We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
fess
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

fix #2577 add aad.permission.fields

Shinsuke Sugaya 4 years ago
parent
2a5cef9faf
commit
ac3c2a988c
2 changed files with 31 additions and 15 deletions
Split View Show Diff Stats
  1. 5 0
      src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
  2. 26 15
      src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java

+ 5 - 0
src/main/java/org/codelibs/fess/mylasta/direction/FessProp.java
View File 

@@ -721,6 +721,11 @@ public interface FessProp {
 
         return getSystemPropertyAsInt(Constants.LTR_WINDOW_SIZE_PROPERTY, 100);
 
     }
 
 
+    default String[] getAzureAdPermissionFields() {
 
+        return split(getSystemProperty("aad.permission.fields", "mail"), ",")
 
+                .get(stream -> stream.filter(StringUtil::isNotBlank).map(String::trim).toArray(n -> new String[n]));
 
+    }
 
+
 
     //
 
     // fess_*.properties
 
     //

+ 26 - 15
src/main/java/org/codelibs/fess/sso/aad/AzureAdAuthenticator.java
View File 

@@ -55,6 +55,7 @@ import org.codelibs.fess.app.web.base.login.FessLoginAssist.LoginCredentialResol
 
 import org.codelibs.fess.crawler.Constants;
 
 import org.codelibs.fess.exception.SsoLoginException;
 
 import org.codelibs.fess.mylasta.action.FessUserBean;
 
+import org.codelibs.fess.mylasta.direction.FessConfig;
 
 import org.codelibs.fess.sso.SsoAuthenticator;
 
 import org.codelibs.fess.sso.SsoResponseType;
 
 import org.codelibs.fess.util.ComponentUtil;
 
@@ -376,6 +377,7 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
 
             if (contentMap.containsKey("value")) {
 
                 @SuppressWarnings("unchecked")
 
                 final List<Map<String, Object>> memberOfList = (List<Map<String, Object>>) contentMap.get("value");
 
+                final FessConfig fessConfig = ComponentUtil.getFessConfig();
 
                 for (final Map<String, Object> memberOf : memberOfList) {
 
                     if (logger.isDebugEnabled()) {
 
                         logger.debug("member: {}", memberOf);
 
@@ -402,20 +404,23 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
 
                     } else {
 
                         logger.warn("id is empty: {}", memberOf);
 
                     }
 
-                    final String mail = (String) memberOf.get("mail");
 
-                    if (StringUtil.isNotBlank(mail)) {
 
-                        if (memberType.contains("group")) {
 
-                            groupList.add(mail);
 
-                        } else if (memberType.contains("role")) {
 
-                            roleList.add(mail);
 
-                        } else {
 
-                            if (logger.isDebugEnabled()) {
 
-                                logger.debug("unknown @odata.type: {}", memberOf);
 
+                    final String[] names = fessConfig.getAzureAdPermissionFields();
 
+                    for (final String name : names) {
 
+                        final String value = (String) memberOf.get(name);
 
+                        if (StringUtil.isNotBlank(value)) {
 
+                            if (memberType.contains("group")) {
 
+                                groupList.add(value);
 
+                            } else if (memberType.contains("role")) {
 
+                                roleList.add(value);
 
+                            } else {
 
+                                if (logger.isDebugEnabled()) {
 
+                                    logger.debug("unknown @odata.type: {}", memberOf);
 
+                                }
 
+                                groupList.add(value);
 
                             }
 
-                            groupList.add(mail);
 
+                        } else if (logger.isDebugEnabled()) {
 
+                            logger.debug("{} is empty: {}", name, memberOf);
 
                         }
 
-                    } else if (logger.isDebugEnabled()) {
 
-                        logger.debug("mail is empty: {}", memberOf);
 
                     }
 
                 }
 
                 final String nextLink = (String) contentMap.get("@odata.nextLink");
 
@@ -495,9 +500,15 @@ public class AzureAdAuthenticator implements SsoAuthenticator {
 
             if (contentMap.containsKey("error")) {
 
                 logger.warn("Failed to access parent groups: {}", contentMap);
 
             } else {
 
-                final String mail = (String) contentMap.get("mail");
 
-                if (StringUtil.isNotBlank(mail)) {
 
-                    groupList.add(mail);
 
+                final FessConfig fessConfig = ComponentUtil.getFessConfig();
 
+                final String[] names = fessConfig.getAzureAdPermissionFields();
 
+                for (final String name : names) {
 
+                    final String value = (String) contentMap.get(name);
 
+                    if (StringUtil.isNotBlank(value)) {
 
+                        groupList.add(value);
 
+                    } else if (logger.isDebugEnabled()) {
 
+                        logger.debug("{} is empty: {}", name, id);
 
+                    }
 
                 }
 
             }
 
         } catch (final IOException e) {

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5