mirror of
https://github.com/didi/KnowStreaming.git
synced 2025-12-24 11:52:08 +08:00
Support AD LDAP
This commit is contained in:
fanghanyun
@@ -73,6 +73,7 @@ public enum ResultStatus {
|
|||||||
QUOTA_NOT_EXIST(7113, "quota not exist, please check clusterId, topicName and appId"),
|
QUOTA_NOT_EXIST(7113, "quota not exist, please check clusterId, topicName and appId"),
|
||||||
CONSUMER_GROUP_NOT_EXIST(7114, "consumerGroup not exist"),
|
CONSUMER_GROUP_NOT_EXIST(7114, "consumerGroup not exist"),
|
||||||
TOPIC_BIZ_DATA_NOT_EXIST(7115, "topic biz data not exist, please sync topic to db"),
|
TOPIC_BIZ_DATA_NOT_EXIST(7115, "topic biz data not exist, please sync topic to db"),
|
||||||
|
LDAP_AUTHENTICATION_FAILED(7116, "LDAP authentication failed"),
|
||||||
|
|
||||||
// 资源已存在
|
// 资源已存在
|
||||||
RESOURCE_ALREADY_EXISTED(7200, "资源已经存在"),
|
RESOURCE_ALREADY_EXISTED(7200, "资源已经存在"),
|
||||||
|
|||||||
@@ -0,0 +1,137 @@
|
|||||||
|
package com.xiaojukeji.kafka.manager.common.entity;
|
||||||
|
|
||||||
|
import com.xiaojukeji.kafka.manager.common.constant.Constant;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 返回状态
|
||||||
|
* @author zengqiao
|
||||||
|
* @date 20/4/16
|
||||||
|
*/
|
||||||
|
public enum ResultStatus {
|
||||||
|
GATEWAY_INVALID_REQUEST(-1, "invalid request"),
|
||||||
|
|
||||||
|
SUCCESS(Constant.SUCCESS, "success"),
|
||||||
|
|
||||||
|
FAIL(1, "操作失败"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 操作错误[1000, 2000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
OPERATION_FAILED(1401, "operation failed"),
|
||||||
|
OPERATION_FORBIDDEN(1402, "operation forbidden"),
|
||||||
|
API_CALL_EXCEED_LIMIT(1403, "api call exceed limit"),
|
||||||
|
USER_WITHOUT_AUTHORITY(1404, "user without authority"),
|
||||||
|
CHANGE_ZOOKEEPER_FORBIDDEN(1405, "change zookeeper forbidden"),
|
||||||
|
|
||||||
|
|
||||||
|
TOPIC_OPERATION_PARAM_NULL_POINTER(1450, "参数错误"),
|
||||||
|
TOPIC_OPERATION_PARTITION_NUM_ILLEGAL(1451, "分区数错误"),
|
||||||
|
TOPIC_OPERATION_BROKER_NUM_NOT_ENOUGH(1452, "Broker数不足错误"),
|
||||||
|
TOPIC_OPERATION_TOPIC_NAME_ILLEGAL(1453, "Topic名称非法"),
|
||||||
|
TOPIC_OPERATION_TOPIC_EXISTED(1454, "Topic已存在"),
|
||||||
|
TOPIC_OPERATION_UNKNOWN_TOPIC_PARTITION(1455, "Topic未知"),
|
||||||
|
TOPIC_OPERATION_TOPIC_CONFIG_ILLEGAL(1456, "Topic配置错误"),
|
||||||
|
TOPIC_OPERATION_TOPIC_IN_DELETING(1457, "Topic正在删除"),
|
||||||
|
TOPIC_OPERATION_UNKNOWN_ERROR(1458, "未知错误"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 参数错误[2000, 3000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
PARAM_ILLEGAL(2000, "param illegal"),
|
||||||
|
CG_LOCATION_ILLEGAL(2001, "consumer group location illegal"),
|
||||||
|
ORDER_ALREADY_HANDLED(2002, "order already handled"),
|
||||||
|
APP_ID_OR_PASSWORD_ILLEGAL(2003, "app or password illegal"),
|
||||||
|
SYSTEM_CODE_ILLEGAL(2004, "system code illegal"),
|
||||||
|
CLUSTER_TASK_HOST_LIST_ILLEGAL(2005, "主机列表错误,请检查主机列表"),
|
||||||
|
JSON_PARSER_ERROR(2006, "json parser error"),
|
||||||
|
|
||||||
|
BROKER_NUM_NOT_ENOUGH(2050, "broker not enough"),
|
||||||
|
CONTROLLER_NOT_ALIVE(2051, "controller not alive"),
|
||||||
|
CLUSTER_METADATA_ERROR(2052, "cluster metadata error"),
|
||||||
|
TOPIC_CONFIG_ERROR(2053, "topic config error"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 参数错误 - 资源检查错误
|
||||||
|
* 因为外部系统的问题, 操作时引起的错误, [7000, 8000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
RESOURCE_NOT_EXIST(7100, "资源不存在"),
|
||||||
|
CLUSTER_NOT_EXIST(7101, "cluster not exist"),
|
||||||
|
BROKER_NOT_EXIST(7102, "broker not exist"),
|
||||||
|
TOPIC_NOT_EXIST(7103, "topic not exist"),
|
||||||
|
PARTITION_NOT_EXIST(7104, "partition not exist"),
|
||||||
|
ACCOUNT_NOT_EXIST(7105, "account not exist"),
|
||||||
|
APP_NOT_EXIST(7106, "app not exist"),
|
||||||
|
ORDER_NOT_EXIST(7107, "order not exist"),
|
||||||
|
CONFIG_NOT_EXIST(7108, "config not exist"),
|
||||||
|
IDC_NOT_EXIST(7109, "idc not exist"),
|
||||||
|
TASK_NOT_EXIST(7110, "task not exist"),
|
||||||
|
AUTHORITY_NOT_EXIST(7111, "authority not exist"),
|
||||||
|
MONITOR_NOT_EXIST(7112, "monitor not exist"),
|
||||||
|
QUOTA_NOT_EXIST(7113, "quota not exist, please check clusterId, topicName and appId"),
|
||||||
|
CONSUMER_GROUP_NOT_EXIST(7114, "consumerGroup not exist"),
|
||||||
|
TOPIC_BIZ_DATA_NOT_EXIST(7115, "topic biz data not exist, please sync topic to db"),
|
||||||
|
LDAP_AUTHENTICATION_FAILED(7116, "LDAP authentication failed"),
|
||||||
|
|
||||||
|
|
||||||
|
// 资源已存在
|
||||||
|
RESOURCE_ALREADY_EXISTED(7200, "资源已经存在"),
|
||||||
|
TOPIC_ALREADY_EXIST(7201, "topic already existed"),
|
||||||
|
|
||||||
|
// 资源重名
|
||||||
|
RESOURCE_NAME_DUPLICATED(7300, "资源名称重复"),
|
||||||
|
|
||||||
|
// 资源已被使用
|
||||||
|
RESOURCE_ALREADY_USED(7400, "资源早已被使用"),
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 因为外部系统的问题, 操作时引起的错误, [8000, 9000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
MYSQL_ERROR(8010, "operate database failed"),
|
||||||
|
|
||||||
|
ZOOKEEPER_CONNECT_FAILED(8020, "zookeeper connect failed"),
|
||||||
|
ZOOKEEPER_READ_FAILED(8021, "zookeeper read failed"),
|
||||||
|
ZOOKEEPER_WRITE_FAILED(8022, "zookeeper write failed"),
|
||||||
|
ZOOKEEPER_DELETE_FAILED(8023, "zookeeper delete failed"),
|
||||||
|
|
||||||
|
// 调用集群任务里面的agent失败
|
||||||
|
CALL_CLUSTER_TASK_AGENT_FAILED(8030, " call cluster task agent failed"),
|
||||||
|
|
||||||
|
// 调用监控系统失败
|
||||||
|
CALL_MONITOR_SYSTEM_ERROR(8040, " call monitor-system failed"),
|
||||||
|
|
||||||
|
// 存储相关的调用失败
|
||||||
|
STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"),
|
||||||
|
STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"),
|
||||||
|
STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"),
|
||||||
|
|
||||||
|
;
|
||||||
|
|
||||||
|
private int code;
|
||||||
|
private String message;
|
||||||
|
|
||||||
|
ResultStatus(int code, String message) {
|
||||||
|
this.code = code;
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getCode() {
|
||||||
|
return code;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCode(int code) {
|
||||||
|
this.code = code;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMessage() {
|
||||||
|
return message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMessage(String message) {
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,137 @@
|
|||||||
|
package com.xiaojukeji.kafka.manager.common.entity;
|
||||||
|
|
||||||
|
import com.xiaojukeji.kafka.manager.common.constant.Constant;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 返回状态
|
||||||
|
* @author zengqiao
|
||||||
|
* @date 20/4/16
|
||||||
|
*/
|
||||||
|
public enum ResultStatus {
|
||||||
|
GATEWAY_INVALID_REQUEST(-1, "invalid request"),
|
||||||
|
|
||||||
|
SUCCESS(Constant.SUCCESS, "success"),
|
||||||
|
|
||||||
|
FAIL(1, "操作失败"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 操作错误[1000, 2000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
OPERATION_FAILED(1401, "operation failed"),
|
||||||
|
OPERATION_FORBIDDEN(1402, "operation forbidden"),
|
||||||
|
API_CALL_EXCEED_LIMIT(1403, "api call exceed limit"),
|
||||||
|
USER_WITHOUT_AUTHORITY(1404, "user without authority"),
|
||||||
|
CHANGE_ZOOKEEPER_FORBIDDEN(1405, "change zookeeper forbidden"),
|
||||||
|
|
||||||
|
|
||||||
|
TOPIC_OPERATION_PARAM_NULL_POINTER(1450, "参数错误"),
|
||||||
|
TOPIC_OPERATION_PARTITION_NUM_ILLEGAL(1451, "分区数错误"),
|
||||||
|
TOPIC_OPERATION_BROKER_NUM_NOT_ENOUGH(1452, "Broker数不足错误"),
|
||||||
|
TOPIC_OPERATION_TOPIC_NAME_ILLEGAL(1453, "Topic名称非法"),
|
||||||
|
TOPIC_OPERATION_TOPIC_EXISTED(1454, "Topic已存在"),
|
||||||
|
TOPIC_OPERATION_UNKNOWN_TOPIC_PARTITION(1455, "Topic未知"),
|
||||||
|
TOPIC_OPERATION_TOPIC_CONFIG_ILLEGAL(1456, "Topic配置错误"),
|
||||||
|
TOPIC_OPERATION_TOPIC_IN_DELETING(1457, "Topic正在删除"),
|
||||||
|
TOPIC_OPERATION_UNKNOWN_ERROR(1458, "未知错误"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 参数错误[2000, 3000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
PARAM_ILLEGAL(2000, "param illegal"),
|
||||||
|
CG_LOCATION_ILLEGAL(2001, "consumer group location illegal"),
|
||||||
|
ORDER_ALREADY_HANDLED(2002, "order already handled"),
|
||||||
|
APP_ID_OR_PASSWORD_ILLEGAL(2003, "app or password illegal"),
|
||||||
|
SYSTEM_CODE_ILLEGAL(2004, "system code illegal"),
|
||||||
|
CLUSTER_TASK_HOST_LIST_ILLEGAL(2005, "主机列表错误,请检查主机列表"),
|
||||||
|
JSON_PARSER_ERROR(2006, "json parser error"),
|
||||||
|
|
||||||
|
BROKER_NUM_NOT_ENOUGH(2050, "broker not enough"),
|
||||||
|
CONTROLLER_NOT_ALIVE(2051, "controller not alive"),
|
||||||
|
CLUSTER_METADATA_ERROR(2052, "cluster metadata error"),
|
||||||
|
TOPIC_CONFIG_ERROR(2053, "topic config error"),
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 参数错误 - 资源检查错误
|
||||||
|
* 因为外部系统的问题, 操作时引起的错误, [7000, 8000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
RESOURCE_NOT_EXIST(7100, "资源不存在"),
|
||||||
|
CLUSTER_NOT_EXIST(7101, "cluster not exist"),
|
||||||
|
BROKER_NOT_EXIST(7102, "broker not exist"),
|
||||||
|
TOPIC_NOT_EXIST(7103, "topic not exist"),
|
||||||
|
PARTITION_NOT_EXIST(7104, "partition not exist"),
|
||||||
|
ACCOUNT_NOT_EXIST(7105, "account not exist"),
|
||||||
|
APP_NOT_EXIST(7106, "app not exist"),
|
||||||
|
ORDER_NOT_EXIST(7107, "order not exist"),
|
||||||
|
CONFIG_NOT_EXIST(7108, "config not exist"),
|
||||||
|
IDC_NOT_EXIST(7109, "idc not exist"),
|
||||||
|
TASK_NOT_EXIST(7110, "task not exist"),
|
||||||
|
AUTHORITY_NOT_EXIST(7111, "authority not exist"),
|
||||||
|
MONITOR_NOT_EXIST(7112, "monitor not exist"),
|
||||||
|
QUOTA_NOT_EXIST(7113, "quota not exist, please check clusterId, topicName and appId"),
|
||||||
|
CONSUMER_GROUP_NOT_EXIST(7114, "consumerGroup not exist"),
|
||||||
|
TOPIC_BIZ_DATA_NOT_EXIST(7115, "topic biz data not exist, please sync topic to db"),
|
||||||
|
LDAP_AUTHENTICATION_FAILED(7116, "LDAP authentication failed"),
|
||||||
|
|
||||||
|
|
||||||
|
// 资源已存在
|
||||||
|
RESOURCE_ALREADY_EXISTED(7200, "资源已经存在"),
|
||||||
|
TOPIC_ALREADY_EXIST(7201, "topic already existed"),
|
||||||
|
|
||||||
|
// 资源重名
|
||||||
|
RESOURCE_NAME_DUPLICATED(7300, "资源名称重复"),
|
||||||
|
|
||||||
|
// 资源已被使用
|
||||||
|
RESOURCE_ALREADY_USED(7400, "资源早已被使用"),
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 因为外部系统的问题, 操作时引起的错误, [8000, 9000)
|
||||||
|
* ------------------------------------------------------------------------------------------
|
||||||
|
*/
|
||||||
|
MYSQL_ERROR(8010, "operate database failed"),
|
||||||
|
|
||||||
|
ZOOKEEPER_CONNECT_FAILED(8020, "zookeeper connect failed"),
|
||||||
|
ZOOKEEPER_READ_FAILED(8021, "zookeeper read failed"),
|
||||||
|
ZOOKEEPER_WRITE_FAILED(8022, "zookeeper write failed"),
|
||||||
|
ZOOKEEPER_DELETE_FAILED(8023, "zookeeper delete failed"),
|
||||||
|
|
||||||
|
// 调用集群任务里面的agent失败
|
||||||
|
CALL_CLUSTER_TASK_AGENT_FAILED(8030, " call cluster task agent failed"),
|
||||||
|
|
||||||
|
// 调用监控系统失败
|
||||||
|
CALL_MONITOR_SYSTEM_ERROR(8040, " call monitor-system failed"),
|
||||||
|
|
||||||
|
// 存储相关的调用失败
|
||||||
|
STORAGE_UPLOAD_FILE_FAILED(8050, "upload file failed"),
|
||||||
|
STORAGE_FILE_TYPE_NOT_SUPPORT(8051, "File type not support"),
|
||||||
|
STORAGE_DOWNLOAD_FILE_FAILED(8052, "download file failed"),
|
||||||
|
|
||||||
|
;
|
||||||
|
|
||||||
|
private int code;
|
||||||
|
private String message;
|
||||||
|
|
||||||
|
ResultStatus(int code, String message) {
|
||||||
|
this.code = code;
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public int getCode() {
|
||||||
|
return code;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setCode(int code) {
|
||||||
|
this.code = code;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getMessage() {
|
||||||
|
return message;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMessage(String message) {
|
||||||
|
this.message = message;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1,5 +1,6 @@
|
|||||||
package com.xiaojukeji.kafka.manager.common.utils.ldap;
|
package com.xiaojukeji.kafka.manager.common.utils.ldap;
|
||||||
|
|
||||||
|
import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils;
|
||||||
import org.apache.commons.lang.StringUtils;
|
import org.apache.commons.lang.StringUtils;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
@@ -101,12 +102,9 @@ public class LDAPAuthentication {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
String userDN = getUserDN(account,ctx);
|
String userDN = getUserDN(account,ctx);
|
||||||
|
if(ValidateUtils.isBlank(userDN)){
|
||||||
if(StringUtils.isEmpty(userDN)){
|
|
||||||
return valide;
|
return valide;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
|
ctx.addToEnvironment(Context.SECURITY_PRINCIPAL, userDN);
|
||||||
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
|
ctx.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
|
||||||
ctx.reconnect(null);
|
ctx.reconnect(null);
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import com.xiaojukeji.kafka.manager.account.component.AbstractSingleSignOn;
|
|||||||
import com.xiaojukeji.kafka.manager.common.bizenum.AccountRoleEnum;
|
import com.xiaojukeji.kafka.manager.common.bizenum.AccountRoleEnum;
|
||||||
import com.xiaojukeji.kafka.manager.common.constant.LoginConstant;
|
import com.xiaojukeji.kafka.manager.common.constant.LoginConstant;
|
||||||
import com.xiaojukeji.kafka.manager.common.entity.Result;
|
import com.xiaojukeji.kafka.manager.common.entity.Result;
|
||||||
|
import com.xiaojukeji.kafka.manager.common.entity.ResultStatus;
|
||||||
import com.xiaojukeji.kafka.manager.common.entity.dto.normal.LoginDTO;
|
import com.xiaojukeji.kafka.manager.common.entity.dto.normal.LoginDTO;
|
||||||
import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO;
|
import com.xiaojukeji.kafka.manager.common.entity.pojo.AccountDO;
|
||||||
import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil;
|
import com.xiaojukeji.kafka.manager.common.utils.EncryptUtil;
|
||||||
@@ -54,7 +55,7 @@ public class BaseSessionSignOn extends AbstractSingleSignOn {
|
|||||||
if(ldapEnabled){
|
if(ldapEnabled){
|
||||||
//去LDAP验证账密
|
//去LDAP验证账密
|
||||||
if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){
|
if(!ldapAuthentication.authenricate(dto.getUsername(),dto.getPassword())){
|
||||||
return Result.buildFailure("LDAP authentication failed");
|
return Result.buildFrom(ResultStatus.LDAP_AUTHENTICATION_FAILED);
|
||||||
}
|
}
|
||||||
|
|
||||||
if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
|
if((ValidateUtils.isNull(accountResult) || ValidateUtils.isNull(accountResult.getData())) && authUserRegistration){
|
||||||
|
|||||||
@@ -89,6 +89,7 @@ ldap:
|
|||||||
url: ldap://127.0.0.1:389/
|
url: ldap://127.0.0.1:389/
|
||||||
basedn: dc=tsign,dc=cn
|
basedn: dc=tsign,dc=cn
|
||||||
factory: com.sun.jndi.ldap.LdapCtxFactory
|
factory: com.sun.jndi.ldap.LdapCtxFactory
|
||||||
|
filter: sAMAccountName
|
||||||
security:
|
security:
|
||||||
authentication: simple
|
authentication: simple
|
||||||
principal: cn=admin,dc=tsign,dc=cn
|
principal: cn=admin,dc=tsign,dc=cn
|
||||||
|
|||||||
Reference in New Issue
Block a user