diff --git a/distribution/conf/create_mysql_table.sql b/distribution/conf/create_mysql_table.sql
index 12910ae1..f859d752 100644
--- a/distribution/conf/create_mysql_table.sql
+++ b/distribution/conf/create_mysql_table.sql
@@ -13,6 +13,9 @@ CREATE TABLE `account` (
`username` varchar(128) CHARACTER SET utf8 COLLATE utf8_bin NOT NULL DEFAULT '' COMMENT '用户名',
`password` varchar(128) NOT NULL DEFAULT '' COMMENT '密码',
`role` tinyint(8) NOT NULL DEFAULT '0' COMMENT '角色类型, 0:普通用户 1:研发 2:运维',
+ `department` varchar(256) DEFAULT '' COMMENT '部门名',
+ `display_name` varchar(256) DEFAULT '' COMMENT '用户姓名',
+ `mail` varchar(256) DEFAULT '' COMMENT '邮箱',
`status` int(16) NOT NULL DEFAULT '0' COMMENT '0标识使用中,-1标识已废弃',
`gmt_create` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP COMMENT '创建时间',
`gmt_modify` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP COMMENT '修改时间',
diff --git a/distribution/upgrade_config.md b/distribution/upgrade_config.md
index 5f976042..06eb01b1 100644
--- a/distribution/upgrade_config.md
+++ b/distribution/upgrade_config.md
@@ -39,4 +39,14 @@ ALTER TABLE `gateway_config`
ADD COLUMN `description` TEXT NULL COMMENT '描述信息' AFTER `version`;
```
+### 升级至`2.6.0`版本
+#### 1.mysql变更
+`2.6.0`版本在`account`表增加用户姓名,部门名,邮箱三个字段,因此需要执行下面的sql进行字段的增加。
+
+```sql
+ALTER TABLE `account`
+ADD COLUMN `display_name` VARCHAR(256) NOT NULL DEFAULT '' COMMENT '用户名' AFTER `role`,
+ADD COLUMN `department` VARCHAR(256) NOT NULL DEFAULT '' COMMENT '部门名' AFTER `display_name`,
+ADD COLUMN `mail` VARCHAR(256) NOT NULL DEFAULT '' COMMENT '邮箱' AFTER `department`;
+```
diff --git a/docs/dev_guide/upgrade_manual/logi-km-v2.2.0.md b/docs/dev_guide/upgrade_manual/logi-km-v2.2.0.md
deleted file mode 100644
index 96622080..00000000
--- a/docs/dev_guide/upgrade_manual/logi-km-v2.2.0.md
+++ /dev/null
@@ -1,27 +0,0 @@
-
----
-
-
-
-**一站式`Apache Kafka`集群指标监控与运维管控平台**
-
----
-
-# 升级至`2.2.0`版本
-
-`2.2.0`版本在`cluster`表及`logical_cluster`各增加了一个字段,因此需要执行下面的sql进行字段的增加。
-
-```sql
-# 往cluster表中增加jmx_properties字段, 这个字段会用于存储jmx相关的认证以及配置信息
-ALTER TABLE `cluster` ADD COLUMN `jmx_properties` TEXT NULL COMMENT 'JMX配置' AFTER `security_properties`;
-
-# 往logical_cluster中增加identification字段, 同时数据和原先name数据相同, 最后增加一个唯一键.
-# 此后, name字段还是表示集群名称, 而identification字段表示的是集群标识, 只能是字母数字及下划线组成,
-# 数据上报到监控系统时, 集群这个标识采用的字段就是identification字段, 之前使用的是name字段.
-ALTER TABLE `logical_cluster` ADD COLUMN `identification` VARCHAR(192) NOT NULL DEFAULT '' COMMENT '逻辑集群标识' AFTER `name`;
-
-UPDATE `logical_cluster` SET `identification`=`name` WHERE id>=0;
-
-ALTER TABLE `logical_cluster` ADD INDEX `uniq_identification` (`identification` ASC);
-```
-
diff --git a/docs/dev_guide/upgrade_manual/logi-km-v2.3.0.md b/docs/dev_guide/upgrade_manual/logi-km-v2.3.0.md
deleted file mode 100644
index 3a4196f8..00000000
--- a/docs/dev_guide/upgrade_manual/logi-km-v2.3.0.md
+++ /dev/null
@@ -1,17 +0,0 @@
-
----
-
-
-
-**一站式`Apache Kafka`集群指标监控与运维管控平台**
-
----
-
-# 升级至`2.3.0`版本
-
-`2.3.0`版本在`gateway_config`表增加了一个描述说明的字段,因此需要执行下面的sql进行字段的增加。
-
-```sql
-ALTER TABLE `gateway_config`
-ADD COLUMN `description` TEXT NULL COMMENT '描述信息' AFTER `version`;
-```
diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/dto/rd/AccountDTO.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/dto/rd/AccountDTO.java
index db2b0aff..ab1147a3 100644
--- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/dto/rd/AccountDTO.java
+++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/dto/rd/AccountDTO.java
@@ -21,6 +21,15 @@ public class AccountDTO {
@ApiModelProperty(value = "角色")
private Integer role;
+ @ApiModelProperty(value = "用户姓名")
+ private String displayName;
+
+ @ApiModelProperty(value = "部门")
+ private String department;
+
+ @ApiModelProperty(value = "邮箱")
+ private String mail;
+
public String getUsername() {
return username;
}
@@ -45,12 +54,39 @@ public class AccountDTO {
this.role = role;
}
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public void setDisplayName(String displayName) {
+ this.displayName = displayName;
+ }
+
+ public String getDepartment() {
+ return department;
+ }
+
+ public void setDepartment(String department) {
+ this.department = department;
+ }
+
+ public String getMail() {
+ return mail;
+ }
+
+ public void setMail(String mail) {
+ this.mail = mail;
+ }
+
@Override
public String toString() {
return "AccountDTO{" +
"username='" + username + '\'' +
", password='" + password + '\'' +
", role=" + role +
+ ", displayName='" + displayName + '\'' +
+ ", department='" + department + '\'' +
+ ", mail='" + mail + '\'' +
'}';
}
diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/pojo/AccountDO.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/pojo/AccountDO.java
index 13623941..1fa25528 100644
--- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/pojo/AccountDO.java
+++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/pojo/AccountDO.java
@@ -21,6 +21,12 @@ public class AccountDO {
private Integer role;
+ private String displayName;
+
+ private String department;
+
+ private String mail;
+
public String getUsername() {
return username;
}
@@ -45,16 +51,43 @@ public class AccountDO {
this.role = role;
}
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public void setDisplayName(String displayName) {
+ this.displayName = displayName;
+ }
+
+ public String getDepartment() {
+ return department;
+ }
+
+ public void setDepartment(String department) {
+ this.department = department;
+ }
+
+ public String getMail() {
+ return mail;
+ }
+
+ public void setMail(String mail) {
+ this.mail = mail;
+ }
+
@Override
public String toString() {
return "AccountDO{" +
- "username='" + username + '\'' +
- ", password='" + password + '\'' +
- ", role=" + role +
- ", id=" + id +
+ "id=" + id +
", status=" + status +
", gmtCreate=" + gmtCreate +
", gmtModify=" + gmtModify +
+ ", username='" + username + '\'' +
+ ", password='" + password + '\'' +
+ ", role=" + role +
+ ", displayName='" + displayName + '\'' +
+ ", department='" + department + '\'' +
+ ", mail='" + mail + '\'' +
'}';
}
}
\ No newline at end of file
diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/SplitUtils.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/SplitUtils.java
new file mode 100644
index 00000000..d3692d96
--- /dev/null
+++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/SplitUtils.java
@@ -0,0 +1,14 @@
+package com.xiaojukeji.kafka.manager.common.utils;
+
+/**
+ * @className: SplitUtils
+ * @description: Split string of type keyValue
+ * @author: Hu.Yue
+ * @date: 2021/8/4
+ **/
+public class SplitUtils {
+
+ public static String keyValueSplit(String keyValue){
+ return keyValue.split(":\\s+")[1];
+ }
+}
diff --git a/kafka-manager-dao/src/main/resources/mapper/AccountDao.xml b/kafka-manager-dao/src/main/resources/mapper/AccountDao.xml
index ac920416..299d120b 100644
--- a/kafka-manager-dao/src/main/resources/mapper/AccountDao.xml
+++ b/kafka-manager-dao/src/main/resources/mapper/AccountDao.xml
@@ -8,6 +8,9 @@
+
+
+
@@ -15,9 +18,9 @@
diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/account/BaseEnterpriseStaffService.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/account/BaseEnterpriseStaffService.java
index 2eef7774..52e7347e 100644
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/account/BaseEnterpriseStaffService.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/account/BaseEnterpriseStaffService.java
@@ -54,7 +54,8 @@ public class BaseEnterpriseStaffService extends AbstractEnterpriseStaffService {
}
List staffList = new ArrayList<>();
for (AccountDO accountDO: doList) {
- staffList.add(new EnterpriseStaff(accountDO.getUsername(), accountDO.getUsername(), ""));
+ //这里对chineseName填充共识的displayName,Department则获取Department信息
+ staffList.add(new EnterpriseStaff(accountDO.getUsername(), accountDO.getDisplayName(), accountDO.getDepartment()));
}
return staffList;
} catch (Exception e) {
diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java
index f456c916..4dde4083 100644
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java
@@ -1,5 +1,6 @@
package com.xiaojukeji.kafka.manager.account.component.ldap;
+import com.xiaojukeji.kafka.manager.common.utils.SplitUtils;
import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -14,7 +15,9 @@ import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext;
+import java.util.HashMap;
import java.util.Hashtable;
+import java.util.Map;
@Component
public class LdapAuthentication {
@@ -60,8 +63,11 @@ public class LdapAuthentication {
return null;
}
- private String getUserDN(String account, LdapContext ctx) {
+ private Map getLdapAttrsInfo(String account, LdapContext ctx) {
+ //存储更多的LDAP元信息
+ Map ldapAttrsInfo = new HashMap<>();
String userDN = "";
+ ldapAttrsInfo.clear();
try {
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -69,7 +75,7 @@ public class LdapAuthentication {
NamingEnumeration en = ctx.search("", filter, constraints);
if (en == null || !en.hasMoreElements()) {
- return "";
+ return null;
}
// maybe more than one element
while (en.hasMoreElements()) {
@@ -78,13 +84,25 @@ public class LdapAuthentication {
SearchResult si = (SearchResult) obj;
userDN += si.getName();
userDN += "," + ldapBasedn;
+ //携带LDAP更多元信息以填充用户元信息
+ ldapAttrsInfo.put("userDN", userDN);
+ ldapAttrsInfo.put("sAMAccountName",
+ SplitUtils.keyValueSplit(si.getAttributes().get("samaccountname").toString()));
+ ldapAttrsInfo.put("department",
+ SplitUtils.keyValueSplit(si.getAttributes().get("department").toString()));
+ ldapAttrsInfo.put("company",
+ SplitUtils.keyValueSplit(si.getAttributes().get("company").toString()));
+ ldapAttrsInfo.put("displayName",
+ SplitUtils.keyValueSplit(si.getAttributes().get("displayname").toString()));
+ ldapAttrsInfo.put("mail",
+ SplitUtils.keyValueSplit(si.getAttributes().get("mail").toString()));
break;
}
}
} catch (Exception e) {
LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e);
}
- return userDN;
+ return ldapAttrsInfo;
}
/**
@@ -93,23 +111,23 @@ public class LdapAuthentication {
* @param password
* @return
*/
- public boolean authenticate(String account, String password) {
+ public Map authenticate(String account, String password) {
LdapContext ctx = getLdapContext();
if (ValidateUtils.isNull(ctx)) {
- return false;
+ return null;
}
try {
- String userDN = getUserDN(account, ctx);
- if(ValidateUtils.isBlank(userDN)){
- return false;
+ Map ldapAttrsInfo = getLdapAttrsInfo(account, ctx);
+ if(ValidateUtils.isNull(ldapAttrsInfo)){
+ return null;
}
- ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
+ ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapAttrsInfo.get("userDN").toString());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(null);
- return true;
+ return ldapAttrsInfo;
} catch (AuthenticationException e) {
LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
} catch (NamingException e) {
@@ -125,6 +143,6 @@ public class LdapAuthentication {
}
}
}
- return false;
+ return null;
}
}
diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
index d826507d..a0309cb6 100644
--- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
+++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
@@ -17,6 +17,7 @@ import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import java.util.Map;
/**
* @author zengqiao
@@ -47,27 +48,37 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
if (ValidateUtils.isBlank(dto.getUsername()) || ValidateUtils.isNull(dto.getPassword())) {
return Result.buildFailure("Missing parameters");
}
-
- Result accountResult = accountService.getAccountDO(dto.getUsername());
+ //先创建空对象,看是在LDAP去做填充,还是直接查表填充
+ Result accountResult;
//判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证
if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){
//去LDAP验证账密
- if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){
+ Map ldapAttrsInfo = ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword());;
+ if(ValidateUtils.isNull(ldapAttrsInfo)){
return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
}
+ //LDAP验证通过,拿LDAP的sAMAccountName替换dto对象的值,便于第一次自动注册采用LDAP值,并且第二次也避免REPLACE
+ dto.setUsername(ldapAttrsInfo.get("sAMAccountName").toString());
+ accountResult = accountService.getAccountDO(dto.getUsername());
+
if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
//自动注册
AccountDO accountDO = new AccountDO();
accountDO.setUsername(dto.getUsername());
accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());
accountDO.setPassword(dto.getPassword());
+ accountDO.setDisplayName(ldapAttrsInfo.getOrDefault("displayName", "").toString());
+ accountDO.setDepartment(ldapAttrsInfo.getOrDefault("department", "").toString());
+ accountDO.setMail(ldapAttrsInfo.getOrDefault("mail", "").toString());
accountService.createAccount(accountDO);
}
return Result.buildSuc(dto.getUsername());
}
+ //不走LDAP认证直接查表填充
+ accountResult = accountService.getAccountDO(dto.getUsername());
if (ValidateUtils.isNull(accountResult) || accountResult.failed()) {
return new Result<>(accountResult.getCode(), accountResult.getMessage());
diff --git a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/converters/AccountConverter.java b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/converters/AccountConverter.java
index a7eebff4..d1ce32c2 100644
--- a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/converters/AccountConverter.java
+++ b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/converters/AccountConverter.java
@@ -13,11 +13,19 @@ import java.util.List;
* @date 19/5/3
*/
public class AccountConverter {
+ private AccountConverter() {
+ }
+
public static AccountDO convert2AccountDO(AccountDTO dto) {
AccountDO accountDO = new AccountDO();
accountDO.setUsername(dto.getUsername());
accountDO.setPassword(dto.getPassword());
accountDO.setRole(dto.getRole());
+
+ // 兼容前端未传这些信息的情况
+ accountDO.setDepartment(dto.getDepartment() == null? "": dto.getDepartment());
+ accountDO.setMail(dto.getMail() == null? "": dto.getMail());
+ accountDO.setDisplayName(dto.getDisplayName() == null? "": dto.getDisplayName());
return accountDO;
}