support AD LDAP

2026-01-01 01:41:44 +08:00 · 2021-03-05 14:45:54 +08:00
parent e351ce7411
commit 411ee55653
2 changed files with 14 additions and 3 deletions
--- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java
+++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java
@@ -1,5 +1,6 @@
 package com.xiaojukeji.kafka.manager.common.utils.ldap;

+import org.apache.commons.lang.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;

@@ -25,6 +26,9 @@ public class LDAPAuthentication {
    @Value(value = "${ldap.factory}")
    private String ldapFactory;

+    @Value(value = "${ldap.filter}")
+    private String ldapfilter;
+
    @Value(value = "${ldap.auth-user-registration-role}")
    private String authUserRegistrationRole;

@@ -61,7 +65,9 @@ public class LDAPAuthentication {
        try {
            SearchControls constraints = new SearchControls();
            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
-            NamingEnumeration<SearchResult> en = ctx.search("", "account=" + account, constraints);
+            String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))";
+
+            NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints);
            if (en == null || !en.hasMoreElements()) {
                return "";
            }
@@ -96,6 +102,11 @@ public class LDAPAuthentication {
        try {
            String userDN = getUserDN(account,ctx);

+            if(StringUtils.isEmpty(userDN)){
+                return    valide;
+            }
+
+
            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
            ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
            ctx.reconnect(null);
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
@@ -44,7 +44,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
    @Override
    public Result<String> loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) {
        if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
-            return null;
+            return Result.buildFailure("Missing parameters");
        }

        Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername());
@@ -54,7 +54,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
        if(ldapEnabled){
            //去LDAP验证账密
            if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){
-                return null;
+                return Result.buildFailure("LDAP authentication failed");
            }

            if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){