8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-06 13:51:08 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

support AD LDAP

Browse Source
This commit is contained in:
fanghanyun
2021-03-05 14:45:54 +08:00
parent e351ce7411
commit 411ee55653
2 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/ldap/LDAPAuthentication.java
View File

@@ -1,5 +1,6 @@
package com.xiaojukeji.kafka.manager.common.utils.ldap; package com.xiaojukeji.kafka.manager.common.utils.ldap;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@@ -25,6 +26,9 @@ public class LDAPAuthentication {
@Value(value = "${ldap.factory}") @Value(value = "${ldap.factory}")
private String ldapFactory; private String ldapFactory;
@Value(value = "${ldap.filter}")
private String ldapfilter;
@Value(value = "${ldap.auth-user-registration-role}") @Value(value = "${ldap.auth-user-registration-role}")
private String authUserRegistrationRole; private String authUserRegistrationRole;
@@ -61,7 +65,9 @@ public class LDAPAuthentication {
try { try {
SearchControls constraints = new SearchControls(); SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
NamingEnumeration<SearchResult> en = ctx.search("", "account=" + account, constraints); String filter = "(&(objectClass=*)("+ldapfilter+"=" + account + "))";
NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints);
if (en == null || !en.hasMoreElements()) { if (en == null || !en.hasMoreElements()) {
return ""; return "";
} }
@@ -96,6 +102,11 @@ public class LDAPAuthentication {
try { try {
String userDN = getUserDN(account,ctx); String userDN = getUserDN(account,ctx);
if(StringUtils.isEmpty(userDN)){
return valide;
}
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(null); ctx.reconnect(null);

4
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
View File

@@ -44,7 +44,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
@Override @Override
public Result<String> loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) { public Result<String> loginAndGetLdap(HttpServletRequest request, HttpServletResponse response, LoginDTO dto) {
if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) { if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
return null; return Result.buildFailure("Missing parameters");
} }
Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername()); Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername());
@@ -54,7 +54,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
if(ldapEnabled){ if(ldapEnabled){
//去LDAP验证账密 //去LDAP验证账密
if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){ if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){
return null; return Result.buildFailure("LDAP authentication failed");
} }
if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){ if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){