From 411ee5565323a0bb7b9a735f4adbad8324af3d79 Mon Sep 17 00:00:00 2001 From: fanghanyun Date: Fri, 5 Mar 2021 14:45:54 +0800 Subject: [PATCH] support AD LDAP --- .../common/utils/ldap/LDAPAuthentication.java | 13 ++++++++++++- .../account/component/sso/BaseSessionSignOn.java | 4 ++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java index 2419901a..6406f1c3 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java @@ -1,5 +1,6 @@ package com.xiaojukeji.kafka.manager.common.utils.ldap; +import org.apache.commons.lang.StringUtils; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; @@ -25,6 +26,9 @@ public class LDAPAuthentication { @Value(value = "${ldap.factory}") private String ldapFactory; + @Value(value = "${ldap.filter}") + private String ldapfilter; + @Value(value = "${ldap.auth-user-registration-role}") private String authUserRegistrationRole; @@ -61,7 +65,9 @@ public class LDAPAuthentication { try { SearchControls constraints = new SearchControls(); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); - NamingEnumeration en = ctx.search("", "account=" + account, constraints); + String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))"; + + NamingEnumeration en = ctx.search("", filter, constraints); if (en == null || !en.hasMoreElements()) { return ""; } @@ -96,6 +102,11 @@ public class LDAPAuthentication { try { String userDN = getUserDN(account,ctx); + if(StringUtils.isEmpty(userDN)){ + return valide; + } + + ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.reconnect(null); diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java index 3aa0e703..c064ec3d 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java @@ -44,7 +44,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { @Override public Result loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) { if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) { - return null; + return Result.buildFailure("Missing parameters"); } Result accountResult = accountService.getAccountDO(dto.getUsername()); @@ -54,7 +54,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn { if(ldapEnabled){ //去LDAP验证账密 if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){ - return null; + return Result.buildFailure("LDAP authentication failed"); } if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){