Merge pull request #444 from didi/dev

1. 完善搜索用户时可以显示用户的其他元信息(完善chineseName和department); 2. 升级至v2.6.0说明

distribution/conf/create_mysql_table.sql

@@ -13,6 +13,9 @@ CREATE TABLE `account` (
   `username` varchar(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '' COMMENT '用户名',
   `password` varchar(128) NOT NULL DEFAULT '' COMMENT '密码',
   `role` tinyint(8) NOT NULL DEFAULT '0' COMMENT '角色类型, 0:普通用户 1:研发 2:运维',
+  `department` varchar(256) DEFAULT '' COMMENT '部门名',
+  `display_name` varchar(256) DEFAULT '' COMMENT '用户姓名',
+  `mail` varchar(256) DEFAULT '' COMMENT '邮箱',
   `status` int(16) NOT NULL DEFAULT '0' COMMENT '0标识使用中，-1标识已废弃',
   `gmt_create` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
   `gmt_modify` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',

distribution/upgrade_config.md

@@ -39,4 +39,14 @@ ALTER TABLE `gateway_config`
 ADD COLUMN `description` TEXT NULL COMMENT '描述信息' AFTER `version`;
 ```
 
+### 升级至`2.6.0`版本
 
+#### 1.mysql变更
+`2.6.0`版本在`account`表增加用户姓名，部门名，邮箱三个字段，因此需要执行下面的sql进行字段的增加。
+
+```sql
+ALTER TABLE `account`
+ADD COLUMN `display_name` VARCHAR(256) NOT NULL DEFAULT '' COMMENT '用户名' AFTER `role`,
+ADD COLUMN `department` VARCHAR(256) NOT NULL DEFAULT '' COMMENT '部门名' AFTER `display_name`,
+ADD COLUMN `mail` VARCHAR(256) NOT NULL DEFAULT '' COMMENT '邮箱' AFTER `department`;
+```

docs/dev_guide/upgrade_manual/logi-km-v2.2.0.md

@@ -1,27 +0,0 @@
-
----
-
-![kafka-manager-logo](../../assets/images/common/logo_name.png)
-
-**一站式`Apache Kafka`集群指标监控与运维管控平台**
-
---- 
-
-# 升级至`2.2.0`版本
-
-`2.2.0`版本在`cluster`表及`logical_cluster`各增加了一个字段，因此需要执行下面的sql进行字段的增加。
-
-```sql
-# 往cluster表中增加jmx_properties字段, 这个字段会用于存储jmx相关的认证以及配置信息
-ALTER TABLE `cluster` ADD COLUMN `jmx_properties` TEXT NULL COMMENT 'JMX配置' AFTER `security_properties`;
-
-# 往logical_cluster中增加identification字段, 同时数据和原先name数据相同, 最后增加一个唯一键. 
-# 此后, name字段还是表示集群名称, 而identification字段表示的是集群标识, 只能是字母数字及下划线组成, 
-# 数据上报到监控系统时, 集群这个标识采用的字段就是identification字段, 之前使用的是name字段.
-ALTER TABLE `logical_cluster` ADD COLUMN `identification` VARCHAR(192) NOT NULL DEFAULT '' COMMENT '逻辑集群标识' AFTER `name`;
-
-UPDATE `logical_cluster` SET `identification`=`name` WHERE id>=0;
-
-ALTER TABLE `logical_cluster` ADD INDEX `uniq_identification` (`identification` ASC);
-```
-

docs/dev_guide/upgrade_manual/logi-km-v2.3.0.md

@@ -1,17 +0,0 @@
-
----
-
-![kafka-manager-logo](../../assets/images/common/logo_name.png)
-
-**一站式`Apache Kafka`集群指标监控与运维管控平台**
-
---- 
-
-# 升级至`2.3.0`版本
-
-`2.3.0`版本在`gateway_config`表增加了一个描述说明的字段，因此需要执行下面的sql进行字段的增加。
-
-```sql
-ALTER TABLE `gateway_config` 
-ADD COLUMN `description` TEXT NULL COMMENT '描述信息' AFTER `version`;
-```

kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/dto/rd/AccountDTO.java

@@ -21,6 +21,15 @@ public class AccountDTO {
     @ApiModelProperty(value = "角色")
     private Integer role;
 
+    @ApiModelProperty(value = "用户姓名")
+    private String displayName;
+
+    @ApiModelProperty(value = "部门")
+    private String department;
+
+    @ApiModelProperty(value = "邮箱")
+    private String mail;
+
     public String getUsername() {
         return username;
     }
@@ -45,12 +54,39 @@ public class AccountDTO {
         this.role = role;
     }
 
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+    public String getDepartment() {
+        return department;
+    }
+
+    public void setDepartment(String department) {
+        this.department = department;
+    }
+
+    public String getMail() {
+        return mail;
+    }
+
+    public void setMail(String mail) {
+        this.mail = mail;
+    }
+
     @Override
     public String toString() {
         return "AccountDTO{" +
                 "username='" + username + '\'' +
                 ", password='" + password + '\'' +
                 ", role=" + role +
+                ", displayName='" + displayName + '\'' +
+                ", department='" + department + '\'' +
+                ", mail='" + mail + '\'' +
                 '}';
     }
 

kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/pojo/AccountDO.java

@@ -21,6 +21,12 @@ public class AccountDO {
 
     private Integer role;
 
+    private String displayName;
+
+    private String department;
+
+    private String mail;
+
     public String getUsername() {
         return username;
     }
@@ -45,16 +51,43 @@ public class AccountDO {
         this.role = role;
     }
 
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+    public String getDepartment() {
+        return department;
+    }
+
+    public void setDepartment(String department) {
+        this.department = department;
+    }
+
+    public String getMail() {
+        return mail;
+    }
+
+    public void setMail(String mail) {
+        this.mail = mail;
+    }
+
     @Override
     public String toString() {
         return "AccountDO{" +
-                "username='" + username + '\'' +
-                ", password='" + password + '\'' +
-                ", role=" + role +
-                ", id=" + id +
+                "id=" + id +
                 ", status=" + status +
                 ", gmtCreate=" + gmtCreate +
                 ", gmtModify=" + gmtModify +
+                ", username='" + username + '\'' +
+                ", password='" + password + '\'' +
+                ", role=" + role +
+                ", displayName='" + displayName + '\'' +
+                ", department='" + department + '\'' +
+                ", mail='" + mail + '\'' +
                 '}';
     }
 }

kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/SplitUtils.java

@@ -0,0 +1,14 @@
+package com.xiaojukeji.kafka.manager.common.utils;
+
+/**
+ * @className: SplitUtils
+ * @description: Split string of type keyValue
+ * @author: Hu.Yue
+ * @date: 2021/8/4
+ **/
+public class SplitUtils {
+
+    public static String keyValueSplit(String keyValue){
+        return keyValue.split(":\\s+")[1];
+    }
+}

kafka-manager-dao/src/main/resources/mapper/AccountDao.xml

@@ -8,6 +8,9 @@
         <result property="username"     column="username" />
         <result property="password"     column="password" />
         <result property="role"         column="role" />
+        <result property="displayName"  column="display_name" />
+        <result property="department"   column="department" />
+        <result property="mail"         column="mail" />
         <result property="gmtCreate"    column="gmt_create" />
         <result property="gmtModify"    column="gmt_modify" />
     </resultMap>
@@ -15,9 +18,9 @@
     <insert id="insert" parameterType="com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO">
         <![CDATA[
         REPLACE account
-        (username, password, role)
+        (username, password, role, display_name, department, mail)
         VALUES
-        (#{username}, #{password}, #{role})
+        (#{username}, #{password}, #{role}, #{displayName}, #{department}, #{mail})
     ]]>
     </insert>
 

kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/account/BaseEnterpriseStaffService.java

@@ -54,7 +54,8 @@ public class BaseEnterpriseStaffService extends AbstractEnterpriseStaffService {
             }
             List<EnterpriseStaff> staffList = new ArrayList<>();
             for (AccountDO accountDO: doList) {
-                staffList.add(new EnterpriseStaff(accountDO.getUsername(), accountDO.getUsername(), ""));
+                //这里对chineseName填充共识的displayName，Department则获取Department信息
+                staffList.add(new EnterpriseStaff(accountDO.getUsername(), accountDO.getDisplayName(), accountDO.getDepartment()));
             }
             return staffList;
         } catch (Exception e) {

kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java

@@ -1,5 +1,6 @@
 package com.xiaojukeji.kafka.manager.account.component.ldap;
 
+import com.xiaojukeji.kafka.manager.common.utils.SplitUtils;
 import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -14,7 +15,9 @@ import javax.naming.directory.SearchControls;
 import javax.naming.directory.SearchResult;
 import javax.naming.ldap.InitialLdapContext;
 import javax.naming.ldap.LdapContext;
+import java.util.HashMap;
 import java.util.Hashtable;
+import java.util.Map;
 
 @Component
 public class LdapAuthentication {
@@ -60,8 +63,11 @@ public class LdapAuthentication {
         return null;
     }
 
-    private String getUserDN(String account, LdapContext ctx) {
+    private Map<String, Object> getLdapAttrsInfo(String account, LdapContext ctx) {
+        //存储更多的LDAP元信息
+        Map<String, Object> ldapAttrsInfo = new HashMap<>();
         String userDN = "";
+        ldapAttrsInfo.clear();
         try {
             SearchControls constraints = new SearchControls();
             constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -69,7 +75,7 @@ public class LdapAuthentication {
 
             NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints);
             if (en == null || !en.hasMoreElements()) {
-                return "";
+                return null;
             }
             // maybe more than one element
             while (en.hasMoreElements()) {
@@ -78,13 +84,25 @@ public class LdapAuthentication {
                     SearchResult si = (SearchResult) obj;
                     userDN += si.getName();
                     userDN += "," + ldapBasedn;
+                    //携带LDAP更多元信息以填充用户元信息
+                    ldapAttrsInfo.put("userDN", userDN);
+                    ldapAttrsInfo.put("sAMAccountName",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("samaccountname").toString()));
+                    ldapAttrsInfo.put("department",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("department").toString()));
+                    ldapAttrsInfo.put("company",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("company").toString()));
+                    ldapAttrsInfo.put("displayName",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("displayname").toString()));
+                    ldapAttrsInfo.put("mail",
+                            SplitUtils.keyValueSplit(si.getAttributes().get("mail").toString()));
                     break;
                 }
             }
         } catch (Exception e) {
             LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e);
         }
-        return userDN;
+        return ldapAttrsInfo;
     }
 
     /**
@@ -93,23 +111,23 @@ public class LdapAuthentication {
      * @param password
      * @return
      */
-    public boolean authenticate(String account, String password) {
+    public Map<String, Object> authenticate(String account, String password) {
         LdapContext ctx = getLdapContext();
         if (ValidateUtils.isNull(ctx)) {
-            return false;
+            return null;
         }
 
         try {
-            String userDN = getUserDN(account, ctx);
-            if(ValidateUtils.isBlank(userDN)){
-                return false;
+            Map<String, Object> ldapAttrsInfo = getLdapAttrsInfo(account, ctx);
+            if(ValidateUtils.isNull(ldapAttrsInfo)){
+                return null;
             }
 
-            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
+            ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapAttrsInfo.get("userDN").toString());
             ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
             ctx.reconnect(null);
 
-            return true;
+            return ldapAttrsInfo;
         } catch (AuthenticationException  e) {
             LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
         } catch (NamingException e) {
@@ -125,6 +143,6 @@ public class LdapAuthentication {
                 }
             }
         }
-        return false;
+        return null;
     }
 }

kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java

@@ -17,6 +17,7 @@ import org.springframework.stereotype.Service;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.Map;
 
 /**
  * @author zengqiao
@@ -47,27 +48,37 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
         if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
             return Result.buildFailure("Missing parameters");
         }
-
-        Result<AccountDO> accountResult = accountService.getAccountDO(dto.getUsername());
+        //先创建空对象，看是在LDAP去做填充，还是直接查表填充
+        Result<AccountDO> accountResult;
 
         //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证
         if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){
             //去LDAP验证账密
-            if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){
+            Map<String, Object> ldapAttrsInfo = ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword());;
+            if(ValidateUtils.isNull(ldapAttrsInfo)){
                 return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
             }
 
+            //LDAP验证通过，拿LDAP的sAMAccountName替换dto对象的值，便于第一次自动注册采用LDAP值，并且第二次也避免REPLACE
+            dto.setUsername(ldapAttrsInfo.get("sAMAccountName").toString());
+            accountResult = accountService.getAccountDO(dto.getUsername());
+
             if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
                 //自动注册
                 AccountDO accountDO = new AccountDO();
                 accountDO.setUsername(dto.getUsername());
                 accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());
                 accountDO.setPassword(dto.getPassword());
+                accountDO.setDisplayName(ldapAttrsInfo.getOrDefault("displayName", "").toString());
+                accountDO.setDepartment(ldapAttrsInfo.getOrDefault("department", "").toString());
+                accountDO.setMail(ldapAttrsInfo.getOrDefault("mail", "").toString());
                 accountService.createAccount(accountDO);
             }
 
             return Result.buildSuc(dto.getUsername());
         }
+        //不走LDAP认证直接查表填充
+        accountResult = accountService.getAccountDO(dto.getUsername());
 
         if (ValidateUtils.isNull(accountResult) || accountResult.failed()) {
             return new Result<>(accountResult.getCode(), accountResult.getMessage());

kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/converters/AccountConverter.java

@@ -13,11 +13,19 @@ import java.util.List;
  * @date 19/5/3
  */
 public class AccountConverter {
+    private AccountConverter() {
+    }
+
     public static AccountDO convert2AccountDO(AccountDTO dto) {
         AccountDO accountDO = new AccountDO();
         accountDO.setUsername(dto.getUsername());
         accountDO.setPassword(dto.getPassword());
         accountDO.setRole(dto.getRole());
+
+        // 兼容前端未传这些信息的情况
+        accountDO.setDepartment(dto.getDepartment() == null? "": dto.getDepartment());
+        accountDO.setMail(dto.getMail() == null? "": dto.getMail());
+        accountDO.setDisplayName(dto.getDisplayName() == null? "": dto.getDisplayName());
         return accountDO;
     }