diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java index 8f0f229b..454a687f 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java @@ -106,7 +106,7 @@ public enum ResultStatus { STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"), STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"), STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"), - LDAP_AUTHENTICATION_FAILED(8053, "LDAP authentication failed"), + LDAP_AUTHENTICATION_FAILED(8053, "ldap authentication failed"), ; diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java similarity index 58% rename from kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java rename to kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java index eff3bc25..f456c916 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java @@ -1,6 +1,8 @@ -package com.xiaojukeji.kafka.manager.common.utils.ldap; +package com.xiaojukeji.kafka.manager.account.component.ldap; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -15,33 +17,31 @@ import javax.naming.ldap.LdapContext; import java.util.Hashtable; @Component -public class LDAPAuthentication { +public class LdapAuthentication { + private static final Logger LOGGER = LoggerFactory.getLogger(LdapAuthentication.class); - @Value(value = "${ldap.url}") + @Value(value = "${account.ldap.url:}") private String ldapUrl; - @Value(value = "${ldap.basedn}") + @Value(value = "${account.ldap.basedn:}") private String ldapBasedn; - @Value(value = "${ldap.factory}") + @Value(value = "${account.ldap.factory:}") private String ldapFactory; - @Value(value = "${ldap.filter}") - private String ldapfilter; + @Value(value = "${account.ldap.filter:}") + private String ldapFilter; - @Value(value = "${ldap.auth-user-registration-role}") - private String authUserRegistrationRole; - - @Value(value = "${ldap.security.authentication}") + @Value(value = "${account.ldap.security.authentication:}") private String securityAuthentication; - @Value(value = "${ldap.security.principal}") + @Value(value = "${account.ldap.security.principal:}") private String securityPrincipal; - @Value(value = "${ldap.security.credentials}") + @Value(value = "${account.ldap.security.credentials:}") private String securityCredentials; - private LdapContext getConnect() { + private LdapContext getLdapContext() { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory); env.put(Context.PROVIDER_URL, ldapUrl + ldapBasedn); @@ -53,19 +53,19 @@ public class LDAPAuthentication { try { return new InitialLdapContext(env, null); } catch (AuthenticationException e) { - e.printStackTrace(); + LOGGER.warn("class=LdapAuthentication||method=getLdapContext||errMsg={}", e); } catch (Exception e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=getLdapContext||errMsg={}", e); } return null; } - private String getUserDN(String account,LdapContext ctx) { + private String getUserDN(String account, LdapContext ctx) { String userDN = ""; try { SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); - String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))"; + String filter = "(&(objectClass=*)("+ldapFilter+"=" + account + "))"; NamingEnumeration en = ctx.search("", filter, constraints); if (en == null || !en.hasMoreElements()) { @@ -82,9 +82,8 @@ public class LDAPAuthentication { } } } catch (Exception e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e); } - return userDN; } @@ -94,35 +93,38 @@ public class LDAPAuthentication { * @param password * @return */ - public boolean authenricate(String account, String password) { - LdapContext ctx = getConnect(); - - boolean valide = false; + public boolean authenticate(String account, String password) { + LdapContext ctx = getLdapContext(); + if (ValidateUtils.isNull(ctx)) { + return false; + } try { - String userDN = getUserDN(account,ctx); + String userDN = getUserDN(account, ctx); if(ValidateUtils.isBlank(userDN)){ - return valide; + return false; } + ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.reconnect(null); - valide = true; - } catch (AuthenticationException e) { - System.out.println(e.toString()); + + return true; + } catch (AuthenticationException e) { + LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); } catch (NamingException e) { - e.printStackTrace(); - }finally { - if(ctx!=null) { + LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); + } catch (Exception e) { + LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); + } finally { + if(ctx != null) { try { ctx.close(); } catch (NamingException e) { - e.printStackTrace(); + LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); } } } - - return valide; + return false; } - } diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java index c67cca08..1ff36964 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java @@ -10,7 +10,7 @@ import com.xiaojukeji.kafka.manager.common.entity.dto.normal.LoginDTO; import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO; import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; -import com.xiaojukeji.kafka.manager.common.utils.ldap.LDAPAuthentication; +import com.xiaojukeji.kafka.manager.account.component.ldap.LdapAuthentication; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Service; @@ -28,18 +28,18 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { private AccountService accountService; @Autowired - private LDAPAuthentication ldapAuthentication; + private LdapAuthentication ldapAuthentication; //是否开启ldap验证 - @Value(value = "${ldap.enabled}") - private boolean ldapEnabled; + @Value(value = "${account.ldap.enabled:}") + private Boolean accountLdapEnabled; //ldap自动注册的默认角色。请注意:它通常来说都是低权限角色 - @Value(value = "${ldap.auth-user-registration-role}") + @Value(value = "${account.ldap.auth-user-registration-role:}") private String authUserRegistrationRole; //ldap自动注册是否开启 - @Value(value = "${ldap.auth-user-registration}") + @Value(value = "${account.ldap.auth-user-registration:}") private boolean authUserRegistration; @Override @@ -50,11 +50,10 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { Result accountResult = accountService.getAccountDO(dto.getUsername()); - //modifier limin - //判断是否激活了LDAP验证。若激活并且数据库无此用户则自动注册 - if(ldapEnabled){ + //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证 + if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){ //去LDAP验证账密 - if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){ + if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){ return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); } @@ -63,14 +62,13 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { AccountDO accountDO = new AccountDO(); accountDO.setUsername(dto.getUsername()); accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole()); - accountDO.setPassword(EncryptUtil.md5(dto.getPassword())); + accountDO.setPassword(dto.getPassword()); accountService.createAccount(accountDO); } return Result.buildSuc(dto.getUsername()); - } - + if (ValidateUtils.isNull(accountResult) || accountResult.failed()) { return new Result<>(accountResult.getCode(), accountResult.getMessage()); } diff --git a/kafka-manager-web/src/main/resources/application.yml b/kafka-manager-web/src/main/resources/application.yml index 89fca91c..1c6614e2 100644 --- a/kafka-manager-web/src/main/resources/application.yml +++ b/kafka-manager-web/src/main/resources/application.yml @@ -11,7 +11,6 @@ spring: name: kafkamanager datasource: kafka-manager: - jdbc-url: jdbc:mysql://127.0.0.1:3306/logi_kafka_manager?characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8 username: admin password: admin @@ -50,6 +49,17 @@ task: account: ldap: + enabled: false + url: ldap://127.0.0.1:389/ + basedn: dc=tsign,dc=cn + factory: com.sun.jndi.ldap.LdapCtxFactory + filter: sAMAccountName + security: + authentication: simple + principal: cn=admin,dc=tsign,dc=cn + credentials: admin + auth-user-registration: true + auth-user-registration-role: normal kcm: enabled: false @@ -83,16 +93,3 @@ notify: topic-name: didi-kafka-notify order: detail-url: http://127.0.0.1 - -ldap: - enabled: false - url: ldap://127.0.0.1:389/ - basedn: dc=tsign,dc=cn - factory: com.sun.jndi.ldap.LdapCtxFactory - filter: sAMAccountName - security: - authentication: simple - principal: cn=admin,dc=tsign,dc=cn - credentials: admin - auth-user-registration-role: normal - auth-user-registration: true