8x48/KnowStreaming
1
0
Fork 0
mirror of https://github.com/didi/KnowStreaming.git synced 2026-01-03 19:38:20 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

LDAP认证忽略大小写,修正从LDAP服务器返回值设置Username

Browse Source
This commit is contained in:
huyueeer
2021-08-04 16:23:57 +08:00
parent cef1ec95d2
commit 793e81406e
3 changed files with 49 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/utils/SplitUtils.java Normal file
View File

@@ -0,0 +1,14 @@
package com.xiaojukeji.kafka.manager.common.utils;
/**
* @className: SplitUtils
* @description: Split string of type keyValue
* @author: Hu.Yue
* @date: 2021/8/4
**/
public class SplitUtils {
public static String keyValueSplit(String keyValue){
return keyValue.split(":\\s+")[1];
}
}

40
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/ldap/LdapAuthentication.java
View File

@@ -1,5 +1,6 @@
package com.xiaojukeji.kafka.manager.account.component.ldap; package com.xiaojukeji.kafka.manager.account.component.ldap;
import com.xiaojukeji.kafka.manager.common.utils.SplitUtils;
import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@@ -14,7 +15,9 @@ import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult; import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext; import javax.naming.ldap.InitialLdapContext;
import javax.naming.ldap.LdapContext; import javax.naming.ldap.LdapContext;
import java.util.HashMap;
import java.util.Hashtable; import java.util.Hashtable;
import java.util.Map;
@Component @Component
public class LdapAuthentication { public class LdapAuthentication {
@@ -60,8 +63,11 @@ public class LdapAuthentication {
return null; return null;
} }
private String getUserDN(String account, LdapContext ctx) { private Map<String, Object> getLdapAttrsInfo(String account, LdapContext ctx) {
//存储更多的LDAP元信息
Map<String, Object> ldapAttrsInfo = new HashMap<>();
String userDN = ""; String userDN = "";
ldapAttrsInfo.clear();
try { try {
SearchControls constraints = new SearchControls(); SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
@@ -69,7 +75,7 @@ public class LdapAuthentication {
NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints); NamingEnumeration<SearchResult> en = ctx.search("", filter, constraints);
if (en == null || !en.hasMoreElements()) { if (en == null || !en.hasMoreElements()) {
return ""; return null;
} }
// maybe more than one element // maybe more than one element
while (en.hasMoreElements()) { while (en.hasMoreElements()) {
@@ -78,13 +84,25 @@ public class LdapAuthentication {
SearchResult si = (SearchResult) obj; SearchResult si = (SearchResult) obj;
userDN += si.getName(); userDN += si.getName();
userDN += "," + ldapBasedn; userDN += "," + ldapBasedn;
//携带LDAP更多元信息以填充用户元信息
ldapAttrsInfo.put("userDN", userDN);
ldapAttrsInfo.put("sAMAccountName",
SplitUtils.keyValueSplit(si.getAttributes().get("samaccountname").toString()));
ldapAttrsInfo.put("department",
SplitUtils.keyValueSplit(si.getAttributes().get("department").toString()));
ldapAttrsInfo.put("company",
SplitUtils.keyValueSplit(si.getAttributes().get("company").toString()));
ldapAttrsInfo.put("displayName",
SplitUtils.keyValueSplit(si.getAttributes().get("displayname").toString()));
ldapAttrsInfo.put("mail",
SplitUtils.keyValueSplit(si.getAttributes().get("mail").toString()));
break; break;
} }
} }
} catch (Exception e) { } catch (Exception e) {
LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e); LOGGER.error("class=LdapAuthentication||method=getUserDN||account={}||errMsg={}", account, e);
} }
return userDN; return ldapAttrsInfo;
} }
/** /**
@@ -93,23 +111,23 @@ public class LdapAuthentication {
* @param password * @param password
* @return * @return
*/ */
public boolean authenticate(String account, String password) { public Map<String, Object> authenticate(String account, String password) {
LdapContext ctx = getLdapContext(); LdapContext ctx = getLdapContext();
if (ValidateUtils.isNull(ctx)) { if (ValidateUtils.isNull(ctx)) {
return false; return null;
} }
try { try {
String userDN = getUserDN(account, ctx); Map<String, Object> ldapAttrsInfo = getLdapAttrsInfo(account, ctx);
if(ValidateUtils.isBlank(userDN)){ if(ValidateUtils.isNull(ldapAttrsInfo)){
return false; return null;
} }
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN); ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, ldapAttrsInfo.get("userDN").toString());
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password); ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
ctx.reconnect(null); ctx.reconnect(null);
return true; return ldapAttrsInfo;
} catch (AuthenticationException e) { } catch (AuthenticationException e) {
LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e); LOGGER.warn("class=LdapAuthentication||method=authenticate||account={}||errMsg={}", account, e);
} catch (NamingException e) { } catch (NamingException e) {
@@ -125,6 +143,6 @@ public class LdapAuthentication {
} }
} }
} }
return false; return null;
} }
} }

9
kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/component/sso/BaseSessionSignOn.java
View File

@@ -17,6 +17,7 @@ import org.springframework.stereotype.Service;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.util.Map;
/** /**
* @author zengqiao * @author zengqiao
@@ -52,15 +53,17 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
//判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证 //判断是否激活了LDAP验证, 若激活则也可使用ldap进行认证
if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){ if(!ValidateUtils.isNull(accountLdapEnabled) && accountLdapEnabled){
//基于LDAP的登陆用户忽略大小写账户统一做大写处理
dto.setUsername(dto.getUsername().toUpperCase());
//去LDAP验证账密 //去LDAP验证账密
if(!ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword())){ Map<String, Object> ldapAttrsInfo;
ldapAttrsInfo = ldapAuthentication.authenticate(dto.getUsername(),dto.getPassword());
if(ValidateUtils.isNull(ldapAttrsInfo)){
return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED); return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
} }
if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){ if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
//自动注册 //自动注册
//使用Ldap:sAMAccountName替换用户输入的值
dto.setUsername(ldapAttrsInfo.get("sAMAccountName").toString());
AccountDO accountDO = new AccountDO(); AccountDO accountDO = new AccountDO();
accountDO.setUsername(dto.getUsername()); accountDO.setUsername(dto.getUsername());
accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole()); accountDO.setRole(AccountRoleEnum.getUserRoleEnum(authUserRegistrationRole).getRole());