diff --git a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
index f1a1346f0d5766aec6f90871a0f65ee276985cda..0fbd4a6b0184b6c80931544341e22067774dace7 100644
--- a/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
+++ b/src/main/java/org/codelibs/fess/helper/RoleQueryHelper.java
@@ -118,9 +118,7 @@ public class RoleQueryHelper {
buildByCookieNameMapping(request, roleSet);
}
- if (isApiRequest) {
- processAccessToken(request, roleSet);
- }
+ final boolean hasAccessToken = processAccessToken(request, roleSet, isApiRequest);
final RequestManager requestManager = ComponentUtil.getRequestManager();
try {
@@ -130,7 +128,9 @@ public class RoleQueryHelper {
if (isApiRequest && ComponentUtil.getFessConfig().getApiAccessTokenRequiredAsBoolean()) {
throw new InvalidAccessTokenException("invalid_token", "Access token is requried.");
}
- roleSet.addAll(fessConfig.getSearchGuestPermissionList());
+ if (!hasAccessToken) {
+ roleSet.addAll(fessConfig.getSearchGuestPermissionList());
+ }
});
} catch (final RuntimeException e) {
try {
@@ -156,8 +156,14 @@ public class RoleQueryHelper {
return roleSet;
}
- protected void processAccessToken(final HttpServletRequest request, final Set<String> roleSet) {
- ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).ifPresent(p -> p.forEach(roleSet::add));
+ protected boolean processAccessToken(final HttpServletRequest request, final Set<String> roleSet, final boolean isApiRequest) {
+ if (isApiRequest) {
+ return ComponentUtil.getComponent(AccessTokenService.class).getPermissions(request).map(p -> {
+ p.forEach(roleSet::add);
+ return true;
+ }).orElse(false);
+ }
+ return false;
}
protected void processParameter(final HttpServletRequest request, final Set<String> roleSet) {