrl));
 
-            callback.store(paramMap, dataMap);
+        dataMap.put("role", roleList);
+        dataMap.put("label", createLabelList(owner, name));
 
+        // TODO scriptMap
+
+        callback.store(paramMap, dataMap);
+
+        return;
+    }
+
+    private Map<String, String> processContentRequest(final String authToken, final String apiUrl, final String viewUrl) { // FIXME should be replaced by DocumentHelper
+        final Map<String, String> dataMap = new HashMap<>();
+        try (CurlResponse curlResponse = Curl.get(apiUrl).header("Authorization", "token " + authToken).execute()) {
+            final Map<String, Object> map = curlResponse.getContentAsMap();
+            String content = StringUtil.EMPTY;
+            ;
+            if (map.containsKey("content")) {
+                content = (String) map.get("content");
+            }
+
+            if (map.containsKey("encoding") && map.get("encoding").equals("base64")) {
+                content = new String(Base64.getDecoder().decode(content));
+            }
+
+            dataMap.put("title", FilenameUtils.getName(apiUrl));
+            dataMap.put("url", viewUrl);
+            dataMap.put("content", content);
+
+            return dataMap;
         } catch (final Exception e) {
-            // TODO CrawlingAccessException?
-            logger.warn("Failed to parse " + url, e);
+            logger.warn("Failed to get " + apiUrl, e);
+            return Collections.emptyMap();
         }
-        return;
     }
 
-    protected List<String> collectFileNames(final String rootURL, final String authToken, final String owner, final String name,
-            final String path, final int depth, final long readInterval) {
+    protected void collectFileNames(final String rootURL, final String authToken, final String owner, final String name, final String path,
+            final int depth, final long readInterval, Consumer<String> consumer) {
 
         if (MAX_DEPTH <= depth) {
-            return Collections.emptyList();
+            return;
         }
 
-        final List<String> resultList = new ArrayList<>();
         final String url = rootURL + "api/v3/repos/" + owner + "/" + name + "/contents/" + path;
 
         try (CurlResponse curlResponse = Curl.get(url).header("Authorization", "token " + authToken).execute()) {
@@ -162,24 +241,24 @@ public class GitBucketDataStoreImpl extends AbstractDataStoreImpl {
             final List<Object> fileList = parseList(iStream);
 
             for (int i = 0; i < fileList.size(); ++i) {
+                @SuppressWarnings("unchecked")
                 final Map<String, String> file = (Map<String, String>) fileList.get(i);
                 final String newPath = path.isEmpty() ? file.get("name") : path + "/" + file.get("name");
                 switch (file.get("type")) {
                 case "file":
-                    resultList.add(newPath);
+                    consumer.accept(newPath);
                     break;
                 case "dir":
                     if (readInterval > 0) {
                         sleep(readInterval);
                     }
-                    resultList.addAll(collectFileNames(rootURL, authToken, owner, name, newPath, depth + 1, readInterval));
+                    collectFileNames(rootURL, authToken, owner, name, newPath, depth + 1, readInterval, consumer);
                     break;
                 }
             }
         } catch (final Exception e) {
             logger.warn("Failed to access to " + url, e);
         }
-        return resultList;
     }
 
 }

src/main/java/org/codelibs/fess/es/config/bsbhv/BsAccessTokenBhv.java

@@ -77,6 +77,7 @@ public abstract class BsAccessTokenBhv extends EsAbstractBehavior<AccessToken, A
             result.setToken(DfTypeUtil.toString(source.get("token")));
             result.setPermissions(toStringArray(source.get("permissions")));
             result.setParameterName(DfTypeUtil.toString(source.get("parameter_name")));
+            result.setExpiredTime(DfTypeUtil.toLong(source.get("expiredTime")));
             result.setCreatedBy(DfTypeUtil.toString(source.get("createdBy")));
             result.setCreatedTime(DfTypeUtil.toLong(source.get("createdTime")));
             result.setUpdatedBy(DfTypeUtil.toString(source.get("updatedBy")));

src/main/java/org/codelibs/fess/es/config/bsentity/BsAccessToken.java

@@ -49,6 +49,9 @@ public class BsAccessToken extends EsAbstractEntity {
     /** parameter_name */
     protected String parameterName;
 
+    /** expiredTime */
+    protected Long expiredTime;
+
     /** createdBy */
     protected String createdBy;
 
@@ -94,6 +97,9 @@ public class BsAccessToken extends EsAbstractEntity {
         if (parameterName != null) {
             sourceMap.put("parameter_name", parameterName);
         }
+        if (expiredTime != null) {
+            sourceMap.put("expiredTime", expiredTime);
+        }
         if (createdBy != null) {
             sourceMap.put("createdBy", createdBy);
         }
@@ -119,6 +125,7 @@ public class BsAccessToken extends EsAbstractEntity {
         sb.append(dm).append(token);
         sb.append(dm).append(permissions);
         sb.append(dm).append(parameterName);
+        sb.append(dm).append(expiredTime);
         sb.append(dm).append(createdBy);
         sb.append(dm).append(createdTime);
         sb.append(dm).append(updatedBy);
@@ -173,6 +180,16 @@ public class BsAccessToken extends EsAbstractEntity {
         this.parameterName = value;
     }
 
+    public Long getExpiredTime() {
+        checkSpecifiedProperty("expiredTime");
+        return expiredTime;
+    }
+
+    public void setExpiredTime(Long value) {
+        registerModifiedProperty("expiredTime");
+        this.expiredTime = value;
+    }
+
     public String getCreatedBy() {
         checkSpecifiedProperty("createdBy");
         return convertEmptyToNull(createdBy);

src/main/java/org/codelibs/fess/es/config/bsentity/dbmeta/AccessTokenDbm.java

@@ -85,6 +85,8 @@ public class AccessTokenDbm extends AbstractDBMeta {
                 "permissions");
         setupEpg(_epgMap, et -> ((AccessToken) et).getParameterName(),
                 (et, vl) -> ((AccessToken) et).setParameterName(DfTypeUtil.toString(vl)), "parameterName");
+        setupEpg(_epgMap, et -> ((AccessToken) et).getExpiredTime(), (et, vl) -> ((AccessToken) et).setExpiredTime(DfTypeUtil.toLong(vl)),
+                "expiredTime");
         setupEpg(_epgMap, et -> ((AccessToken) et).getCreatedBy(), (et, vl) -> ((AccessToken) et).setCreatedBy(DfTypeUtil.toString(vl)),
                 "createdBy");
         setupEpg(_epgMap, et -> ((AccessToken) et).getCreatedTime(), (et, vl) -> ((AccessToken) et).setCreatedTime(DfTypeUtil.toLong(vl)),
@@ -137,6 +139,8 @@ public class AccessTokenDbm extends AbstractDBMeta {
             false, false, false, "String", 0, 0, null, false, null, null, null, null, null, false);
     protected final ColumnInfo _columnParameterName = cci("parameter_name", "parameter_name", null, null, String.class, "parameterName",
             null, false, false, false, "String", 0, 0, null, false, null, null, null, null, null, false);
+    protected final ColumnInfo _columnExpiredTime = cci("expiredTime", "expiredTime", null, null, Long.class, "expiredTime", null, false,
+            false, false, "Long", 0, 0, null, false, null, null, null, null, null, false);
     protected final ColumnInfo _columnCreatedBy = cci("createdBy", "createdBy", null, null, String.class, "createdBy", null, false, false,
             false, "String", 0, 0, null, false, null, null, null, null, null, false);
     protected final ColumnInfo _columnCreatedTime = cci("createdTime", "createdTime", null, null, Long.class, "createdTime", null, false,
@@ -162,6 +166,10 @@ public class AccessTokenDbm extends AbstractDBMeta {
         return _columnParameterName;
     }
 
+    public ColumnInfo columnExpiredTime() {
+        return _columnExpiredTime;
+    }
+
     public ColumnInfo columnCreatedBy() {
         return _columnCreatedBy;
     }
@@ -184,6 +192,7 @@ public class AccessTokenDbm extends AbstractDBMeta {
         ls.add(columnToken());
         ls.add(columnPermissions());
         ls.add(columnParameterName());
+        ls.add(columnExpiredTime());
         ls.add(columnCreatedBy());
         ls.add(columnCreatedTime());
         ls.add(columnUpdatedBy());

src/main/java/org/codelibs/fess/es/config/cbean/bs/BsAccessTokenCB.java

@@ -163,6 +163,10 @@ public class BsAccessTokenCB extends EsAbstractConditionBean {
             doColumn("parameter_name");
         }
 
+        public void columnExpiredTime() {
+            doColumn("expiredTime");
+        }
+
         public void columnCreatedBy() {
             doColumn("createdBy");
         }

src/main/java/org/codelibs/fess/es/config/cbean/cq/bs/BsAccessTokenCQ.java

@@ -990,6 +990,180 @@ public abstract class BsAccessTokenCQ extends EsAbstractConditionQuery {
         return this;
     }
 
+    public void setExpiredTime_Equal(Long expiredTime) {
+        setExpiredTime_Term(expiredTime, null);
+    }
+
+    public void setExpiredTime_Equal(Long expiredTime, ConditionOptionCall<TermQueryBuilder> opLambda) {
+        setExpiredTime_Term(expiredTime, opLambda);
+    }
+
+    public void setExpiredTime_Term(Long expiredTime) {
+        setExpiredTime_Term(expiredTime, null);
+    }
+
+    public void setExpiredTime_Term(Long expiredTime, ConditionOptionCall<TermQueryBuilder> opLambda) {
+        TermQueryBuilder builder = regTermQ("expiredTime", expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_NotEqual(Long expiredTime) {
+        setExpiredTime_NotTerm(expiredTime, null);
+    }
+
+    public void setExpiredTime_NotTerm(Long expiredTime) {
+        setExpiredTime_NotTerm(expiredTime, null);
+    }
+
+    public void setExpiredTime_NotEqual(Long expiredTime, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        setExpiredTime_NotTerm(expiredTime, opLambda);
+    }
+
+    public void setExpiredTime_NotTerm(Long expiredTime, ConditionOptionCall<BoolQueryBuilder> opLambda) {
+        not(not -> not.setExpiredTime_Term(expiredTime), opLambda);
+    }
+
+    public void setExpiredTime_Terms(Collection<Long> expiredTimeList) {
+        setExpiredTime_Terms(expiredTimeList, null);
+    }
+
+    public void setExpiredTime_Terms(Collection<Long> expiredTimeList, ConditionOptionCall<TermsQueryBuilder> opLambda) {
+        TermsQueryBuilder builder = regTermsQ("expiredTime", expiredTimeList);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_InScope(Collection<Long> expiredTimeList) {
+        setExpiredTime_Terms(expiredTimeList, null);
+    }
+
+    public void setExpiredTime_InScope(Collection<Long> expiredTimeList, ConditionOptionCall<TermsQueryBuilder> opLambda) {
+        setExpiredTime_Terms(expiredTimeList, opLambda);
+    }
+
+    public void setExpiredTime_Match(Long expiredTime) {
+        setExpiredTime_Match(expiredTime, null);
+    }
+
+    public void setExpiredTime_Match(Long expiredTime, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchQ("expiredTime", expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_MatchPhrase(Long expiredTime) {
+        setExpiredTime_MatchPhrase(expiredTime, null);
+    }
+
+    public void setExpiredTime_MatchPhrase(Long expiredTime, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchPhraseQ("expiredTime", expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_MatchPhrasePrefix(Long expiredTime) {
+        setExpiredTime_MatchPhrasePrefix(expiredTime, null);
+    }
+
+    public void setExpiredTime_MatchPhrasePrefix(Long expiredTime, ConditionOptionCall<MatchQueryBuilder> opLambda) {
+        MatchQueryBuilder builder = regMatchPhrasePrefixQ("expiredTime", expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_Fuzzy(Long expiredTime) {
+        setExpiredTime_Fuzzy(expiredTime, null);
+    }
+
+    public void setExpiredTime_Fuzzy(Long expiredTime, ConditionOptionCall<FuzzyQueryBuilder> opLambda) {
+        FuzzyQueryBuilder builder = regFuzzyQ("expiredTime", expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_GreaterThan(Long expiredTime) {
+        setExpiredTime_GreaterThan(expiredTime, null);
+    }
+
+    public void setExpiredTime_GreaterThan(Long expiredTime, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("expiredTime", ConditionKey.CK_GREATER_THAN, expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_LessThan(Long expiredTime) {
+        setExpiredTime_LessThan(expiredTime, null);
+    }
+
+    public void setExpiredTime_LessThan(Long expiredTime, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("expiredTime", ConditionKey.CK_LESS_THAN, expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_GreaterEqual(Long expiredTime) {
+        setExpiredTime_GreaterEqual(expiredTime, null);
+    }
+
+    public void setExpiredTime_GreaterEqual(Long expiredTime, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("expiredTime", ConditionKey.CK_GREATER_EQUAL, expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_LessEqual(Long expiredTime) {
+        setExpiredTime_LessEqual(expiredTime, null);
+    }
+
+    public void setExpiredTime_LessEqual(Long expiredTime, ConditionOptionCall<RangeQueryBuilder> opLambda) {
+        RangeQueryBuilder builder = regRangeQ("expiredTime", ConditionKey.CK_LESS_EQUAL, expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_Exists() {
+        setExpiredTime_Exists(null);
+    }
+
+    public void setExpiredTime_Exists(ConditionOptionCall<ExistsQueryBuilder> opLambda) {
+        ExistsQueryBuilder builder = regExistsQ("expiredTime");
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public void setExpiredTime_CommonTerms(Long expiredTime) {
+        setExpiredTime_CommonTerms(expiredTime, null);
+    }
+
+    public void setExpiredTime_CommonTerms(Long expiredTime, ConditionOptionCall<CommonTermsQueryBuilder> opLambda) {
+        CommonTermsQueryBuilder builder = regCommonTermsQ("expiredTime", expiredTime);
+        if (opLambda != null) {
+            opLambda.callback(builder);
+        }
+    }
+
+    public BsAccessTokenCQ addOrderBy_ExpiredTime_Asc() {
+        regOBA("expiredTime");
+        return this;
+    }
+
+    public BsAccessTokenCQ addOrderBy_ExpiredTime_Desc() {
+        regOBD("expiredTime");
+        return this;
+    }
+
     public void setCreatedBy_Equal(String createdBy) {
         setCreatedBy_Term(createdBy, null);
     }

src/main/java/org/codelibs/fess/es/config/exentity/AccessToken.java

@@ -16,6 +16,7 @@
 package org.codelibs.fess.es.config.exentity;
 
 import java.util.Arrays;
+import java.util.Date;
 
 import org.codelibs.fess.es.config.bsentity.BsAccessToken;
 
@@ -42,6 +43,17 @@ public class AccessToken extends BsAccessToken {
         asDocMeta().version(version);
     }
 
+    public Date getExpires() {
+        if (getExpiredTime() == null) {
+            return null;
+        }
+        return new Date(getExpiredTime().longValue());
+    }
+
+    public void setExpires(Date date) {
+        setExpiredTime(date != null ? date.getTime() : null);
+    }
+
     @Override
     public String toString() {
         return "AccessToken [name=" + name + ", token=" + token + ", permissions=" + Arrays.toString(permissions) + ", parameterName="

src/main/java/org/codelibs/fess/es/config/exentity/CrawlingConfig.java

@@ -37,7 +37,7 @@ public interface CrawlingConfig {
 
     Integer getTimeToLive();
 
-    void initializeClientFactory(CrawlerClientFactory crawlerClientFactory);
+    Map<String, Object> initializeClientFactory(CrawlerClientFactory crawlerClientFactory);
 
     Map<String, String> getConfigParameterMap(ConfigName name);
 

src/main/java/org/codelibs/fess/es/config/exentity/CrawlingConfigWrapper.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright 2012-2016 CodeLibs Project and the Others.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+ * either express or implied. See the License for the specific language
+ * governing permissions and limitations under the License.
+ */
+package org.codelibs.fess.es.config.exentity;
+
+import java.util.Map;
+
+import org.codelibs.fess.crawler.client.CrawlerClientFactory;
+
+public class CrawlingConfigWrapper implements CrawlingConfig {
+
+    private CrawlingConfig crawlingConfig;
+
+    public CrawlingConfigWrapper(final CrawlingConfig crawlingConfig) {
+        this.crawlingConfig = crawlingConfig;
+    }
+
+    public String getId() {
+        return crawlingConfig.getId();
+    }
+
+    public String getName() {
+        return crawlingConfig.getName();
+    }
+
+    public String[] getPermissions() {
+        return crawlingConfig.getPermissions();
+    }
+
+    public String[] getLabelTypeValues() {
+        return crawlingConfig.getLabelTypeValues();
+    }
+
+    public String getDocumentBoost() {
+        return crawlingConfig.getDocumentBoost();
+    }
+
+    public String getIndexingTarget(String input) {
+        return crawlingConfig.getIndexingTarget(input);
+    }
+
+    public String getConfigId() {
+        return crawlingConfig.getConfigId();
+    }
+
+    public Integer getTimeToLive() {
+        return crawlingConfig.getTimeToLive();
+    }
+
+    public Map<String, Object> initializeClientFactory(CrawlerClientFactory crawlerClientFactory) {
+        return crawlingConfig.initializeClientFactory(crawlerClientFactory);
+    }
+
+    public Map<String, String> getConfigParameterMap(ConfigName name) {
+        return crawlingConfig.getConfigParameterMap(name);
+    }
+}

src/main/java/org/codelibs/fess/es/config/exentity/DataConfig.java

@@ -182,7 +182,7 @@ public class DataConfig extends BsDataConfig implements CrawlingConfig {
     }
 
     @Override
-    public void initializeClientFactory(final CrawlerClientFactory crawlerClientFactory) {
+    public Map<String, Object> initializeClientFactory(final CrawlerClientFactory crawlerClientFactory) {
         final Map<String, String> paramMap = getHandlerParameterMap();
 
         final Map<String, Object> factoryParamMap = new HashMap<>();
@@ -353,6 +353,7 @@ public class DataConfig extends BsDataConfig implements CrawlingConfig {
             }
         }
 
+        return factoryParamMap;
     }
 
     @Override

src/main/java/org/codelibs/fess/es/config/exentity/FileConfig.java

@@ -198,7 +198,7 @@ public class FileConfig extends BsFileConfig implements CrawlingConfig {
     }
 
     @Override
-    public void initializeClientFactory(final CrawlerClientFactory clientFactory) {
+    public Map<String, Object> initializeClientFactory(final CrawlerClientFactory clientFactory) {
         final FileAuthenticationService fileAuthenticationService = ComponentUtil.getComponent(FileAuthenticationService.class);
 
         //  Parameters
@@ -237,6 +237,7 @@ public class FileConfig extends BsFileConfig implements CrawlingConfig {
         paramMap.put(SmbClient.SMB_AUTHENTICATIONS_PROPERTY, smbAuthList.toArray(new SmbAuthentication[smbAuthList.size()]));
         paramMap.put(FtpClient.FTP_AUTHENTICATIONS_PROPERTY, ftpAuthList.toArray(new FtpAuthentication[ftpAuthList.size()]));
 
+        return paramMap;
     }
 
     @Override

src/main/java/org/codelibs/fess/es/config/exentity/WebConfig.java

@@ -197,7 +197,7 @@ public class WebConfig extends BsWebConfig implements CrawlingConfig {
     }
 
     @Override
-    public void initializeClientFactory(final CrawlerClientFactory clientFactory) {
+    public Map<String, Object> initializeClientFactory(final CrawlerClientFactory clientFactory) {
         final WebAuthenticationService webAuthenticationService = ComponentUtil.getComponent(WebAuthenticationService.class);
         final RequestHeaderService requestHeaderService = ComponentUtil.getComponent(RequestHeaderService.class);
         final FessConfig fessConfig = ComponentUtil.getFessConfig();
@@ -237,6 +237,7 @@ public class WebConfig extends BsWebConfig implements CrawlingConfig {
         paramMap.put(HcHttpClient.REQUERT_HEADERS_PROPERTY,
                 rhList.toArray(new org.codelibs.fess.crawler.client.http.RequestHeader[rhList.size()]));
 
+        return paramMap;
     }
 
     @Override

src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java

@@ -35,6 +35,7 @@ import org.codelibs.fess.entity.SearchRequestParams.SearchRequestType;
 import org.codelibs.fess.exception.InvalidAccessTokenException;
 import org.codelibs.fess.mylasta.action.FessUserBean;
 import org.codelibs.fess.mylasta.direction.FessConfig;
+import org.codelibs.fess.taglib.FessFunctions;
 import org.codelibs.fess.util.ComponentUtil;
 import org.lastaflute.web.servlet.request.RequestManager;
 import org.lastaflute.web.util.LaRequestUtil;
@@ -156,13 +157,23 @@ public class RoleQueryHelper {
         final String token = request.getHeader("Authorization");
         if (StringUtil.isNotBlank(token)) {
             final AccessTokenService accessTokenService = ComponentUtil.getComponent(AccessTokenService.class);
-            accessTokenService.getAccessTokenByToken(token).ifPresent(accessToken -> {
-                stream(accessToken.getPermissions()).of(stream -> stream.forEach(roleSet::add));
-                final String name = accessToken.getParameterName();
-                stream(request.getParameterValues(name)).of(stream -> stream.filter(StringUtil::isNotBlank).forEach(roleSet::add));
-            }).orElse(() -> {
-                throw new InvalidAccessTokenException("invalid_token", "Invalid token: " + token);
-            });
+            accessTokenService
+                    .getAccessTokenByToken(token)
+                    .ifPresent(
+                            accessToken -> {
+                                final Long expiredTime = accessToken.getExpiredTime();
+                                if (expiredTime != null && expiredTime.longValue() > 0
+                                        && expiredTime.longValue() < ComponentUtil.getSystemHelper().getCurrentTimeAsLong()) {
+                                    throw new InvalidAccessTokenException("invalid_token", "The token is expired("
+                                            + FessFunctions.formatDate(FessFunctions.date(expiredTime)) + ").");
+                                }
+                                stream(accessToken.getPermissions()).of(stream -> stream.forEach(roleSet::add));
+                                final String name = accessToken.getParameterName();
+                                stream(request.getParameterValues(name)).of(
+                                        stream -> stream.filter(StringUtil::isNotBlank).forEach(roleSet::add));
+                            }).orElse(() -> {
+                        throw new InvalidAccessTokenException("invalid_token", "Invalid token: " + token);
+                    });
         }
 
     }

src/main/java/org/codelibs/fess/ldap/LdapManager.java

@@ -75,8 +75,8 @@ public class LdapManager {
     protected Hashtable<String, String> createAdminEnv() {
         final FessConfig fessConfig = ComponentUtil.getFessConfig();
         return createEnvironment(//
-                fessConfig.getLdapAdminInitialContextFactory(), //
-                fessConfig.getLdapAdminSecurityAuthentication(), fessConfig.getLdapAdminProviderUrl(), //
+                fessConfig.getLdapInitialContextFactory(), //
+                fessConfig.getLdapSecurityAuthentication(), fessConfig.getLdapProviderUrl(), //
                 fessConfig.getLdapAdminSecurityPrincipal(), //
                 fessConfig.getLdapAdminSecurityCredentials());
     }
@@ -93,8 +93,8 @@ public class LdapManager {
     protected Hashtable<String, String> createSearchEnv() {
         final FessConfig fessConfig = ComponentUtil.getFessConfig();
         return createEnvironment(//
-                fessConfig.getLdapAdminInitialContextFactory(), //
-                fessConfig.getLdapAdminSecurityAuthentication(), fessConfig.getLdapAdminProviderUrl(), //
+                fessConfig.getLdapInitialContextFactory(), //
+                fessConfig.getLdapSecurityAuthentication(), fessConfig.getLdapProviderUrl(), //
                 fessConfig.getLdapAdminSecurityPrincipal(), //
                 fessConfig.getLdapAdminSecurityCredentials());
     }

src/main/java/org/codelibs/fess/mylasta/action/FessLabels.java

@@ -197,6 +197,9 @@ public class FessLabels extends UserMessages {
     /** The key of the message: Expired */
     public static final String LABELS_EXPIRED_TIME = "{labels.expiredTime}";
 
+    /** The key of the message: Expired */
+    public static final String LABELS_EXPIRES = "{labels.expires}";
+
     /** The key of the message: Failure Count */
     public static final String LABELS_FAILURE_COUNT_THRESHOLD = "{labels.failureCountThreshold}";
 
@@ -440,9 +443,15 @@ public class FessLabels extends UserMessages {
     /** The key of the message: LDAP URL */
     public static final String LABELS_LDAP_PROVIDER_URL = "{labels.ldapProviderUrl}";
 
-    /** The key of the message: Bind DN */
+    /** The key of the message: User DN */
     public static final String LABELS_LDAP_SECURITY_PRINCIPAL = "{labels.ldapSecurityPrincipal}";
 
+    /** The key of the message: Bind DN */
+    public static final String LABELS_LDAP_ADMIN_SECURITY_PRINCIPAL = "{labels.ldapAdminSecurityPrincipal}";
+
+    /** The key of the message: Password */
+    public static final String LABELS_LDAP_ADMIN_SECURITY_CREDENTIALS = "{labels.ldapAdminSecurityCredentials}";
+
     /** The key of the message: Base DN */
     public static final String LABELS_LDAP_BASE_DN = "{labels.ldapBaseDn}";
 
@@ -2097,6 +2106,12 @@ public class FessLabels extends UserMessages {
     /** The key of the message: Token */
     public static final String LABELS_access_token_token = "{labels.access_token_token}";
 
+    /** The key of the message: Expired */
+    public static final String LABELS_access_token_expires = "{labels.access_token_expires}";
+
+    /** The key of the message: Parameter Name */
+    public static final String LABELS_access_token_parameter_name = "{labels.access_token_parameter_name}";
+
     /** The key of the message: Created */
     public static final String LABELS_access_token_updated_time = "{labels.access_token_updated_time}";
 
@@ -2319,9 +2334,15 @@ public class FessLabels extends UserMessages {
     /** The key of the message: LDAP URL */
     public static final String LABELS_ldap_provider_url = "{labels.ldap_provider_url}";
 
-    /** The key of the message: Bind DN */
+    /** The key of the message: User DN */
     public static final String LABELS_ldap_security_principal = "{labels.ldap_security_principal}";
 
+    /** The key of the message: Bind DN */
+    public static final String LABELS_ldap_admin_security_principal = "{labels.ldap_admin_security_principal}";
+
+    /** The key of the message: Password */
+    public static final String LABELS_ldap_admin_security_credentials = "{labels.ldap_admin_security_credentials}";
+
     /** The key of the message: Base DN */
     public static final String LABELS_ldap_base_dn = "{labels.ldap_base_dn}";
 

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -34,7 +34,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. aes */
     String APP_CIPHER_ALGORISM = "app.cipher.algorism";
 
-    /** The key of the configuration. e.g. __change_me__ */
+    /** The key of the configuration. e.g. ___change__me___ */
     String APP_CIPHER_KEY = "app.cipher.key";
 
     /** The key of the configuration. e.g. sha256 */
@@ -835,21 +835,6 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. false */
     String LDAP_ADMIN_ENABLED = "ldap.admin.enabled";
 
-    /** The key of the configuration. e.g. com.sun.jndi.ldap.LdapCtxFactory */
-    String LDAP_ADMIN_INITIAL_CONTEXT_FACTORY = "ldap.admin.initial.context.factory";
-
-    /** The key of the configuration. e.g. simple */
-    String LDAP_ADMIN_SECURITY_AUTHENTICATION = "ldap.admin.security.authentication";
-
-    /** The key of the configuration. e.g. ldap://localhost:1389 */
-    String LDAP_ADMIN_PROVIDER_URL = "ldap.admin.provider.url";
-
-    /** The key of the configuration. e.g. cn=Directory Manager */
-    String LDAP_ADMIN_SECURITY_PRINCIPAL = "ldap.admin.security.principal";
-
-    /** The key of the configuration. e.g. password */
-    String LDAP_ADMIN_SECURITY_CREDENTIALS = "ldap.admin.security.credentials";
-
     /** The key of the configuration. e.g. uid=%s */
     String LDAP_ADMIN_USER_FILTER = "ldap.admin.user.filter";
 
@@ -1115,7 +1100,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
 
     /**
      * Get the value for the key 'app.cipher.key'. <br>
-     * The value is, e.g. __change_me__ <br>
+     * The value is, e.g. ___change__me___ <br>
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
     String getAppCipherKey();
@@ -3716,41 +3701,6 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      */
     boolean isLdapAdminEnabled();
 
-    /**
-     * Get the value for the key 'ldap.admin.initial.context.factory'. <br>
-     * The value is, e.g. com.sun.jndi.ldap.LdapCtxFactory <br>
-     * @return The value of found property. (NotNull: if not found, exception but basically no way)
-     */
-    String getLdapAdminInitialContextFactory();
-
-    /**
-     * Get the value for the key 'ldap.admin.security.authentication'. <br>
-     * The value is, e.g. simple <br>
-     * @return The value of found property. (NotNull: if not found, exception but basically no way)
-     */
-    String getLdapAdminSecurityAuthentication();
-
-    /**
-     * Get the value for the key 'ldap.admin.provider.url'. <br>
-     * The value is, e.g. ldap://localhost:1389 <br>
-     * @return The value of found property. (NotNull: if not found, exception but basically no way)
-     */
-    String getLdapAdminProviderUrl();
-
-    /**
-     * Get the value for the key 'ldap.admin.security.principal'. <br>
-     * The value is, e.g. cn=Directory Manager <br>
-     * @return The value of found property. (NotNull: if not found, exception but basically no way)
-     */
-    String getLdapAdminSecurityPrincipal();
-
-    /**
-     * Get the value for the key 'ldap.admin.security.credentials'. <br>
-     * The value is, e.g. password <br>
-     * @return The value of found property. (NotNull: if not found, exception but basically no way)
-     */
-    String getLdapAdminSecurityCredentials();
-
     /**
      * Get the value for the key 'ldap.admin.user.filter'. <br>
      * The value is, e.g. uid=%s <br>
@@ -5737,26 +5687,6 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return is(FessConfig.LDAP_ADMIN_ENABLED);
         }
 
-        public String getLdapAdminInitialContextFactory() {
-            return get(FessConfig.LDAP_ADMIN_INITIAL_CONTEXT_FACTORY);
-        }
-
-        public String getLdapAdminSecurityAuthentication() {
-            return get(FessConfig.LDAP_ADMIN_SECURITY_AUTHENTICATION);
-        }
-
-        public String getLdapAdminProviderUrl() {
-            return get(FessConfig.LDAP_ADMIN_PROVIDER_URL);
-        }
-
-        public String getLdapAdminSecurityPrincipal() {
-            return get(FessConfig.LDAP_ADMIN_SECURITY_PRINCIPAL);
-        }
-
-        public String getLdapAdminSecurityCredentials() {
-            return get(FessConfig.LDAP_ADMIN_SECURITY_CREDENTIALS);
-        }
-
         public String getLdapAdminUserFilter() {
             return get(FessConfig.LDAP_ADMIN_USER_FILTER);
         }

src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java

@@ -492,6 +492,27 @@ public interface FessProp {
         return getSystemProperty(Constants.LDAP_SECURITY_PRINCIPAL);
     }
 
+    public default void setLdapAdminSecurityPrincipal(final String value) {
+        setSystemProperty(Constants.LDAP_ADMIN_SECURITY_PRINCIPAL, value);
+    }
+
+    public default String getLdapAdminSecurityPrincipal() {
+        return getSystemProperty(Constants.LDAP_ADMIN_SECURITY_PRINCIPAL);
+    }
+
+    public default void setLdapAdminSecurityCredentials(final String value) {
+        setSystemProperty(Constants.LDAP_ADMIN_SECURITY_CREDENTIALS,
+                Constants.CIPHER_PREFIX + ComponentUtil.getPrimaryCipher().encrypt(value));
+    }
+
+    public default String getLdapAdminSecurityCredentials() {
+        final String value = getSystemProperty(Constants.LDAP_ADMIN_SECURITY_CREDENTIALS);
+        if (StringUtil.isNotBlank(value) && value.startsWith(Constants.CIPHER_PREFIX)) {
+            return ComponentUtil.getPrimaryCipher().decrypt(value.substring(Constants.CIPHER_PREFIX.length()));
+        }
+        return value;
+    }
+
     public default void setLdapBaseDn(final String value) {
         setSystemProperty(Constants.LDAP_BASE_DN, value);
     }

src/main/java/org/codelibs/fess/util/ComponentUtil.java

@@ -62,6 +62,7 @@ import org.codelibs.fess.mylasta.direction.FessConfig;
 import org.codelibs.fess.sso.SsoManager;
 import org.codelibs.fess.thumbnail.ThumbnailManager;
 import org.lastaflute.core.message.MessageManager;
+import org.lastaflute.core.security.PrimaryCipher;
 import org.lastaflute.di.core.SingletonLaContainer;
 import org.lastaflute.di.core.factory.SingletonLaContainerFactory;
 import org.lastaflute.di.core.smart.hot.HotdeployUtil;
@@ -376,6 +377,10 @@ public final class ComponentUtil {
         return getComponent(THUMBNAIL_MANAGER);
     }
 
+    public static PrimaryCipher getPrimaryCipher() {
+        return getComponent(PrimaryCipher.class);
+    }
+
     public static CrawlerClientFactory getCrawlerClientFactory() {
         return getComponent(CrawlerClientFactory.class);
     }

src/main/resources/fess_config.properties

@@ -14,7 +14,7 @@ elasticsearch.http.url=http://localhost:9201
 
 # Cryptographer
 app.cipher.algorism=aes
-app.cipher.key=__change_me__
+app.cipher.key=___change__me___
 app.digest.algorism=sha256
 
 # JVM options
@@ -434,11 +434,6 @@ suggest.search.log.permissions={user}guest,{role}guest
 #                                                     ------
 
 ldap.admin.enabled=false
-ldap.admin.initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
-ldap.admin.security.authentication=simple
-ldap.admin.provider.url=ldap\://localhost\:1389
-ldap.admin.security.principal=cn\=Directory Manager
-ldap.admin.security.credentials=password
 ldap.admin.user.filter=uid\=%s
 ldap.admin.user.base.dn=ou\=People,dc\=fess,dc\=codelibs,dc\=org
 ldap.admin.user.object.classes=organizationalPerson,top,person,inetOrgPerson

src/main/resources/fess_indices/.fess_config/access_token.json

@@ -23,6 +23,9 @@
         "type": "string",
         "index": "not_analyzed"
       },
+      "expiredTime": {
+        "type": "long"
+      },
       "createdBy": {
         "type": "string",
         "index": "not_analyzed"

src/main/resources/fess_label.properties

@@ -55,6 +55,7 @@ labels.errorCount=Error Count
 labels.errorLog=Error Log
 labels.errorName=Error Name
 labels.expiredTime=Expired
+labels.expires=Expired
 labels.failureCountThreshold=Failure Count
 labels.fileConfigName=File System Config Name
 labels.fileName=File name
@@ -136,7 +137,9 @@ labels.searchParams=Search Parameters
 labels.fields=Fields
 labels.ex_q=Extended Query
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=Bind DN
+labels.ldapSecurityPrincipal=User DN
+labels.ldapAdminSecurityPrincipal=Bind DN
+labels.ldapAdminSecurityCredentials=Password
 labels.ldapBaseDn=Base DN
 labels.ldapAccountFilter=Account Filter
 labels.oldPassword=Current Password
@@ -689,6 +692,8 @@ labels.access_token_title_details=Access Token
 labels.access_token_list_name=Name
 labels.access_token_name=Name
 labels.access_token_token=Token
+labels.access_token_expires=Expired
+labels.access_token_parameter_name=Parameter Name
 labels.access_token_updated_time=Created
 labels.elevate_word_configuration=Additional Word
 labels.elevate_word_title_details=Additional Word
@@ -763,7 +768,9 @@ labels.general_menu_suggest=Suggest
 labels.general_menu_ldap=LDAP
 labels.general_menu_notification=Notification
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=Bind DN
+labels.ldap_security_principal=User DN
+labels.ldap_admin_security_principal=Bind DN
+labels.ldap_admin_security_credentials=Password
 labels.ldap_base_dn=Base DN
 labels.ldap_account_filter=Account Filter
 labels.notification_login=Login page

src/main/resources/fess_label_en.properties

@@ -55,6 +55,7 @@ labels.errorCount=Error Count
 labels.errorLog=Error Log
 labels.errorName=Error Name
 labels.expiredTime=Expired
+labels.expires=Expired
 labels.failureCountThreshold=Failure Count
 labels.fileConfigName=File System Config Name
 labels.fileName=File name
@@ -136,7 +137,9 @@ labels.searchParams=Search Parameters
 labels.fields=Fields
 labels.ex_q=Extended Query
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=Bind DN
+labels.ldapSecurityPrincipal=User DN
+labels.ldapAdminSecurityPrincipal=Bind DN
+labels.ldapAdminSecurityCredentials=Password
 labels.ldapBaseDn=Base DN
 labels.ldapAccountFilter=Account Filter
 labels.oldPassword=Current Password
@@ -689,6 +692,8 @@ labels.access_token_title_details=Access Token
 labels.access_token_list_name=Name
 labels.access_token_name=Name
 labels.access_token_token=Token
+labels.access_token_expires=Expired
+labels.access_token_parameter_name=Parameter Name
 labels.access_token_updated_time=Created
 labels.elevate_word_configuration=Additional Word
 labels.elevate_word_title_details=Additional Word
@@ -763,7 +768,9 @@ labels.general_menu_suggest=Suggest
 labels.general_menu_ldap=LDAP
 labels.general_menu_notification=Notification
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=Bind DN
+labels.ldap_security_principal=User DN
+labels.ldap_admin_security_principal=Bind DN
+labels.ldap_admin_security_credentials=Password
 labels.ldap_base_dn=Base DN
 labels.ldap_account_filter=Account Filter
 labels.notification_login=Login page

src/main/resources/fess_label_ja.properties

@@ -55,6 +55,7 @@ labels.errorCount=\u30a8\u30e9\u30fc\u56de\u6570
 labels.errorLog=\u30a8\u30e9\u30fc\u30ed\u30b0
 labels.errorName=\u30a8\u30e9\u30fc\u540d
 labels.expiredTime=\u6709\u52b9\u671f\u9650
+labels.expires=\u6709\u52b9\u671f\u9650
 labels.failureCountThreshold=\u969c\u5bb3\u6570
 labels.fileConfigName=\u30d5\u30a1\u30a4\u30eb\u30af\u30ed\u30fc\u30eb\u8a2d\u5b9a\u540d
 labels.fileName=\u30d5\u30a1\u30a4\u30eb\u540d
@@ -687,6 +688,8 @@ labels.access_token_title_details=\u30a2\u30af\u30bb\u30b9\u30c8\u30fc\u30af\u30
 labels.access_token_list_name=\u540d\u524d
 labels.access_token_name=\u540d\u524d
 labels.access_token_token=\u30c8\u30fc\u30af\u30f3
+labels.access_token_expires=\u6709\u52b9\u671f\u9650
+labels.access_token_parameter_name=\u30d1\u30e9\u30e1\u30fc\u30bf\u30fc\u540d
 labels.access_token_updated_time=\u4f5c\u6210\u65e5
 labels.elevate_word_configuration=\u8ffd\u52a0\u306e\u5358\u8a9e
 labels.elevate_word_title_details=\u8ffd\u52a0\u306e\u5358\u8a9e
@@ -761,10 +764,14 @@ labels.general_menu_suggest=\u30b5\u30b8\u30a7\u30b9\u30c8
 labels.general_menu_ldap=LDAP
 labels.general_menu_notification=\u304a\u77e5\u3089\u305b\u8868\u793a
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=Bind DN
+labels.ldapSecurityPrincipal=User DN
+labels.ldapAdminSecurityPrincipal=Bind DN
+labels.ldapAdminSecurityCredentials=\u30d1\u30b9\u30ef\u30fc\u30c9
 labels.ldapBaseDn=Base DN
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=Bind DN
+labels.ldap_security_principal=User DN
+labels.ldap_admin_security_principal=Bind DN
+labels.ldap_admin_security_credentials=\u30d1\u30b9\u30ef\u30fc\u30c9
 labels.ldap_base_dn=Base DN
 labels.ldapAccountFilter=\u30a2\u30ab\u30a6\u30f3\u30c8\u30d5\u30a3\u30eb\u30bf
 labels.ldap_account_filter=\u30a2\u30ab\u30a6\u30f3\u30c8\u30d5\u30a3\u30eb\u30bf

src/main/resources/fess_label_ko.properties

@@ -743,10 +743,14 @@ labels.general_menu_suggest = \uc11c\uc81c\uc2a4\ud2b8
 labels.general_menu_ldap = LDAP
 labels.general_menu_notification = \ud45c\uc2dc\ub4f1
 labels.ldapProviderUrl = LDAP URL
-labels.ldapSecurityPrincipal = Bind DN
+labels.ldapSecurityPrincipal=User DN
+labels.ldapAdminSecurityPrincipal=Bind DN
+labels.ldapAdminSecurityCredentials=Password
 labels.ldapBaseDn = Base DN
 labels.ldap_provider_url = LDAP URL
-labels.ldap_security_principal = Bind DN
+labels.ldap_security_principal=User DN
+labels.ldap_admin_security_principal=Bind DN
+labels.ldap_admin_security_credentials=Password
 labels.ldap_base_dn = Base DN
 labels.ldapAccountFilter = \uacc4\uc815 \ud544\ud130
 labels.ldap_account_filter = \uacc4\uc815 \ud544\ud130

src/main/resources/fess_label_ru.properties

@@ -136,7 +136,9 @@ labels.searchParams=\u041f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b \u043
 labels.fields=\u041f\u043e\u043b\u044f
 labels.ex_q=\u0420\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u044b\u0439 \u0437\u0430\u043f\u0440\u043e\u0441
 labels.ldapProviderUrl=LDAP URL
-labels.ldapSecurityPrincipal=\u041f\u0440\u0438\u0432\u044f\u0437\u0430\u0442\u044c DN
+labels.ldapSecurityPrincipal=User DN
+labels.ldapAdminSecurityPrincipal=\u041f\u0440\u0438\u0432\u044f\u0437\u0430\u0442\u044c DN
+labels.ldapAdminSecurityCredentials=Password
 labels.ldapBaseDn=\u0411\u0430\u0437\u043e\u0432\u044b\u0439 DN
 labels.ldapAccountFilter=\u0424\u0438\u043b\u044c\u0442\u0440 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430
 labels.oldPassword=\u0422\u0435\u043a\u0443\u0449\u0438\u0439 \u043f\u0430\u0440\u043e\u043b\u044c
@@ -754,7 +756,9 @@ labels.general_menu_suggest=Suggest
 labels.general_menu_ldap=LDAP
 labels.general_menu_notification=\u0423\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u0435
 labels.ldap_provider_url=LDAP URL
-labels.ldap_security_principal=Bind DN
+labels.ldap_security_principal=User DN
+labels.ldap_admin_security_principal=Bind DN
+labels.ldap_admin_security_credentials=Password
 labels.ldap_base_dn=Base DN
 labels.ldap_account_filter=Account Filter
 labels.notification_login=\u0421\u0442\u0440\u0430\u043d\u0438\u0446\u0430 \u0432\u0445\u043e\u0434\u0430

src/main/webapp/WEB-INF/view/admin/accesstoken/admin_accesstoken_details.jsp

@@ -59,66 +59,32 @@
 														key="labels.access_token_token" /></th>
 												<td>${f:h(token)}</td>
 											</tr>
+											<tr>
+												<th><la:message key="labels.permissions" /></th>
+												<td>${f:br(f:h(permissions))}<la:hidden
+														property="permissions" /></td>
+											</tr>
+											<tr>
+												<th><la:message
+														key="labels.access_token_parameter_name" /></th>
+												<td>${f:h(parameterName)}</td>
+											</tr>
+											<tr>
+												<th><la:message
+														key="labels.access_token_expires" /></th>
+												<td>${f:h(expires)}<la:hidden property="expires" /></td>
+											</tr>
 											<tr>
 												<th><la:message
 														key="labels.access_token_updated_time" /></th>
-												<td>${fe:date(updatedTime)}</td>
+												<td><fmt:formatDate value="${fe:date(updatedTime)}" pattern="yyyy-MM-dd'T'HH:mm:ss" /></td>
 											</tr>
 										</tbody>
 									</table>
 								</div>
 								<!-- /.box-body -->
 								<div class="box-footer">
-									<button type="submit" class="btn btn-default" name="list" value="back">
-										<i class="fa fa-arrow-circle-left"></i>
-										<la:message key="labels.crud_button_back" />
-									</button>
-									<%--
-									<button type="submit" class="btn btn-warning" name="edit"
-										value="<la:message key="labels.crud_button_edit" />">
-										<i class="fa fa-pencil"></i>
-										<la:message key="labels.crud_button_edit" />
-									</button>
-									 --%>
-									<button type="button" class="btn btn-danger" name="delete"
-										data-toggle="modal" data-target="#confirmToDelete"
-										value="<la:message key="labels.crud_button_delete" />">
-										<i class="fa fa-trash"></i>
-										<la:message key="labels.crud_button_delete" />
-									</button>
-									<div class="modal modal-danger fade" id="confirmToDelete" tabindex="-1"
-										role="dialog">
-										<div class="modal-dialog">
-											<div class="modal-content">
-												<div class="modal-header">
-													<button type="button" class="close" data-dismiss="modal"
-														aria-label="Close">
-														<span aria-hidden="true">×</span>
-													</button>
-													<h4 class="modal-title">
-														<la:message key="labels.crud_title_delete" />
-													</h4>
-												</div>
-												<div class="modal-body">
-													<p>
-														<la:message key="labels.crud_delete_confirmation" />
-													</p>
-												</div>
-												<div class="modal-footer">
-													<button type="button" class="btn btn-outline pull-left"
-														data-dismiss="modal">
-														<la:message key="labels.crud_button_cancel" />
-													</button>
-													<button type="submit" class="btn btn-outline btn-danger"
-														name="delete"
-														value="<la:message key="labels.crud_button_delete" />">
-														<i class="fa fa-trash"></i>
-														<la:message key="labels.crud_button_delete" />
-													</button>
-												</div>
-											</div>
-										</div>
-									</div>
+									<jsp:include page="/WEB-INF/view/common/admin/crud/buttons.jsp"></jsp:include>
 								</div>
 								<!-- /.box-footer -->
 							</div>

src/main/webapp/WEB-INF/view/admin/accesstoken/admin_accesstoken_edit.jsp

@@ -52,6 +52,40 @@
 											<la:text property="name" styleClass="form-control"/>
 										</div>
 									</div>
+									<c:if test="${crudMode==2}">
+									<div class="form-group">
+										<label for="token" class="col-sm-3 control-label"><la:message
+												key="labels.access_token_token" /></label>
+										<div class="col-sm-9">
+											${f:h(token)}
+										</div>
+									</div>
+									</c:if>
+									<div class="form-group">
+										<label for="permissions" class="col-sm-3 control-label"><la:message
+												key="labels.permissions" /></label>
+										<div class="col-sm-9">
+											<la:errors property="permissions" />
+											<la:textarea property="permissions" styleClass="form-control"
+												rows="5" />
+										</div>
+									</div>
+									<div class="form-group">
+										<label for="name" class="col-sm-3 control-label"><la:message
+												key="labels.access_token_parameter_name" /></label>
+										<div class="col-sm-9">
+											<la:errors property="parameterName" />
+											<la:text property="parameterName" styleClass="form-control"/>
+										</div>
+									</div>
+									<div class="form-group">
+										<label for="name" class="col-sm-3 control-label"><la:message
+												key="labels.access_token_expires" /></label>
+										<div class="col-sm-9">
+											<la:errors property="expires" />
+											<la:text property="expires" styleClass="form-control"/>
+										</div>
+									</div>
 								</div>
 								<!-- /.box-body -->
 								<div class="box-footer">

src/main/webapp/WEB-INF/view/admin/general/admin_general.jsp

@@ -332,23 +332,43 @@
 												styleClass="form-control" />
 										</div>
 									</div>
+									<div class="form-group">
+										<label for="ldapBaseDn"
+											class="col-sm-3 control-label"><la:message
+												key="labels.ldap_base_dn" /></label>
+										<div class="col-sm-9">
+											<la:errors property="ldapBaseDn" />
+											<la:text property="ldapBaseDn"
+												styleClass="form-control" />
+										</div>
+									</div>
 									<div class="form-group">
 										<label for="ldapSecurityPrincipal"
 											class="col-sm-3 control-label"><la:message
-												key="labels.ldap_security_principal" /></label>
+												key="labels.ldap_admin_security_principal" /></label>
 										<div class="col-sm-9">
-											<la:errors property="ldapSecurityPrincipal" />
-											<la:text property="ldapSecurityPrincipal"
+											<la:errors property="ldapAdminSecurityPrincipal" />
+											<la:text property="ldapAdminSecurityPrincipal"
 												styleClass="form-control" />
 										</div>
 									</div>
 									<div class="form-group">
-										<label for="ldapBaseDn"
+										<label for="ldapSecurityPrincipal"
 											class="col-sm-3 control-label"><la:message
-												key="labels.ldap_base_dn" /></label>
+												key="labels.ldap_admin_security_credentials" /></label>
 										<div class="col-sm-9">
-											<la:errors property="ldapBaseDn" />
-											<la:text property="ldapBaseDn"
+											<la:errors property="ldapAdminSecurityCredentials" />
+											<la:password property="ldapAdminSecurityCredentials"
+												styleClass="form-control" />
+										</div>
+									</div>
+									<div class="form-group">
+										<label for="ldapSecurityPrincipal"
+											class="col-sm-3 control-label"><la:message
+												key="labels.ldap_security_principal" /></label>
+										<div class="col-sm-9">
+											<la:errors property="ldapSecurityPrincipal" />
+											<la:text property="ldapSecurityPrincipal"
 												styleClass="form-control" />
 										</div>
 									</div>