Compare commits
14 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9cefe28265 | ||
|
|
d3d37e0605 | ||
|
|
87170b7075 | ||
|
|
1853d5d1be | ||
|
|
5f8e66b298 | ||
|
|
fd5f2e259e | ||
|
|
afbc3e8935 | ||
|
|
ff4448a22b | ||
|
|
e89e9034fb | ||
|
|
1de403fc21 | ||
|
|
9fceb419a5 | ||
|
|
b7a4af6eab | ||
|
|
00297eb14e | ||
|
|
fb7e40e421 |
12 changed files with 189 additions and 17 deletions
24
pom.xml
24
pom.xml
|
|
@ -2,7 +2,7 @@
|
|||
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
|
||||
<modelVersion>4.0.0</modelVersion>
|
||||
<artifactId>fess</artifactId>
|
||||
<version>13.15.1-SNAPSHOT</version>
|
||||
<version>13.15.4-SNAPSHOT</version>
|
||||
<packaging>war</packaging>
|
||||
<name>Fess</name>
|
||||
<description>Fess is Full tExt Search System.</description>
|
||||
|
|
@ -30,7 +30,7 @@
|
|||
<parent>
|
||||
<groupId>org.codelibs.fess</groupId>
|
||||
<artifactId>fess-parent</artifactId>
|
||||
<version>13.15.0</version>
|
||||
<version>13.15.1</version>
|
||||
<relativePath />
|
||||
</parent>
|
||||
<properties>
|
||||
|
|
@ -947,9 +947,9 @@
|
|||
<version>${log4j.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
<groupId>org.codelibs.logging.log4j</groupId>
|
||||
<artifactId>log4j-core</artifactId>
|
||||
<version>${log4j.version}</version>
|
||||
<version>${log4j.version}-patch1</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
|
|
@ -965,6 +965,12 @@
|
|||
<groupId>org.apache.logging.log4j</groupId>
|
||||
<artifactId>log4j-slf4j-impl</artifactId>
|
||||
<version>${log4j.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
<artifactId>log4j-core</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
|
|
@ -977,6 +983,12 @@
|
|||
<groupId>org.codelibs.fesen</groupId>
|
||||
<artifactId>fesen-engine-server</artifactId>
|
||||
<version>${fesen.version}</version>
|
||||
<exclusions>
|
||||
<exclusion>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
<artifactId>log4j-core</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.codelibs.fesen</groupId>
|
||||
|
|
@ -1003,6 +1015,10 @@
|
|||
<groupId>org.apache.httpcomponents</groupId>
|
||||
<artifactId>httpcore</artifactId>
|
||||
</exclusion>
|
||||
<exclusion>
|
||||
<groupId>org.apache.logging.log4j</groupId>
|
||||
<artifactId>log4j-core</artifactId>
|
||||
</exclusion>
|
||||
</exclusions>
|
||||
</dependency>
|
||||
<dependency>
|
||||
|
|
|
|||
|
|
@ -66,6 +66,7 @@ set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dio.netty.recycler.maxCapacityPerThread=0
|
|||
|
||||
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dlog4j.shutdownHookEnabled=false
|
||||
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dlog4j2.disable.jmx=true
|
||||
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dlog4j2.formatMsgNoLookups=true
|
||||
set FESS_JAVA_OPTS=%FESS_JAVA_OPTS% -Dlog4j.skipJansi=true
|
||||
|
||||
REM SSL truststore for certificate validation over https
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@ FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Dio.netty.recycler.maxCapacityPerThread=0"
|
|||
|
||||
FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Dlog4j.shutdownHookEnabled=false"
|
||||
FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Dlog4j2.disable.jmx=true"
|
||||
FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true"
|
||||
FESS_JAVA_OPTS="$FESS_JAVA_OPTS -Dlog4j.skipJansi=true"
|
||||
|
||||
# Causes the JVM to dump its heap on OutOfMemory.
|
||||
|
|
|
|||
|
|
@ -15,9 +15,7 @@
|
|||
*/
|
||||
package org.codelibs.fess.app.web.admin.maintenance;
|
||||
|
||||
import java.io.BufferedWriter;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStreamWriter;
|
||||
import java.net.InetAddress;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
|
|
@ -35,7 +33,6 @@ import javax.annotation.Resource;
|
|||
import org.apache.commons.text.StringEscapeUtils;
|
||||
import org.apache.logging.log4j.LogManager;
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.codelibs.core.exception.IORuntimeException;
|
||||
import org.codelibs.core.io.CopyUtil;
|
||||
import org.codelibs.core.lang.StringUtil;
|
||||
import org.codelibs.curl.CurlResponse;
|
||||
|
|
|
|||
|
|
@ -446,6 +446,13 @@ public class SystemHelper {
|
|||
return getCurrentTimeAsLong() > eolTime;
|
||||
}
|
||||
|
||||
public boolean isUserPermission(final String permission) {
|
||||
if (StringUtil.isNotBlank(permission)) {
|
||||
return permission.startsWith(ComponentUtil.getFessConfig().getRoleSearchUserPrefix());
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public String getSearchRoleByUser(final String name) {
|
||||
return createSearchRole(ComponentUtil.getFessConfig().getRoleSearchUserPrefix(), name);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -161,10 +161,17 @@ public class LdapManager {
|
|||
final Hashtable<String, String> env = createSearchEnv(username, password);
|
||||
try (DirContextHolder holder = getDirContext(() -> env)) {
|
||||
final DirContext context = holder.get();
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Logged in.", context);
|
||||
final LdapUser ldapUser = createLdapUser(username, env);
|
||||
if (!allowEmptyGroupAndRole(ldapUser)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Login failed. No permissions. {}", context);
|
||||
}
|
||||
return OptionalEntity.empty();
|
||||
}
|
||||
return OptionalEntity.of(createLdapUser(username, env));
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Logged in. {}", context);
|
||||
}
|
||||
return OptionalEntity.of(ldapUser);
|
||||
} catch (final Exception e) {
|
||||
logger.debug("Login failed.", e);
|
||||
}
|
||||
|
|
@ -175,16 +182,37 @@ public class LdapManager {
|
|||
final Hashtable<String, String> env = createSearchEnv();
|
||||
try (DirContextHolder holder = getDirContext(() -> env)) {
|
||||
final DirContext context = holder.get();
|
||||
final LdapUser ldapUser = createLdapUser(username, env);
|
||||
if (!allowEmptyGroupAndRole(ldapUser)) {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Login failed. No permissions. {}", context);
|
||||
}
|
||||
return OptionalEntity.empty();
|
||||
}
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("Logged in.", context);
|
||||
}
|
||||
return OptionalEntity.of(createLdapUser(username, env));
|
||||
return OptionalEntity.of(ldapUser);
|
||||
} catch (final Exception e) {
|
||||
logger.debug("Login failed.", e);
|
||||
}
|
||||
return OptionalEntity.empty();
|
||||
}
|
||||
|
||||
protected boolean allowEmptyGroupAndRole(final LdapUser ldapUser) {
|
||||
if (fessConfig.isLdapAllowEmptyPermission()) {
|
||||
return true;
|
||||
}
|
||||
|
||||
final SystemHelper systemHelper = ComponentUtil.getSystemHelper();
|
||||
for (final String permission : ldapUser.getPermissions()) {
|
||||
if (!systemHelper.isUserPermission(permission)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
protected LdapUser createLdapUser(final String username, final Hashtable<String, String> env) {
|
||||
return new LdapUser(env, username);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ package org.codelibs.fess.ldap;
|
|||
|
||||
import static org.codelibs.core.stream.StreamUtil.stream;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Hashtable;
|
||||
|
||||
import org.apache.commons.lang3.ArrayUtils;
|
||||
|
|
@ -56,10 +57,10 @@ public class LdapUser implements FessUser {
|
|||
final String groupFilter = fessConfig.getLdapGroupFilter();
|
||||
if (StringUtil.isNotBlank(baseDn) && StringUtil.isNotBlank(accountFilter)) {
|
||||
final LdapManager ldapManager = ComponentUtil.getLdapManager();
|
||||
permissions = ArrayUtils.addAll(ldapManager.getRoles(this, baseDn, accountFilter, groupFilter, roles -> {
|
||||
permissions = roles;
|
||||
permissions = distinct(ArrayUtils.addAll(ldapManager.getRoles(this, baseDn, accountFilter, groupFilter, roles -> {
|
||||
permissions = distinct(roles);
|
||||
ComponentUtil.getActivityHelper().permissionChanged(OptionalThing.of(new FessUserBean(this)));
|
||||
}), fessConfig.getRoleSearchUserPrefix() + ldapManager.normalizePermissionName(getName()));
|
||||
}), fessConfig.getRoleSearchUserPrefix() + ldapManager.normalizePermissionName(getName())));
|
||||
} else {
|
||||
permissions = StringUtil.EMPTY_STRINGS;
|
||||
}
|
||||
|
|
@ -90,4 +91,14 @@ public class LdapUser implements FessUser {
|
|||
return ComponentUtil.getFessConfig().isLdapAdminEnabled(name);
|
||||
}
|
||||
|
||||
private static String[] distinct(final String[] values) {
|
||||
if (values == null) {
|
||||
return StringUtil.EMPTY_STRINGS;
|
||||
}
|
||||
if (values.length < 2) {
|
||||
return values;
|
||||
}
|
||||
return Arrays.stream(values).distinct().toArray(n -> new String[n]);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -86,6 +86,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
-Dio.netty.noKeySetOptimization=true
|
||||
-Dio.netty.recycler.maxCapacityPerThread=0
|
||||
-Dlog4j.shutdownHookEnabled=false
|
||||
-Dlog4j2.formatMsgNoLookups=true
|
||||
-Dlog4j2.disable.jmx=true
|
||||
-Dlog4j.skipJansi=true
|
||||
-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider
|
||||
|
|
@ -119,6 +120,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
-Dio.netty.recycler.maxCapacityPerThread=0
|
||||
-Dlog4j.shutdownHookEnabled=false
|
||||
-Dlog4j2.disable.jmx=true
|
||||
-Dlog4j2.formatMsgNoLookups=true
|
||||
-Dlog4j.skipJansi=true
|
||||
*/
|
||||
String JVM_SUGGEST_OPTIONS = "jvm.suggest.options";
|
||||
|
|
@ -157,6 +159,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
-Dio.netty.recycler.maxCapacityPerThread=0
|
||||
-Dlog4j.shutdownHookEnabled=false
|
||||
-Dlog4j2.disable.jmx=true
|
||||
-Dlog4j2.formatMsgNoLookups=true
|
||||
-Dlog4j.skipJansi=true
|
||||
-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider
|
||||
-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true
|
||||
|
|
@ -1583,6 +1586,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
/** The key of the configuration. e.g. false */
|
||||
String LDAP_LOWERCASE_PERMISSION_NAME = "ldap.lowercase.permission.name";
|
||||
|
||||
/** The key of the configuration. e.g. true */
|
||||
String LDAP_ALLOW_EMPTY_PERMISSION = "ldap.allow.empty.permission";
|
||||
|
||||
/** The key of the configuration. e.g. true */
|
||||
String LDAP_ROLE_SEARCH_USER_ENABLED = "ldap.role.search.user.enabled";
|
||||
|
||||
|
|
@ -1861,6 +1867,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
-Dio.netty.noKeySetOptimization=true
|
||||
-Dio.netty.recycler.maxCapacityPerThread=0
|
||||
-Dlog4j.shutdownHookEnabled=false
|
||||
-Dlog4j2.formatMsgNoLookups=true
|
||||
-Dlog4j2.disable.jmx=true
|
||||
-Dlog4j.skipJansi=true
|
||||
-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider
|
||||
|
|
@ -1899,6 +1906,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
-Dio.netty.recycler.maxCapacityPerThread=0
|
||||
-Dlog4j.shutdownHookEnabled=false
|
||||
-Dlog4j2.disable.jmx=true
|
||||
-Dlog4j2.formatMsgNoLookups=true
|
||||
-Dlog4j.skipJansi=true
|
||||
<br>
|
||||
* @return The value of found property. (NotNull: if not found, exception but basically no way)
|
||||
|
|
@ -1941,6 +1949,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
-Dio.netty.recycler.maxCapacityPerThread=0
|
||||
-Dlog4j.shutdownHookEnabled=false
|
||||
-Dlog4j2.disable.jmx=true
|
||||
-Dlog4j2.formatMsgNoLookups=true
|
||||
-Dlog4j.skipJansi=true
|
||||
-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider
|
||||
-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true
|
||||
|
|
@ -6829,6 +6838,20 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
*/
|
||||
boolean isLdapLowercasePermissionName();
|
||||
|
||||
/**
|
||||
* Get the value for the key 'ldap.allow.empty.permission'. <br>
|
||||
* The value is, e.g. true <br>
|
||||
* @return The value of found property. (NotNull: if not found, exception but basically no way)
|
||||
*/
|
||||
String getLdapAllowEmptyPermission();
|
||||
|
||||
/**
|
||||
* Is the property for the key 'ldap.allow.empty.permission' true? <br>
|
||||
* The value is, e.g. true <br>
|
||||
* @return The determination, true or false. (if not found, exception but basically no way)
|
||||
*/
|
||||
boolean isLdapAllowEmptyPermission();
|
||||
|
||||
/**
|
||||
* Get the value for the key 'ldap.role.search.user.enabled'. <br>
|
||||
* The value is, e.g. true <br>
|
||||
|
|
@ -9839,6 +9862,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
return is(FessConfig.LDAP_LOWERCASE_PERMISSION_NAME);
|
||||
}
|
||||
|
||||
public String getLdapAllowEmptyPermission() {
|
||||
return get(FessConfig.LDAP_ALLOW_EMPTY_PERMISSION);
|
||||
}
|
||||
|
||||
public boolean isLdapAllowEmptyPermission() {
|
||||
return is(FessConfig.LDAP_ALLOW_EMPTY_PERMISSION);
|
||||
}
|
||||
|
||||
public String getLdapRoleSearchUserEnabled() {
|
||||
return get(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED);
|
||||
}
|
||||
|
|
@ -10045,11 +10076,11 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
defaultMap.put(FessConfig.APP_ENCRYPT_PROPERTY_PATTERN, ".*password|.*key|.*token|.*secret");
|
||||
defaultMap.put(FessConfig.APP_EXTENSION_NAMES, "");
|
||||
defaultMap.put(FessConfig.JVM_CRAWLER_OPTIONS,
|
||||
"-Djava.awt.headless=true\n-Dfile.encoding=UTF-8\n-Djna.nosys=true\n-Djdk.io.permissionsUseCanonicalPath=true\n-Dhttp.maxConnections=20\n-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager\n-server\n-Xms128m\n-Xmx512m\n-XX:MaxMetaspaceSize=128m\n-XX:CompressedClassSpaceSize=32m\n-XX:-UseGCOverheadLimit\n-XX:+UseTLAB\n-XX:+DisableExplicitGC\n-XX:-HeapDumpOnOutOfMemoryError\n-XX:-OmitStackTraceInFastThrow\n-XX:+UnlockExperimentalVMOptions\n-XX:+UseG1GC\n-XX:InitiatingHeapOccupancyPercent=45\n-XX:G1HeapRegionSize=1m\n-XX:MaxGCPauseMillis=60000\n-XX:G1NewSizePercent=5\n-XX:G1MaxNewSizePercent=5\n-Djcifs.smb.client.responseTimeout=30000\n-Djcifs.smb.client.soTimeout=35000\n-Djcifs.smb.client.connTimeout=60000\n-Djcifs.smb.client.sessionTimeout=60000\n-Djcifs.smb1.smb.client.connTimeout=60000\n-Djcifs.smb1.smb.client.soTimeout=35000\n-Djcifs.smb1.smb.client.responseTimeout=30000\n-Dio.netty.noUnsafe=true\n-Dio.netty.noKeySetOptimization=true\n-Dio.netty.recycler.maxCapacityPerThread=0\n-Dlog4j.shutdownHookEnabled=false\n-Dlog4j2.disable.jmx=true\n-Dlog4j.skipJansi=true\n-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider\n-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true\n");
|
||||
"-Djava.awt.headless=true\n-Dfile.encoding=UTF-8\n-Djna.nosys=true\n-Djdk.io.permissionsUseCanonicalPath=true\n-Dhttp.maxConnections=20\n-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager\n-server\n-Xms128m\n-Xmx512m\n-XX:MaxMetaspaceSize=128m\n-XX:CompressedClassSpaceSize=32m\n-XX:-UseGCOverheadLimit\n-XX:+UseTLAB\n-XX:+DisableExplicitGC\n-XX:-HeapDumpOnOutOfMemoryError\n-XX:-OmitStackTraceInFastThrow\n-XX:+UnlockExperimentalVMOptions\n-XX:+UseG1GC\n-XX:InitiatingHeapOccupancyPercent=45\n-XX:G1HeapRegionSize=1m\n-XX:MaxGCPauseMillis=60000\n-XX:G1NewSizePercent=5\n-XX:G1MaxNewSizePercent=5\n-Djcifs.smb.client.responseTimeout=30000\n-Djcifs.smb.client.soTimeout=35000\n-Djcifs.smb.client.connTimeout=60000\n-Djcifs.smb.client.sessionTimeout=60000\n-Djcifs.smb1.smb.client.connTimeout=60000\n-Djcifs.smb1.smb.client.soTimeout=35000\n-Djcifs.smb1.smb.client.responseTimeout=30000\n-Dio.netty.noUnsafe=true\n-Dio.netty.noKeySetOptimization=true\n-Dio.netty.recycler.maxCapacityPerThread=0\n-Dlog4j.shutdownHookEnabled=false\n-Dlog4j2.formatMsgNoLookups=true\n-Dlog4j2.disable.jmx=true\n-Dlog4j.skipJansi=true\n-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider\n-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true\n");
|
||||
defaultMap.put(FessConfig.JVM_SUGGEST_OPTIONS,
|
||||
"-Djava.awt.headless=true\n-Dfile.encoding=UTF-8\n-Djna.nosys=true\n-Djdk.io.permissionsUseCanonicalPath=true\n-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager\n-server\n-Xms128m\n-Xmx256m\n-XX:MaxMetaspaceSize=128m\n-XX:CompressedClassSpaceSize=32m\n-XX:-UseGCOverheadLimit\n-XX:+UseTLAB\n-XX:+DisableExplicitGC\n-XX:-HeapDumpOnOutOfMemoryError\n-XX:+UnlockExperimentalVMOptions\n-XX:+UseG1GC\n-XX:InitiatingHeapOccupancyPercent=45\n-XX:G1HeapRegionSize=1m\n-XX:MaxGCPauseMillis=60000\n-XX:G1NewSizePercent=5\n-XX:G1MaxNewSizePercent=30\n-Dio.netty.noUnsafe=true\n-Dio.netty.noKeySetOptimization=true\n-Dio.netty.recycler.maxCapacityPerThread=0\n-Dlog4j.shutdownHookEnabled=false\n-Dlog4j2.disable.jmx=true\n-Dlog4j.skipJansi=true\n");
|
||||
"-Djava.awt.headless=true\n-Dfile.encoding=UTF-8\n-Djna.nosys=true\n-Djdk.io.permissionsUseCanonicalPath=true\n-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager\n-server\n-Xms128m\n-Xmx256m\n-XX:MaxMetaspaceSize=128m\n-XX:CompressedClassSpaceSize=32m\n-XX:-UseGCOverheadLimit\n-XX:+UseTLAB\n-XX:+DisableExplicitGC\n-XX:-HeapDumpOnOutOfMemoryError\n-XX:+UnlockExperimentalVMOptions\n-XX:+UseG1GC\n-XX:InitiatingHeapOccupancyPercent=45\n-XX:G1HeapRegionSize=1m\n-XX:MaxGCPauseMillis=60000\n-XX:G1NewSizePercent=5\n-XX:G1MaxNewSizePercent=30\n-Dio.netty.noUnsafe=true\n-Dio.netty.noKeySetOptimization=true\n-Dio.netty.recycler.maxCapacityPerThread=0\n-Dlog4j.shutdownHookEnabled=false\n-Dlog4j2.disable.jmx=true\n-Dlog4j2.formatMsgNoLookups=true\n-Dlog4j.skipJansi=true\n");
|
||||
defaultMap.put(FessConfig.JVM_THUMBNAIL_OPTIONS,
|
||||
"-Djava.awt.headless=true\n-Dfile.encoding=UTF-8\n-Djna.nosys=true\n-Djdk.io.permissionsUseCanonicalPath=true\n-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager\n-server\n-Xms128m\n-Xmx256m\n-XX:MaxMetaspaceSize=128m\n-XX:CompressedClassSpaceSize=32m\n-XX:-UseGCOverheadLimit\n-XX:+UseTLAB\n-XX:+DisableExplicitGC\n-XX:-HeapDumpOnOutOfMemoryError\n-XX:-OmitStackTraceInFastThrow\n-XX:+UnlockExperimentalVMOptions\n-XX:+UseG1GC\n-XX:InitiatingHeapOccupancyPercent=45\n-XX:G1HeapRegionSize=4m\n-XX:MaxGCPauseMillis=60000\n-XX:G1NewSizePercent=5\n-XX:G1MaxNewSizePercent=50\n-Djcifs.smb.client.responseTimeout=30000\n-Djcifs.smb.client.soTimeout=35000\n-Djcifs.smb.client.connTimeout=60000\n-Djcifs.smb.client.sessionTimeout=60000\n-Djcifs.smb1.smb.client.connTimeout=60000\n-Djcifs.smb1.smb.client.soTimeout=35000\n-Djcifs.smb1.smb.client.responseTimeout=30000\n-Dio.netty.noUnsafe=true\n-Dio.netty.noKeySetOptimization=true\n-Dio.netty.recycler.maxCapacityPerThread=0\n-Dlog4j.shutdownHookEnabled=false\n-Dlog4j2.disable.jmx=true\n-Dlog4j.skipJansi=true\n-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider\n-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true\n");
|
||||
"-Djava.awt.headless=true\n-Dfile.encoding=UTF-8\n-Djna.nosys=true\n-Djdk.io.permissionsUseCanonicalPath=true\n-Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager\n-server\n-Xms128m\n-Xmx256m\n-XX:MaxMetaspaceSize=128m\n-XX:CompressedClassSpaceSize=32m\n-XX:-UseGCOverheadLimit\n-XX:+UseTLAB\n-XX:+DisableExplicitGC\n-XX:-HeapDumpOnOutOfMemoryError\n-XX:-OmitStackTraceInFastThrow\n-XX:+UnlockExperimentalVMOptions\n-XX:+UseG1GC\n-XX:InitiatingHeapOccupancyPercent=45\n-XX:G1HeapRegionSize=4m\n-XX:MaxGCPauseMillis=60000\n-XX:G1NewSizePercent=5\n-XX:G1MaxNewSizePercent=50\n-Djcifs.smb.client.responseTimeout=30000\n-Djcifs.smb.client.soTimeout=35000\n-Djcifs.smb.client.connTimeout=60000\n-Djcifs.smb.client.sessionTimeout=60000\n-Djcifs.smb1.smb.client.connTimeout=60000\n-Djcifs.smb1.smb.client.soTimeout=35000\n-Djcifs.smb1.smb.client.responseTimeout=30000\n-Dio.netty.noUnsafe=true\n-Dio.netty.noKeySetOptimization=true\n-Dio.netty.recycler.maxCapacityPerThread=0\n-Dlog4j.shutdownHookEnabled=false\n-Dlog4j2.disable.jmx=true\n-Dlog4j2.formatMsgNoLookups=true\n-Dlog4j.skipJansi=true\n-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider\n-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true\n");
|
||||
defaultMap.put(FessConfig.JOB_SYSTEM_JOB_IDS, "default_crawler");
|
||||
defaultMap.put(FessConfig.JOB_TEMPLATE_TITLE_WEB, "Web Crawler - {0}");
|
||||
defaultMap.put(FessConfig.JOB_TEMPLATE_TITLE_FILE, "File Crawler - {0}");
|
||||
|
|
@ -10495,6 +10526,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
|
|||
defaultMap.put(FessConfig.LDAP_IGNORE_NETBIOS_NAME, "true");
|
||||
defaultMap.put(FessConfig.LDAP_GROUP_NAME_WITH_UNDERSCORES, "false");
|
||||
defaultMap.put(FessConfig.LDAP_LOWERCASE_PERMISSION_NAME, "false");
|
||||
defaultMap.put(FessConfig.LDAP_ALLOW_EMPTY_PERMISSION, "true");
|
||||
defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_USER_ENABLED, "true");
|
||||
defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_GROUP_ENABLED, "true");
|
||||
defaultMap.put(FessConfig.LDAP_ROLE_SEARCH_ROLE_ENABLED, "true");
|
||||
|
|
|
|||
|
|
@ -561,6 +561,7 @@ public final class ComponentUtil {
|
|||
public static void setFessConfig(final FessConfig fessConfig) {
|
||||
ComponentUtil.fessConfig = fessConfig;
|
||||
if (fessConfig == null) {
|
||||
systemHelper = null;
|
||||
FessProp.propMap.clear();
|
||||
componentMap.clear();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -58,6 +58,7 @@ jvm.crawler.options=\
|
|||
-Dio.netty.noKeySetOptimization=true\n\
|
||||
-Dio.netty.recycler.maxCapacityPerThread=0\n\
|
||||
-Dlog4j.shutdownHookEnabled=false\n\
|
||||
-Dlog4j2.formatMsgNoLookups=true\n\
|
||||
-Dlog4j2.disable.jmx=true\n\
|
||||
-Dlog4j.skipJansi=true\n\
|
||||
-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider\n\
|
||||
|
|
@ -91,6 +92,7 @@ jvm.suggest.options=\
|
|||
-Dio.netty.recycler.maxCapacityPerThread=0\n\
|
||||
-Dlog4j.shutdownHookEnabled=false\n\
|
||||
-Dlog4j2.disable.jmx=true\n\
|
||||
-Dlog4j2.formatMsgNoLookups=true\n\
|
||||
-Dlog4j.skipJansi=true\n\
|
||||
|
||||
|
||||
|
|
@ -129,6 +131,7 @@ jvm.thumbnail.options=\
|
|||
-Dio.netty.recycler.maxCapacityPerThread=0\n\
|
||||
-Dlog4j.shutdownHookEnabled=false\n\
|
||||
-Dlog4j2.disable.jmx=true\n\
|
||||
-Dlog4j2.formatMsgNoLookups=true\n\
|
||||
-Dlog4j.skipJansi=true\n\
|
||||
-Dsun.java2d.cmm=sun.java2d.cmm.kcms.KcmsServiceProvider\n\
|
||||
-Dorg.apache.pdfbox.rendering.UsePureJavaCMYKConversion=true\n\
|
||||
|
|
@ -818,6 +821,7 @@ ldap.max.username.length=-1
|
|||
ldap.ignore.netbios.name=true
|
||||
ldap.group.name.with.underscores=false
|
||||
ldap.lowercase.permission.name=false
|
||||
ldap.allow.empty.permission=true
|
||||
|
||||
ldap.role.search.user.enabled=true
|
||||
ldap.role.search.group.enabled=true
|
||||
|
|
|
|||
|
|
@ -147,4 +147,24 @@ public class SystemHelperTest extends UnitFessTestCase {
|
|||
assertEquals(1, filteredEnvMap.size());
|
||||
assertEquals("123", filteredEnvMap.get("FESS_ENV_TEST"));
|
||||
}
|
||||
|
||||
public void test_isUserPermission() {
|
||||
assertTrue(systemHelper.isUserPermission("1test"));
|
||||
|
||||
assertFalse(systemHelper.isUserPermission(null));
|
||||
assertFalse(systemHelper.isUserPermission(""));
|
||||
assertFalse(systemHelper.isUserPermission(" "));
|
||||
assertFalse(systemHelper.isUserPermission("2test"));
|
||||
assertFalse(systemHelper.isUserPermission("Rtest"));
|
||||
}
|
||||
|
||||
public void test_getSearchRole() {
|
||||
assertEquals("1test", systemHelper.getSearchRoleByUser("test"));
|
||||
assertEquals("Rtest", systemHelper.getSearchRoleByRole("test"));
|
||||
assertEquals("2test", systemHelper.getSearchRoleByGroup("test"));
|
||||
|
||||
assertEquals("1", systemHelper.getSearchRoleByUser(""));
|
||||
assertEquals("R", systemHelper.getSearchRoleByRole(""));
|
||||
assertEquals("2", systemHelper.getSearchRoleByGroup(""));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,12 +15,24 @@
|
|||
*/
|
||||
package org.codelibs.fess.ldap;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.atomic.AtomicBoolean;
|
||||
|
||||
import org.codelibs.fess.helper.SystemHelper;
|
||||
import org.codelibs.fess.mylasta.direction.FessConfig;
|
||||
import org.codelibs.fess.unit.UnitFessTestCase;
|
||||
import org.codelibs.fess.util.ComponentUtil;
|
||||
|
||||
public class LdapManagerTest extends UnitFessTestCase {
|
||||
|
||||
@Override
|
||||
public void setUp() throws Exception {
|
||||
super.setUp();
|
||||
ComponentUtil.register(new SystemHelper(), "systemHelper");
|
||||
}
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public void test_getSearchRoleName() {
|
||||
ComponentUtil.setFessConfig(new FessConfig.SimpleImpl() {
|
||||
|
|
@ -72,4 +84,46 @@ public class LdapManagerTest extends UnitFessTestCase {
|
|||
assertEquals("___", ldapManager.replaceWithUnderscores("///"));
|
||||
assertEquals("a_a", ldapManager.replaceWithUnderscores("a/a"));
|
||||
}
|
||||
|
||||
public void test_allowEmptyGroupAndRole() {
|
||||
final AtomicBoolean allowEmptyPermission = new AtomicBoolean();
|
||||
ComponentUtil.setFessConfig(new FessConfig.SimpleImpl() {
|
||||
public boolean isLdapAllowEmptyPermission() {
|
||||
return allowEmptyPermission.get();
|
||||
}
|
||||
|
||||
public String getRoleSearchUserPrefix() {
|
||||
return "1";
|
||||
}
|
||||
});
|
||||
LdapManager ldapManager = new LdapManager();
|
||||
ldapManager.fessConfig = ComponentUtil.getFessConfig();
|
||||
final List<String> permissionList = new ArrayList<>();
|
||||
LdapUser user = new LdapUser(new Hashtable<>(), "test") {
|
||||
@Override
|
||||
public String[] getPermissions() {
|
||||
return permissionList.toArray(n -> new String[n]);
|
||||
}
|
||||
};
|
||||
|
||||
allowEmptyPermission.set(true);
|
||||
assertTrue(ldapManager.allowEmptyGroupAndRole(user));
|
||||
allowEmptyPermission.set(false);
|
||||
assertFalse(ldapManager.allowEmptyGroupAndRole(user));
|
||||
|
||||
permissionList.add("2aaa");
|
||||
|
||||
allowEmptyPermission.set(true);
|
||||
assertTrue(ldapManager.allowEmptyGroupAndRole(user));
|
||||
allowEmptyPermission.set(false);
|
||||
assertTrue(ldapManager.allowEmptyGroupAndRole(user));
|
||||
|
||||
permissionList.clear();
|
||||
permissionList.add("Raaa");
|
||||
|
||||
allowEmptyPermission.set(true);
|
||||
assertTrue(ldapManager.allowEmptyGroupAndRole(user));
|
||||
allowEmptyPermission.set(false);
|
||||
assertTrue(ldapManager.allowEmptyGroupAndRole(user));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue