0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix #2577 add aad.permission.fields

Browse source
This commit is contained in:
Shinsuke Sugaya 2021-06-17 17:10:28 +09:00
parent 2a5cef9faf
commit ac3c2a988c
2 changed files with 31 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
View file

@ -721,6 +721,11 @@ public interface FessProp {
return getSystemPropertyAsInt(Constants.LTR_WINDOW_SIZE_PROPERTY, 100);
}
default String[] getAzureAdPermissionFields() {
return split(getSystemProperty("aad.permission.fields", "mail"), ",")
.get(stream -> stream.filter(StringUtil::isNotBlank).map(String::trim).toArray(n -> new String[n]));
}
//
// fess_*.properties
//

41
src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
View file

@ -55,6 +55,7 @@ import org.codelibs.fess.app.web.base.login.FessLoginAssist.LoginCredentialResol
import org.codelibs.fess.crawler.Constants;
import org.codelibs.fess.exception.SsoLoginException;
import org.codelibs.fess.mylasta.action.FessUserBean;
import org.codelibs.fess.mylasta.direction.FessConfig;
import org.codelibs.fess.sso.SsoAuthenticator;
import org.codelibs.fess.sso.SsoResponseType;
import org.codelibs.fess.util.ComponentUtil;
@ -376,6 +377,7 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
if (contentMap.containsKey("value")) {
@SuppressWarnings("unchecked")
final List<Map<String, Object>> memberOfList = (List<Map<String, Object>>) contentMap.get("value");
final FessConfig fessConfig = ComponentUtil.getFessConfig();
for (final Map<String, Object> memberOf : memberOfList) {
if (logger.isDebugEnabled()) {
logger.debug("member: {}", memberOf);
@ -402,20 +404,23 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
} else {
logger.warn("id is empty: {}", memberOf);
}
final String mail = (String) memberOf.get("mail");
if (StringUtil.isNotBlank(mail)) {
if (memberType.contains("group")) {
groupList.add(mail);
} else if (memberType.contains("role")) {
roleList.add(mail);
} else {
if (logger.isDebugEnabled()) {
logger.debug("unknown @odata.type: {}", memberOf);
final String[] names = fessConfig.getAzureAdPermissionFields();
for (final String name : names) {
final String value = (String) memberOf.get(name);
if (StringUtil.isNotBlank(value)) {
if (memberType.contains("group")) {
groupList.add(value);
} else if (memberType.contains("role")) {
roleList.add(value);
} else {
if (logger.isDebugEnabled()) {
logger.debug("unknown @odata.type: {}", memberOf);
}
groupList.add(value);
}
groupList.add(mail);
} else if (logger.isDebugEnabled()) {
logger.debug("{} is empty: {}", name, memberOf);
}
} else if (logger.isDebugEnabled()) {
logger.debug("mail is empty: {}", memberOf);
}
}
final String nextLink = (String) contentMap.get("@odata.nextLink");
@ -495,9 +500,15 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
if (contentMap.containsKey("error")) {
logger.warn("Failed to access parent groups: {}", contentMap);
} else {
final String mail = (String) contentMap.get("mail");
if (StringUtil.isNotBlank(mail)) {
groupList.add(mail);
final FessConfig fessConfig = ComponentUtil.getFessConfig();
final String[] names = fessConfig.getAzureAdPermissionFields();
for (final String name : names) {
final String value = (String) contentMap.get(name);
if (StringUtil.isNotBlank(value)) {
groupList.add(value);
} else if (logger.isDebugEnabled()) {
logger.debug("{} is empty: {}", name, id);
}
}
}
} catch (final IOException e) {