8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-07 23:28:24 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #201 from ZQKC/master

Browse Source 
optimize ldap
This commit is contained in:
EricZeng
2021-03-10 14:12:35 +08:00
committed by GitHub
parent a58a55d00d 67c37a0984
commit 3f8a3c69e3
4 changed files with 61 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java
View File

@@ -106,7 +106,7 @@ public enum ResultStatus {
STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"), STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"),
STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"), STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"),
STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"), STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"),
LDAP_AUTHENTICATION_FAILED(8053, "LDAP authentication failed"), LDAP_AUTHENTICATION_FAILED(8053, "ldap authentication failed"),
; ;

74
kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java → kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java
View File

@@ -1,6 +1,8 @@
package com.xiaojukeji.kafka.manager.common.utils.ldap; package com.xiaojukeji.kafka.manager.account.component.ldap;
import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@@ -15,33 +17,31 @@ import javax.naming.ldap.LdapContext;
import java.util.Hashtable; import java.util.Hashtable;
@Component @Component
public class LDAPAuthentication { public class LdapAuthentication {
private static final Logger LOGGER = LoggerFactory.getLogger(LdapAuthentication.class);
@Value(value = "${ldap.url}") @Value(value = "${account.ldap.url:}")
private String ldapUrl; private String ldapUrl;
@Value(value = "${ldap.basedn}") @Value(value = "${account.ldap.basedn:}")
private String ldapBasedn; private String ldapBasedn;
@Value(value = "${ldap.factory}") @Value(value = "${account.ldap.factory:}")
private String ldapFactory; private String ldapFactory;
@Value(value = "${ldap.filter}") @Value(value = "${account.ldap.filter:}")
private String ldapfilter; private String ldapFilter;
@Value(value = "${ldap.auth-user-registration-role}") @Value(value = "${account.ldap.security.authentication:}")
private String authUserRegistrationRole;
@Value(value = "${ldap.security.authentication}")
private String securityAuthentication; private String securityAuthentication;
@Value(value = "${ldap.security.principal}") @Value(value = "${account.ldap.security.principal:}")
private String securityPrincipal; private String securityPrincipal;
@Value(value = "${ldap.security.credentials}") @Value(value = "${account.ldap.security.credentials:}")
private String securityCredentials; private String securityCredentials;
private LdapContext getConnect() { private LdapContext getLdapContext() {
Hashtable<String, String> env = new Hashtable<String, String>(); Hashtable<String, String> env = new Hashtable<String, String>();
env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapFactory);
env.put(Context.PROVIDER_URL, ldapUrl + ldapBasedn); env.put(Context.PROVIDER_URL, ldapUrl + ldapBasedn);
@@ -53,19 +53,19 @@ public class LDAPAuthentication {
try { try {
return new InitialLdapContext(env, null); return new InitialLdapContext(env, null);
} catch (AuthenticationException e) { } catch (AuthenticationException e) {
e.printStackTrace(); LOGGER.warn("class=LdapAuthentication||method=getLdapContext||errMsg={}", e);
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); LOGGER.error("class=LdapAuthentication||method=getLdapContext||errMsg={}", e);
} }
return null; return null;
} }
private String getUserDN(String account,LdapContext ctx) { private String getUserDN(String account, LdapContext ctx) {
String userDN = ""; String userDN = "";
try { try {
SearchControls constraints = new SearchControls(); SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))"; String filter = "(&(objectClass=*)("+ldapFilter+"=" + account + "))";
NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints); NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints);
if (en == null || !en.hasMoreElements()) { if (en == null || !en.hasMoreElements()) {
@@ -82,9 +82,8 @@ public class LDAPAuthentication {
} }
} }
} catch (Exception e) { } catch (Exception e) {
e.printStackTrace(); LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e);
} }
return userDN; return userDN;
} }
@@ -94,35 +93,38 @@ public class LDAPAuthentication {
* @param password * @param password
* @return * @return
*/ */
public boolean authenricate(String account, String password) { public boolean authenticate(String account, String password) {
LdapContext ctx = getConnect(); LdapContext ctx = getLdapContext();
if (ValidateUtils.isNull(ctx)) {
boolean valide = false; return false;
}
try { try {
String userDN = getUserDN(account,ctx); String userDN = getUserDN(account, ctx);
if(ValidateUtils.isBlank(userDN)){ if(ValidateUtils.isBlank(userDN)){
return valide; return false;
} }
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(null); ctx.reconnect(null);
valide = true;
} catch (AuthenticationException e) { return true;
System.out.println(e.toString()); } catch (AuthenticationException e) {
LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
} catch (NamingException e) { } catch (NamingException e) {
e.printStackTrace(); LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
}finally { } catch (Exception e) {
if(ctx!=null) { LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
} finally {
if(ctx != null) {
try { try {
ctx.close(); ctx.close();
} catch (NamingException e) { } catch (NamingException e) {
e.printStackTrace(); LOGGER.error("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
} }
} }
} }
return false;
return valide;
} }
} }

22
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
View File

@@ -10,7 +10,7 @@ import com.xiaojukeji.kafka.manager.common.entity.dto.normal.LoginDTO;
import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO; import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO;
import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil; import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil;
import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
import com.xiaojukeji.kafka.manager.common.utils.ldap.LDAPAuthentication; import com.xiaojukeji.kafka.manager.account.component.ldap.LdapAuthentication;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service; import org.springframework.stereotype.Service;
@@ -28,18 +28,18 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
private AccountService accountService; private AccountService accountService;
@Autowired @Autowired
private LDAPAuthentication ldapAuthentication; private LdapAuthentication ldapAuthentication;
//是否开启ldap验证 //是否开启ldap验证
@Value(value = "${ldap.enabled}") @Value(value = "${account.ldap.enabled:}")
private boolean ldapEnabled; private Boolean accountLdapEnabled;
//ldap自动注册的默认角色。请注意它通常来说都是低权限角色 //ldap自动注册的默认角色。请注意它通常来说都是低权限角色
@Value(value = "${ldap.auth-user-registration-role}") @Value(value = "${account.ldap.auth-user-registration-role:}")
private String authUserRegistrationRole; private String authUserRegistrationRole;
//ldap自动注册是否开启 //ldap自动注册是否开启
@Value(value = "${ldap.auth-user-registration}") @Value(value = "${account.ldap.auth-user-registration:}")
private boolean authUserRegistration; private boolean authUserRegistration;
@Override @Override
@@ -50,11 +50,10 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername()); Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername());
//modifier limin //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证
//判断是否激活了LDAP验证。若激活并且数据库无此用户则自动注册 if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){
if(ldapEnabled){
//去LDAP验证账密 //去LDAP验证账密
if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){ if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){
return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
} }
@@ -63,12 +62,11 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
AccountDO accountDO = new AccountDO(); AccountDO accountDO = new AccountDO();
accountDO.setUsername(dto.getUsername()); accountDO.setUsername(dto.getUsername());
accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole()); accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());
accountDO.setPassword(EncryptUtil.md5(dto.getPassword())); accountDO.setPassword(dto.getPassword());
accountService.createAccount(accountDO); accountService.createAccount(accountDO);
} }
return Result.buildSuc(dto.getUsername()); return Result.buildSuc(dto.getUsername());
} }
if (ValidateUtils.isNull(accountResult) || accountResult.failed()) { if (ValidateUtils.isNull(accountResult) || accountResult.failed()) {

25
kafka-manager-web/src/main/resources/application.yml
View File

@@ -11,7 +11,6 @@ spring:
name: kafkamanager name: kafkamanager
datasource: datasource:
kafka-manager: kafka-manager:
jdbc-url: jdbc:mysql://127.0.0.1:3306/logi_kafka_manager?characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8 jdbc-url: jdbc:mysql://127.0.0.1:3306/logi_kafka_manager?characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8
username: admin username: admin
password: admin password: admin
@@ -50,6 +49,17 @@ task:
account: account:
ldap: ldap:
enabled: false
url: ldap://127.0.0.1:389/
basedn: dc=tsign,dc=cn
factory: com.sun.jndi.ldap.LdapCtxFactory
filter: sAMAccountName
security:
authentication: simple
principal: cn=admin,dc=tsign,dc=cn
credentials: admin
auth-user-registration: true
auth-user-registration-role: normal
kcm: kcm:
enabled: false enabled: false
@@ -83,16 +93,3 @@ notify:
topic-name: didi-kafka-notify topic-name: didi-kafka-notify
order: order:
detail-url: http://127.0.0.1 detail-url: http://127.0.0.1
ldap:
enabled: false
url: ldap://127.0.0.1:389/
basedn: dc=tsign,dc=cn
factory: com.sun.jndi.ldap.LdapCtxFactory
filter: sAMAccountName
security:
authentication: simple
principal: cn=admin,dc=tsign,dc=cn
credentials: admin
auth-user-registration-role: normal
auth-user-registration: true